How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

101020 0533 HowtoFixMis1 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

Today, I deploy a new domain controller server at Azure after site to site VPN built. Verify the replication status looks fine, but when I check the SYSVOL and LOGON shares folders status, I noticed there is no any shared folder at the new domain controller server.

101020 0533 HowtoFixMis2 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

101020 0533 HowtoFixMis3 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

In my case, DC01 is PDC domain controller server of on-premise site, DC02 is domain controller server of on-premise site and AZDC01 is new domain controller server at Azure site, I am going to show you how to troubleshoot on them and fixed the issues.

1.Login to AZDC01 server.

2.Open right-click Windows Start and select Run.

101020 0533 HowtoFixMis4 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

3.type regedit, click OK.

101020 0533 HowtoFixMis5 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

4.On the User Account Control page, click Yes.

101020 0533 HowtoFixMis6 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

5.Browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters, change SysVolReady value data from 0 to 1, click OK and then close Regedit.

101020 0533 HowtoFixMis7 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

6.It Will create the SYSVOL share. But the NETLOGON share is not be created in my case.

101020 0533 HowtoFixMis8 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

7.Open File Explorer, you will find there is no any folder at c:\Windows\SYSVOL\domain\.

101020 0533 HowtoFixMis9 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

8.Cteate a new folder and name it as scripts.

101020 0533 HowtoFixMis10 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

9.Restart the Netlogon service.

101020 0533 HowtoFixMis11 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

10.Run \\azdc01\ to verify share status again, you will see the NETLOGON and SYSVOL shared folders.

101020 0533 HowtoFixMis12 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

11.In my case, although the NETLOGON and SYSVOL shares are working, but there is no group policies or scripts are being replicated using the DFS or DFRS.

101020 0533 HowtoFixMis13 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

12.Run below command to verify the SYSVOL share replication.


For /f %i IN ('dsquery server -o rdn') do @echo %i && @wmic /node:"%i" /namespace:\\root\microsoftdfs path dfsrreplicatedfolderinfo WHERE replicatedfoldername='SYSVOL share' get replicationgroupname,replicatedfoldername,state

The states should translate as below

0 = Uninitialized

1 = Initialized

2 = Initial Sync

3 = Auto Recovery

4 = Normal

5 = In Error

In my case, I have noticed that the newly promoted server and others domain controller were showing 2.

101020 0533 HowtoFixMis14 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

When check the event logs, there is event id 5014, it shows the DFS Replication service is stopping communication with partner XXXX for replication group Domain System Volume due to an error. Error 9033 (The request was cancelled by a shutdown)

101020 0533 HowtoFixMis15 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

101020 0533 HowtoFixMis16 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

2020 10 27 12 04 49 300x214 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

13.To fix this issue, we need to do Non-Authoritative or Authoritative SYSVOL restore.

Non-Authoritative Restore

If it’s only one or few domain controller (less than 50%) which have replication issues in each time, we can issue a non-authoritative replication. In that scenario, system will replicate the SYSVOL from the PDC.

Authoritative Restore

If more than 50% of domain controllers have SYSVOL replication issues, it possible that entire SYSVOL got corrupted. In such scenario, we need to go for Authoritative Restore. In this process, first we need to restore SYSVOL from backup to PDC and then replicate over or force all the domain controllers to update their SYSVOL copy from the copy in PDC.

In my case, I need to do authoritative restore for SYSVOL on DC01 (it’s PDC domain controller server) and non-authoritative restore on DC02 and AZDC01 servers.

14.Backup the existing SYSVOL – This can be done by copying the SYSVOL folder from the domain controller which have DFS replication issues into a secure location.

15.Log in to domain controller server as Domain Administrator or Enterprise Administrator.

16.Stop DFS Replication Service (This is recommended to do in all the Domain Controllers).

101020 0533 HowtoFixMis18 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

17.Open Server Manager, select Tool and then click ADSI Edit.

101020 0533 HowtoFixMis19 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

18.Right-click ADSI Edit, select Connect to…..

101020 0533 HowtoFixMis20 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

19.On the Connection Settings, the settings as follow, click OK.

  • Name: Default naming context.
  • Select a well know Naming Context.
  • Default (Domain or server that you logged in to).

101020 0533 HowtoFixMis21 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

20.Brows to DC=corp,DC=com > OU=Domain Controllers > CN=CDC01 > CN=DFSR-LocalSettings > Domain System Volume > SYSVOL Subscription.

