Gostovanje na Windows strežnikih, ponudba webhosting, ASP.NET, PHP, MySQL


Windows technical support
Podporni forum za uporabnike storitev spletnega gostovanja
Reply to topic
Missing SYSVOL and NETLOGON shares on new or old DC server
Pico
Site Admin

Joined: 18 Jan 2004
Posts: 250
Location: HostMachine.net
Reply with quote
Hi,

the most frequent issue I encountered over the years are missing SYSVOL and NETLOGON shares. The consequences are errors on client and also on DC server itself, for example, when trying to RDP to domain controller, you get error:

"The requested domain either does not exist or is not accessible"

So, if you cannot login to DC via RDP, you will be able to login locally (or via ILO, iRMC, DRAC...any KVM console).

Another very common issue is also when adding new DC Domain Controller 2016 or 2019 to existing domain with previous single DC (or SBS 2008 or SBS 2011) environemnt, the new DC will simply not replicate SYSVOL and NETLOGON shares, DCDiag will most probably return also Global Catalog not found error:

"Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
"

1. First check for proper IP and DNS settings on domain controller. It might somehow IP got lost, maybe reset to DHCP, or DNS reverted to some public DNS. Just check those settings on DC, it takes few seconds:
Make sure 1st DNS of NEW-DC points to OLD-DC, and 2nd DNS to itself.

2. But most probably your DC stopped sharing SYSVOL and NETLOGON shares. Just check on DC:
\\SERVERNAME
If you do not see both SYSVOL and NETLOGON shares, that's your reason for problems!
If only NETLOGON share is missing, then you will have problems with GPO group policy.

Resolution?
NO PROBLEMS, let's go:


  • First, check under C:\Windows\SYSVOL\domain if there are \Policies and \Scripts folders.
    If they are missing, restore them from BACKUP (first to some OTHER location, then copy them over to above mentioned location)

  • You may check the registry first and set SysVolReady to 1:
    Code:
    Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters


  • Then STOP File Replication Service
    Code:
    net stop NtFrs


  • Open Registry Editor regedit and navigate to:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
    Change the BurFlags DWORD value
    - to D4 (hex) on the Single or Primary or Old DC/SBS, which has healthy share content \\OLD-SERVER\SYSVOL\domain, and
    - to D2 (hex) on all Secondary DCs (if they exist).
    Explanation: Value of D4 means Authoritative Restore, meaning this DC will keep existing content of C:\Windows\SYSVOL\domain and offer it for replication to other DCs, while D2 value means NON-Authoritative restore, meaning this DC will pull contents of C:\Windows\SYSVOL\domain from other (Authoritative) DC. In case of single DC, D4 value is the only logical choice...but you must manually restore contents of C:\Windows\SYSVOL\domain from backup before proceeding.

  • START File Replication Service back on:
    Code:
    net start NtFrs

    The \\SERVERNAME\SYSVOL share should be now up and visible.

  • If \\SERVERNAME\NETLOGON share is still missing, you need to first check, if there is some content under C:\Windows\SYSVOL\domain folder (should be at least folder \Policies and \Scripts there). If this folder contains only _DO_NOT_REMOVE_... preexisting, then you should restore the contents of whole C:\Windows\SYSVOL folder from BACKUP (maybe shut down NTFRS service during the restore process to release files for overwriting), only then proceed to the following step:

    Then you just need to flip SysVolReady flag from 1 to 0 and back to 1 to send signal to the system that files are ready to share.
    To do so you open regedit again, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters and change value of SysVolReady from 1 to 0 and then back to 1.
    NETLOGON share should appear now.
[/code]

_________________
Site admin alias Labsy
Vsi nasveti in tehnične rešitve so podani v dobri veri in za ljudi z razčiščenimi pojmi o veljavni zakonodaji.
Odgovornost prevzemam izključno in samo za tiste posege, ki jih opravim lastnoročno.
View user's profileSend private messageVisit poster's websiteMSN Messenger
Missing SYSVOL and NETLOGON shares on new or old DC server
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT + 1 Hour  
Page 1 of 1  

  
  
 Reply to topic