What:
Domain Controller on Windows 2008 R2
Problem:
Error event is logged, after running gpupdate I get the following error message:
The processing of Group Policy failed. Windows attempted to read the file \\domain.local\SysVol\domain.local\Policies\{3FA16EAF-3A76-4972-88CE-1BA2435CA08E}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Solution:
SYSVOL share has become corrupt and you need to pull a new copy from the other DCs.
Browse on every DC to \\domain.local\sysvol\domain.local\Policies one of them should have policies missing.
After you found problematic server log on to it and open up regedit.
1. Browse to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters
2. Create new DWORD value "Enable Journal Wrap Automatic Restore" and set it to 1
3. Stop/start the ntfrs service (net stop/start ntfrs)
4. Note the entries in the FRS log. (13560, 13520)
5. Change the value "Enable Journal Wrap Automatic Restore" to 0
6. Wait for replication to complete (13553, 13554)
7. Note success (13516 - no longer preventing from becoming DC)
8. Note other servers are now seeing event ID 13509 (NtFrs once again has connection)
Source
is this for windows 2012
ReplyDeleteIt definitely works on Windows 2008 R2, unfortunately I can't confirm if it also works on Windows 2012
ReplyDeleteDoes not work on 2012 server, DFS is the replacement for File Replication service in this Operating system, so no ntfrs service is running in the first Place. I have checked.
ReplyDeleteFreddy
Thank me Later on this.... https://technet.microsoft.com/en-us/library/cc754542.aspx
DeleteHow to do step 5? I mean where and which parameter need to become 2.
ReplyDeleteLooking forward to hearing from you ASAP.
Much thank in advance!
George
In step 5 change "Enable Journal Wrap Automatic Restore" to 0
ReplyDeleteHi Plazmus,
ReplyDeleteI did like you said here and reboot my server after revised registry. Then, the new GPO item still can't be replicated to other DCs even if clicked Replication Now on NTDS Settings on other DC.
How can I fix it?
Thanks,
George
I also see 13516 on the source DC and 13509 on destination DC
ReplyDeleteGeorge, if you follow steps and it doesn't work you might have a different issue, I am afraid you will have to figure it out on your own, sorry I can't help.
ReplyDeleteHow long is normal to wait between step 6 and step 7 please?
ReplyDeleteNormal time is around 5 minutes, in my case it took around 1 minute, it guess it could be longer if domain controllers are not on the same site.
ReplyDeletethis work for me
ReplyDeleteit's really helpfull
ReplyDeleteYes it worked for Windows 2012
ReplyDeleteThank you very much
ReplyDeleteif we have only single Dc and our Sysvol files are corrupted , then how we can recover it , we have ADC in place. windows server 2012R2
ReplyDelete