Solved

Replication issues for AD[Windows 2008 R2 forest/domain functional level]

Posted on 2015-01-05
4
557 Views
Last Modified: 2015-01-05
Hello Experts,

I have a customer that is experiencing a lot of AD replication issues. There is one DC in particular, that is running into some DNS, DS, and FRS replication issues.

To be more specific,

Server1 reports - The File Replication Service has detected that the replica set "DOMAIN
SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR. NOTE: All
servers report errors trying to sync with Server1

I ran dcdiag, and show repl, which results are attached to this email

I did also attach server logs [app, sys, DS, DNS, FRS] and some screenshots with the main errors found

Can someone please provide an action plan to fix all errors displayed on each server log for AD replication?

FYI, please unzip file with server logs, and rename for a valid extension, evtx so that, you can open and see logs from event viewer
JUP1-repl.txt
JUP1-dcdiag.txt
JUP-Server-logs.zip
Error1.jpg
Error2.jpg
Error3.jpg
0
Comment
Question by:Jerry Seinfield
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 34

Expert Comment

by:it_saige
ID: 40532465
These errors are related to the jet database used for the File Replication Services (FRS).  It is not uncommon for the jet database to become corrupted on the FRS replica master (especially in Server 2003).  Microsoft released a TID that addresses reinitializing the FRS recplica sets here: http://support.microsoft.com/kb/290762

In a nutshell, the process involves stopping the FRS service, editing the BurFlags setting in the registry and restarting the FRS Service.

You first want to ensure that you have stopped and disabled the FRS service on all DC's (with exception to the DC that is running the PDCe FSMO role).  Then on the server that is running the PDCe FSMO role:

1. Stop the FRS service.

2. Modify the registry setting for the BurFlags key using a value of D4.

3. Restart the FRS service.


After you verify successful FRS replica set reinitialization (look for event 13516), on the remain DC's:

1. Modify the registry setting for the BurFlags key using a value of D2.

2. Re-enable and restart the FRS service.


For more information on troubleshooting JRNL_WRAP errors: http://support.microsoft.com/kb/292438

-saige-
0
 
LVL 81

Expert Comment

by:David Johnson, CD, MVP
ID: 40532482
you need to do an authoritative restore

1.

   For an Authoritative Restore you must stop the NTFRS services on all of your DCs    

2.

In the registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process
        Set the BurFlags setting to HEX “D4” on a known DC that has a good SYSVOL (or at this time restore SYSVOL data from backup then set the Burflag to D4)    

3.

   Then start NTFRS on this  server.        You may want to rename the old folders with .old extensions prior to restoring good data.
    Clean up the folders on all the remaining servers (Policies, Scripts, etc) – renamed them with .old extensions.
 

4.

 Set the BurFlags to D2 on all remaining servers and then start NTFRS.    Wait for FRS to replicate.
    Clean up the .old stuff if things look good.
    If the “D4″ won’t solve the problem try the “D2″ value.
http://bit.ly/1BBGsmr
0
 

Author Comment

by:Jerry Seinfield
ID: 40532583
Thanks Folks,

Can you please validate if I have to perform a non-authoritative restore or authoritative restore?. Please see action plan below as per your guidelines, and validate whether is correct or not

1. stopped and disabled the FRS service on all DC's (with exception to the DCs that is running the PDCe FSMO role. We do have two DCs in one site holding FSMO roles, DC 1 and DC2[ fsmo roles are splitted], therefore step number one should not be applied to DC1 and DC2

2. Either from DC1 or DC2 run the following steps:
•      Stop the FRS service.
•      Modify the registry setting for the BurFlags key using a value of D4.
•      Restart the FRS service

After you verify successful FRS replica set reinitialization (look for event 13516), on the remain DC's:

•      Modify the registry setting for the BurFlags key using a value of D2.
•      Re-enable and restart the FRS service.
The two steps above are only applicable to the remaining DCs [not applicable for DC1 and DC2 for holding FSMO roles]

Do you recommend to transfer all FSMO roles to a single DCs, before even start this plan, so that we have all FSMO roles on a single machine?

Is there a command or a way to check when sysvol in healthy on a domain controller?

Please, advice
0
 
LVL 34

Accepted Solution

by:
it_saige earned 500 total points
ID: 40532618
If you use the instructions that I provided you are doing both an Authoritative (BurFlags=D4) and Non-Authoritative (BurFlags=D2) restore.

David's instructions are the same as mine.  His are missing the critical part about disabling the FRS Service on *all* of the DC's with exception to the PDCe FSMO role holder.

Even if your FSMO roles are split, there is only one PDCe FSMO role holder.  This is the one that you would perform the Authoritative restore on.  Once you have verified that the Authoritative restore has completed (check for Event 13516 in the FRS Event Log on the PDCe FSMO role holder).  Then you would perform Non-Authoritative restores on all remaining DC's.

As for validating SYSVOL:  You can use the FRS Diagnostic Tool

Also you can check the status of your SYSVOL and NETLOGON shares on the DC's: http://technet.microsoft.com/en-us/library/cc728051%28v=WS.10%29.aspx

-saige-
0

Featured Post

Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question