NTFRS replication is going AWOL

Two domain controllers have perfect replication via Active Directory, but the “File Replication Service” eventlogs, shows many errors and the NETLOGON share is missing on both domain controllers, which will give user login problems and Active Directory tools cannot be opened, claiming that access is denied.

Event log on both servers:

Using this article – even though it’s old:


We can read this:

Attempt nonauthoritative restores only after you discover FRS dependencies and you understand and resolve the root cause. For more information about how to discover FRS dependencies, see the “Considerations before configuring authoritative or nonauthoritative restores of FRS members” section later in this article.

Members who are nonauthoritatively restored must have inbound connections from operational upstream partners where you are performing Active Directory and FRS replication. In a large replica set that has at least one known good replica member, you can recover all the remaining replica members by using a nonauthoritative mode restore if you reinitialize the computers in direct replication partner order.

If you determine that you must complete a nonauthoritative restore to return a member back into service, save as much state from that member and from the direct replication partner in the direction that replication is not working. This permits you to review the problem later. You can obtain state information from the FRS and System logs in the Event Viewer.

So in short, you have to think about things, before doing this 🙂

Lets say we have a DC we “think” is the good server, having a good FRS database, and we have a “bad” DC, let’s call the good DC02 and the bad DC01.

The bad DC could also have been in Journal Wrap Error, which is explained here: https://blogs.technet.microsoft.com/instan/2009/07/14/what-happens-in-a-journal-wrap/

Then this will be seen in the event log:

Then this would really be the bad DC, IF both DC’s would have FRS problems.

The fix is burflags:

Using the KB article above, we can read this:

Restoring FRS replicas

The global


registry key contains REG_DWORD values, and is located in the following location in the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup

The most common values for the


registry key are:

  • D2, also known as a nonauthoritative mode restore

  • D4, also known as an authoritative mode restore

So we need to do the following:

  1. Stop NTFRS on both DC’s (net stop ntfrs)
  2. On the bad DC (DC01 here), set the registry key above to “D2” = bad
  3. On the good DC (DC02 here), set the registry key above to “D4” = good
  4. Start NTFRS on the GOOD DC ONLY (DC02) – net start ntfrs
  5. Look into event log again, and after 10 seconds, you should see this:

    This is good 🙂

  6. Now start NTFRS on the BAD DC01
  7. You should see this:

  8. And we are back in business.
  9. Now set registrykeys on both DC’s to “0” again.

That’s it 🙂

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.