Solved

SYSVOL/NETLOGON Replication problems in domain

Posted on 2013-01-23
6
1,536 Views
Last Modified: 2013-01-24
This problem is so complex, I'll just stick to the basic...

I manage a child domain, in which it's divided in 4 sites in AD.  Each site has 2 DCs under this child domain.    I noticed when applying a change in GP, not all the sites were being affected by the change.  I found out that the actual GPO folder in SYSVOL wasn't being updated in the problematic sites.   I forced replications (via Sites and Services) to no avail.  I manually copied the updated GPO folders in each Sysvol folders in each DC.  (which "fixed" that particular GP issue)

I then tested Netlogon.  In each site, i created a text file in one DC  in each site naming it "a_[site_name].txt" (i therefore created 4 different text files in  the Netlogon folder)  I found that the text files weren't all replicated everywhere (with the exception of one site, which had all 4 text files).  

What I found to be interesting is that the Global Catalog DC did not contain any of the 4 text files (in the site where the GC is at, I created the text file in a 'secondary' DC).  

I did dabble a bit in creating manual connections in Sites and Services, but didn't want to go to far.  I'd hate to have that 'resolve' this since I'm sure there's a more underlying problem than "site A doesn't replicate to site B".

Environment:  Windows Server 2008 R2

I know I'm missing something but this is a start.  So, help is appreciated, as always.  
Thank you.
0
Comment
Question by:Ormat
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 38812652
Are you using FRS or DFS for sysvol replication..
0
 
LVL 1

Expert Comment

by:t-work
ID: 38812673
Did you look into the DFS log file?
Are there any errors?
0
 

Author Comment

by:Ormat
ID: 38812693
your comments pose an interesting question - how can i tell if i'm using either frs of dfs for replications?
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 4

Expert Comment

by:jjjosef
ID: 38813256
You can follow the quite similar discussion in EE also

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_27152919.html

Also you can follow the technet support also
http://support.microsoft.com/kb/290762
0
 

Author Comment

by:Ormat
ID: 38814779
wow. ran a burflag (d2) since i saw journal wrap errors on a dc, and now the netlogon is missing.. rather, all the shares. now what?!? :)   am i supposed to remove "d2" after having restarted the fsr service?
0
 
LVL 18

Accepted Solution

by:
Sarang Tinguria earned 500 total points
ID: 38814992
first check that you have proper Connection objects has been created in Sites and Services
Run repadmin /replsum to check that your replication is good

Browse \\WorkingDC.domain.local copy sysvol & netlogon and keep backup on ProblemDC &  WorkingDC (If can not browse check network connectivity/Port and don't proceed further)

Go to WorkingDC  stop NTFRS service open regedit and go to "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup" change the burflag value to D4 Start NTFRS(File Replication service) service and wait for File Replication event ID 13516 now Go to ProblemDC  stop NTFRS service open regedit go to "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup" change the burflag value to D2 -> Start NTFRS(File Replication service) service and wait for File Replication event ID 13516 now

Check Now your sysvol and netlogon shares are available

Above is called Authoritive(D4) and non-Authoritive Restore (D2)

Refer http://support.microsoft.com/kb/257338 for more info
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question