Tag Archives: netlogon

Fix: Missing Sysvol and Netlogon after domain controller promotion

Many cases I found an issue with the newly promoted domain controller is missing the SYSVOL and NETLOGON shares. Most of the cases it would also be a new domain controller for a new forest. In most cases, you would need to update the flag as below.

Open Regedit
Browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Set SysVolReady from 0 to 1
Close Regedit

This will create the SYSVOL share. If the NETLOGON share is not created you would need to create the folder scripts in C:\Windows\SYSVOL\domain\. When this is done, restart the NETLOGON service.

This is the easy part. In some cases, although the NETLOGON and SYSVOL shares are working, no group policies or scripts are being replicated using the DFS or DFRS.

We can verify the replication by running the following command.

For /f %i IN ('dsquery server -o rdn') do @echo %i && @wmic /node:"%i" /namespace:\\root\microsoftdfs path dfsrreplicatedfolderinfo WHERE replicatedfoldername='SYSVOL share' get replicationgroupname,replicatedfoldername,state

The states should translate as below

0 = Uninitialized
1 = Initialized
2 = Initial Sync
3 = Auto Recovery
4 = Normal
5 = In Error

In my case, I have noticed that the newly promoted server was showing 2 and the main domain controller was showing “No Instance(s) Available” which is quite strange.

Here you would need to look into the original Active Directory server for any problems and you would see a warning on the DFS Replication under Applications with Event ID 2213 as below.

It says that the DFS Replication service stopped replication on volume C:. This occurs when a DFSR JET database is not shut down cleanly and Auto Recovery is disabled.

What we need to do here is from the event viewer take note of the volumeGUID and run the below command and replacing GUID-NUMBER with your GUID.

wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig where volumeGuid="GUID-NUMBER" call ResumeReplication

This will restart the replication and recreate the database. This can be seen with an event with ID 2214 saying The DFS Replication service successfully recovered from an unexpected shutdown on volume C:.This can occur if the service terminated abnormally (due to a power loss, for example) or an error occurred on the volume. No user action is required.

If you run the command to see the state of the replication you will see that the servers are all showing state 4 as below and the both Sysvol and Netlogon will be replicated.

(27878)

Fix: NETLOGON share not created after DC promotion or role seize

On a server I have noticed that after it was promoted to a domain controller or after you seize all the roles (using force), the NETLOGON share was not created. This has happened on a Windows 2008 onwards machine.

After you seize the roles, you might get an error saying:

Naming Information cannot be located because: The specified domain either does not exist or could not be contacted.

Of course one must assume all the meta data cleanup processes have been done. You might also notice that the netdom /query fsmo might fail.

This can be solved with a registry modification. Please note to make a backup of your registry keys and of course don’t hold me responsible of any issues you have if this doesn’t work for you.

Open Regedit.exe
Locate: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

In the details pane, right-click the SysvolReady flag, and then click Modify. In the Value data box, type 0, and then click OK.

Again in the details pane, right-click the SysvolReady flag, and then click Modify. In the Value data box, type 1, and then click OK.

Restart the machine and it will re-create the NETLOGON process including the share.

(25485)