Active Directory - JRNL_WRAP_ERROR on one domain controller

Posted on 2014-10-13
Last Modified: 2014-10-13
Technical Information: Windows 2003 forest and all domains are operating at a 2003 functionally level.

Discovered that in one of my domains, I am receiving an error / event ID: 13568. Which says "The file replication service has detected the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE) is in JRNL_WRAP_ERROR."

The domain has two domain controllers (Lets just say DC1 & DC2). Back on 10.2.2013, is when this error in my event viewer first showed up on DC1. On the same day, DC2 is reporting that it can no longer replicate with DC1. DC2 has the PDC and RID manager role. DC1 is the infrastructure master.

My question is: If I set the BurFlags on DC1 to D2, will it restore correctly from DC2? On DC2, I cannot see the SYSVOL or NETLOGON share. I can only see this on DC1.
Question by:ACCESS2008
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 19

Accepted Solution

Miguel Angel Perez Muñoz earned 500 total points
ID: 40377139
When JRNL_WRAP_ERROR on DC1 occurs, replication stops between both dc´s. On a common scenario simply doing a sysvol non-authoritative restoration ( to recover normal situation.
But you must to see sysvol on DC2, since you have not got sysvol on dc2 something is failing on this dc and stops domain controller functions.
Have you try rebooting DC2?

Author Comment

ID: 40377493
Thank you for the comment Miguel.

 I have rebooted DC2 multiple times but this does not seem to resolve anything. Is there something I should look for on DC2 to help me identify what may be happening? I seem to be stuck in a loop where I cannot do a non-authoritative restore because the other domain controllers are not serving off the sysvol and netlogon shares.
LVL 26

Expert Comment

ID: 40377671
You should look through the SYSVOL folders on both DCs to determine which one has the most up-to-date copy and set BurFlags to D4 (authoritative) on that one. If the SYSVOL and NETLOGON shares appear, set BurFlags to D2 on the other DC. If the SYSVOL and NETLOGON shares don't appear on the authoritative DC, there's no point in doing anything to the other one until you get that sorted out, which will likely involve a trip through the event logs.

Author Comment

ID: 40378062
I was able to resolve this,
As suggested by Dave, I ended up setting the BurFlags to D4 on my 2nd domain controller (DC2) as that seemed to have the most up-to-date content. I than set the rest to D2 and restarted all the services. After a few minutes my SYSVOL and NETLOGON shares were present on each domain controller followed by event ID: 13516 which states that the file replication service is no longer preventing the computer <DC2> from becoming a domain controller.

 Thanks for all the help!
LVL 26

Expert Comment

ID: 40378799
It isn't that big a deal, but since you followed my suggestion, shouldn't I get some of the points?

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question