?
Solved

NTFRS Replication Problems

Posted on 2011-09-22
3
Medium Priority
?
1,515 Views
Last Modified: 2012-05-12
Hi Experts,

Our AD Domain has 6 sites and 12 DC's. For a long time nobody took a really good care over AD replication. Right now every DC has a different sysvol content from each other. And there are many "something_ntfrs_someid" folder, like this:

{CCA243A2-99E7-4FA1-9969-604CB73AF23B}_NTFRS_381bc33a

Yesterday I set burflags D4 in one of these DC and set the other with D2. NTFRS service restarted on all of them. Sysvol content were moved to NTFRS_PreExisting folder as expected. Before doing this procedure, I created a backup of entire sysvol folder on every Domain Controller.

After starting NTFRS service, replication begins. But some files are not being replicated and there are many folders being renamed as the example I put above as there were replication errors. Sysvol content
You can see the folders OLD and POLICIES_NTFRS_000cc1ee under c:\windows\sysvol\sysvol\mydomain

I did manually deleted it all before setting D4 and D4 keys. How they came back again?

We are also have many folders under Scripts folder getting renamed because of replication collision as image below. How do I correct it?

How do I know from which DC a specific DC is getting its data to populate Sysvol content? Netlogon content
Can I just clear all sysvol content, then set D4 and D2 burflgs registry keys and then move back to sysvol folder only the files and folders needed?
0
Comment
Question by:garconer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 36581741
You shouldn't need a D4, what you are seeing there is known as morphed folders, few solutions, more on morphed folders here

http://technet.microsoft.com/en-us/library/bb727056.aspx#ECAA

some places also refer to this as name collisions in sysvol.

Thanks

Mike
0
 

Author Comment

by:garconer
ID: 36581807
Hi Mike,

Tks for the reply. Actually I've already done the instructions in the link you've sent. Folders keep being renamed and many folders and files are not being replicated among dcs. Each dc has dfrs links in place and eventvwr shows event 13568 followed by 13569 which is expected but unfortunately things are not working well. Do you know a tool that shows me from which dc some replicated folder came from?
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 2000 total points
ID: 36584635
1) Normally for an Authoritative Restore you stop at NTFRS services on all DCs.
2) Set burflags to D4 on a known good sysvol (or at this time restore sysvol data from backup then set burflags to D4) then start NTFRS on this server.  You may want to rename the old folders with .old extensions prior to restoring good data.
3) Clean up the folders on all the remaining servers (Policies, Scripts, etc) - renamed them with .old extensions.
4) Set burflags to D2 on all remaining servers and start NTFRS.
5) Wait for FRS to replicate.
6) Clean up the .old stuff if things look good.
This is probably what you need to do to get it back.http://support.microsoft.com/kb/290762

Note:Take the backup of sysvol folder before you proceed.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question