Active Directory - JRNL_WRAP_ERROR on one domain controller

Posted on 2014-10-13
Medium Priority
Last Modified: 2014-10-13
Technical Information: Windows 2003 forest and all domains are operating at a 2003 functionally level.

Discovered that in one of my domains, I am receiving an error / event ID: 13568. Which says "The file replication service has detected the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE) is in JRNL_WRAP_ERROR."

The domain has two domain controllers (Lets just say DC1 & DC2). Back on 10.2.2013, is when this error in my event viewer first showed up on DC1. On the same day, DC2 is reporting that it can no longer replicate with DC1. DC2 has the PDC and RID manager role. DC1 is the infrastructure master.

My question is: If I set the BurFlags on DC1 to D2, will it restore correctly from DC2? On DC2, I cannot see the SYSVOL or NETLOGON share. I can only see this on DC1.
Question by:ACCESS2008
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 19

Accepted Solution

Miguel Angel Perez Muñoz earned 2000 total points
ID: 40377139
When JRNL_WRAP_ERROR on DC1 occurs, replication stops between both dc´s. On a common scenario simply doing a sysvol non-authoritative restoration (http://msdn.microsoft.com/en-us/library/windows/desktop/cc507518(v=vs.85).aspx) to recover normal situation.
But you must to see sysvol on DC2, since you have not got sysvol on dc2 something is failing on this dc and stops domain controller functions.
Have you try rebooting DC2?

Author Comment

ID: 40377493
Thank you for the comment Miguel.

 I have rebooted DC2 multiple times but this does not seem to resolve anything. Is there something I should look for on DC2 to help me identify what may be happening? I seem to be stuck in a loop where I cannot do a non-authoritative restore because the other domain controllers are not serving off the sysvol and netlogon shares.
LVL 26

Expert Comment

ID: 40377671
You should look through the SYSVOL folders on both DCs to determine which one has the most up-to-date copy and set BurFlags to D4 (authoritative) on that one. If the SYSVOL and NETLOGON shares appear, set BurFlags to D2 on the other DC. If the SYSVOL and NETLOGON shares don't appear on the authoritative DC, there's no point in doing anything to the other one until you get that sorted out, which will likely involve a trip through the event logs.

Author Comment

ID: 40378062
I was able to resolve this,
As suggested by Dave, I ended up setting the BurFlags to D4 on my 2nd domain controller (DC2) as that seemed to have the most up-to-date content. I than set the rest to D2 and restarted all the services. After a few minutes my SYSVOL and NETLOGON shares were present on each domain controller followed by event ID: 13516 which states that the file replication service is no longer preventing the computer <DC2> from becoming a domain controller.

 Thanks for all the help!
LVL 26

Expert Comment

ID: 40378799
It isn't that big a deal, but since you followed my suggestion, shouldn't I get some of the points?

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question