I have a strange issue. We have a 2008R2 PDC and BDC. I can join the domain fine and everything seems "normal". However, on some of the other 2008R2 servers, I am unable to do things like a gpupdate. When I try, I get an error that the clocks are wrong (they aren't) and that I don't have permission. So far, this has only affected our 2008R2 servers — the Win 7 clients are fine.
The really strange things is if I browse to:
\\mydomain.lan\sysvol – I get the error. But! if I browse to:
\\MYDOMAIN\sysvol – it works fine.
I can also access the \hostname.domain\sysvol remotely for each of the DC's and it's fine. So in short, it appears the permissions are fine since I can access them all individually on the same account. It also seems unlikely it's on the server as most clients can access it fine. The only drama I have is when I try to use the full domain name (which of course gpupdate does) on a 2008R2 server. Also, it's not just sysvol…netlogon has the same issues too on the affected machines. Any ideas? Thanks!
Drew
Best Answer
Run netdiag and dcdiag against both your DCs with all the verbose options configured and post any errors back here.
FYI - there's no such thing as PDC and BDC , assuming you're not running NT 4.0 in your environment anymore. There's a FMSO Role called PDC emulator for downlevel clients and a couple other things, but if you're unsure about this concept, read up on multimaster replication and the guts of AD and DCs.