Monday, February 22, 2010

NETLOGON and SYSVOL Not Shared

If you have a domain controller and the SYSVOL is missing you will be getting the following error in your logs:

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1006
Date: 22/02/2010
Time: 6:01:40 PM
User: NT AUTHORITY\SYSTEM
Computer: ORION2\
Description:
Windows cannot bind to orion.net.au domain. (Local Error). Group Policy processing aborted.


To get this fixed copy the SYSVOL folder of a healthy domain controller manually.

To get the domain controller to re-establish the shares properally and publish it under the domain namespace theres a trick to this which I will show you.

Navigate to the following registry key on the domain controller you just copied the SYSVOL to:

HKLM\SYSTEM\CurrentControlSet\Services\Ntfrs\Parameters\Backup/Restore\Process at Startup

Set the value of the BurFlags registry entry to D4.

Restart the Ntfrs service

The DC will now automatically share the SYSVOL and republish it under the domain namespace. Very handy!

6 comments:

  1. I was just having this issue on a Server 2008 R2 DC. You will want to be sure to recreate the "junction links" or "symbolic links" once you copy over the SYSVOL manually. You will use symbolic links on any system running vista or higher.

    Junction Link:
    linkd "%systemroot%\SYSVOL\SYSVOL\Corp.net" %SYSTEMROOT%\SYSVOL\DOMAIN

    linkd "%systemroot%\Sysvol\staging Areas\Corp.net" %systemroot%\sysvol\Staging\Domain

    Symbolic Link:
    mklink /d "%systemroot%\SYSVOL\SYSVOL\Corp.net" %SYSTEMROOT%\SYSVOL\DOMAIN

    mklink /d "%systemroot%\Sysvol\staging Areas\Corp.net" %systemroot%\sysvol\Staging\Domain

    Once you have created the the links then continue on and change the registry entry as stated in the article.

    ReplyDelete
  2. Hi Clint,

    We never do a D4 on a DC, without stopping the Ntfrs service on all other DC's and setting it to manual. Moreover, we never change the value of BurFlag under "Process at Startup" to D4, as doing this may cause problems to DFS if its replicating through FRS. We always change the value of Burflug under "Cumulative Replicate Set" to D4. And one most important thing, always take a backup of policies and scripts on all the DC's as doing it incorrectly might cause morphing

    ReplyDelete
  3. If you are simply trying to re-share the sysvol folder AND that domain controller does not hold "good" data, you should use D2 NOT D4. D4 sets it to an authoritive restore which causes morphed folders, D2 will suffice to re-share the directory on the bad domain controller.

    ReplyDelete
  4. Thanks for the article. Worked for me.

    ReplyDelete
  5. I agree with others on this, telling people to D4 without further explanation will certainly lead to some people doing so at the risk of D4'ing one of the stale DC and having that data replicate throughout all the others.

    ReplyDelete
  6. I tried D2 and worked fine..thanks for the quick steps

    ReplyDelete