Domain doesn't start NTFRS 13566

Hi,

We have a domain with only one domain controller which is showing the event 13566 on the FRS event viewer and doesn't share the sysvol, so it doesn't become a domain controller and we haven't the domain.

There isn't a backup of the active directory, Could I restore the domain?.

Thank you.
JorgeSimarroVillarAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

snusgubbenCommented:
No backup, no restore.

Have you set the Burflag to D4? FRS 13566 is logged when a authoritative restore is started.


SG
JorgeSimarroVillarAuthor Commented:
No,

I didn't change anything because I have only one domain and controller, and I guess that authoritative restore is only possible when you have more than one domain controller, although I'm not very sure.

Thank you.
snusgubbenCommented:
The Burflag method is used to re-initialize the replica sets. "D4" is called "authoritative" since the inbound partners (D2) will replicate from the D4 DC.

Check if the Burflags reg.key is '0'.

"HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup"

ref: http://support.microsoft.com/kb/290762

(I can't check back to you for some hours)


SG
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

JorgeSimarroVillarAuthor Commented:
Do I need to have replica partners to use burflags?, that's my question, I only have a domain controller.
snusgubbenCommented:
You don't need a replication partner.

Is your SYSVOL folder missing? If so and you don't have a backup, you have lost all your GPO's and scripts.

See Resolution 1: http://support.microsoft.com/kb/958804

(Running "dcgofix" will create the default domain policy and default domain controller policy)


SG
AwinishCommented:
Stop the File Replication service on the domain controller. Start Registry Editor (Regedt32.exe). Locate and then click the BurFlags value under the following key in the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup On the Edit menu, click DWORD, click Hex, type D4, and then click OK. Quit Registry Editor. Move data out of the PreExisting folder. Restart the File Replication Service.
Use FRSdiag to troubleshoot FRS issue.

 http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid=43CB658E-8553-4DE7-811A-562563EB5EBF
http://support.microsoft.com/kb/316790 
JorgeSimarroVillarAuthor Commented:
Hi,

But I still have SYSVOL and I'd like to keep GPO's and scripts, is that possible?.

Thank you.
snusgubbenCommented:
Take a backup of sysvol and be sure to preserve the security
JorgeSimarroVillarAuthor Commented:
Hi,

Once the backup is done and the security preserved, Do I have to an authoritative with burflags set to D4?. Once the FRS replicas are resotres, Should I have to restore the SYSVOL and its security?.

Could you tell me the needed steps I have to follow?.

Thank you.
snusgubbenCommented:
Your event indicates that your domain think it's in an authoritative restore process.

1. Set you set the Burflags key to D4
2. Restart NtFRS service.
3. Look in your FRS event log if it is successful. (refresh the log. The job takes less then 5 minutes in a small environment)
4. Open SYSVOL and see if you policies and scripts are present. If not, you need to restore them from the backup*.

* If you have installed GPMC then there are some wsh-scripts installed with the tool (under GPMC\Scripts). There are one script that is named backupAllGPOs.wsh and restoreAllGPOs.wsh (or something like that). I recomend you to take a extra backup with those scripts. You should in theory just copy them to another folder, and just paste them back, but I like the long restore job :)

Verify your SYSVOL three:

Verify that the following folders exist in the SYSVOL tree:

\SYSVOL
\SYSVOL\domain
\SYSVOL\staging\domain
\SYSVOL\staging areas
\SYSVOL\domain\Policies
\SYSVOL\domain\scripts
\SYSVOL\SYSVOL


SG




Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AwinishCommented:
snusgubben pointed you correctly & you can simply goto inside windows folder & take complete backup of sysvol so if anything happens wrong you can simply copy the back up folder & restart frs service.

Before proceeding for authoritative restore of sysvol,stop frs service & then set the regitsry as D4 since you have single dc there is no other dc is getting sysvol replicated from root dc ,so don't worry abt d4 or d2 simply set the registry burflag as D4 & start FRS serrvice.

Type net share on cmd & see if sysvol share comes back.

Also,restart dns,KDC,netlogon service to re re-register the DC.

All the Best.

Thanks
Awinish

JorgeSimarroVillarAuthor Commented:
Fine!,

Everything is working again.

Just another more question.

If I had two or more DC's, a backup of SYSVOL and with the same situation, what's the best way to solve the problem.

My attempt:

1. Set Burflags key to D4 on DC1
2. Restart NtFRS service on DC1.
3. Look in your FRS event log if it is successful.
4. Open SYSVOL and see if you policies and scripts are present. If not, you need to restore them from the backup*.
5. Verify SYSVOL is in every single DC.
6. Once SYSVOL and all subfolders are there, restore SYSVOL backup.
7. Verify that Policies are there.

Thank you.
AwinishCommented:
The best way i did on lots of situation,stop the frs service on problem server, copy the complete sysvol from health server dc & replace it on problem server. Start the FRS service. This will also work.


Second option:

Put D4 on DC1(healthy DC without any errror in sysvol) which will act as authoritative server & D2on ADC's to find the sysvol from DC1 server.
snusgubbenCommented:
If you got multiple DC's then it depends on the situation you're in.

If only one DC is in JournalWrap, missing SYSVOL or inconsistent SYSVOL then you can set the Burflag to D2 on the affected DC. It will then dump it's current content to the pre-existing folder and replicate new content from a inbound FRS partner.

To make a domain wide authoritative restore then you need to find what DC that should be the "master". Set D4 to this DC and D2 to all other DC's (FRS services stopped on all DC's).
Start FRS on the "master DC" and wait until it's finished. Then start FRS on the "D2" DC's.
 
SG
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.