Solved

Scripts folder of Sysvol has gone away

Posted on 2011-09-28
10
620 Views
Last Modified: 2012-06-22
Hi Experts,

My Domain has 6 sites and 8 DC's, 2 of them are 2008 and the rest are 2003 R2 servers. Everything was working pretty well until couple hours ago. The folder SCRIPTS (c:\windows\sysvol\my domain\scripts) has gone away.

I don't know what happened, I don't think some administrator (we are in group of 5) accidentally deleted it.

Instead of trying to find the cause, I just recreated the scripts on one specific DC and got back from backup everyting. But some very stranger behavior happens. As soon I created the scripts folder, it get renamed to Script_ntfrs_123456 (where 123456 is an auto generated number) and was replicated to all others DCs.

I tried to created it again and, again, the folder get renamed.

Any idea what's going on?

Regards

Rodrigo Garcone
0
Comment
Question by:garconer
10 Comments
 
LVL 6

Expert Comment

by:Em Man
ID: 36812758
seems like a Parent DC is replicating.

Are you getting Policy Replication from other domain?
0
 
LVL 6

Expert Comment

by:Em Man
ID: 36812765
can you run a DCDIAG and post the result?
0
 

Author Comment

by:garconer
ID: 36812784
taga_ipil,

There is no parent DC or parent Domain in place. We have just only one domain. Can't past DCDIAG here due to sensitive information bringed together with the results. But can tell that all tests passed
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:garconer
ID: 36812788
I have this:

Starting test: Replications
         * Replications Check
         * Replication Latency Check
            DC=ForestDnsZones,DC=domain,DC=com
               Latency information for 7 entries in the vector were ignored.
                  7 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=DomainDnsZones,DC=domain,DC=com
               Latency information for 7 entries in the vector were ignored.
                  7 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Schema,CN=Configuration,DC=domain,DC=com
               Latency information for 73 entries in the vector were ignored.
                  73 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Configuration,DC=domain,DC=com
               Latency information for 73 entries in the vector were ignored.
                  73 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=domain,DC=com
               Latency information for 73 entries in the vector were ignored.
                  73 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
         ......................... SERVER passed test Replications
      Test omitted by user request: Topology
      Test omitted by user request: CutoffServers
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 300 total points
ID: 36812792
What you are seeing here is known as morphed folders, more information on them and fixes here   http://technet.microsoft.com/en-us/library/bb727056.aspx#ECAA

We are on different time zones because it is bed time for me here but I'll be back in the morning.

Thanks

Mike
0
 

Author Comment

by:garconer
ID: 36812804
I know it is related to morphed folders, but I need to know why it happens and why scripts folder got deleted.
0
 
LVL 24

Assisted Solution

by:Sandeshdubey
Sandeshdubey earned 100 total points
ID: 36812806
Refer this link:http://support.microsoft.com/?id=328492.
This is probably what you need to do to get it back.http://support.microsoft.com/kb/290762
1) Normally for an Authoritative Restore you stop at NTFRS services on all DCs.
2) Set burflags to D4 on a known good sysvol (or at this time restore sysvol data from backup then set burflags to D4) then start NTFRS on this server.  You may want to rename the old folders with .old extensions prior to restoring good data.
3) Clean up the folders on all the remaining servers (Policies, Scripts, etc) - renamed them with .old extensions.
4) Set burflags to D2 on all remaining servers and start NTFRS.
5) Wait for FRS to replicate.
6) Clean up the .old stuff if things look good.
0
 

Author Comment

by:garconer
ID: 36812820
Hi Sandeshdubey,

I did this last week when cleaning up DC's replication. Everything was working fine since them, but today scripts folder got deleted.

I've neve seen this before. Stranger is the fact that when i try to re-create this folder, its gets renamed right the way.

I was not thinking of using burflags again. I wish to find what cause this issue before using burflgas. Otherwise the problem can (and will) comes back again.
0
 
LVL 7

Assisted Solution

by:ComputerBeast
ComputerBeast earned 100 total points
ID: 36813190
Hi all,

Ridrigo, Run repadmin /showrepl, check results, should be no error, also check replmon to check replication.

Thank you
Anil
0
 

Author Comment

by:garconer
ID: 36813266
Hi,

The results are always fine. I rebuilt Sysvol Tree with Burflags cause have no time to troubleshoot this since in couple hours the office will be opened again.

After Burflgas, replication is working again. Couldn't find the problem's root cause. Will keep an eyes on it.

Thank you all.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Companies that have implemented Microsoft’s Active Directory need to ensure that the Active Directory is configured and operating properly. If there are issues found and not resolved, it eventually leads the components to fail or stop working and fi…
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question