locked
Windows Server 2012 No Netlogon or Sysvol RRS feed

  • Question

  • I had some issues with our Windows server 2012 DC. It was tombstoned because it was offline for too long. I had to forcefully remove it from the domain and then I cleaned up the records of it on our Windows Server 2008 DC.

    I then added the 2012box back to the domain, and promoted it back to domain controller.

    dcdiag /test:replications  Says it passes test Connectivity and test Replications

    However,

    dcdiag /test:netlogons  Says it failed test Netlogons: Unable to connect to the netlogon share! (\\server\netlogon)

    After searching, it does not have the sysvol or netlogon share

    How do I fix this?

    Wednesday, February 24, 2016 9:18 PM

Answers

  • > Sound right?
     
    Yes, IS right :)
     
    > How risky is it to do this?
     
    Since we support ~2000 domains, this happens to be neccessary every once
    in a while. And it never failed.
     
    Anyway, you might copy the existing sysvol on your server1 to a
    temporary backup so you can easily restore it if things go wrong.
     
    • Proposed as answer by Jay Gu Monday, February 29, 2016 9:09 AM
    • Marked as answer by Amy Wang_ Friday, March 4, 2016 9:08 AM
    Friday, February 26, 2016 10:49 AM
  • Hello,

    Once the replication is complete you can see below event id

    For Windows 2008/2008 R2/2012/2012 R2 with DFSR: Confirmation after AD Restore is completed.

    You will see Event ID 4614 and 4604 in the DFSR event log indicating SYSVOL has been initialized. That domain controller has now done a “D2” of SYSVOL.

    Backing Up and Restoring an FRS-Replicated SYSVOL Folder: Confirmation after AD Restore is completed.

    When the process is complete, an event 13516 is logged to signal that FRS is operational. If the event is not logged, there is a problem with the FRS configuration.

    Command to check health of AD

    Repadmin /Replsum /Errorsonly

    Repadmin /SHOWREPL *

    • Proposed as answer by Jay Gu Monday, February 29, 2016 8:55 AM
    • Marked as answer by Amy Wang_ Friday, March 4, 2016 9:08 AM
    Sunday, February 28, 2016 9:25 AM

All replies

  • Hi

     Check the "troubleshoot missing SYSVOL and Netlogon shares" article to fix the issue,

    https://support.microsoft.com/en-us/kb/2958414


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Wednesday, February 24, 2016 9:36 PM
  • I tried using BurFlags to re-initialize replication on the second server. 

    I tried the dcdiag test again with same results. Here is what it said in event viewer for FRS:

    The File Replication Service is having trouble enabling replication from server1.domain.local to SERVER2 for c:\windows\sysvol\domain using the DNS name server1.domain.local. FRS will keep retrying. 

     Following are some of the reasons you would see this warning. 

     [1] FRS can not correctly resolve the DNS name SERVER1.domain.local from this computer. 
     [2] FRS is not running on SERVER1.domain.local. 
     [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers. 

     This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

    Wednesday, February 24, 2016 9:38 PM
  • I started working through the DFS Replication page you linked.

    Under the check DFS Replication state is says that no instance was available.

    How do I fix that? This domain is a Server 2003 functional level.

    Wednesday, February 24, 2016 10:03 PM
  • I got event 13568 in my File Replication Service events on my server1 (windows 2008 server).

    How should I recover from that?

    The 2008 server is the one that was abruptly shutdown most recently.

    Wednesday, February 24, 2016 10:17 PM
  • Hi

     For ms torubleshotting article event 13568 ; https://msdn.microsoft.com/en-us/library/bb727056.aspx?f=255&MSPPError=-2147217396#EFAA

    and similar case to 13568 follow the steps,

    https://social.technet.microsoft.com/Forums/en-US/d88385dd-ba83-43d4-8bc7-85e15aa1ae58/event-id-13568?forum=winserverDS


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Thursday, February 25, 2016 7:24 AM
  • Hi,

    you can use the burgflags method to resume the replication. Same time check all required ports and firewall there is no blocks for ports.

