?
Solved

AD / GC offline in single DC SBS domain after NTFRS error resolution attempt

Posted on 2013-11-30
2
Medium Priority
?
882 Views
Last Modified: 2013-11-30
Good afternoon!

I believe I screwed myself while performing some routine maintenance on our single Domain Controller SBS 2011 Standard domain...

I was looking through the log files and saw this entry:
EVENT ID 13559 : NtFrs
"""""
The File Replication Service has detected that the replica root path has changed from "c:\windows\sysvol\domain" to "c:\windows\sysvol\domain". If this is an intentional move then a file with the name NTFRS_CMD_FILE_MOVE_ROOT needs to be created under the new root path.
This was detected for the following replica set:
    "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"
 
Changing the replica root path is a two step process which is triggered by the creation of the NTFRS_CMD_FILE_MOVE_ROOT file.
 
 [1] At the first poll which will occur in 5 minutes this computer will be deleted from the replica set.
 [2] At the poll following the deletion this computer will be re-added to the replica set with the new root path. This re-addition will trigger a full tree sync for the replica set. At the end of the sync all the files will be at the new location. The files may or may not be deleted from the old location depending on whether they are needed or not.
"""""

I proceeded to follow these instructions to repair this (supposed) issue. I created the file in the indicated location, and sure enough, it triggered some kind of rebuild, it moved the current files out to a "temporary" folder, and I went about my day. About an hour later, I realized that we were having login trouble across the domain, and saw numerous errors in event logs across several servers, indicating that AD was down.

After running more tests and looking at logs, I realized that the "resync" that I had triggered was not completing, and the Server was not advertising Authentication services without it.

So... I'm stuck. I have good backups, and can revert to the last good state if needed, HOWEVER, since this is SBS, I have Exchange data to worry about (as of right now, my last good backup is over 24 hours old), so I'd have to deal with that if I can't repair Active Directory.

Ideas? See attached files for DCDiag and IPConfig output - let me know if other logs/data are needed. Thanks!


ipconfig-all.txt

dcdiag.txt
0
Comment
Question by:Kordel Eberly
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 37

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 39687359
Please confirm If you have only one domain controller ?

If yes, you can Authoritatively restore Sysvol with D4 Burgflag method

To complete an authoritative restore, stop the FRS service, configure the
BurFlags registry key, and then start the FRS service.


To do so:
1.Click Start, and then click Run.
2.In the Open box, type cmd and then press ENTER.
3.In the Command box, type net stop ntfrs.
4.Click Start, and then click Run.
5.In the Open box, type regedit and then press ENTER.
6.Locate the following subkey in the registry:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup

7.In the right pane, double click BurFlags.
8.In the Edit DWORD Value dialog box, type D4 and then click OK.
9.Quit Registry Editor, and then switch to the Command box.
10.In the Command box, type net start ntfrs.


 When the FRS service is restarted, the following actions occur:
•The value for the BurFlags registry key is set back to 0.
• An event 13566 is logged to signal that an authoritative restore is started.
•Files in the reinitialized FRS replicated directories remain unchanged and become authoritative on direct replication. Additionally, the files become indirect replication partners through transitive replication.
•The FRS database is rebuilt based on current file inventory.
•When the process is complete, an event 13516 is logged to signal that FRS is operational. If the event is not logged, there is a problem with the FRS configuration.

Please check below articles for more information
http://support.microsoft.com/kb/290762 - Check Authoritative Restore Section
http://networkadminkb.com/KB/a473/how-to-fix-event-id-13559-the-replica-root-path-has-changed.aspx

Mahesh
0
 

Author Closing Comment

by:Kordel Eberly
ID: 39687413
Mahesh, thank you! Spot on!

I performed the authoritative restore per your instructions (and the references provided), and am back up and running! Much less painful than I expected - thank you so much!!!!!!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question