DFSR issue after domain controller restart - proper procedure for maintenance?
Hello,
I have noticed this behavior in several two domain controller HA setups.
The usual sequence is:
- DC02 is patched and rebooted (vi Azure update manager).
- After DC02 comes back online and appears usable — login works, services are running, etc. — DC01 is patched and rebooted.
- After DC01 reboots, DFSR/SYSVOL replication seems to enter an unhealthy state.
- DC02 appears to have issues with DFSR synchronization, even though it looked healthy immediately after its own reboot.
I noticed in all cases DFSR backlog remains between DC01 and DC02, and SYSVOL replication does not return to a clean state without manual intervention...?
It looks like DC02 is considered “back online” from an OS/login perspective, but DFSR may not yet be fully healthy or ready before DC01 is rebooted.
We also noticed this when using start / stop procedure for domain controllers in Azure on dev envs when saving cost. When in one point both DCs are in stopped stated, then we start DC01, wait for it idk, maybe 15 minutes, and then start DC02, DFSR is always in this stuck state and it wont continuer on its own.
Is this expected (replication is stuck until manual intervention)?
To solve this i always have to resort to procedure:
Where i set DC01 to be authoritative, force sync and restart DFSR and then is all back to working as expected.
Any ideas?