Today I dealt with a very curious problem where SYSVOL was not replicating on one of the Domain Controllers. I first noticed it when I created a Central Store for storing ADM files and the folder did not replicate to all DC’s.
Usually when I deal with issues regarding SYSVOL I quickly restore one of the DC’s SYSVOL tree by setting the BurFlags flag to D2, but this time I’ve noticed something different.
Using tools like FRSDIAG and NTFRSUTL I’ve noticed that there is an orphaned object in the SYSVOL replication configuration.
First of all let me list here the events that I’ve noticed in the event log:
Event ID 13552:
Description: The File Replication Service is unable to add this computer to the following replica set: “DFS_DOMAIN_ROOT|BIN”
Windows error status code is FRS error status code is FrsErrorJournalInitFailed
Event ID 13555:
Description: The File Replication Service is in an error state. Files will not replicate to or from one or all of the replica sets on this computer until the following recovery steps are performed … (and the steps)
When I saw this I immediately downloaded my favorite tool of all – Sonar.
This is one of the best and easiest tools to check the status of SYSVOL. When I ran the tool I’ve noticed that the SYSVOL is in a bad state on one of the domain controllers – but this tool is only for monitoring, not for diagnostics.
So I then installed FRSDIAG on the infected DC and ran a full test. The test result showed me the following error:
ERROR : missing Computer Ref for server “VERY_OLD_AND_REMOVED_DC”
Immediately I’ve identified the problem – I have a reference to a DC which was deleted years ago!
The next few lines on the FRSDIAG log pointed me to a KB article number 312862 which will help solve the issue.
Basically the article describes how to restore the replica to this DC, but since this DC is long gone, I simply had to remove it.
But where do I remove FRS replication partner??
Fire up ADSIEDIT, go to the Domain partition, System container, File Replication Service container. Here you will find the FRS Replication Set to which the DC’s belong to (each SYSVOL is a part of a replication group called Replica Set – to view the replica set the DC’s belong to you can run ntfrsutl set). Under the group you will find all the members of the replica set. Under here I’ve noticed a container for the old DC. I decided to run a full SystemState backup (much recommended) and deleted the object.
I ran a full replication of the AD to replicate the changes to every DC, and restarted the FRS service.
But now i had to deal with the original issue – the infected DC I still had to configure the BurFlags flag to D2 and then restart the FRS service again.