Active Directory - Dossier SYSVOL corrompu ... JRNL_WRAP_ERROR

Un post rapide, pour une petite problématique que j'ai rencontré sur un DC Windows 2008 R2, oui ça date …

Vous créez une GPO et celle-ci ne s'applique pas...

Après différents gpupdate et gpresult /RSOP sur la machine, vous vous rendez compte que la machine ne trouve pas le chemin pour accéder à la GPO :

\\domain.name.com\SysVol\domain.name.com.com\Policies\{XXXXXXXX} not found.

Rendez vous sur vos DC et comparez le contenu des SYSVOL, ceux-ci doivent être identiques, et ce n'est pas le cas !

Sur le DC posant problème vous devriez trouvez une erreur NTFRS :

The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.

Replica set name is : "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"

Replica root path is : "c:\windows\sysvol\domain"

Replica root volume is : "\\.\C:"

A Replica set hits JRNL_WRAP_ERROR when the record that it is trying to read from the NTFS USN journal is not found. This can occur because of one of the following reasons.

[1] Volume "\\.\C:" has been formatted.

[2] The NTFS USN journal on volume "\\.\C:" has been deleted.

[3] The NTFS USN journal on volume "\\.\C:" has been truncated. Chkdsk can truncate the journal if it finds corrupt entries at the end of the journal.

[4] File Replication Service was not running on this computer for a long time.

[5] File Replication Service could not keep up with the rate of Disk IO activity on "\\.\C:".

Following recovery steps will be taken to automatically recover from this error state.

[1] At the first poll which will occur in 5 minutes this computer will be deleted from the replica set.

[2] At the poll following the deletion this computer will be re-added to the replica set. The re-addition will trigger a full tree sync for the replica set.

• Cela signifie que le SYSVOL est corrompu !

Heureusement c'est assez simple à corriger :

- Ouvrez le registre,

- Rendez vous ici : HKLM\System\CurrentControlSet\Services\NtFrs\Parameters

- Créez une valeur DMWORD (ou modifiez la si elle existe):

“Enable Journal Wrap Automatic Restore”  Valeur = 1

- Redémarrez le service NTFRS

   Net Stop NTFRS

   Net Start NTFRS

- Forcez la repli AD, plusieurs enregistrements successifs dans les logs NTFRS vous alertent sur le fonctionnement du process :

• PI, Pendant tout ce process les share SYSVOL et NETLOGON ne sont plus dispo sur le DC

           * D'abord :

The File Replication Service is deleting this computer from the replica set “DOMAIN SYSTEM VOLUME (SYSVOL SHARE)” as an attempt to recover from the error state,

Error status = FrsErrorSuccess

At the next poll, which will occur in 5 minutes, this computer will be re-added to the replica set. The re-addition will trigger a full tree sync for the replica set.

• Puis :

File Replication Service is scanning the data in the system volume. Computer MyDomainServer cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.

• Ensuite :

The File Replication Service moved the preexisting files in c:\windows\sysvol\domain to c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog.

• Attendez cette entrée dans les logs NTFRS ( entre 5 et 30 min) :

The File Replication Service is no longer preventing the computer FCS1WPFNDDC1 from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL.

• Voila, les shares SYSVOL et NETLOGON ont réapparus, ils sont synchro.

• Il vous faut maintenant repassez la valeur DWORD “Enable Journal Wrap Automatic Restore” à 0 pour terminer.