Remove From My Forums

(Solved) SYSVOL does not replicate between DCs

일반 토론
0

로그인하여 투표
Hello, i have a problem which I can't sort out.

3 domain controllers: first main 2008 (DNS Server), second 2003 standard and third is also 2003 standard

If i create group policy on second domain controller it appears in first ones SYSVOL\mydomain.com\plocies\ folder.

second and third DCs have empty SYSVOL\mydomain.com folder and event viewer I see a warning ID:13508

The File Replication Service is having trouble enabling replication from first to second for c:\windows\sysvol\domain using the DNS name first.mydomain.com. FRS will keep retrying.

The File Replication Service is having trouble enabling replication from third to second for c:\windows\sysvol\domain using the DNS name third.mydomain.com. FRS will keep retrying.

Same two errors in third server, but the first one has no warnings.

First server is a primary DNS of all three, PING is responding between all servers. Searching the internet I found this linkhttp://support.microsoft.com/kb/315457

And found something strange about First server because in registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Cumulative Replica Sets\GUID
GUID is the GUID of the domain system volume replica set that is shown in the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Replica Sets\GUID

Cumulative replica sets and Replica Sets where empty, where wasn't any folder(Key). I found GUID in ADSI Edit and added it manually, but it didn't helped. SYSVOL does not replicate.

Tried also BurFlags D4 and D2...didn't helped.

Link to dcdiag of First server:

https://skydrive.live.com/redir?resid=3EBDD409B99B1902!134&authkey=!AOu7tW1yeuLh77Q

All three servers where virtualized 6 monts ago. Maybe this could cause any problems ?

Does enyone have any suggestions?
- 편집됨 Baila Baila 2013년 7월 2일 화요일 오전 6:55 solved
2013년 6월 21일 금요일 오전 5:39

모든 응답

0

로그인하여 투표

you can download a tool - frsdiag and run it on all the three domain controller.

It will generate a report and provide more information whats going on. there are some good blogs available to analyze frsdiag data.

2013년 6월 22일 토요일 오후 5:33
0

로그인하여 투표

There must be more events on Second and Third than just the one you mentioned... If you manage GPOs, GPMC by default always connects to the PDC emulator, so the creation of the sysvol folders on First is expected behaviour.
Martin

NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
And - of course - my coke bottle sports car

2013년 6월 22일 토요일 오후 5:50
0

로그인하여 투표
you can download a tool - frsdiag and run it on all the three domain controller.

It will generate a report and provide more information whats going on. there are some good blogs available to analyze frsdiag data.

I ran it in Second server and it shows some errors: http://sdrv.ms/179e11a

ERROR : File Backlog TO server ... is : 269

ERROR on NtFrs_0005.log : "ERROR_ACCESS_DENIED"

ERROR on NtFrs_0003.log : "EPT_S_NOT_REGISTERED

I wonder how bad are these errors... lets keep googling
- 편집됨 Baila Baila 2013년 6월 25일 화요일 오전 6:11 found more info
2013년 6월 25일 화요일 오전 5:15
0

로그인하여 투표
There must be more events on Second and Third than just the one you mentioned... If you manage GPOs, GPMC by default always connects to the PDC emulator, so the creation of the sysvol folders on First is expected behaviour.

Martin

NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
And - of course - my coke bottle sports car

When I restart FRS i get this error :

Error id: 13565

File Replication Service is initializing the system volume with data from another domain controller. Computer Second cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.

To check for the SYSVOL share, at the command prompt, type:
net share

When File Replication Service completes the initialization process, the SYSVOL share will appear.

The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers.

For more information, see Help and Support Center at

And after a 1-2 min. I get the second error which I mentioned before and it appears continuously once per day.

And thank you for some useful information about GPOs :)
- 편집됨 Baila Baila 2013년 6월 25일 화요일 오전 5:26 forgot to thx
2013년 6월 25일 화요일 오전 5:21
0

로그인하여 투표

Hello,

please provide the following files so we get a complete overview:

ipconfig /all >c:\ipconfig.log [all DCs]
dcdiag /v /c /d /e /s:dcname >c:\dcdiag.log
repadmin /showrepl dc* /verbose /all /intersite >c:\repl.log ["dc* is a place holder for the starting name of the DCs if they all begin the same (if more then one DC exists)]
dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045)
ADREPLSTATUS: http://www.microsoft.com/en-us/download/details.aspx?id=30005 can also be exported to file.