21.On the Attribute Editor, click msDFSR-Enabled, change the value from True to False, click OK.

101020 0533 HowtoFixMis22 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

22.On the Attribute Editor, click msDFSR-options, change the value from 0 to 1, click OK.

101020 0533 HowtoFixMis23 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

23.Click OK to apply settings and close Attribute Editor.

101020 0533 HowtoFixMis24 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

24.Brows to DC=corp,DC=com > OU=Domain Controllers > CN=DC02 > CN=DFSR-LocalSettings > Domain System Volume > SYSVOL Subscription.

25.On the Attribute Editor, click msDFSR-Enabled, change the value from True to False, click OK.

101020 0533 HowtoFixMis25 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

26.Click OK to apply settings and close Attribute Editor.

101020 0533 HowtoFixMis26 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

27.Brows to DC=corp,DC=com > OU=Domain Controllers > CN=AZDC01 > CN=DFSR-LocalSettings > Domain System Volume > SYSVOL Subscription.

28.On the Attribute Editor, click msDFSR-Enabled, change the value from True to False, click OK.

101020 0533 HowtoFixMis27 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

29.Click OK to apply settings and close Attribute Editor.

101020 0533 HowtoFixMis28 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

30.Run following PowerShell cmdlet to force the AD replication.


$DCs = 'DC01','DC02','AZDC01'

ICM $DCS {

repadmin /kcc

repadmin /syncall /e

repadmin /syncall /e /P

Net Stop Netlogon

Net Start Netlogon

IPconfig /registerdns }

101020 0533 HowtoFixMis29 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

31.Start DFS replication service in DC01 (PDC Domain controller server).

101020 0533 HowtoFixMis30 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

32.You will see Event ID 4114 in the DFSR event log indicating SYSVOL is no longer being replicated.

101020 0533 HowtoFixMis31 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

33.Open Server Manager, select Tool and then click ADSI Edit.

101020 0533 HowtoFixMis32 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

34.Right-click ADSI Edit, select Connect to…..

101020 0533 HowtoFixMis33 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

35.On the Connection Settings, the settings as follow, click OK.

  • Name: Default naming context.
  • Select a well know Naming Context.
  • Default (Domain or server that you logged in to).

101020 0533 HowtoFixMis34 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

36.Brows to DC=corp,DC=com > OU=Domain Controllers > CN=DC01 > CN=DFSR-LocalSettings > Domain System Volume > SYSVOL Subscription.

37.On the Attribute Editor, click msDFSR-Enabled, change the value from False to True, click OK.

101020 0533 HowtoFixMis35 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

38.Click OK to apply settings and close Attribute Editor.

101020 0533 HowtoFixMis36 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

39.Run following PowerShell cmdlet to force the AD replication.


$DCs = 'DC01','DC02','AZDC01'

ICM $DCS {

repadmin /kcc

repadmin /syncall /e

repadmin /syncall /e /P

Net Stop Netlogon

Net Start Netlogon

IPconfig /registerdns }

101020 0533 HowtoFixMis37 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

40.Run the following command from an elevated command prompt to update the DFRS global state.


dfsrdiag PollAD

101020 0533 HowtoFixMis38 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

41.if it shows dfsrdiag it not recognized as an internal or external command, you need to run following PowerShell cmdlet to install the DFS management tools before run dfsrdiag PollAD command.


Add-WindowsFeature RSAT-DFS-Mgmt-Con

101020 0533 HowtoFixMis39 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

101020 0533 HowtoFixMis40 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

42.You will see Event ID 4602 in the DFSR event log indicating SYSVOL has been initialized.

101020 0533 HowtoFixMis41 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

43.Start the DFSR Replication service on others non-authoritative domain controller servers (DC02 and AZDC01).

101020 0533 HowtoFixMis42 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

44.You will see Event ID 4114 in the DFSR event log indicating SYSVOL is no longer being replicated on each of them.

101020 0533 HowtoFixMis43 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

45.Open Server Manager, select Tool and then click ADSI Edit.

101020 0533 HowtoFixMis44 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

46.Right-click ADSI Edit, select Connect to…..

101020 0533 HowtoFixMis45 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

47.On the Connection Settings, the settings as follow, click OK.

  • Name: Default naming context.
  • Select a well know Naming Context.
  • Default (Domain or server that you logged in to).

101020 0533 HowtoFixMis46 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

48.Brows to DC=corp,DC=com > OU=Domain Controllers > CN=DC02 > CN=DFSR-LocalSettings > Domain System Volume > SYSVOL Subscription.

