Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Active Directory File replication service not working

Posted on 2012-04-10
15
Medium Priority
?
746 Views
Last Modified: 2012-05-07
Hello the company I work for is  having an odd issue where the netlogon and sysvol folder are working however they aren't replicating.

When I check the File replication service logs I don't see any errors in the logs but I was looking at http://forums.techarena.in/active-directory/704189.htm#post4123495 and saw that it was a similar symptom. However when I type ntfrsutl ds |findstr /i "root stage" it actually returns a blank line rather than a folder.

I typed that command on pretty much all AD servers and all show blank, but 90% of them have a copy of the sysvol and netlogon folder but they're pretty old. Should i be typing Linkd %systemroot%\SYSVOL\SYSVOL\Contoso.com (I know contoso.com should be whatever my current domain is). So I just want to know what my next best steps are.
0
Comment
Question by:Brandon_V
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 4
  • +1
15 Comments
 
LVL 21

Expert Comment

by:motnahp00
ID: 37828201
What do you see when you type repadmin /syncall for a DC?
0
 
LVL 7

Expert Comment

by:BelushiLomax
ID: 37828210
What level of AD are you on? Domain Functional level?
if 03 you can use repadmin or replmon. If 08, use repadmin /replsummary

FRS is used to replicate sysvol and netlogon in 03 but not in 08.

FRSDiag tool is also a good MS Tool to use.
0
 

Author Comment

by:Brandon_V
ID: 37828242
When I do repadmin /syncall I get
CALLBACK MESSAGE: SyncAll Finished.
SyncAll terminated with no errors.


I'm on AD 2003, When I do a repadmin /replsymmary I get the stuff below (so no errors)

Replication Summary Start Time: 2012-04-10 09:23:06

Beginning data collection for replication summary, this may take awhile:
  ...................


Source DC           largest delta  fails/total  %%  error
 Server                    27m:08s    0 /  10    0
 Server                    25m:13s    0 /  73    0
 Server                    27m:02s    0 /  10    0
 Server                    05m:05s    0 /   8    0
 Server                    29m:49s    0 /  63    0
 Server                    27m:09s    0 /   3    0
 Server                    27m:05s    0 /  10    0
 Server                    05m:15s    0 /   5    0
 Server                    27m:03s    0 /  10    0
 Server                    27m:09s    0 /  10    0
 Server                    27m:07s    0 /  10    0
 Server                    27m:07s    0 /  10    0
 Server                    27m:02s    0 /  10    0
 Server                    05m:16s    0 /   5    0
 Server                    27m:06s    0 /  10    0
 Server                    27m:03s    0 /  10    0


Destination DC    largest delta    fails/total  %%  error
 Server                    02m:00s    0 /  10    0
 Server                    05m:23s    0 /  70    0
 Server                    01m:44s    0 /  10    0
 Server                    29m:54s    0 /  10    0
 Server                    27m:14s    0 /  58    0
 Server                       :26s    0 /   9    0
 Server                    04m:24s    0 /  10    0
 Server                    01m:55s    0 /   5    0
 Server                    23m:54s    0 /  10    0
 Server                    06m:47s    0 /  10    0
 Server                    25m:25s    0 /  10    0
 Server                    24m:18s    0 /  10    0
 Server                       :11s    0 /  10    0
 Server                    13m:36s    0 /   5    0
 Server                    24m:03s    0 /  10    0
 Server                    04m:58s    0 /  10    0
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37828285
Alright how do you know the problem is happening?
0
 

Author Comment

by:Brandon_V
ID: 37828290
If I go \\servername\netlogon and change it on one, it doesn't update anywhere.
0
 
LVL 7

Expert Comment

by:BelushiLomax
ID: 37828296
What level of Domain are you? 03 or 08?
0
 

Author Comment

by:Brandon_V
ID: 37828339
03
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 2000 total points
ID: 37828383
You can do the burflag to force replication but I don't see any errors.

Post a dcdiag.

Lets look if we need to do the below.



Take backup of the policies and script folders from both of the servers from c:\Windows\Sysvol\domain
Stop NTFRS service on both DCs.

Make one of the DCs authoritative server by modifying registry setting : Navigate to registry HKLM\System\CCS\Services\NTFRS\Parameters\CumlativeReplicaSets and Set the Burflags value to D4. This should be done with server which has the Updated information available or correct data.

Go to other DC and make that Non-authoritative by navigating to same registry location HKLM\System\CCS\Services\NTFRS\Parameters\CumlativeReplicaSets and Set the Burflags value to D2.

Restart Ntfrs service on both servers and force replication to see event 13516 in event viewer for FRS.
0
 

Author Comment

by:Brandon_V
ID: 37828413
alright I can do that however under the HKLM\System\CCS\Services\NTFRS\Parameters\CumlativeReplicaSets there is no values for anything. So no entry called burflags.

