[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

journal wrap error 13568

Posted on 2013-10-23
9
Medium Priority
?
617 Views
Last Modified: 2013-11-06
Hi Folks,

To cut out the long story, I have an SBS 2003 server.  There was once another DC added to the network but it died.  So it went into tombstone state.

I'm now migrating to SBS 2011 and have the journal wrap error.  So I have used the ntdsutil to clean up the metadata successfully as per the excellent article at http://www.petri.co.il/delete_failed_dcs_from_ad.htm

The journal wrap condition still exists.  My choices now are:

set the BurFlags to D2
set the BurFlags to D4
or enable journal wrap automatic restore

From my reading up on these options, all three pose a threat of possible data loss which I obviously want to avoid.  I have backed up the system state at several stages already.

Which option is the right one to do?
0
Comment
Question by:tech53
  • 5
  • 4
9 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39594505
I always use the D4 for SBS as it is the Master server on a network.

Alan
0
 
LVL 1

Author Comment

by:tech53
ID: 39594521
Thanks.  I know I'm in a bad place with this, but the D4 option is pretty drastic.  I did this before in an identical situation and active directory disappeared on a reboot.

When the D4 option is set, what exactly happens? I now it rebuilds AD from scratch, but where does it rebuild it from? And is that source reliable?

thanks again
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 2000 total points
ID: 39594543
It's not quite that drastic - it just reinitializes the File Replication Service - it doesn't re-write AD.

http://support.microsoft.com/kb/290762
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39594554
Just make sure you have a system state and server backup - then you can recover AD if it does go south, not that I have ever needed it.
0
 
LVL 1

Author Comment

by:tech53
ID: 39594564
Ok.  how long does it take?  Its a small SBS network with 15 users. No customised GPOs.

Also when rebuilds, is it like replaying the logs or something?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39594604
It's usually very quick - worst case about 15 minutes.

No logs to replay - just does the following (from the link I posted):

When the FRS service is restarted, the following actions occur:
The value for the BurFlags registry key is set back to 0.
An event 13566 is logged to signal that an authoritative restore is started.
Files in the reinitialized FRS replicated directories remain unchanged and become authoritative on direct replication. Additionally, the files become indirect replication partners through transitive replication.
The FRS database is rebuilt based on current file inventory.
When the process is complete, an event 13516 is logged to signal that FRS is operational. If the event is not logged, there is a problem with the FRS configuration.
0
 
LVL 1

Author Comment

by:tech53
ID: 39594624
Ok. cool.  I did read this but wanted the expert translation and support.

I'll apply it now and post back.

cheers
0
 
LVL 1

Author Comment

by:tech53
ID: 39594677
Perfect!  Thanks for the help.  Although I had researched this a bit before posting, Its always good to get the re-assurance from an expert.

AD rebuilt in les than 1 minute.
NTFRS logs are clear.
Items recently added to AD are present.

I'll do a server reboot later to be sure, but it all looks good.

Thanks a million Alan.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39594804
You are welcome - always pays to check before you hose your system!!
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question