Oct 11 2022 12:56 AM
Hello, our server has encountered an abnormal DFS service, which currently leads to an abnormal synchronization of Active directory policies. and caused a series of failures.
OS: Windows Server 2019
Now run the command: gpupdate /force
Unable to update computer policy successfully, Windows tries to read a file from a domain controller, but fails
Oct 11 2022 08:15 AM
Not at all clear what problem you're trying to solve? If replication is broken then check the DFS Replication event log for error details. A non authoritative sync may be in order.
Oct 11 2022 01:29 PM
@wangkabin just checking if there's any progress or updates? please don't forget to mark helpful replies.
Oct 11 2022 06:45 PM
Oct 12 2022 11:41 PM
@Dave Patrick Hello, the actual situation is: when I execute the gpupdate /force command on the secondary domain controller, it prompts an error that the policy file in the sysvol directory cannot be obtained from the primary domain controller server. I compared the sysvol directory of the two hosts, and there are indeed some files missing. I tried to manually copy the missing part of sysvol in the form of accessing the share through the domain name. The policy can be updated normally for the time being, but the sysvol directory of the two hosts is still not synchronized after the modification.
Oct 13 2022 06:27 AM
I'd check the DFS Replication event log for error details. Sounds like a non authoritative sync may be in order.
Oct 14 2022 11:53 AM
Oct 17 2022 07:09 PM
@Dave Patrick Hello, the customer is currently not out of time for troubleshooting, please wait.
Oct 17 2022 07:11 PM
Oct 18 2022 09:38 PM
Oct 19 2022 06:21 AM
SolutionHello, I have now checked, Event ID 4004 Error 9003 .
Can this fault be resolved only by deleting the DFSR Database in System Volume Information?
Absolutely not. The simplest solution may be to demote, reboot, promo the problematic one. Also how long has this been going on? If this exceeds the tombstone life then this one should be removed from network, seize roles (if necessary)
Transfer or seize FSMO roles - Windows Server | Microsoft Learn
then do clean up
Clean up AD DS server metadata | Microsoft Learn
and rebuild the failed one.
Oct 20 2022 07:38 AM
@wangkabin just checking if there's any progress or updates? please don't forget to mark helpful replies.
Oct 22 2022 03:03 PM
please don't forget to close up the thread by marking helpful replies.
Nov 10 2022 06:49 PM
Oct 19 2022 06:21 AM
SolutionHello, I have now checked, Event ID 4004 Error 9003 .
Can this fault be resolved only by deleting the DFSR Database in System Volume Information?
Absolutely not. The simplest solution may be to demote, reboot, promo the problematic one. Also how long has this been going on? If this exceeds the tombstone life then this one should be removed from network, seize roles (if necessary)
Transfer or seize FSMO roles - Windows Server | Microsoft Learn
then do clean up
Clean up AD DS server metadata | Microsoft Learn
and rebuild the failed one.