49.On the Attribute Editor, click msDFSR-Enabled, change the value from False to True, click OK.

101020 0533 HowtoFixMis47 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

50.Click OK to apply settings and close Attribute Editor.

101020 0533 HowtoFixMis48 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

51.Brows to DC=corp,DC=com > OU=Domain Controllers > CN=AZDC01 > CN=DFSR-LocalSettings > Domain System Volume > SYSVOL Subscription.

52.On the Attribute Editor, click msDFSR-Enabled, change the value from False to True, click OK.

101020 0533 HowtoFixMis49 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

53.Click OK to apply settings and close Attribute Editor.

101020 0533 HowtoFixMis50 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

54.Run following PowerShell cmdlet to force the AD replication.


$DCs = 'DC01','DC02','AZDC01'

ICM $DCS {

repadmin /kcc

repadmin /syncall /e

repadmin /syncall /e /P

Net Stop Netlogon

Net Start Netlogon

IPconfig /registerdns }

101020 0533 HowtoFixMis51 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

55.Run the following command from an elevated command prompt to update the DFRS global state at DC02 and AZDC01.


dfsrdiag PollAD

101020 0533 HowtoFixMis52 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

56.You will see Event ID 4614 and 4604 in the DFSR event log indicating SYSVOL has been initialized.

101020 0533 HowtoFixMis53 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

57.Login to the new Domain controller (AZDC01), check SYSVOL share status again, you will see the Policies at the shared folder.

101020 0533 HowtoFixMis54 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

101020 0533 HowtoFixMis55 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

59.Verify the SYSVOL share replication by running the following command.


For /f %i IN ('dsquery server -o rdn') do @echo %i && @wmic /node:"%i" /namespace:\\root\microsoftdfs path dfsrreplicatedfolderinfo WHERE replicatedfoldername='SYSVOL share' get replicationgroupname,replicatedfoldername,state

The states should translate as below

0 = Uninitialized

1 = Initialized

2 = Initial Sync

3 = Auto Recovery

4 = Normal

5 = In Error

101020 0533 HowtoFixMis56 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

60.Run following command to check for the SYSVOL share.


For /f %i IN ('dsquery server -o rdn') do @echo %i && @(net view <a href="file://%25i"><span style="color: blue; text-decoration: underline;">\\%i</span></a> | find "SYSVOL") & echo

101020 0533 HowtoFixMis57 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

61.if the SYSVOL shared folder is still not be replicated, you need to double check the Inter-Site Transports links between each sites domain controller servers and make sure there is inter-Site Transports link between PDC domain controller server (DC01) and others domain controller servers (DC02 and AZDC01).

101020 0533 HowtoFixMis58 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

101020 0533 HowtoFixMis59 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

101020 0533 HowtoFixMis60 - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

ca16fbd3199de5f66b829b87082fb970?s=80&d=retro&r=g - How to Fix Missing SYSVOL and NETLOGON share and replication issues on new Domain Controller at Azure

Author: Cary Sun

Cary Sun is an Principal Consultant, He has a strong background specializing in datacenter and deployment solutions, and has spent over 20 years in the planning, design, and implementation of network technologies and Management and system integration.He hold CISCO CERTIFIED INTERNETWORK EXPERT (CCIE No.4531) from 1997.Cary is also a Microsoft Most Valuable Professional (MVP) and Cisco Champion, He is a published author with serveral titles, include blogs on Checkyourlogs.net, author for many books. Specialties: CCIE /CCNA / MCSE / MCITP / MCTS / MCSA / Solution Expert / CCA
Blog:
http://www.carysun.com http://www.checkyourlogs.net
Twitter:@SifuSun

About Cary Sun

Cary Sun is an Principal Consultant, He has a strong background specializing in datacenter and deployment solutions, and has spent over 20 years in the planning, design, and implementation of network technologies and Management and system integration.He hold CISCO CERTIFIED INTERNETWORK EXPERT (CCIE No.4531) from 1997.Cary is also a Microsoft Most Valuable Professional (MVP) and Cisco Champion, He is a published author with serveral titles, include blogs on Checkyourlogs.net, author for many books. Specialties: CCIE /CCNA / MCSE / MCITP / MCTS / MCSA / Solution Expert / CCA Blog: http://www.carysun.com http://www.checkyourlogs.net Twitter:@SifuSun

Leave a Reply