As the output will become large, DON'T post them into the thread, please use Windows Sky Drive(with open access!) https://skydrive.live.com and add the link from it here. Also the /e in dcdiag scans the complete forest, so better run it on COB.
Best regards

Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/

Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

2013년 6월 25일 화요일 오전 8:20
0

로그인하여 투표
Hello,

First server:

ipconfig http://sdrv.ms/146MrAu

dcdiag http://sdrv.ms/146Mah9

repadmin http://sdrv.ms/146MwEs

dnslint http://sdrv.ms/146Mxs0

Second server:

ipconfig http://sdrv.ms/146MDQr

dcdiag http://sdrv.ms/146MFrp

repadmin http://sdrv.ms/146MKeA

dnslint http://sdrv.ms/146MQCY

Third server:

ipconfig http://sdrv.ms/146MU5G

dcdiag http://sdrv.ms/146MXOY

repadmin http://sdrv.ms/146N1ym

dnslint http://sdrv.ms/146N2C8

I didn't inserted ADREPLSTATUS because it has no errors and AD is working properly users and computers are replicating
- 편집됨 Baila Baila 2013년 6월 25일 화요일 오전 10:06 forgot
2013년 6월 25일 화요일 오전 10:04
0

로그인하여 투표

Hello,

do NOT use the router as DNS server in the domain, please remove 10.0.1.254 as DNS server on the machines NIC and run ipconfig /flushdns and ipconfig /registerdns and restart the netlogon service on the DCs, other domain machines reboot. Seen on Spinta and dserveris. Also configure each DC at least with another domain DNS server on the NIC as secondary/third.

I assume this is done for internet connectivity BUT therefore configure instead the FORWARDERS in the DNS server properties on the DNS management console on each DNS server.

As dcdiag stated errors about problems toi become full DC do not just restart the netlogon service as mentioned above, instead reboot the DC BUT NOT TOGETHER, do it one by one.

After that check again and also run the commands again.
Best regards

Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/

Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

2013년 6월 25일 화요일 오전 10:29
0

로그인하여 투표

Hello,

do NOT use the router as DNS server in the domain, please remove 10.0.1.254 as DNS server on the machines NIC and run ipconfig /flushdns and ipconfig /registerdns and restart the netlogon service on the DCs, other domain machines reboot. Seen on Spinta and dserveris. Also configure each DC at least with another domain DNS server on the NIC as secondary/third.

I assume this is done for internet connectivity BUT therefore configure instead the FORWARDERS in the DNS server properties on the DNS management console on each DNS server.

As dcdiag stated errors about problems toi become full DC do not just restart the netlogon service as mentioned above, instead reboot the DC BUT NOT TOGETHER, do it one by one.

After that check again and also run the commands again.

Best regards

Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/

Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

We have only 1 DNS server so i removed router from DNS list and left all three DCs with only primary DNS which is 10.0.1.2.

Ran ipconfig /flushdns and ipconfig /registerdns and restarted netlogon service on all DCs, didn't helped replication is still not working. I will try to restart DCs at night but i'm not putting much luck in that :-(

2013년 6월 25일 화요일 오전 11:01
0

로그인하여 투표

Hi,

According to your description Error ID:13565

Event ID: 13565
Event Type: Warning
Rule: Initial non-authoritative restore in progress
Message Text:
File Replication Service is initializing the system volume with data from another domain controller. Computer %1 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL. To check for the SYSVOL share, at the command prompt, type net share.

When File Replication Service completes the initialization process, the SYSVOL share will appear. The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers.

Source - http://support.microsoft.com/kb/308406

Using the BurFlags registry key to reinitialize File Replication Service replica sets (Windows 2003)
http://support.microsoft.com/kb/290762

Check the Status of the SYSVOL and Netlogon Shares (Windows 2008)
http://technet.microsoft.com/en-us/library/cc816833(v=ws.10).aspx

Hope that helps :)
Vikky

2013년 6월 25일 화요일 오전 11:07
0

로그인하여 투표
Hi,

According to your description Error ID:13565

Event ID: 13565
Event Type: Warning
Rule: Initial non-authoritative restore in progress
Message Text:
File Replication Service is initializing the system volume with data from another domain controller. Computer %1 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL. To check for the SYSVOL share, at the command prompt, type net share.

When File Replication Service completes the initialization process, the SYSVOL share will appear. The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers.

Source - http://support.microsoft.com/kb/308406

Using the BurFlags registry key to reinitialize File Replication Service replica sets (Windows 2003)
http://support.microsoft.com/kb/290762

Check the Status of the SYSVOL and Netlogon Shares (Windows 2008)
http://technet.microsoft.com/en-us/library/cc816833(v=ws.10).aspx

Hope that helps :)

Vikky

DCs had 4 days and there is not much data and it didn't finished initialization...

Tried one more time BurFlags:

1) warning 13565:

File Replication Service is initializing the system volume with data from another domain controller. Computer SECOND cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.

2) warning 13520:

The File Replication

Service moved the preexisting files in c:\windows\sysvol\domain to c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog. ....

3) information 13553:
The File Replication Service successfully added this computer to the following replica set:
"DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"

4) information 13554:
The File Replication Service successfully added the connections shown below to the replica set:
"DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"

5) warning 13508:

The File Replication Service is having trouble enabling replication from THIRD to SECOND for c:\windows\sysvol\domain using the DNS name THIRD.mydomain.com. FRS will keep retrying.

sysvol and netlogon are not shared on both dcs... what in the hell i'm missing...
- 편집됨 Baila Baila 2013년 6월 26일 수요일 오전 5:38 mistakes
2013년 6월 25일 화요일 오전 11:29
0

로그인하여 투표

SYSVOL and NETLOGON shares are back with help of: http://www.pandemonium.be/KB/Article.php?DB=P&ID=87

But FRS still outputs warning 13508

2013년 6월 25일 화요일 오후 1:01
0

로그인하여 투표
Problem is solved!!!

