Windows 10: Fix: Missing Sysvol and Netlogon after domain controller promotion

Discus and support Fix: Missing Sysvol and Netlogon after domain controller promotion in Windows 10 Tutorials to solve the problem; Many cases I found an issue with the newly promoted domain controller is missing the SYSVOL and NETLOGON shares. Most of the cases it would also be a... Discussion in 'Windows 10 Tutorials' started by Noel, Oct 6, 2021.

  1. Noel New Member

    Fix: Missing Sysvol and Netlogon after domain controller promotion


    Many cases I found an issue with the newly promoted domain controller is missing the SYSVOL and NETLOGON shares. Most of the cases it would also be a new domain controller for a new forest. In most cases, you would need to update the flag as below.

    Open Regedit
    Browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
    Set SysVolReady from 0 to 1
    Close Regedit

    This will create the SYSVOL share. If the NETLOGON share is not created you would need to create the folder scripts in C:\Windows\SYSVOL\domain\. When this is done, restart the NETLOGON service.

    This is the easy part. In some cases, although the NETLOGON and SYSVOL shares are working, no group policies or scripts are being replicated using the DFS or DFRS.

    We can verify the replication by running the following command.

    For /f %i IN ('dsquery server -o rdn') do @Echo %i && @wmic /node:"%i" /namespace:\\root\microsoftdfs path dfsrreplicatedfolderinfo WHERE replicatedfoldername='SYSVOL share' get replicationgroupname,replicatedfoldername,state

    The states should translate as below

    0 = Uninitialized
    1 = Initialized
    2 = Initial Sync
    3 = Auto Recovery
    4 = Normal
    5 = In Error

    In my case, I have noticed that the newly promoted server was showing 2 and the main domain controller was showing “No Instance(s) Available” which is quite strange.

    Here you would need to look into the original Active Directory server for any problems and you would see a warning on the DFS Replication under Applications with Event ID 2213 as below.

    Fix: Missing Sysvol and Netlogon after domain controller promotion dfsr_1.png

    It says that the DFS Replication service stopped replication on volume C:. This occurs when a DFSR JET database is not shut down cleanly and Auto Recovery is disabled.

    What we need to do here is from the event viewer take note of the volumeGUID and run the below command and replacing GUID-NUMBER with your GUID.

    wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig where volumeGuid="GUID-NUMBER" call ResumeReplication

    This will restart the replication and recreate the database. This can be seen with an event with ID 2214 saying The DFS Replication service successfully recovered from an unexpected shutdown on volume C:.This can occur if the service terminated abnormally (due to a power loss, for example) or an error occurred on the volume. No user action is required.

    If you run the command to see the state of the replication you will see that the servers are all showing state 4 as below and the both Sysvol and Netlogon will be replicated.

    Fix: Missing Sysvol and Netlogon after domain controller promotion dfsr_3.png

    (26109)

    read more...
     
    Noel, Oct 6, 2021
    #1

  2. Windows 10 cannot be access Sysvol & Netlogon folder on the server 2012 r2

    We are using, Windows 10 Professsional and Windows 8.1 Professional software, on the our clients. Out Domain controller server version is Windows Server 2012 R2 Standart.

    But, we have a problem, cannot be access to, shared system folder, "Netlogon & Sysvol" with Windows 10 Professional client Pc.

    We able to Access this same username on the Windows 8.1 Professional client.

    Could you Help me please?

    HAKAN ÖNCEL
     
    HakanOncel, Oct 6, 2021
    #2
  3. Domain Controllers Windows update to address Netlogon Elevation of Privilege Vulnerability

    Hi,

    We are planning to update Domain Controllers runing Windows server 2012 R2 to address Netlogon Elevation of Privilege Vulnerability.

    For this we are installing following updates:

    1. KB4566425 (pre-requisite)

    2. KB4571723 (Security update only)

    With reference to roll back these updates what are our options?, if someone can please suggest exact steps for roll back or uninstalling the updates.

    Also, if anyone can please share their past experiences on installing these updates on Domain Controllers (preparations, issues, back-ups etc.)

    Best Regards,

    Ali
     
    Ali Mujahid, Oct 6, 2021
    #3
  4. changari Win User

    Fix: Missing Sysvol and Netlogon after domain controller promotion

    Raising the windows domain and forest issues?


    hi,

    I run a domain that was all 2003 r2 servers. I recently upgraded all my domain controllers to windows 2012 r2.
    That went off without any problems.. Our trust relationships had no issues also.

    My first step was to raise the Domain and Forest levels past 2003 to 2008. This went off without a hitch.
    These are the features for raising the levels to 2008:

    • Features and benefits include all default Active Directory features, all features from the Windows Server 2003 domain functional level, plus:
    • Read-Only Domain Controllers – Allows implementation of domain controllers that only host read-only copy of NTDS database.
    • Advanced Encryption Services – (AES 128 and 256) support for the Kerberos protocol.
    • Distributed File System Replication (DFSR) – Allows SYSVOL to replicate using DFSR instead of older File Replication Service (FRS). It provides more robust and detailed replication of SYSVOL contents.

    Forest Level Windows Server 2008

    • Features and benefits include all of the features that are available at the Windows Server 2003 forest functional level, but no additional features. All domains that are subsequently added to the forest will operate at the Windows Server 2008 domain functional level by default.


