DCDIAG on SBS 2008: "frsevent" test fails ("There are warning or error events within the last 24 hours after the sysvol has been shared.")

My customer wants to migrate from SBS 2008 to multiple VMs (DC, Exchange, etc.).  The SBS 2008 server is the only domain controller in this organization.  As part of this process, before we begin the migration, I ran dcdiag on the SBS 2008 VM.  3 tests failed:  systemlog, ncsecdesc, and frsevent.

Systemlog will fail if any errors are detected in the event log(s), so we're not worried about that.  As for ncsecdesc, MS KB 967482 (see here) says we don't have to worry about that either.  Which leaves the frsevent failure, the full text of which is as follows:

"There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems."

What causes this frsevent warning, do we need to be concerned about it, and if so, how do we fix it?

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David AtkinTechnical DirectorCommented:

Try restarting the File Replication Service first.  Once done, check the File replication Service event log and look for the event 13516 to confirm its ok again.

Finally run dcdiag again and check for the failure again.

Presuming there are no other DCs?
AA-in-CAAuthor Commented:
That's correct, this is the only DC.  Given what's about to follow, that has me worried.

To be more specific:  I restarted the service, ran dcdiag again on a whim (same problem), and then checked the FRS log.  Following the service restart, there's an error entry, event 13568, calling out a journal wrap error:

Log Name:      File Replication Service
Source:        NtFrs
Date:          6/24/2015 10:27:47 AM
Event ID:      13568
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      DC.MyDomain.org
The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.
 Replica set name is    : "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"
 Replica root path is   : "c:\windows\sysvol\domain"
 Replica root volume is : "\\.\C:"
 A Replica set hits JRNL_WRAP_ERROR when the record that it is trying to read from the NTFS USN journal is not found.  This can occur because of one of the following reasons.
 [1] Volume "\\.\C:" has been formatted.
 [2] The NTFS USN journal on volume "\\.\C:" has been deleted.
 [3] The NTFS USN journal on volume "\\.\C:" has been truncated. Chkdsk can truncate the journal if it finds corrupt entries at the end of the journal.
 [4] File Replication Service was not running on this computer for a long time.
 [5] File Replication Service could not keep up with the rate of Disk IO activity on "\\.\C:".
 Setting the "Enable Journal Wrap Automatic Restore" registry parameter to 1 will cause the following recovery steps to be taken to automatically recover from this error state.
 [1] At the first poll, which will occur in 5 minutes, this computer will be deleted from the replica set. If you do not want to wait 5 minutes, then run "net stop ntfrs" followed by "net start ntfrs" to restart the File Replication Service.
 [2] At the poll following the deletion this computer will be re-added to the replica set. The re-addition will trigger a full tree sync for the replica set.
WARNING: During the recovery process data in the replica tree may be unavailable. You should reset the registry parameter described above to 0 to prevent automatic recovery from making the data unexpectedly unavailable if this error condition occurs again.
To change this registry parameter, run regedit.
Click on Start, Run and type regedit.
Click down the key path:
Double click on the value name
   "Enable Journal Wrap Automatic Restore"
and update the value.
If the value name is not present you may add it with the New->DWORD Value function under the Edit Menu item. Type the value name exactly as shown above.

I researched this error, and most of the fixes involve using another DC's data to fix the 'bad' DC's sysvol.  The problem is, I don't have another DC to use.  Do I just follow the instructions in the event log message?
David AtkinTechnical DirectorCommented:
Yes that's correct. Follow the instructions listed in the article. Check to see if it has been successful and disable once complete.
The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

David AtkinTechnical DirectorCommented:
Have a look at this EE post for reference:

The Burflags fix is also on there as well if the instructions in the event information doesn't resolve it.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AA-in-CAAuthor Commented:
Sorry for the delayed response, David! Thanks for your help--performing a D4 (authoritative) restore per MS KB 290762 fixed the issue.
David AtkinTechnical DirectorCommented:
No problem. Glad your issue is resolved. Thanks for posting back.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.