Missing SYSVOL/NETLOGON folder/share on DC

[Closed]
Report
-
After struggling with this last night and finally coming to a resolve, I thought I would put the answer in one place for anyone who Googles in the future.

My scenario Is that I'm migrating SBS 2011 to Server 2012 and my SYSVOL wasn't replicating and I had lots of entries for ID 13568 in the File Relication logs to state issues with my SYSVOL which meant that even though I had promoted my SERVER 2012 as a DC, nothing replicated.

So I started with the suggested fix to "Enable Journal Wrap Automatic Restore" as mentioned in the event ID.

Expand HKEY_LOCAL_MACHINE. 
Click down the key path:
"System\CurrentControlSet\Services\NtFrs\Parameters"
Double click on the value name
"Enable Journal Wrap Automatic Restore"
and update the value to 1

If the value name is not present you may add it with the New->DWORD Value function under the Edit Menu item. Type the value name exactly as shown above.

Once I did this I found that the C:\windows\sysvol\sysvol folder had changed from containing <domain>.local folder to a folder called "NtFrs_PreExisting.." which had my previous policies and scripts in.

I then noticed my SYSVOL share had disappeared and I couldnt open any Active Directory program as it said my domain didnt exist or wasn't online - Now I panicked. Users couldnt access domain resources.

My search lead me to https://support.microsoft.com/en-us/help/947022/the-netlogon-share-is-not-present-after-you-install-active-directory-d

In order to restore the SYSVOL share I had to:

    Click Start, click Run, type regedit, and then click OK.
Locate the following subkey in Registry Editor:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
In the details pane, right-click the SysvolReady flag, and then click Modify.
In the Value data box, type 0, and then click OK.
Again in the details pane, right-click the SysvolReady flag, and then click Modify.
In the Value data box, type 1, and then click OK.


Now my SYSVOL folder was back but my NETLOGON folder had disappeared too and the events for the File Replication still existed. However, AD Tools were back and users could access domain resources.

Now to get back SYSVOL and NETLOGON and fix File Replication Errors


Copy the Scripts and Policies folder from C:\Windows\Sysvol\Sysvol\NtFrs_PreExisting___See_EventLog to the desktop AND put them in C:\windows\sysvol\sysvol

Then stop the File Replication Service.

As per https://docs.microsoft.com/en-gb/troubleshoot/windows-server/networking/use-burflags-to-reinitialize-frs you need to change the BurFlags.

Since I only had one DC on the network, I need to be doing the authoritive restore.

    Click Start, and then click Run.
In the Open box, type cmd and then press ENTER.
In the Command box, type net stop ntfrs.
Click Start, and then click Run.
In the Open box, type regedit and then press ENTER.
Locate the following subkey in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
In the right pane, double click BurFlags.
In the Edit DWORD Value dialog box, type D4 and then click OK.
Quit Registry Editor, and then switch to the Command box.
In the Command box, type net start ntfrs.
Quit the Command box.


When the FRS service is restarted, the following actions occur:

The value for the BurFlags registry key is set back to 0
An event 13566 is logged to signal that an authoritative restore is started.
Files in the reinitialized FRS replicated directories remain unchanged and become authoritative on direct replication. Additionally, the files become indirect replication partners through transitive replication.
The FRS database is rebuilt based on current file inventory.
When the process is complete, an event 13516 is logged to signal that FRS is operational. If the event is not logged, there is a problem with the FRS configuration.

Keep your eye on the event logs. Once you see event ID 13516 you will find that the SYSVOL and NETLOGON share are back!

What I would do next is Save and clear our App, Sys and File Replication event logs.

Run DCDIAG via CMD and the FrsEvent and event log test should pass. Now I will be able to successfully replicate to my SERVER 2012 DC once it's promoted.





If at first you don't succeed; call it version 1.0