Thursday, August 20, 2009

Fix SYSVOL replication problems

I have four domain controllers, three of which were working fine. The fourth, which happened to be the master of practically everything active directory, wouldn't replicate correctly to the other DCs. The main error I found in the event log was a JRNL_WRAP_ERROR, with some information regarding changing a registry key and performing a non-authoratative restore in order to get replication going again. Well, some further reading suggested against using the registry hack provided in the actual event record citing potential problems, and instead pointed me in the direction of a different registry hack involving a BurFlags registry key entry. Needless to say, I went ahead and used this second suggestion and now all my DCs are replicating correctly again.

You want to make sure you're using this registry hack only on the DC(s) that is reporting replication trouble. You don't need to use it on any other than the problem DC. Also, this will move everything in that DC's local copy of the SYSVOL volume to an Ntfrs_preexisting folder within the SYSVOL share on that machine since this method will repopulate the SYSVOL share from a second DC. Otherwise you would lose anything in the SYSVOL on the problematic DC, which may or may not be a problem. In my case I would've lost the changes I had made to group policy, which was led me to realizing the AD replication was screwed up.

Ok, here's how to fix your SYSVOL replication problem:

1. Log in to the domain controller that is having the replication problem
2. Open the command prompt and type net stop ntfrs, then press Enter. This will stop the file replication service
3. Now open the registry editor (Start->Run, then type regedit and click Ok)
4. Navigate to the following registry key: HKEY_LOCAL_MACHINE->SYSTEM->CurrentControlSet->Services->NtFrs->Parameters->Backup/Restore->Process at Startup
5. In the "Process at Startup" section, you should see an entry for "BurFlags". Open the BurFlags setting and change the value to D2. If BurFlags is not there, you can add it (It's just a DWORD value) and set the value
6. Close the Registry Editor and go back to the command prompt
7. Use the command net start ntfrs and press Enter. This will start the file replication service and start the non-authoratative restore of your SYSVOL folder

After step 7 you can check your event log to make sure that there's an entry saying that the DC you're working on was added to the replication set. You should also be able to notice your SYSVOL share having replicated with a copy from one of the other DCs in your domain relatively shortly after restarting FRS.

The initial post that led me down the correct path can be found here. If you want more detailed info, check out MS KB 290762. There you'll find more information regarding verifying that this actually worked, and also they have steps for a full authoratative restore, along with other help for replication issues.

No comments: