Solved

Replication issues for AD[Windows 2008 R2 forest/domain functional level]

Posted on 2015-01-05
4
477 Views
Last Modified: 2015-01-05
Hello Experts,

I have a customer that is experiencing a lot of AD replication issues. There is one DC in particular, that is running into some DNS, DS, and FRS replication issues.

To be more specific,

Server1 reports - The File Replication Service has detected that the replica set "DOMAIN
SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR. NOTE: All
servers report errors trying to sync with Server1

I ran dcdiag, and show repl, which results are attached to this email

I did also attach server logs [app, sys, DS, DNS, FRS] and some screenshots with the main errors found

Can someone please provide an action plan to fix all errors displayed on each server log for AD replication?

FYI, please unzip file with server logs, and rename for a valid extension, evtx so that, you can open and see logs from event viewer
JUP1-repl.txt
JUP1-dcdiag.txt
JUP-Server-logs.zip
Error1.jpg
Error2.jpg
Error3.jpg
0
Comment
Question by:Jerry Seinfield
  • 2
4 Comments
 
LVL 32

Expert Comment

by:it_saige
Comment Utility
These errors are related to the jet database used for the File Replication Services (FRS).  It is not uncommon for the jet database to become corrupted on the FRS replica master (especially in Server 2003).  Microsoft released a TID that addresses reinitializing the FRS recplica sets here: http://support.microsoft.com/kb/290762

In a nutshell, the process involves stopping the FRS service, editing the BurFlags setting in the registry and restarting the FRS Service.

You first want to ensure that you have stopped and disabled the FRS service on all DC's (with exception to the DC that is running the PDCe FSMO role).  Then on the server that is running the PDCe FSMO role:

1. Stop the FRS service.

2. Modify the registry setting for the BurFlags key using a value of D4.

3. Restart the FRS service.


After you verify successful FRS replica set reinitialization (look for event 13516), on the remain DC's:

1. Modify the registry setting for the BurFlags key using a value of D2.

2. Re-enable and restart the FRS service.


For more information on troubleshooting JRNL_WRAP errors: http://support.microsoft.com/kb/292438

-saige-
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
Comment Utility
you need to do an authoritative restore

1.

   For an Authoritative Restore you must stop the NTFRS services on all of your DCs    

2.

In the registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process
        Set the BurFlags setting to HEX “D4” on a known DC that has a good SYSVOL (or at this time restore SYSVOL data from backup then set the Burflag to D4)    

3.

   Then start NTFRS on this  server.        You may want to rename the old folders with .old extensions prior to restoring good data.
    Clean up the folders on all the remaining servers (Policies, Scripts, etc) – renamed them with .old extensions.
 

4.

 Set the BurFlags to D2 on all remaining servers and then start NTFRS.    Wait for FRS to replicate.
    Clean up the .old stuff if things look good.
    If the “D4″ won’t solve the problem try the “D2″ value.
http://bit.ly/1BBGsmr
0
 

Author Comment

by:Jerry Seinfield
Comment Utility
Thanks Folks,

Can you please validate if I have to perform a non-authoritative restore or authoritative restore?. Please see action plan below as per your guidelines, and validate whether is correct or not

1. stopped and disabled the FRS service on all DC's (with exception to the DCs that is running the PDCe FSMO role. We do have two DCs in one site holding FSMO roles, DC 1 and DC2[ fsmo roles are splitted], therefore step number one should not be applied to DC1 and DC2

2. Either from DC1 or DC2 run the following steps:
•      Stop the FRS service.
•      Modify the registry setting for the BurFlags key using a value of D4.
•      Restart the FRS service

After you verify successful FRS replica set reinitialization (look for event 13516), on the remain DC's:

•      Modify the registry setting for the BurFlags key using a value of D2.
•      Re-enable and restart the FRS service.
The two steps above are only applicable to the remaining DCs [not applicable for DC1 and DC2 for holding FSMO roles]

Do you recommend to transfer all FSMO roles to a single DCs, before even start this plan, so that we have all FSMO roles on a single machine?

Is there a command or a way to check when sysvol in healthy on a domain controller?

Please, advice
0
 
LVL 32

Accepted Solution

by:
it_saige earned 500 total points
Comment Utility
If you use the instructions that I provided you are doing both an Authoritative (BurFlags=D4) and Non-Authoritative (BurFlags=D2) restore.

David's instructions are the same as mine.  His are missing the critical part about disabling the FRS Service on *all* of the DC's with exception to the PDCe FSMO role holder.

Even if your FSMO roles are split, there is only one PDCe FSMO role holder.  This is the one that you would perform the Authoritative restore on.  Once you have verified that the Authoritative restore has completed (check for Event 13516 in the FRS Event Log on the PDCe FSMO role holder).  Then you would perform Non-Authoritative restores on all remaining DC's.

As for validating SYSVOL:  You can use the FRS Diagnostic Tool

Also you can check the status of your SYSVOL and NETLOGON shares on the DC's: http://technet.microsoft.com/en-us/library/cc728051%28v=WS.10%29.aspx

-saige-
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now