Replication of domain controllers - JRNL_WRAP_ERROR - EventID: 13568

I noticed a problem when setting up GPOs that some settings were copied to the local computer's registry, while some didn't. Although they are in the very same GPO. So I checked the EventViewer and noticed this error. Also, I checked the sysvol folders on both Domain Controllers and noticed that the files are not the same at all. The version number on the policies are also not the same.

It's a bit similar to Windows Server 2003 SP2 - JRNL_WRAP_ERROR (Sysvol)

But we have two domain controllers that are set up to replicate each other. So I restarted the replication service on both domain controllers and this EventID: 13568 was added to the event viewer almost immediatly. So where should I start to troubleshoot this?

Edit: After reading this link http://blogs.technet.com/b/instan/archive/2009/07/14/what-happens-in-a-journal-wrap.aspx I see that the approach d2 might be the one I should go for. But how do I know which one of the domain controllers is the "newest" one? Should I just compare files from the sysvol folder? Also, what's the worst thing that could happen if I go for approach d2?

Edit2: I just did the approach D2 about half an hour ago. I stopped the file replication service. Reset the registry setting to D2 and restartet the file replication service. Noticed immediatly that the D2 was reset to 0. Then I went ahead and checked the sysvol folder on the server. There's a folder there now called "NtFrs_PreExisting___See_EventLog", but there's no other content there. In the event viewer, I see a 13565 informing me that the replication is starting. But two minutes after, there's a 13508 error. This alone doesn't have to be a bad thing according to the KB article, but in 4 hours, a 13509 should be present. If 13509 isn't present in that time, these are the other possibilities, according to the description in error 13508:

  1. FRS can not correctly resolve the DNS name dc2.mydomain.com from this computer.
  2. FRS is not running on dc2.mydomain.com
  3. The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.

  4. From the problem server, I tried to run ping dc2 and run nslookup and everything checks out just fine from what I can tell. Neither of the domain controllers have Windows Firewall activated. And NTFRSUTL VERSION works just fine on both. Also, Replication Service is active and running on both DCs.


When you do a Burflags D2 recovery, the upstream it uses must be healthy. If both DCs are in error state, doing D2 on one will not help. I assume you only have 2 DCs.

You might have to use the D4 on one and D2 on all other DCs in domain. If ging down this road

  1. Stop FRS on all
  2. Set D4 on one and start it.
  3. Wait until it has initialised and has completed (you will see netlogon and sysvol share on that DC when you do "net share" locally)
  4. Do D2 on one DC at a time and start FRS

For more details, please see the KB 290762 mentioned in above blog article.

If you end up haveing to troubleshoot upstream as well, you might end up using FRSDiag. Details are at http://blogs.technet.com/b/askds/archive/2008/05/30/how-to-get-the-most-from-your-frsdiag.aspx

I also want to recommend that you monitor the SYSVOL replication state using free tools like Ultrasound so you can proactively resolve issues (before realising at GPO editing time). Latest version is at http://blogs.technet.com/b/askds/archive/2008/09/10/ultrasound-released-for-windows-server-2008-and-sql-server-2005.aspx