Solved

SYSVOL/NETLOGON Replication problems in domain

Posted on 2013-01-23
6
1,436 Views
Last Modified: 2013-01-24
This problem is so complex, I'll just stick to the basic...

I manage a child domain, in which it's divided in 4 sites in AD.  Each site has 2 DCs under this child domain.    I noticed when applying a change in GP, not all the sites were being affected by the change.  I found out that the actual GPO folder in SYSVOL wasn't being updated in the problematic sites.   I forced replications (via Sites and Services) to no avail.  I manually copied the updated GPO folders in each Sysvol folders in each DC.  (which "fixed" that particular GP issue)

I then tested Netlogon.  In each site, i created a text file in one DC  in each site naming it "a_[site_name].txt" (i therefore created 4 different text files in  the Netlogon folder)  I found that the text files weren't all replicated everywhere (with the exception of one site, which had all 4 text files).  

What I found to be interesting is that the Global Catalog DC did not contain any of the 4 text files (in the site where the GC is at, I created the text file in a 'secondary' DC).  

I did dabble a bit in creating manual connections in Sites and Services, but didn't want to go to far.  I'd hate to have that 'resolve' this since I'm sure there's a more underlying problem than "site A doesn't replicate to site B".

Environment:  Windows Server 2008 R2

I know I'm missing something but this is a start.  So, help is appreciated, as always.  
Thank you.
0
Comment
Question by:Ormat
6 Comments
 
LVL 18

Expert Comment

by:sarang_tinguria
ID: 38812652
Are you using FRS or DFS for sysvol replication..
0
 
LVL 1

Expert Comment

by:t-work
ID: 38812673
Did you look into the DFS log file?
Are there any errors?
0
 

Author Comment

by:Ormat
ID: 38812693
your comments pose an interesting question - how can i tell if i'm using either frs of dfs for replications?
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 4

Expert Comment

by:jjjosef
ID: 38813256
You can follow the quite similar discussion in EE also

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_27152919.html

Also you can follow the technet support also
http://support.microsoft.com/kb/290762
0
 

Author Comment

by:Ormat
ID: 38814779
wow. ran a burflag (d2) since i saw journal wrap errors on a dc, and now the netlogon is missing.. rather, all the shares. now what?!? :)   am i supposed to remove "d2" after having restarted the fsr service?
0
 
LVL 18

Accepted Solution

by:
sarang_tinguria earned 500 total points
ID: 38814992
first check that you have proper Connection objects has been created in Sites and Services
Run repadmin /replsum to check that your replication is good

Browse \\WorkingDC.domain.local copy sysvol & netlogon and keep backup on ProblemDC &  WorkingDC (If can not browse check network connectivity/Port and don't proceed further)

Go to WorkingDC  stop NTFRS service open regedit and go to "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup" change the burflag value to D4 Start NTFRS(File Replication service) service and wait for File Replication event ID 13516 now Go to ProblemDC  stop NTFRS service open regedit go to "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup" change the burflag value to D2 -> Start NTFRS(File Replication service) service and wait for File Replication event ID 13516 now

Check Now your sysvol and netlogon shares are available

Above is called Authoritive(D4) and non-Authoritive Restore (D2)

Refer http://support.microsoft.com/kb/257338 for more info
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

There are two modes of restricted groups GPOs. Replacing mode:   Additive mode:   How do they work? Replacing mode: Everything (users, groups, computers) that is member of the local administrators group will be cleared out. After th…
I'm sure that every Windows systems administrator has written, or at least used, a batch or VBS login script at some point in their career, whether it is to map network drives, install printers, or set some user preferences.  No more! With Window…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now