    TCP 389 LDAP
    UDP 389 LDAP
    TCP 3268 LDAP for Global Catalog
    UDP 138 NetBIOS name resoulution
    TCP 445 SAM/LSA
    UDP 445 SAM/LSA
    TCP 636 Secure LDAP
    TCP 3269 Secure LDAP for Global Catlog
    UDP 123 W32Time NTP
    UDP 135 RPC
    TCP 135 RPC
    UDP 53 DNS
    TCP 53 DNS
    TCP 88 Kerberos V5
    UDP 88 Kerberos V5
    TCP 25 Replications
    Dynamic Ports 1025-5000 or 49152-65535 (outbound, Win2003 and Win2008 respectively – and inbound on remote DC’s ADD
    TCP 5722 File Replication
    UDP Dynamic Group Policy 
    TCP 9389 AD DS Web Serivces
    UDP 67 & UDP 2535 DHCP
    TCP & UDP 464 Replication User & Computer Authentication, Trusts
    TCP 139 User & Computer Authentication Replication
    UDP 137 Netbios Datagram

    Thursday, February 25, 2016 7:36 AM
  • You can refer article from ACEFEKAY

    http://blogs.msmvps.com/acefekay/tag/event-id-13508/

    Thursday, February 25, 2016 7:46 AM
  • You can refer article from ACEFEKAY

    http://blogs.msmvps.com/acefekay/tag/event-id-13508/

    I was looking at this and I guess this is what I need clarification on in my situation. My server2 has no sysvol, so it cannot be the "good dc" I run D4 on. However, my server1 is the one that has that the error/event 13568 regarding FRS. It does however have the sysvol folder with it's contents intact.

    So, I guess I need to know which to consider the good DC and the bad DC as that article puts it.


    Thursday, February 25, 2016 12:26 PM
  • > I run D4 on. However, my server1 is the one that has that the
    > error/event 13568 regarding FRS. It does however have the sysvol folder
    > with it's contents intact.
     
    Usually, we declare the PDC emulator the "good DC". This is mainly
    because GPMC/GPEdit by default will connect to the PDCe thus this DC has
    the most current Sysvol.
     
     
    Thursday, February 25, 2016 1:47 PM
  • So I would:

    1) stop ntfrs on both server1 and server2

    2) Set Burflags to Hex value D4 on server1 which is the only DC with a sysvol folder right now. 

    3) Start ntfrs on server1

    4) Set Burflags to Hex value D2 on server2 which currently does no have a sysvol folder

    5) Wait for FRS to replicate from server1 to server2

    Sound right?

    How risky is it to do this? Wondering if I should just bite the bullet and contact Microsoft. This does not seem to be effecting us too badly at this time. 

    Thursday, February 25, 2016 9:47 PM
  • > Sound right?
     
    Yes, IS right :)
     
    > How risky is it to do this?
     
    Since we support ~2000 domains, this happens to be neccessary every once
    in a while. And it never failed.
     
    Anyway, you might copy the existing sysvol on your server1 to a
    temporary backup so you can easily restore it if things go wrong.
     
    • Proposed as answer by Jay Gu Monday, February 29, 2016 9:09 AM
    • Marked as answer by Amy Wang_ Friday, March 4, 2016 9:08 AM
    Friday, February 26, 2016 10:49 AM
  • I completed these steps. This seems to have fixed server1 (which had the sysvol) as I was able to start FRS without it generating errors. 

    The issue now is that server2 still does not have the sysvol folder even after doing the Burflags = D2 and starting FRS. So, there are warnings in server1 event log about not being able to replicate to server2.

    What is the best way to get the necessary file structure setup and shared so that server1 can replicate to server2?

    Saturday, February 27, 2016 1:26 PM
  • Disregard. It just took another 5min or so for the replication process to create the folder on server2.

    What would you suggest to now verify the health of both servers?

    Thanks for the help so far!

    Saturday, February 27, 2016 1:41 PM
  • Hello,

    Once the replication is complete you can see below event id

    For Windows 2008/2008 R2/2012/2012 R2 with DFSR: Confirmation after AD Restore is completed.

    You will see Event ID 4614 and 4604 in the DFSR event log indicating SYSVOL has been initialized. That domain controller has now done a “D2” of SYSVOL.

    Backing Up and Restoring an FRS-Replicated SYSVOL Folder: Confirmation after AD Restore is completed.

    When the process is complete, an event 13516 is logged to signal that FRS is operational. If the event is not logged, there is a problem with the FRS configuration.

    Command to check health of AD

    Repadmin /Replsum /Errorsonly

    Repadmin /SHOWREPL *

    • Proposed as answer by Jay Gu Monday, February 29, 2016 8:55 AM
    • Marked as answer by Amy Wang_ Friday, March 4, 2016 9:08 AM
    Sunday, February 28, 2016 9:25 AM
  • Hi,

    Are there any updates?

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, March 1, 2016 1:09 AM