Should it be created ? Also i find it odd that when I type ntfrsutl ds |findstr /i "root stage" it returns a blank line.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37828421
Post dcdiag
0
 
LVL 7

Expert Comment

by:BelushiLomax
ID: 37828472
yes, post dcdiag /c /v and again, the FRSDiag tool will be a big help too:

http://www.microsoft.com/download/en/details.aspx?id=8613
0
 

Author Comment

by:Brandon_V
ID: 37829117
alright so I found the root cause, I just need help with the fix. So the FRSDiag tool shows

NtFrs      1/11/2012 7:55:13 PM      Error      13568      The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.         Replica set name is    : "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"     Replica root path is   : "c:\windows\sysvol\domain"     Replica root volume is : "\\.\C:"      A Replica set hits JRNL_WRAP_ERROR when the record that it is trying to read  from the NTFS USN journal is not found.  This can occur because of one of the  following reasons.  

And then it lists a ton of reasons below

 [1] Volume "\\.\C:" has been formatted.     [2] The NTFS USN journal on volume "\\.\C:" has been deleted.     [3] The NTFS USN journal on volume "\\.\C:" has been truncated. Chkdsk can truncate  the journal if it finds corrupt entries at the end of the journal.     [4] File Replication Service was not running on this computer for a long time.     [5] File Replication Service could not keep up with the rate of Disk IO activity on "\\.\C:".      Setting the "Enable Journal Wrap Automatic Restore" registry parameter to 1 will  cause the following recovery steps to be taken to automatically recover from  this error state.     [1] At the first poll, which will occur in 5 minutes, this computer will be  deleted from the replica set. If you do not want to wait 5 minutes, then  run "net stop ntfrs" followed by "net start ntfrs" to restart the File  Replication Service.     [2] At the poll following the deletion this computer will be re-added to the  replica set. The re-addition will trigger a full tree sync for the replica set.        WARNING: During the recovery process data in the replica tree may be unavailable.  You should reset the registry parameter described above to 0 to prevent  automatic recovery from making the data unexpectedly unavailable if this  error condition occurs again.        To change this registry parameter, run regedit.        Click on Start, Run and type regedit.        Expand HKEY_LOCAL_MACHINE.    Click down the key path:       "System\CurrentControlSet\Services\NtFrs\Parameters"    Double click on the value name       "Enable Journal Wrap Automatic Restore"    and update the value.        If the value name is not present you may add it with the New->DWORD Value function  under the Edit Menu item. Type the value name exactly as shown above.      


Now on the main DC that holds 4 of the 5 FSMO roles it shows the following under KCC event log test

An Error Event occured.  EventID: 0xC0000470
            Time Generated: 04/10/2012   13:01:57
            (Event String could not be retrieved)


It shows that a bunch of times. now under Starting test: VerifyEnterpriseReferences it shows ;
[1] Problem: Missing Expected Value

             Base Object:
            CN=DCSERVER,CN=Servers,CN=CAL,CN=Sites,CN=Configuration,DC=company,DC=ca
             Base Object Description: "Server Object"
             Value Object Attribute: serverReference
             Value Object Description: "DC Account Object"
             Recommended Action: This could hamper authentication (and thus        
             replication,  etc).  Check if this server is deleted, and if so
            clean up this DCs Account  Object.  If the problem persists and
            this is not a deleted DC, authoratively restore the DSA object from
            a good copy, for example the DSA on the DSA's home server.


It shows one of those for every DC server. Now to add to the story we had an AD issue back in Jan and we had a Microsoft ticket where we had to do an authoritative AD restore and it was not on that server it was done on a different server.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37829175
Alright so this post will fix it. You need to determine which one has the most updated information which is usually the one that holds all the roles

Take backup of the policies and script folders from both of the servers from c:\Windows\Sysvol\domain
Stop NTFRS service on both DCs.

Make one of the DCs authoritative server by modifying registry setting : Navigate to registry HKLM\System\CCS\Services\NTFRS\Parameters\CumlativeReplicaSets and Set the Burflags value to D4. This should be done with server which has the Updated information available or correct data.

Go to other DC and make that Non-authoritative by navigating to same registry location HKLM\System\CCS\Services\NTFRS\Parameters\CumlativeReplicaSets and Set the Burflags value to D2.

Restart Ntfrs service on both servers and force replication to see event 13516 in event viewer for FRS.
0
 
LVL 7

Expert Comment

by:BelushiLomax
ID: 37829866
Journal Wrap errors are not unusual and usually not hard to fix. The burflags registry change should resolve it for you.
0
 

Author Comment

by:Brandon_V
ID: 37832297
thanks guys. I will probably have to wait for the weekend for a maintenance window to fix but i'll post the results and close question once performed
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question