The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR

Satish AutiSenior System Administrator
CERTIFIED EXPERT
To bring my skill sets and experience into an organization and become a valuable  member of the technology staff & utilize my current skills
Published:
Updated:
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.

This event can occur because of many reasons, such as no network connectivity between two or more domain controllers, power cut, improper shutdown, a network glitch and so on. If you have a single server, a power failure could also be a cause for a "JRNL_WRAP_ERROR".


Many administrators have faced this issue and many new comers just don't know the difference between authoritative and non-authoritative restores, and the steps to perform. 


D2, for a non-authoritative mode restore: This option will get a copy of the current SYSVOL and other content from a healthy DC. A minimum of two DCs are required in a domain before performing this restore and you must also perform a D4 mode restore on a healthy DC.


D4, for an authoritative mode restore: This option must always be used on a healthy DC that contains a good copy of sysvol. If there is only a single DC in the domain, always use the D4 restore mode.


The JRNL_WRAP_ERROR explained:

Let's talk a little about this particular error.  File replication service is replicating the contents of sysvol between all domain controllers in the domain. It contains all your policy settings, logon scripts and batch files.

 

Once you see a 13568 event in any domain controller's FRS (File Replication Service) event log, understand that you are in a "JRNL_WRAP_ERROR" state which means the server is not participating in AD replication and will not be up to date with all the data with the other DCs in the domain. There may also be indications that a DC could have lingering objects after a replication failure for a number of days. 


Scenario 1: Only one DC in domain.


-- Login to the server.
-- Check the event viewer for event id 13568.


If the error is found, it will contain something like this..


Event Type:Error
Event Source:NtFrs
Event Category:None
Event ID:13568
Date:6/3/2017
Time:4:48:46 PM
User:N/A
Computer:EMO
Description:
The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.


-- Event ID 13568 indicates the replica set is in Journal wrap error state on the server.

-- To get rid of the error, perform an authoritative restore of SYSVOL.

-- Take a backup of the sysvol folder to be on the safe side.

-- Open an elevated command prompt and type "net stop ntfrs" which will stop replication.

-- Open regedit and browse to the following key in the registry.


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup


-- Locate the subkey BurFlags and edit the DWORD value to D4 - also known as an authoritative restore.

-- Quit the registry and type "net start ntfrs" in an elevated command prompt to start the replication service again.

-- When the startup process completes, it takes some time to write the replica set and you can see 13516 event which states "The File Replication Service is no longer preventing the computer EMO from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL"


-- You will find an event as below.


Event Type:Information
Event Source:NtFrs
Event Category:None
Event ID:13516
Date:6/3/2017
Time:5:33:19 PM
User:N/A
Computer:EMO
Description:
The File Replication Service is no longer preventing the computer EMO from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL


-- Here your issue is resolved for a single domain controller environment.


Scenario 2: Two or multiple DCs in domain.


-- Login to the server.

-- Verify how many servers you have in your domain by running "netdom query dc"


Example:

C:\Users\satishau>netdom query dc
List of domain controllers with accounts in the domain:

SERVER

SERVER01
The command completed successfully.


-- Check for FRS events on servers to find the event id 13568 (bad domain controller), also check for event id 13516 (healthy domain controller) 

-- Now here I found 13568 event on DC "SERVER" and 13516 on "SERVER01" which means it's a healthy DC.


Event Type:Error
Event Source:NtFrs
Event Category:None
Event ID:13568
Date:1/3/2017
Time:11:47:01 PM
User:N/A
Computer:SERVER
Description:
The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.


-- So here we FIRST need to perform the D4 on a healthy DC, also known as an authoritative mode of restore on server "SERVER01" & the D2 on a bad DC, also known as an non authoritative mode of restore on server "SERVER"

-- Use the D2 (non-authoritative restore) option on the DC with the empty SYSVOL folder, or the SYSVOL folder with the incorrect data.

-- This will get a copy of the current SYSVOL and other folders from the good DC that you set the BurFlags D4 (authoritative restore) option on.


-- To do this take the backup of sysvol folders from both servers.

-- Stop File replication service and do the  D4 on the healthy DC first, as an authoritative restore on server "SERVER01" & the D2 on the bad DC, as an non authoritative mode of restore on server "SERVER".

-- Start the File replication service and wait for sysvol to get synced. 

-- You can check the event id 13516 on both DCs to verify the issue is resolved.


Monitor the File Replication Service Events.
• 13553 – The DC is performing the recovery process
• 13554 – The DC is ready to pull the replica from another DC.
• 13516 – The File Replication Service is no longer preventing the computer from becoming a domain controller 


Useful links.

Backing Up and Restoring an FRS-Replicated SYSVOL Folder

How Active Directory Replication Topology Works

Information about lingering objects in a Windows Server Active Directory forest


Hope you found this helpful.


Good luck and happy restoring  :)

2
13,942 Views
Satish AutiSenior System Administrator
CERTIFIED EXPERT
To bring my skill sets and experience into an organization and become a valuable  member of the technology staff & utilize my current skills

Comments (1)

BobNetwork Administrator

Commented:
I'm the network administrator for a domain which only had one Windows Server 2008 R2 domain controller.  A little while back I setup a second domain controller but recently discovered that the Sysvol and Netlogon folders are not replicating to the newer DC.  I ran Repadmin /replsummary on both DCs and Repadmin /Showrepl.  They didn't show any replication errors then I found the 

JRNL_WRAP_ERROR on the original DC which holds the only copies of the Sysvol and Netlogon folders.  I tried to backup the C: drive of this server using the Windows Server backup app as a system state backup.  Both failed with I/O errors.  I used a third party app to backup and that failed too.  How should I proceed to restore this DC since it's not healthy but is the only one with the Sysvol and Netlogon folders?

Thanks for any help,

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.