Announcement

Collapse
No announcement yet.

SYSVOL replication through DFS, Good idea?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • SYSVOL replication through DFS, Good idea?

    we have 5 server running DC same domain but few in different location but connected via WAN.
    Now I am getting huge error warning logs that Server can't find new GPO etc

    So my question is since the SYSVOL folder keeps all the GPO and replicates to all server. I mean all server will have identical content into SYSVOL folder.

    WIll it be better if I add SYSVOL folder into my DFS and get it replicated that way quickly rather then waiting for the AD replication?

    Will there be any consiquences?

    My DFS currntly replicating profile folder to all those server and seems to be working ok except that "Not Eligible" status but still its doing the main job which is replicating that profile folders.

  • #2
    Re: SYSVOL replication through DFS, Good idea?

    IMHO leave AD replication well alone -- if you mess with it, it WILL break
    How are your sites connected -- VPNs?
    Have you set them up in ADSS?
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: SYSVOL replication through DFS, Good idea?

      I have never changed anything with regards to sysvol replication. I agree with Ossian.

      Windows 2008 uses DFS for its replication.

      Comment


      • #4
        Re: SYSVOL replication through DFS, Good idea?

        I third the motion. Let AD handle it's own replication and don't try to use DFS.

        Comment


        • #5
          Re: SYSVOL replication through DFS, Good idea?

          Well its connected over secure WAN link. what i ADSS?

          so how else should i solve this issue, I have tried pretty much everything i can think of.

          AD rep monitor says its working fine, but when I go and check the Sysvol folder its not replicating.


          What if I manually copy the missing policy into the SYSVOL folders. will that create duplications? or any other problems?
          Last edited by zrider; 18th May 2009, 02:08.

          Comment


          • #6
            Re: SYSVOL replication through DFS, Good idea?

            ADSS = Active Directory Sites and Services
            Unless you are going to manually copy policies all the time, best to fix the problem

            Have a good look at the event logs on both DCs involved

            Consider a demote of the remote DC and then a re-install of AD
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: SYSVOL replication through DFS, Good idea?

              Originally posted by Ossian View Post
              ADSS = Active Directory Sites and Services
              Unless you are going to manually copy policies all the time, best to fix the problem

              Have a good look at the event logs on both DCs involved

              Consider a demote of the remote DC and then a re-install of AD
              thanks.

              I will be soon tranfering the primary role to another DC and decomisioning the old one. plus I have to add one for second DC on the domain so hoepfully this should fix it? meanwhile I can keep copying the policie manually. As i have spend so much time on eventklog trying to fix this

              Comment


              • #8
                Re: SYSVOL replication through DFS, Good idea?

                This isn't even supported and Microsoft strongly warns against trying to setup Sysvol using DFSR.

                Also 2008 doesn't use DFSR by default unless its a new domain. If you upgrade your DCs there's a FRS to DFSR migration process.

                Comment


                • #9
                  Re: SYSVOL replication through DFS, Good idea?

                  Originally posted by Garen View Post
                  This isn't even supported and Microsoft strongly warns against trying to setup Sysvol using DFSR.

                  Also 2008 doesn't use DFSR by default unless its a new domain. If you upgrade your DCs there's a FRS to DFSR migration process.

                  thanks, no I won't do that. but I need some other ways to fix it I am keep getting this warning in event log everytime I manually restart the file replication service. Asking to to do smt with the registry not sure if this help?



                  Event Type: Error
                  Event Source: NtFrs
                  Event Category: None
                  Event ID: 13568
                  Date: 18/05/2009
                  Time: 9:08:48 AM
                  User: N/A
                  Computer: Server01
                  Description:
                  The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.

                  Replica set name is : "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"
                  Replica root path is : "c:\windows\sysvol\domain"
                  Replica root volume is : "\\.\C:"
                  A Replica set hits JRNL_WRAP_ERROR when the record that it is trying to read from the NTFS USN journal is not found. This can occur because of one of the following reasons.

                  [1] Volume "\\.\C:" has been formatted.
                  [2] The NTFS USN journal on volume "\\.\C:" has been deleted.
                  [3] The NTFS USN journal on volume "\\.\C:" has been truncated. Chkdsk can truncate the journal if it finds corrupt entries at the end of the journal.
                  [4] File Replication Service was not running on this computer for a long time.
                  [5] File Replication Service could not keep up with the rate of Disk IO activity on "\\.\C:".
                  Setting the "Enable Journal Wrap Automatic Restore" registry parameter to 1 will cause the following recovery steps to be taken to automatically recover from this error state.
                  [1] At the first poll, which will occur in 5 minutes, this computer will be deleted from the replica set. If you do not want to wait 5 minutes, then run "net stop ntfrs" followed by "net start ntfrs" to restart the File Replication Service.
                  [2] At the poll following the deletion this computer will be re-added to the replica set. The re-addition will trigger a full tree sync for the replica set.

                  WARNING: During the recovery process data in the replica tree may be unavailable. You should reset the registry parameter described above to 0 to prevent automatic recovery from making the data unexpectedly unavailable if this error condition occurs again.

                  To change this registry parameter, run regedit.

                  Click on Start, Run and type regedit.

                  Expand HKEY_LOCAL_MACHINE.
                  Click down the key path:
                  "System\CurrentControlSet\Services\NtFrs\Parameter s"
                  Double click on the value name
                  "Enable Journal Wrap Automatic Restore"
                  and update the value.

                  If the value name is not present you may add it with the New->DWORD Value function under the Edit Menu item. Type the value name exactly as shown above.
                  For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.





                  I have not deleted or made any changes to the C; drive. so will this regedit help fix this?

                  Comment


                  • #10
                    Re: SYSVOL replication through DFS, Good idea?

                    Originally posted by Garen View Post
                    Also 2008 doesn't use DFSR by default unless its a new domain
                    Just to clarify that the forest or domain functional level needs to be windows 2008.
                    Caesar's cipher - 3

                    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

                    SFX JNRS FC U6 MNGR

                    Comment


                    • #11
                      Re: SYSVOL replication through DFS, Good idea?

                      Originally posted by L4ndy View Post
                      Just to clarify that the forest or domain functional level needs to be windows 2008.

                      ya,,, all my server are 2003 servers so not using DFSR or anyting. just DFS

                      Comment


                      • #12
                        Re: SYSVOL replication through DFS, Good idea?

                        Going from what i can find on the net it will fix it.

                        Comment


                        • #13
                          Re: SYSVOL replication through DFS, Good idea?

                          Originally posted by wullieb1 View Post
                          Going from what i can find on the net it will fix it.

                          well that the chance I am gonna have to take and see what happens. but surely there should be a better way or perhaps explination

                          Comment


                          • #14
                            Re: SYSVOL replication through DFS, Good idea?

                            Just remember to backup before you make any changes and you'll be fine.

                            Comment


                            • #15
                              Re: SYSVOL replication through DFS, Good idea?

                              Firstly, you may need to find out what's causing these Journal wrap errors.
                              Are there any other events logged in your domain controllers regarding FRS, replication etc
                              what's the state of your AD?
                              Maybe a DCDIAG could shed more light.
                              Once those are addressed, you could try a nonauthorative restore of the replica sets.
                              Caesar's cipher - 3

                              ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

                              SFX JNRS FC U6 MNGR

                              Comment

                              Working...
                              X