Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Replication issues for AD[Windows 2008 R2 forest/domain functional level]

Posted on 2015-01-05
4
Medium Priority
?
610 Views
Last Modified: 2015-01-05
Hello Experts,

I have a customer that is experiencing a lot of AD replication issues. There is one DC in particular, that is running into some DNS, DS, and FRS replication issues.

To be more specific,

Server1 reports - The File Replication Service has detected that the replica set "DOMAIN
SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR. NOTE: All
servers report errors trying to sync with Server1

I ran dcdiag, and show repl, which results are attached to this email

I did also attach server logs [app, sys, DS, DNS, FRS] and some screenshots with the main errors found

Can someone please provide an action plan to fix all errors displayed on each server log for AD replication?

FYI, please unzip file with server logs, and rename for a valid extension, evtx so that, you can open and see logs from event viewer
JUP1-repl.txt
JUP1-dcdiag.txt
JUP-Server-logs.zip
Error1.jpg
Error2.jpg
Error3.jpg
0
Comment
Question by:Jerry Seinfield
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 34

Expert Comment

by:it_saige
ID: 40532465
These errors are related to the jet database used for the File Replication Services (FRS).  It is not uncommon for the jet database to become corrupted on the FRS replica master (especially in Server 2003).  Microsoft released a TID that addresses reinitializing the FRS recplica sets here: http://support.microsoft.com/kb/290762

In a nutshell, the process involves stopping the FRS service, editing the BurFlags setting in the registry and restarting the FRS Service.

You first want to ensure that you have stopped and disabled the FRS service on all DC's (with exception to the DC that is running the PDCe FSMO role).  Then on the server that is running the PDCe FSMO role:

1. Stop the FRS service.

2. Modify the registry setting for the BurFlags key using a value of D4.

3. Restart the FRS service.


After you verify successful FRS replica set reinitialization (look for event 13516), on the remain DC's:

1. Modify the registry setting for the BurFlags key using a value of D2.

2. Re-enable and restart the FRS service.


For more information on troubleshooting JRNL_WRAP errors: http://support.microsoft.com/kb/292438

-saige-
0
 
LVL 83

Expert Comment

by:David Johnson, CD, MVP
ID: 40532482
you need to do an authoritative restore

1.

   For an Authoritative Restore you must stop the NTFRS services on all of your DCs    

2.

In the registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process
        Set the BurFlags setting to HEX “D4” on a known DC that has a good SYSVOL (or at this time restore SYSVOL data from backup then set the Burflag to D4)    

3.

   Then start NTFRS on this  server.        You may want to rename the old folders with .old extensions prior to restoring good data.
    Clean up the folders on all the remaining servers (Policies, Scripts, etc) – renamed them with .old extensions.
 

4.

 Set the BurFlags to D2 on all remaining servers and then start NTFRS.    Wait for FRS to replicate.
    Clean up the .old stuff if things look good.
    If the “D4″ won’t solve the problem try the “D2″ value.
http://bit.ly/1BBGsmr
0
 

Author Comment

by:Jerry Seinfield
ID: 40532583
Thanks Folks,

Can you please validate if I have to perform a non-authoritative restore or authoritative restore?. Please see action plan below as per your guidelines, and validate whether is correct or not

1. stopped and disabled the FRS service on all DC's (with exception to the DCs that is running the PDCe FSMO role. We do have two DCs in one site holding FSMO roles, DC 1 and DC2[ fsmo roles are splitted], therefore step number one should not be applied to DC1 and DC2

2. Either from DC1 or DC2 run the following steps:
•      Stop the FRS service.
•      Modify the registry setting for the BurFlags key using a value of D4.
•      Restart the FRS service

After you verify successful FRS replica set reinitialization (look for event 13516), on the remain DC's:

•      Modify the registry setting for the BurFlags key using a value of D2.
•      Re-enable and restart the FRS service.
The two steps above are only applicable to the remaining DCs [not applicable for DC1 and DC2 for holding FSMO roles]

Do you recommend to transfer all FSMO roles to a single DCs, before even start this plan, so that we have all FSMO roles on a single machine?

Is there a command or a way to check when sysvol in healthy on a domain controller?

Please, advice
0
 
LVL 34

Accepted Solution

by:
it_saige earned 2000 total points
ID: 40532618
If you use the instructions that I provided you are doing both an Authoritative (BurFlags=D4) and Non-Authoritative (BurFlags=D2) restore.

David's instructions are the same as mine.  His are missing the critical part about disabling the FRS Service on *all* of the DC's with exception to the PDCe FSMO role holder.

Even if your FSMO roles are split, there is only one PDCe FSMO role holder.  This is the one that you would perform the Authoritative restore on.  Once you have verified that the Authoritative restore has completed (check for Event 13516 in the FRS Event Log on the PDCe FSMO role holder).  Then you would perform Non-Authoritative restores on all remaining DC's.

As for validating SYSVOL:  You can use the FRS Diagnostic Tool

Also you can check the status of your SYSVOL and NETLOGON shares on the DC's: http://technet.microsoft.com/en-us/library/cc728051%28v=WS.10%29.aspx

-saige-
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question