Earlier this month, Microsoft released KnowledgeBase article 2891966. In this article, Microsoft engineers describe an issue when you open the Group Policy Management Console (gpmc.msc) and check the status of Active Directory and SYSVOL (DFSR) replication for the domain as it relates to Group Policy.
In an Active Directory domain environment with Windows Server 2012 and/or Windows Server 2012 R2-based Domain Controllers, you open Group Policy Management Console (gpmc.msc) on the Domain Controller and check the status of Active Directory and SYSVOL Replication for the domain.
In the left pane, the domain was selected. The first tab Status is shown automatically in the main pane. You click Detect Now. Group Policy Management Console reports an error:
When you click Detect Now, the Group Policy Management Console tries to retrieve the Domain Controller Name using both DsGetDcName and DsGetDomainControllerInfo. This compare fails with the above error if DsGetDcName returns a value that is not in CAPS.
Check the hostname entry in the Registry
DsGetDcName reads the name information from the registry. As step 1, check the name information in the Hostname value in Registry. This value is located in
Check the value for the Hostname entry and convert it to All CAPS. After that, restart the Netlogon service using the following command on an elevated command prompt on the Domain Controller:
net stop netlogon && net start NetLogon
Check the Infrastructure Master
You should also check the below locations to make sure there is no deleted or conflict references for the fSMORoleOwner attribute for the Infrastructure Master. You would get the same errors if you have a bad entry for this attribute reference.
- Open ADSI Edit (adsiedit.msc), either by clicking its icon in the Administrative Tools folder or directly typing its executable name in Start.
- Right-click the ADSI Edit node in the left pane and select Connect to… from the context menu. Connect to DC=DomainDNSZones,DC=Domain,DC=tld.
- Drill down 2 levels until you reach CN=Infrastructure in the main pane. Right-click CN=Infrastructure and select Properties from the context menu.
- In the CN=Infrastructure Properties inspect the value for the fSMORoleOwner attribute. The hostname for the Domain Controller should be in All CAPS.
- Next, right-click the ADSI Edit node in the left pane again. Choose Connect to… from the context menu again. This time, connect to DC=DC=Domain,DC=com.
- Again, drill down and inspect the value for the fSMORoleOwner attribute in the CN=Infrastructure Properties. Here, too, the hostname for the Domain Controller should be in All CAPS.
- Close ADSI Edit.
When the hostname for the Domain Controller is in All CAPS in all three locations (and the Netlogon service restarted), you should be able to view the status of Active Directory and SYSVOL (DFSR) replication for the domain as it relates to Group Policy.
You can experience the error mentioned in the situation in environments with both Windows Server 2012 and Windows Server 2012 R2-based Domain Controllers.