0

I have a strange issue. We have a 2008R2 PDC and BDC. I can join the domain fine and everything seems "normal". However, on some of the other 2008R2 servers, I am unable to do things like a gpupdate. When I try, I get an error that the clocks are wrong (they aren't) and that I don't have permission. So far, this has only affected our 2008R2 servers -- the Win 7 clients are fine.

The really strange things is if I browse to:

\\mydomain.lan\sysvol - I get the error. But! if I browse to:

\\MYDOMAIN\sysvol - it works fine.

I can also access the \hostname.domain\sysvol remotely for each of the DC's and it's fine. So in short, it appears the permissions are fine since I can access them all individually on the same account. It also seems unlikely it's on the server as most clients can access it fine. The only drama I have is when I try to use the full domain name (which of course gpupdate does) on a 2008R2 server. Also, it's not just sysvol...netlogon has the same issues too on the affected machines. Any ideas? Thanks!

Drew

Chachi
  • 13
  • 6

1 Answers1

0

Run netdiag and dcdiag against both your DCs with all the verbose options configured and post any errors back here.

FYI - there's no such thing as PDC and BDC , assuming you're not running NT 4.0 in your environment anymore. There's a FMSO Role called PDC emulator for downlevel clients and a couple other things, but if you're unsure about this concept, read up on multimaster replication and the guts of AD and DCs.

mfinni
  • 35,711
  • 3
  • 50
  • 86
  • Thanks for the info. I ran dcdiag and found that the one of the DC's didn't correctly join the domain. After removing and putting it back, everything was great. Thanks again and have a good weekend, Drew – Chachi Jun 12 '10 at 15:36