Active Directory FRS errors

Posted on 2015-02-16
Medium Priority
Last Modified: 2015-07-01
Hey there,

I have 3 DCs between 2 offices:

- oldDC (SBS 2011)
- newDC (2012 R2)
- remoteDC (2012)

newDC was just promoted as a domain controller. We will eventually get rid of oldDC and rely only on newDC in the main office. For now though, oldDC still has all FSMO roles as required by SBS.

I noticed that newDC had SYSVOL/NETLOGON replication errors. Right now it isn't even sharing either folder. I looked into Event Viewer on oldDC and found that it is in journal wrap state. I thought an easy fix would be set BurFlags to D2 on oldDC and newDC and set D4 on remoteDC. However, remoteDC is also not replicating because of oldDC's journal wrap state.

From what I understand, D4 should only be set on a known, good working copy of SYSVOL. Since oldDC has the journal wrap error, I'm worried about setting D4 on it. I also don't have a good, working copy of SYSVOL from a backup.

What do I need to do to resolve this? Additionally, information about backing up all data before I start trying to resolve this would be much appreciated since I don't have a known good backup.

Question by:mjm11
LVL 24

Expert Comment

by:Radhakrishnan R
ID: 40613747

Yes, you need to set D4 On the server which has a good copy of Sysvol, mark the Sysvol structure as the Source. Unfortunately you are not confident about which server has got good copy of Sysvol? So i would suggest to run this MS tool http://www.microsoft.com/en-in/download/details.aspx?id=30005 and identify the replication status.

Once you identified the server then go for the normal Burflag process.
LVL 24

Accepted Solution

VB ITS earned 2000 total points
ID: 40614027
Ran into this exact issue myself last week. Promoted a new 2012 R2 machine to a DC in a SBS 2011 environment and found out that the SYSVOL and NETLOGON shares weren't replicating to the new 2012 R2 DC.

Here's what I did to fix the issue:
- Stop the File Replication Service service on all of your DCs
- On the SBS 2011 server, browse to C:\Windows\SYSVOL\sysvol\yourdomain.local
- Back up the existing Scripts and Policies folders in here to another location for safe keeping or rename them to Scripts.old and Policies.old
- Browse to C:\Windows\SYSVOL\sysvol\yourdomain.local\NtFrs_PreExisting___See_EventLog
- Copy the Scripts and Policies folders in here to C:\Windows\SYSVOL\sysvol\yourdomain.local

Now we need to do an authoritative restore for DFS:
- Still on your SBS 2011 machine, open the Registry Editor
- Browse to the following key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup

Open in new window

- Double click BurFlags and change the value to D4
- Start the File Replication Service service on your SBS 2011 server
- Monitor your event logs to verify that the Journal Wrap error has been resolved and that AD is healthy again (Event ViewerApplications and Services LogsDFS Replication, Directory Service, etc.)
- Once you have verified that Journal Wrap error has been addressed, set BurFlags to D2 on your other DCs and start the FRS service
- Review the logs again and verify that the SYSVOL and NETLOGON shares have been created and are replicating on your new 2012 DCs
- Providing everything goes to plan, you should be able to see the SYSVOL and NETLOGON shares get created on your 2012 DCs and the Policies and Scripts folder have been replicated from your SBS 2011 server

Let me know how you go with the above.
LVL 36

Expert Comment

by:Seth Simmons
ID: 40861240
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Sometimes it necessary to set special permissions on user objects.  For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few…
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question