Jorge's Quest For Knowledge!

All You Need To Know About Identity And Security On-Premises And In The Cloud. It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2010-08-12) Restoring The SYSVOL (Non-)Authoritatively When Either Using NTFRS Or DFS-R (Part 3)

Posted by Jorge on 2010-08-12


This post focuses on restoring the SYSVOL when replicated through the DFS-R mechanism. For the previous posts see here and here.

SYSVOL Replicated Through DFS-R – Authoritative Restore – Steps To Take

To perform an authoritative restore of the SYSVOL when using DFS-R, use the following steps:

  • Start the Registry Editor
  • Navigate to "HKLM\SYSTEM\CurrentControlSet\Services\DFSR"
  • Create a key called "Restore" (only time only)
  • Create a string value called "SYSVOL" (only time only)
  • For the string value called "SYSVOL" assign the value of authoritative
  • Navigate to "HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore"
  • Create a key called "SystemStateRestore" (only time only)
  • Create a string value called "LastRestoreId" (only time only)
  • For the string value called "LastRestoreId" [1] assign the value of 10000000-0000-0000-0000-000000000000
  • Stop the DFSR Service
  • Start the DFSR Service

From the command-line the same can be achieved through:

  • REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\DFSR\Restore" /v SYSVOL /t REG_SZ /d "authoritative" /f
  • [1] REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\SystemStateRestore" /v LastRestoreId /t REG_SZ /d "10000000-0000-0000-0000-000000000000" /f
  • NET STOP DFSR
  • NET START DFSR

[1] When a backup application performs a system state restore, it must indicate that it has done so by setting the LastRestoreId registry value. The LastRestoreId is a GUID that is formatted as 00000000-0000-0000-0000-000000000000. The GUID has to be different each time a restore is requested. For example, if you have the LastRestoreId set as 10000000-0000-0000-0000-000000000000, for the next restore you have to set it to a different GUID, such as 20000000-0000-0000-0000-000000000000. For more information about setting LastRestoreId, see Registry Keys and Values for Backup and Restore.

image

image

As soon as the DFS-R Service starts, the following events appear with information about the non-authoritative restore.

Event ID 2109

image

Event ID 2110

image

Event ID 4106

image

Event ID 4108

image

SYSVOL Replicated Through DFS-R – Non-Authoritative Restore – Steps To Take

To perform a non-authoritative restore of the SYSVOL when using DFS-R, use the following steps:

  • Start the Registry Editor
  • Navigate to "HKLM\SYSTEM\CurrentControlSet\Services\DFSR"
  • Create a key called "Restore" (only time only)
  • Create a string value called "SYSVOL" (only time only)
  • For the string value called "SYSVOL" assign the value of non-authoritative
  • Navigate to "HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore"
  • Create a key called "SystemStateRestore" (only time only)
  • Create a string value called "LastRestoreId" (only time only)
  • For the string value called "LastRestoreId" [1] assign the value of 10000000-0000-0000-0000-000000000000
  • Stop the DFSR Service
  • Start the DFSR Service

From the command-line the same can be achieved through:

  • REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\DFSR\Restore" /v SYSVOL /t REG_SZ /d "non-authoritative" /f
  • [1] REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\SystemStateRestore" /v LastRestoreId /t REG_SZ /d "10000000-0000-0000-0000-000000000000" /f
  • NET STOP DFSR
  • NET START DFSR

[1] When a backup application performs a system state restore, it must indicate that it has done so by setting the LastRestoreId registry value. The LastRestoreId is a GUID that is formatted as 00000000-0000-0000-0000-000000000000. The GUID has to be different each time a restore is requested. For example, if you have the LastRestoreId set as 10000000-0000-0000-0000-000000000000, for the next restore you have to set it to a different GUID, such as 20000000-0000-0000-0000-000000000000. For more information about setting LastRestoreId, see Registry Keys and Values for Backup and Restore.

image

image

As soon as the DFS-R Service starts, the following events appear with information about the non-authoritative restore.

Event ID 2109

image

Event ID 2110

image

Event ID 4110

image

Event ID 4102

image

Event ID 4604

image

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

13 Responses to “(2010-08-12) Restoring The SYSVOL (Non-)Authoritatively When Either Using NTFRS Or DFS-R (Part 3)”

  1. Good post Jorg. I have a question around SYSVOL recovery in a 2003 forest but with miz of 2003 and 2008 R2 DCs. Is there anything different you need to consider when it comes to DR of SYSVOL ?

    DFS-R is only available once the forest has been switched to 2008 and all DCs are 2008, does this mean up to this time you would use exactly same recovery process as you would with all DCs running 2003 ?

    thanks

  2. Hi,

    How to find valid value for LastRestoreId?

    Regards

  3. Jorge said

    the GUID just needs to be different!

  4. […] For the post on restoring the SYSVOL when replicated through the DFS-R mechanism see here. […]

  5. […] This post focusses on restoring the SYSVOL when replicated through the NTFRS mechanism. For the previous post see here and for the next post see here. […]

  6. […] Restoring The SYSVOL (Non-)Authoritatively When Either Using NTFRS Or DFS-R (Part 3) […]

  7. […] https://jorgequestforknowledge.wordpress.com/2010/08/12/restoring-the-sysvol-non-authoritatively-when… […]

  8. Hi,
    Great article working…
    But is their any supported TechNet article for above procedure please ?

  9. You are simply amazing… performing the above authoritative restore has fixed my Sysvol issues… now I just need to figure out why I don’t have netlogon shared!

  10. Restart the netlogon service… doh! Far too late for this!!!

  11. […] I had some Replication issues a few weeks ago and needed to do an Authorative restore as per: (2010-08-12) Restoring The SYSVOL (Non-)Authoritatively When Either Using NTFRS Or DFS-R (Part 3) «… […]

  12. […]  חומר עיוני נוסף כאן […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: