none
Server 2008 no Netlogon share

    Question

  • A little background. I recently started with a new company and my first task was to fix issues with our DC. One of the first issues I've noticed is that there is no netlogon share and dciag gives me an error Unable to connect to the NETLOGON Share!. An net use or LsaPolicy operation failed with error 67, the network name cannot be found. The SYSVOL share is there and GPO is working.

    A few months before I started our DC died and a new one was built from backups and the name was changed from *-share to *-dc. I'm trying to get this DC (only DC in forest) to recreate the netlogon share. I tried the Burflags non-authoritative restore with no luck.

    Can someone please help me figure out what is going on with my server?

    Thanks

    Tuesday, April 25, 2017 12:04 AM

All replies

  • Hi, 
    Referring to the following KB of a similar issue, it is suggested to set the SysvolReady Flag registry value to "0" and then back to "1" in the registry. The registry is located under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
    Please see details from: 
    The NETLOGON share is not present after you install Active Directory Domain Services on a new full or read-only Windows Server 2008-based domain controller
    https://support.microsoft.com/en-sg/help/947022/the-netlogon-share-is-not-present-after-you-install-active-directory-domain-services-on-a-new-full-or-read-only-windows-server-2008-based-domain-controller
    In addition, if you have removed an old DC, I would also suggest you clean up its metadata: https://technet.microsoft.com/en-us/library/cc816907%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
    Best regards, 
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, April 28, 2017 7:39 AM
    Moderator
  • Can you share us the steps that you have followed in the same order. Also, what was happened to the old DC?
    Friday, April 28, 2017 7:55 AM
  • Hi

     You should perform D2/D4 restore process first,and if the issue still persist,just demote the problematic DC from domain,perfom metadata cleanup and promote it again.

    How to force an authoritative and non-authoritative synchronization for DFSR-replicated SYSVOL (like "D4/D2" for FRS)

     https://support.microsoft.com/en-us/help/2218556/how-to-force-an-authoritative-and-non-authoritative-synchronization-for-dfsr-replicated-sysvol-like-d4-d2-for-frs

    metadata cleanup;

    https://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx

    But before process you should check any of fsmo roles on located this problematic DC.run "netdom query fsmo"..If it holds you should seize fsmo roles to other health DC first.


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Friday, April 28, 2017 11:38 AM
  • Hi,

    Just checking in to see if the information provided was helpful. And if the replies as above are helpful, we would appreciate you to mark them as answers, please let us know if you would like further assistance.

    Best Regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, May 1, 2017 5:03 AM
    Moderator
  • I would not suggest to perform D2/D4 directly since you mentioned Sysvol share is present and GPOs are getting applied from this DC. I would suggest you to change the Sysvolready registry key value from 0 to 1 under netlogon/parameters. Please let us know how it goes after this change.
    Friday, May 5, 2017 10:01 AM
  • Sorry for the slow reply, I've been out and about working on other projects. I have tried many things with no luck. I've verified all the FSMO roles have been moved to this DC. I have tried authoritative and non authoritative restores with no luck. I tried setting the sysvolready registry key with no luck. 

    Doing a dcdiag I get "Unable to connect to the NETLOGON share! (//dc\netlogon) An net use or LsaPolicy operation failed with error 67, the network name cannot be found."

    The old DC died the week before I started here. It was just a workstation with Server 2008 installed and the C: drive failed. So I inherited this server with no sysvol or netlogon shares. Group policies were not working at all. Now sysvol appears and some group policies work but not all. 

    The next thing I'm going to try is add a second DC and see if the netlogon gets built. I just received a newer server that I want to make our primary DC and remove the one I'm having troubles on

    Wednesday, May 17, 2017 6:24 PM
  • The next thing I'm going to try is add a second DC and see if the netlogon gets built. I just received a newer server that I want to make our primary DC and remove the one I'm having troubles on

    Yes,probably cause of hardware,you should configure a server hardware for DC.(or configure on virtualization system.) But keep in mind before add the new server as DC,you shouod perfrom a metadata cleanup to remove all related records with problematic DC,then when done you will add new server as Domain Controller.Also you should think about a migrate to newer OS like Server 2012 or Server 2016 DC.

    Metadata cleanup; https://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx?f=255&mspperror=-2147217396


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Wednesday, May 17, 2017 6:41 PM
  • Thanks for the help. I will let you know how the new server goes. I currently have a 2008 R2 that I just got back that I can make the DC. I am getting a new virtual host in the next 6 months or so once I am given the approval to purchase. That will have 2012 R2 or 2016 at that time. But until then I want a working DC and this is what I've got. I'm just sad because at my old job I'd just upgraded every server to 2012 R2 right before I left and now I moved back to 2008
    Wednesday, May 17, 2017 7:10 PM
  • I added a new DC to the domain and it has the exact same error and still no NETLOGON folder. I'm thinking I might just have to rebuild the entire domain by starting fresh. What do people think?
    Wednesday, May 17, 2017 8:19 PM
  • Can you let me know the answers for below questions that I have?

    1. How many DCs do you have total in this domain? Are they VMs?

    2. Have you verified the DC health on this domain, mainly sysvol/netlogon. 

    3. Are these problem DC and other DCs in the same site?

    4. What is your SYSVOL/Netlogon folder size?

    5. Which one did you try while troubleshooting. Sysvolready registry or D2?

    6. How critical is this domain? Do you have users and critical applications which is running in this domain?

    Thursday, May 18, 2017 5:35 AM
  • Can you let me know the answers for below questions that I have?

    1. How many DCs do you have total in this domain? Are they VMs?

    There was only 1 DC before yesterday. I added a second DC but it has the same problems.

    2. Have you verified the DC health on this domain, mainly sysvol/netlogon. 

    I've mentioned before my DC health isn't good which is why I asked this question. The sysvol and netlogon wasn't working.

    3. Are these problem DC and other DCs in the same site?

    There is only 1 DC

    4. What is your SYSVOL/Netlogon folder size?

    Sysvol: 1.02 MB

    Netlogon: 0 MB

    5. Which one did you try while troubleshooting. Sysvolready registry or D2?

    I tried both sysvolready registry and the D2 and D4 restores.

    6. How critical is this domain? Do you have users and critical applications which is running in this domain?

    This is a little complicated. When I got here we had 0 people on the domain, but 6 computers were using the server as a file share and it hosts a few things like DHCP, AV, DNS, FTP. Now we have 2 users on the domain, the rest will be moved over once I fix the domain. 

    I'm thinking about building a new domain and migrating everything to it

    Thursday, May 18, 2017 10:57 PM
  • >>I'm thinking about building a new domain and migrating everything to it

    If you have tried D2, try D4 that will make itself as Authoritative.

    The other option is to restore it from a good AD aware backup if you have.

    If none of the above works, as you mentioned, you will have to begin from the scratch. 

    >>There was only 1 DC before yesterday. I added a second DC but it has the same problems.

    This is expected because your primary DC Sysvol replication is failing. Once this is fixed the second DC will be able to pull the replication. 

    Friday, May 19, 2017 3:15 AM