I'm having trouble with my secondary domain controller not syncing its group policies to its SYSVOL share. I've checked a bunch of stuff to diagnose the issue:
1. Firewall issues - Ruling this out, since the problem persists even with firewalls disabled on both DCs (I disconnected them from the internet during testing).
2. I used the `repadmin /syncall` command, and it ran without any issues.
3. DNS issues - I verified DNS connectivity by using `nslookup`, and both DCs can find each other. The DNS manager shows the correct pointers in both the forward and reverse lookup zones.
4. Permissions on the SYSVOL shares appear to be correct; they match the defaults, giving Authenticated Users read and execute permissions.
5. I checked that all required services are running on both DCs, and everything looks good.
6. The time and region settings are also correctly configured.
When I run the `GPresult`, I get an error stating that the system couldn't access the specified file. The logs indicate issues reading from the gpt.ini file.
Manually inspecting the SYSVOL share, I noticed the subdirectory in question only appears on DC01, not on DC02. Manually copying the folder leads to errors about other subdirectories that aren't synced either.
Checking local SYSVOL folders shows modified dates indicating that DC02 hasn't had new folders since early this month. I found a guide for a similar issue for Server 2022, but it mentions commands like `DFSRDIAG`, which I'm not seeing available on Server 2025. Should I try installing it via command line? Also, similar syncing issues crop up with other servers sometimes. Any advice or pointers would be tremendously appreciated!
6 Answers
You might find this article useful; it helped me sort out my DFSR issues with SYSVOL replication: [Link](https://www.windowspro.de/wolfgang-sommergut/dfs-r-probleme-bei-replikation-sysvol-netlogon-analysieren). Check it out and see if it helps!
What do your DFSR logs say? Sometimes restarting the DFSR service can fix the syncing problems. Keep an eye on those logs for any hints!
Have you tried running `DCDIAG`? It might highlight any problems with your domain controllers. It’s worth a shot!
I'm seeing similar issues in my Server 2016 domain. A user was having issues accessing file shares after a password update, with the same `gpt.ini` error. It seems like a common symptom, so you're not alone!
The `dfsrdiag` command needs the DFS Management Tools feature. You can install it through the command line to access it. For permissions issues, I've found this tool helpful for checking SYSVOL configuration: [GPOZaurr](https://github.com/EvotecIT/GPOZaurr). It can identify misconfigured permissions, so consider using it for a deeper look.
I had a similar problem recently. Try stopping the DFRS service and then deleting the DFRS folder. Sometimes clearing that out can help resolve syncing issues. Good luck!
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures