Windows 10: Fix: Missing Sysvol and Netlogon after domain controller promotion

Discus and support Fix: Missing Sysvol and Netlogon after domain controller promotion in Windows 10 Tutorials to solve the problem; Many cases I found an issue with the newly promoted domain controller is missing the SYSVOL and NETLOGON shares. Most of the cases it would also be a... Discussion in 'Windows 10 Tutorials' started by Noel, Oct 6, 2021.

  1. Noel New Member

    Fix: Missing Sysvol and Netlogon after domain controller promotion


    Many cases I found an issue with the newly promoted domain controller is missing the SYSVOL and NETLOGON shares. Most of the cases it would also be a new domain controller for a new forest. In most cases, you would need to update the flag as below.

    Open Regedit
    Browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
    Set SysVolReady from 0 to 1
    Close Regedit

    This will create the SYSVOL share. If the NETLOGON share is not created you would need to create the folder scripts in C:\Windows\SYSVOL\domain\. When this is done, restart the NETLOGON service.

    This is the easy part. In some cases, although the NETLOGON and SYSVOL shares are working, no group policies or scripts are being replicated using the DFS or DFRS.

    We can verify the replication by running the following command.

    For /f %i IN ('dsquery server -o rdn') do @Echo %i && @wmic /node:"%i" /namespace:\\root\microsoftdfs path dfsrreplicatedfolderinfo WHERE replicatedfoldername='SYSVOL share' get replicationgroupname,replicatedfoldername,state

    The states should translate as below

    0 = Uninitialized
    1 = Initialized
    2 = Initial Sync
    3 = Auto Recovery
    4 = Normal
    5 = In Error

    In my case, I have noticed that the newly promoted server was showing 2 and the main domain controller was showing “No Instance(s) Available” which is quite strange.

    Here you would need to look into the original Active Directory server for any problems and you would see a warning on the DFS Replication under Applications with Event ID 2213 as below.

    Fix: Missing Sysvol and Netlogon after domain controller promotion dfsr_1.png

    It says that the DFS Replication service stopped replication on volume C:. This occurs when a DFSR JET database is not shut down cleanly and Auto Recovery is disabled.

    What we need to do here is from the event viewer take note of the volumeGUID and run the below command and replacing GUID-NUMBER with your GUID.

    wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig where volumeGuid="GUID-NUMBER" call ResumeReplication

    This will restart the replication and recreate the database. This can be seen with an event with ID 2214 saying The DFS Replication service successfully recovered from an unexpected shutdown on volume C:.This can occur if the service terminated abnormally (due to a power loss, for example) or an error occurred on the volume. No user action is required.

    If you run the command to see the state of the replication you will see that the servers are all showing state 4 as below and the both Sysvol and Netlogon will be replicated.

    Fix: Missing Sysvol and Netlogon after domain controller promotion dfsr_3.png

    (26109)

    read more...
     
    Noel, Oct 6, 2021
    #1

  2. Windows 10 cannot be access Sysvol & Netlogon folder on the server 2012 r2

    We are using, Windows 10 Professsional and Windows 8.1 Professional software, on the our clients. Out Domain controller server version is Windows Server 2012 R2 Standart.

    But, we have a problem, cannot be access to, shared system folder, "Netlogon & Sysvol" with Windows 10 Professional client Pc.

    We able to Access this same username on the Windows 8.1 Professional client.

    Could you Help me please?

    HAKAN ÖNCEL
     
    HakanOncel, Oct 6, 2021
    #2
  3. Domain Controllers Windows update to address Netlogon Elevation of Privilege Vulnerability

    Hi,

    We are planning to update Domain Controllers runing Windows server 2012 R2 to address Netlogon Elevation of Privilege Vulnerability.

    For this we are installing following updates:

    1. KB4566425 (pre-requisite)

    2. KB4571723 (Security update only)

    With reference to roll back these updates what are our options?, if someone can please suggest exact steps for roll back or uninstalling the updates.

    Also, if anyone can please share their past experiences on installing these updates on Domain Controllers (preparations, issues, back-ups etc.)

    Best Regards,

    Ali
     
    Ali Mujahid, Oct 6, 2021
    #3
  4. changari Win User

    Fix: Missing Sysvol and Netlogon after domain controller promotion

    Raising the windows domain and forest issues?


    hi,

    I run a domain that was all 2003 r2 servers. I recently upgraded all my domain controllers to windows 2012 r2.
    That went off without any problems.. Our trust relationships had no issues also.

    My first step was to raise the Domain and Forest levels past 2003 to 2008. This went off without a hitch.
    These are the features for raising the levels to 2008:

    • Features and benefits include all default Active Directory features, all features from the Windows Server 2003 domain functional level, plus:
    • Read-Only Domain Controllers – Allows implementation of domain controllers that only host read-only copy of NTDS database.
    • Advanced Encryption Services – (AES 128 and 256) support for the Kerberos protocol.
    • Distributed File System Replication (DFSR) – Allows SYSVOL to replicate using DFSR instead of older File Replication Service (FRS). It provides more robust and detailed replication of SYSVOL contents.

    Forest Level Windows Server 2008

    • Features and benefits include all of the features that are available at the Windows Server 2003 forest functional level, but no additional features. All domains that are subsequently added to the forest will operate at the Windows Server 2008 domain functional level by default.


