Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


FRS - The File Replication Service has detected that the replica set "Domain System Volume SYSVOL SHARE)

Posted on 2014-08-28
Medium Priority
Last Modified: 2016-06-12
Hi all,

Quick overview (Domain Functional Level: 2008, Forest Functional Level: 2008)

the client has 2 domain controllers (DC1 and DC2 both running Windows Server 2008) that are in the state of JRNL_WRAP_ERROR.
This problem has existed since May 2013 and wasn't picked up until a 3rd DC (Windows Server 2012 R2) was added to the domain and didn't replicate the SYSVOL share. Backups therefore are out of date (a year and a bit)

On DC1
Event ID: 13561 - JRNL_WRAP_ERROR
Event ID: 13562 - Could not bind to a Domain Controller. Will try again at next polling cycle.
Sysvol/Netlogon shares are accessible

Event ID: 13508 - The FRS is having trouble enabling replication from DC2 to DC1 and will keep retrying.
Event ID: 13561 - JRNL_WRAP_ERROR
Sysvol/Netlogon shares are inaccessible

On DC3
Event ID: 13508 - The FRS is having trouble enabling replication from DC2 to DC3 and will keep retrying.
Event ID: 13508 - The FRS is having trouble enabling replication from DC1 to DC3 and will keep retrying.
Event ID: 13565 - FRS is initializing the system volume with data from another DC. Computer DC3 cannot become a DC until this process is complete
Event ID: 5706 - The Netlogon service could not create server share C:\Windows\SYSVOL\sysvol\domain\SCRIPS. The following error occured: The system cannot find the file specified.

There is also a transitive forest trust between this domain and another domain.
DNS zones are replicating ok.

Any advice?

Microsoft support call?

Thanks in advance
Question by:Summerhits

Accepted Solution

dipersp earned 2000 total points
ID: 40290114
The forest trust is what I'm not sure about here.  Otherwise, you need to set the BURFLAGS registry key on all of the DCs.

Basic steps are to stop FRS service on all three.  Make a backup copy of the SYSVOL and NETLOGON folder on each DC (Don't need to do this on the new DC since it doesn't have them yet.)

On the DC that you trust the most to have the best information, set BURFLAGS to D4.  On the other two DCs, set it to D2.  Start FRS on the DC where you set it to D4 and give it a few minutes.  Monitor the BURFLAGS key to make sure it goes back to 0 and check the event logs for FRS.  If all seems good, then start FRS on the other two DCs.  Same deal - monitor.

Once all are happy, you may have to merge some data between the NETLOGON and SYSVOL folders you backed up.

Here's an article that might help a little.


Author Comment

ID: 40290265
Thanks very much for the reply.

I think the DC that trust the most is DC1 in this case as DC2 doesn't appear to be working well at all.

Was worried about doing that due to  the forest trust.

Another thing i was thinking of was unplugging DC2 and doing a dcpromo /forceremoval with a metadata cleanup.

At this stage it seems like the only option.

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension . This reminded me of questions that come up here at EE along the lines of, "How can I tell the type of file from its cont…
In this tutorial, we’re going to learn how to convert Youtube to mp3 for Free. We'll show you how easy it is to make an mp3 from your video clips so that you can enjoy them offline.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question