<

Go Premium for a chance to win a PS4. Enter to Win

x

The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR

Published on
3,816 Points
816 Views
Last Modified:
Satish Auti
To bring my skill sets and experience into an organization and become a valuable  member of the technology staff & utilize my current skills
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.

This event can occur because of many reasons, such as no network connectivity between two or more domain controllers, power cut, improper shutdown, a network glitch and so on. If you have a single server, a power failure could also be a cause for a "JRNL_WRAP_ERROR".


Many administrators have faced this issue and many new comers just don't know the difference between authoritative and non-authoritative restores, and the steps to perform. 


D2, for a non-authoritative mode restore: This option will get a copy of the current SYSVOL and other content from a healthy DC. A minimum of two DCs are required in a domain before performing this restore and you must also perform a D4 mode restore on a healthy DC.


D4, for an authoritative mode restore: This option must always be used on a healthy DC that contains a good copy of sysvol. If there is only a single DC in the domain, always use the D4 restore mode.


The JRNL_WRAP_ERROR explained:

Let's talk a little about this particular error.  File replication service is replicating the contents of sysvol between all domain controllers in the domain. It contains all your policy settings, logon scripts and batch files.

 

Once you see a 13568 event in any domain controller's FRS (File Replication Service) event log, understand that you are in a "JRNL_WRAP_ERROR" state which means the server is not participating in AD replication and will not be up to date with all the data with the other DCs in the domain. There may also be indications that a DC could have lingering objects after a replication failure for a number of days. 


Scenario 1: Only one DC in domain.


-- Login to the server.
-- Check the event viewer for event id 13568.


If the error is found, it will contain something like this..


Event Type:Error
Event Source:NtFrs
Event Category:None
Event ID:13568
Date:6/3/2017
Time:4:48:46 PM
User:N/A
Computer:EMO
Description:
The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.


-- Event ID 13568 indicates the replica set is in Journal wrap error state on the server.

-- To get rid of the error, perform an authoritative restore of SYSVOL.

-- Take a backup of the sysvol folder to be on the safe side.

-- Open an elevated command prompt and type "net stop ntfrs" which will stop replication.

-- Open regedit and browse to the following key in the registry.


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup


-- Locate the subkey BurFlags and edit the DWORD value to D4 - also known as an authoritative restore.

-- Quit the registry and type "net start ntfrs" in an elevated command prompt to start the replication service again.

-- When the startup process completes, it takes some time to write the replica set and you can see 13516 event which states "The File Replication Service is no longer preventing the computer EMO from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL"


-- You will find an event as below.


Event Type:Information
Event Source:NtFrs
Event Category:None
Event ID:13516
Date:6/3/2017
Time:5:33:19 PM
User:N/A
Computer:EMO
Description:
The File Replication Service is no longer preventing the computer EMO from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL


-- Here your issue is resolved for a single domain controller environment.


Scenario 2: Two or multiple DCs in domain.


-- Login to the server.

-- Verify how many servers you have in your domain by running "netdom query dc"


Example:

C:\Users\satishau>netdom query dc
List of domain controllers with accounts in the domain:

SERVER

SERVER01
The command completed successfully.


-- Check for FRS events on servers to find the event id 13568 (bad domain controller), also check for event id 13516 (healthy domain controller) 

-- Now here I found 13568 event on DC "SERVER" and 13516 on "SERVER01" which means it's a healthy DC.


Event Type:Error
Event Source:NtFrs
Event Category:None
Event ID:13568
Date:1/3/2017
Time:11:47:01 PM
User:N/A
Computer:SERVER
Description:
The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.


-- So here we FIRST need to perform the D4 on a healthy DC, also known as an authoritative mode of restore on server "SERVER01" & the D2 on a bad DC, also known as an non authoritative mode of restore on server "SERVER"

-- Use the D2 (non-authoritative restore) option on the DC with the empty SYSVOL folder, or the SYSVOL folder with the incorrect data.

-- This will get a copy of the current SYSVOL and other folders from the good DC that you set the BurFlags D4 (authoritative restore) option on.


-- To do this take the backup of sysvol folders from both servers.

-- Stop File replication service and do the  D4 on the healthy DC first, as an authoritative restore on server "SERVER01" & the D2 on the bad DC, as an non authoritative mode of restore on server "SERVER".

-- Start the File replication service and wait for sysvol to get synced. 

-- You can check the event id 13516 on both DCs to verify the issue is resolved.


Monitor the File Replication Service Events.
• 13553 – The DC is performing the recovery process
• 13554 – The DC is ready to pull the replica from another DC.
• 13516 – The File Replication Service is no longer preventing the computer from becoming a domain controller 


Useful links.

Backing Up and Restoring an FRS-Replicated SYSVOL Folder

How Active Directory Replication Topology Works

Information about lingering objects in a Windows Server Active Directory forest


Hope you found this helpful.


Good luck and happy restoring  :)

0
Comment
Author:Satish Auti
0 Comments

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Join & Write a Comment

This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month