    My next step is to raise the domain and forest to 2008 r2, then 2012, and finally 2012 r2. I have been trying to find out exactly what I could expect from raising the Domain and Forest for each step.

    The step involving 2008 r2 seems relatively a non issue. But getting the couple of new features seem very nice

    Domain Level Windows Server 2008 R2

    • All default Active Directory features, all features from the Windows Server 2008 domain functional level, plus 2 new features

    Forest Level Windows Server 2008 R2

    • All of the features that are available at the Windows Server 2003 forest functional level, plus the following features:


    • Active Directory Recycle Bin, which provides the ability to restore deleted objects in their entirety while AD DS is running. <== New Feature very cool
    • All domains subsequently added to the forest will operate at the Windows Server 2008 R2 domain functional level by default.

    Here is my big concerns for the next raising of domain and forest to 2012.

    Forest Level Windows Server 2012:

    • All of the features that are available at the Windows Server 2008 R2 forest functional level, but no additional features.
    • All domains subsequently added to the forest will operate at the Windows Server 2012 domain functional level by default.

    Domain Level Windows Server 2012 R2: <=====
    Need to investigate more and why this post

    • DC-side protections for Protected Users. Protected Users authenticating to a Windows Server 2012 R2 domain can no longer:


    • Authenticate with NTLM authentication <==============(what issues may arise)
    • Use DES or RC4 cipher suites in Kerberos pre-authentication
    • Be delegated with unconstrained or constrained delegation
    • Renew user tickets (TGTs) beyond the initial 4-hour lifetime


    Will this affect my exchange anywhere users with remote access authenticating either clear of NTLM???
    and what would/may not to work properly day 1 when I raise the domain and forest to 2012. I cant really find anyone that can answer a straight question.

    Has anyone gone through this? what problems did you have, if any , if a lot???

    Any thoughts and suggestions will be much appreciated??

    thanks


    - - - Updated - - -

    One more point... I am not sure if I posted this to the correct forum.. So if I was wrong and it should be in a different one..
    PLEASE LET ME KNOW
     
    changari, Oct 6, 2021
    #4
Thema:

Fix: Missing Sysvol and Netlogon after domain controller promotion

Loading...
  1. Fix: Missing Sysvol and Netlogon after domain controller promotion - Similar Threads - Fix Missing Sysvol

  2. Promote Application Data

    in Windows 10 Gaming
    Promote Application Data: What is this folder for? When I opened it, all I found was a string of characters. https://answers.microsoft.com/en-us/windows/forum/all/promote-application-data/9146ae25-9542-4407-b485-16a3dfef48f0
  3. Promote Application Data

    in Windows 10 Software and Apps
    Promote Application Data: What is this folder for? When I opened it, all I found was a string of characters. https://answers.microsoft.com/en-us/windows/forum/all/promote-application-data/9146ae25-9542-4407-b485-16a3dfef48f0
  4. Domain Controller Replication Issue

    in Windows 10 Gaming
    Domain Controller Replication Issue: i have two Domain Controllers one DC - Win2019 and Second is BDC - Windows 2012 R2my Problem is that I got this error :- DCdiag.exe From BDC to DC Naming Context: DC=DomainDnsZones,DC=mirle,DC=com The replication generated an error 8606: Insufficient attributes were given to...
  5. Domain Controller Replication Issue

    in Windows 10 Software and Apps
    Domain Controller Replication Issue: i have two Domain Controllers one DC - Win2019 and Second is BDC - Windows 2012 R2my Problem is that I got this error :- DCdiag.exe From BDC to DC Naming Context: DC=DomainDnsZones,DC=mirle,DC=com The replication generated an error 8606: Insufficient attributes were given to...
  6. Domain controller is not replicating

    in Windows 10 Gaming
    Domain controller is not replicating: Hi Techies,We have run in kind of a situation here in our estate. We found out that one of DC is not replicating properly with rest of them . On some troubleshooting I did reset affected DC password using netdom but that did not help and now it is saying "The naming context...
  7. Domain controller is not replicating

    in Windows 10 Software and Apps
    Domain controller is not replicating: Hi Techies,We have run in kind of a situation here in our estate. We found out that one of DC is not replicating properly with rest of them . On some troubleshooting I did reset affected DC password using netdom but that did not help and now it is saying "The naming context...
  8. domain controller on windows 10

    in Windows 10 Customization
    domain controller on windows 10: can I control my domain network over windows 10 pro? https://answers.microsoft.com/en-us/windows/forum/all/domain-controller-on-windows-10/ab68cd0a-062e-41ce-be1c-b0a121f4d739
  9. Fix: Missing Sysvol and Netlogon after domain controller promotion

    in Windows 10 Tutorials
    Fix: Missing Sysvol and Netlogon after domain controller promotion: Many cases I found an issue with the newly promoted domain controller is missing the SYSVOL and NETLOGON shares. Most of the cases it would also be a new domain controller for a new forest. In most cases, you would need to update the flag as below. Open Regedit Browse to...
  10. Missing domain for Workgroup

    in Windows 10 Customization
    Missing domain for Workgroup: I have put my comuter into a Workgroup but it doesn't have a domain. I don't know how to create or find a domain for the Workgroup, This is causing me problems with Windows. What do you think I am missing here, and how would I correct it in your opinion? Thanks!...