I Have problems with Sysvol DFSr migration
Environment have two writable Domain Controllers with 2008R2. Forest and Domain Level are 2008R2
Events:
Event 8020
Error: 5 (Access is denied.)
Event 8029
DFSR Migration was unable to transition to the 'ELIMINATED' state for Domain Controller xxxxx. DFSR will retry the next time it polls the Active Directory. To force an immediate retry, execute the command 'dfsrdiag /pollad'.
DFSRMIG.EXE /GETMIGRATIONSTATE
The following Domain Controllers are not in sync with Global state ('Eliminated'):
Domain Controller (Local Migration State) - DC Type
===================================================
DC1 ('Eliminating') - Primary DC
DC2 ('Eliminating') - Writable DC
Migration has not yet reached a consistent state on all Domain Controllers.
State information might be stale due to AD latency.
Checked things
Checked ”Manage Auditing and Security Log” rights
Defalt Domain Controller policy have setting “Manage auditing and security log” Domain_name\Exchange Enterprise Servers, Administrators, Domain_name\Exchange
http://support.microsoft.com/kb/2567421
From “Domain_Name/System/File Replication Service/Domain System Volume (SYSVOL share)” structure “Protect object from accidental deletion” setting have been removed
http://www.experts-exchange.com/Software/Server_Software/Active_Directory/Q_28269847.html
Removed server objects from “Domain_Name/System/File Replication Service/Domain System Volume (SYSVOL share)” structure”
Removed IPv6 from use
http://social.technet.microsoft.com/Forums/windowsserver/en-US/90faf580-2336-4ca9-8901-bd14f12373a4/dfs-replication-issues-rpc-wmi-and-service-essentially-locked-up-for-dfsr?forum=winserverfiles
Temporary stopped virusprotection from DC
Replication working okay with C:\Windows\SYSVOL_DFSR, shares etcc.
C:\Windows\SYSVOL_DFSR
Manually removed content from C:\Windows\SYSVOL (structure get back with empty folders)
From registry
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DFSR\Parameters\SysVols\Migrating SysVols
Local State is 7
Is Primary is 0
Rebooted, started DFS replication service, check AD replications, no firewalls between DC (in same subnet)
Is there some registry, AD path or File path where I can check why I get error Access Denied?
Thanks from advices