First server didn't had NTFRS Subscription object

I created it manually in ADSI Edit and changed BurFlags value in registry one more time and it did the trick, now server are replicating again, thank you all for your help
- 편집됨 Baila Baila 2013년 7월 2일 화요일 오전 6:58 aswd
2013년 7월 2일 화요일 오전 6:55

로그인하여 투표

Hello,

I was also gone through the same kind of issue couple of weeks back:

I had single forest, single domain & 3 domain controllers all were running Windows Server 2K8R2.

DC Names: DC1 (Primary), DC2, DC3

As part of OS up-gradation to windows server 2k12R2 - have demoted DC2 , installed windows server 2k12R2 & re-promoted it as DC with same name; however after promotion of DC2, I have found that SYSVOL & NETLOGON was not shared on my DC2 & in event viewer i was getting event 13565 i.e. "File Replication Service is initializing the system volume with data from another domain controller. ..."

If you are also facing the same issue then you must check below things.

I highly recommend you to test this solution first in test environment.

1) Check if FRS Subscription objects are present - if objects are not present - you can manually create those object - refer this link https://support.microsoft.com/en-in/help/312862/recovering-missing-frs-objects-and-frs-attributes-in-active-directory

2) restart NTFRS & NETLOGON Service on Problem DC & see if it resolves the issue.

3) Try D2 D4 FRS Restore :https://support.microsoft.com/en-in/help/290762/using-the-burflags-registry-key-to-reinitialize-file-replication-servi

4) If all above steps does not help then you need to check if Replica Set & Cumulative replica set registry keys present on each domain controller, In my case registry entries was not present on newly promoted DC2.

Note: Each domain controller have only one replica set & cumulative replica set value on registry - the value of Object GUID of DC & value present in registry on the same DC should match.

Before making any registry changes stop NTFRS & Netlogon on all domain controllers | you can use cmd :

net stop ntfrs && net stop netlogon

Before moving forward, Take registry backup of all domain controllers.

To create registry keys, we required object GUID of domain controller which can be found in ADSI edit:

Go to Adsiedit > connect to Default Naming context > CN=System>CN=File Replication Service> CN=Domain System volume (SYSVOL Share)

Here you will see nTFRS objects for all domain controllers , Right click on domain controller object on which you are having SYSVOL replication issue > go to properties > here you will find ObjectGuid > copy the GUID Value.

Now go to Regedit Navigate to : HKEY_LOCAL_MACHINE\SYSTEM\Currentcontrolset\Services\NtFRS\Paramaters> Cumulative replica sets > right click & select new key > paste GUID (Value copied from ADSI edit)

Create below registry entries in Cumulative replica sets\****GUID****

Name	Type	Data
BurFlag	REG_DWORD	0 (Hexadecimal)
Number of Partners	REG_DWORD	For this value refer the value present on healthy DC

Now go to Regedit Navigate to : HKEY_LOCAL_MACHINE\SYSTEM\Currentcontrolset\Services\NtFRS\Paramaters> replica sets > right click & select new key > paste GUID (Value copied from ADSI edit)

Create below registry entries replica sets\****GUID****

Name	Type	Data
Replica Set Name	REG_SZ	Domain System Volume (SYSVOL SHARE)
Replica Set Root	REG_SZ	Path of SYSVOL folder (ex: C:\windows\sysvol\domain)
Replica Set Stage	REG_SZ	Path of SYSVOL staging folder (ex: C:\windows\sysvol\domain\staging)
Replica Set Tombstoned	REG_DWORD	0 (hexadecimal)
Replica Set Type	REG_SZ	Domain

Follow the same step on all DCs & ensure on all domain controllers the GUID value on & value in registry matches.

5) Transfer FSMO Roles to Healthy Domain controller.

6) Take SYSVOL & NETLOGON folder Backup.

7) Login to PDC where SYSVOL & NETLOGON folders are up to date.

8) Start Regedit > Navigate to :

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup

Change BurFlags Registry value to D4

You can refer to understand D2 & D4 Restore https://support.microsoft.com/en-in/help/290762/using-the-burflags-registry-key-to-reinitialize-file-replication-servi

9) No login to Problem DC (where SYSVOL & NETLOGON not working )

10) Start Regedit > Navigate to :

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup

Change BurFlags Registry value to D2

11) Run below commands on all DCs:

Ipconfig /flushdns

Ipconfig /registerdns

12) Start NTFRS & NETLOGON service on all domain controllers - first start on PDC (where BurFlags value set to D4)

net stop ntfrs && net stop netlogon

13) run below command on all DCs:

Repadmin /syncall /AdeP

Once replication gets complete issue should get resolved.

_________________________________________________________________

Regards,

Shahrukh Shaikh

Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

편집됨 Shahrukh Shaikh 2020년 1월 13일 월요일 오전 5:43

2020년 1월 13일 월요일 오전 5:38

문의자

(Solved) SYSVOL does not replicate between DCs

일반 토론

모든 응답