Investigate the File Replication Service (FRS) journal wrap conditions on the domain controllers
Why Consider this
One or more domain controllers have reported an FRS journal wrap condition. This means that the FRS service is no longer able to replicate changes between domain controllers. Affected domain controllers are unable to authenticate users until the journal wrap condition is resolved.
Watch a Customer Engineer explaining the issue
Context & Best Practices
The FRS is responsible for synchronizing changes to the System Volume (SYSVOL) folder structure between the domain controllers in a domain. The SYSVOL folder structure contains various important files, such as such as Group Policy files and scripts that are executed when users log on. A journal wrap condition occurs when FRS is no longer able to track changes in the file system for replication. This could be because too many changes are occurring, they are occurring too fast, or the FRS service has been stopped for too long.
Another possible cause of the journal wrap condition is if the FRS database becomes corrupt or enters an invalid state. This can happen as a result of an unexpected shutdown. A domain controller will record event ID 13568 in the FRS event log if it enters a journal wrap state.
Suggested Actions
Establish whether the affected domain controllers are still in a journal wrap condition. To do this, review the event logs. A domain controller will log event ID 13568 from source NtFrs if it enters a journal wrap state.
To resolve a journal wrap condition, you need to perform the following high-level steps:
- Stop the File Replication Service (NtFrs.exe) on the affected server.
- Perform a non-authoritative restore of the SYSVOL replica set.
- Restart the File Replication Service.
For detailed procedural steps on how to complete this process, see Using the BurFlags registry key to reinitialize File Replication Service replica sets at https://support.microsoft.com/default.aspx?scid=kb;290762&sd=tech and follow the procedure in the Nonauthoritative restore section.
The FRS service is deprecated, as documented in https://blogs.technet.microsoft.com/filecab/2014/06/25/the-end-is-nigh-for-frs/. Microsoft highly recommends migrating SYSVOL from FRS to DFSR. Before executing this migration, make sure that FRS is in a serviceable state. Specifically, the PDC emulator role holder must have a valid set of Group Policy Templates.
Learn More
For more guidance on troubleshooting journal wrap conditions and event ID 13568 in particular, see
Troubleshooting File Replication Service at
https://technet.microsoft.com/library/bb727056.aspx#EFAA.
For guidance on how to perform a non-authoritative restore, see
Using the BurFlags registry key to reinitialize File Replication Service replica sets at
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for