    My next step is to raise the domain and forest to 2008 r2, then 2012, and finally 2012 r2. I have been trying to find out exactly what I could expect from raising the Domain and Forest for each step.

    The step involving 2008 r2 seems relatively a non issue. But getting the couple of new features seem very nice

    Domain Level Windows Server 2008 R2

    • All default Active Directory features, all features from the Windows Server 2008 domain functional level, plus 2 new features

    Forest Level Windows Server 2008 R2

    • All of the features that are available at the Windows Server 2003 forest functional level, plus the following features:


    • Active Directory Recycle Bin, which provides the ability to restore deleted objects in their entirety while AD DS is running. <== New Feature very cool
    • All domains subsequently added to the forest will operate at the Windows Server 2008 R2 domain functional level by default.

    Here is my big concerns for the next raising of domain and forest to 2012.

    Forest Level Windows Server 2012:

    • All of the features that are available at the Windows Server 2008 R2 forest functional level, but no additional features.
    • All domains subsequently added to the forest will operate at the Windows Server 2012 domain functional level by default.

    Domain Level Windows Server 2012 R2: <=====
    Need to investigate more and why this post

    • DC-side protections for Protected Users. Protected Users authenticating to a Windows Server 2012 R2 domain can no longer:


    • Authenticate with NTLM authentication <==============(what issues may arise)
    • Use DES or RC4 cipher suites in Kerberos pre-authentication
    • Be delegated with unconstrained or constrained delegation
    • Renew user tickets (TGTs) beyond the initial 4-hour lifetime


    Will this affect my exchange anywhere users with remote access authenticating either clear of NTLM???
    and what would/may not to work properly day 1 when I raise the domain and forest to 2012. I cant really find anyone that can answer a straight question.

    Has anyone gone through this? what problems did you have, if any , if a lot???

    Any thoughts and suggestions will be much appreciated??

    thanks


    - - - Updated - - -

    One more point... I am not sure if I posted this to the correct forum.. So if I was wrong and it should be in a different one..
    PLEASE LET ME KNOW
     
    changari, Oct 6, 2021
    #4
Thema:

Fix: Missing Sysvol and Netlogon after domain controller promotion

Loading...
  1. Fix: Missing Sysvol and Netlogon after domain controller promotion - Similar Threads - Fix Missing Sysvol

  2. Promotion Windows 11

    in Windows 10 Gaming
    Promotion Windows 11: Looking for promotional products for in-store to promote Windows 11.Any links etc would be helpful.ThanksPete https://answers.microsoft.com/en-us/windows/forum/all/promotion-windows-11/6ce4dca2-316b-4897-bf8a-9b71c635fc11
  3. Client can't join primary domain controller but secondary domain controller is working normal?

    in Windows 10 Customization
    Client can't join primary domain controller but secondary domain controller is working normal?: Hi team,I have two domain controller primary and secondary domain controller on windows server 2016 Standard. Now i have some issue with my client any new client PC with windows 10 can't join primary domain controller but my secondary domain controller is working fine. I...
  4. Enabling SMBv1 breaks netlogon

    in Windows 10 Network and Sharing
    Enabling SMBv1 breaks netlogon: I need to enable SMBv1 for a domain computer. This computer needs to connect to an SMBv1 LAN. I enabled the optional feature for SMBv1 - but the connection was still refused. I ran these commands: sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi sc.exe...
  5. Windows Domain controller 2003 to 2019

    in Windows 10 Network and Sharing
    Windows Domain controller 2003 to 2019: Hello Community Members, I have a small office wherein I have a router and three lan switches 10.0.0.0/24 with 2 bare metal servers running VMs of WIN2003 domain controller and WIN2019 domain controller in separate bare metal servers. When I installed the WIN2019 in the...
  6. domain controller on windows 10

    in Windows 10 Customization
    domain controller on windows 10: can I control my domain network over windows 10 pro? https://answers.microsoft.com/en-us/windows/forum/all/domain-controller-on-windows-10/ab68cd0a-062e-41ce-be1c-b0a121f4d739
  7. mitsubishi aircon promotion

    in AntiVirus, Firewalls and System Security
    mitsubishi aircon promotion: We do Aircon servicing / aircon chemical wash / reconditioning of Aircon / Second hand aircon Singapore. Brands like Daikin, Panasonic, Mitsubishi Starmex. We do Aircon gas top-up too. 2nd Hand Aircon can be extremely cost efficient for your living or working space....
  8. Fix: Missing Sysvol and Netlogon after domain controller promotion

    in Windows 10 Tutorials
    Fix: Missing Sysvol and Netlogon after domain controller promotion: Many cases I found an issue with the newly promoted domain controller is missing the SYSVOL and NETLOGON shares. Most of the cases it would also be a new domain controller for a new forest. In most cases, you would need to update the flag as below. Open Regedit Browse to...
  9. Missing domain for Workgroup

    in Windows 10 Customization
    Missing domain for Workgroup: I have put my comuter into a Workgroup but it doesn't have a domain. I don't know how to create or find a domain for the Workgroup, This is causing me problems with Windows. What do you think I am missing here, and how would I correct it in your opinion? Thanks!...
  10. "Join a domain" option missing?

    in Windows 10 Network and Sharing
    "Join a domain" option missing?: We are moving from a Win7 fleet to Win10 (pro). We have encountered an issue where we are unable to connect to our domain with the new PCs. From what I understand, under Settings>system>about there should be a "join a domain" option. This option does not exist for us, and...