2003 to 2012 no SYSVOL or NETLOGON Shares

Problem

Migrating from 2003 to 2012 r2 Domain Controllers and after doing DCPromo, there were no SYSVOL or NETLOGON Shares.  Looked at event viewer on both servers.  This is what I saw.

The File Replication Service has detected that the replica set “DOMAIN SYSTEM VOLUME (SYSVOL SHARE)” is in JRNL_WRAP_ERROR.

Replica set name is : “DOMAIN SYSTEM VOLUME (SYSVOL SHARE)”
Replica root path is : “c:\windows\sysvol\domain”
Replica root volume is : “\\.\C:”
A Replica set hits JRNL_WRAP_ERROR when the record that it is trying to read from the NTFS USN journal is not found. This can occur because of one of the following reasons.

Solution

Did some searching on Google and found this.  I have used Burflags before but never fully understood which is which.  I found that this for some reason clicked with me.  So here is it.

http://serverfault.com/questions/532192/no-burflags-in-registry

 

“burflags” was for FRS. Windows Server 2012 doesn’t have FRS, so the comparable procedure is described in this lengthy article:

How to force an authoritative/non-authoritative synchronization for DFSR-replicated SYSVOL (like “D4/D2” for FRS)

http://support.microsoft.com/kb/2218556

Note that there are two separate procedures, one for authoritative, the other for non-authoritative.

“You want to force the non-authoritative synchronization of SYSVOL on a domain controller. In the File Replication Service (FRS), this was controlled through the D2 and D4 data values for the Burflags registry values, but these values do not exist for the Distributed File System Replication (DFSR) service. You cannot use the DFS Management snap-in (Dfsmgmt.msc) or the Dfsradmin.exe command-line tool to achieve this. Unlike custom DFSR replicated folders, SYSVOL is intentionally protected from any editing through its management interfaces to prevent accidents.”

[…] the two procedures, like D2 (non-auth) or D4 (auth) …

“If setting the authoritative flag on one DC, you must non-authoritatively synchronize all other DCs in the domain. Otherwise you will see conflicts on DCs, originating from any DCs where you did not set auth/non-auth and restarted the DFSR service. For example, if all logon scripts were accidentally deleted and a manual copy of them was placed back on the PDC Emulator role holder, making that server authoritative and all other servers non-authoritative would guarantee success and prevent conflicts.

If making any DC authoritative, the PDC Emulator as authoritative is preferable, since its SYSVOL contents are usually most up to date.

The use of the authoritative flag is only necessary if you need to force synchronization of all DCs. If only repairing one DC, simply make it non-authoritative and do not touch other servers.

This article is designed with a 2-DC environment in mind, for simplicity of description. If you had more than one affected DC, expand the steps to include ALL of those as well. It also assumes you have the ability to restore data that was deleted, overwritten, damaged, etc. previously if this is a disaster recovery scenario on all DCs in the domain.”

 

For me I ended up doing this:

I Ran D4 on the 2003 box after running repadmin and it was showing no errors.  After I restarting the service all seemed to be working just fine.  Now I see SYSVOL and NETLOGON shares on the 2012 Server.

I see this on 2003 Event Viewer:

The File Replication Service successfully added the connections shown below to the replica set:
“DOMAIN SYSTEM VOLUME (SYSVOL SHARE)”

“server.domain.local”
“server.domain.local”

and

The File Replication Service is no longer preventing the computer “server” from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL.

 

Leave a Reply