Using the BurFlags registry key to reinitialize File Replication Service replica sets

Friday, February 27, 2009

Using the BurFlags registry key to reinitialize File Replication Service replica sets

Overview

FRS is a multi-threaded, multi-master replication engine that Windows Server 2003 and Windows 2000 domain controllers use to replicate system policies and logon scripts for Windows Server 2003, Windows 2000, and earlier-version clients. In Microsoft Windows NT, the LanMan Replication (LMREP) service handled replication. FRS replaced LMREP in Windows 2000. You can also use FRS to replicate content between Windows 2000 servers that host the same fault-tolerant Distributed File System (DFS) roots or child node replicas.

When you deploy Windows-based domain controllers or member servers that use FRS to replicate files in SYSVOL or DFS shares, you may have to restore or reinitialize individual members of a replica set if replication has stopped or is inconsistent. In some scenarios, you may have to rebuild the whole replica set from scratch.

The FRS BurFlags registry key is used to perform authoritative or nonauthoritative restores on FRS members of DFS or SYSVOL replica sets.

Note System state backups of Windows member servers and domain controllers do not include the FRS database that maintains a mapping of files that are held in local FRS trees and a master list of FRS files. For more information about exclusions for Ntbackup.exe, click the following article number to view the article in the Microsoft Knowledge Base:

233427 (http://support.microsoft.com/kb/233427/ ) Files and folders that are not backed up when the Ntbackup.exe tool is used in Windows Server 2003, Windows XP, and Windows 2000

Restoring FRS replicas

The global BurFlags registry key contains REG_DWORD values, and is located in the following location in the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup

The most common values for the BurFlags registry key are:

D2, also known as a nonauthoritative mode restore
D4, also known as an authoritative mode restore

You can also perform BurFlags restores at the same time as you restore data from backup or from any other known good source, and then restart the service.

Nonauthoritative restore

Nonauthoritative restores are the most common way to reinitialize individual members of FRS replica sets that are having difficulty. These difficulties may include:

Assertions in the FRS service
Corruption of the local jet database
Journal wrap errors
FRS replication failures

Attempt nonauthoritative restores only after you discover FRS dependencies and you understand and resolve the root cause. For more information about how to discover FRS dependencies, see the "Considerations before configuring authoritative or nonauthoritative restores of FRS members" section later in this article.

Members who are nonauthoritatively restored must have inbound connections from operational upstream partners where you are performing Active Directory and FRS replication. In a large replica set that has at least one known good replica member, you can recover all the remaining replica members by using a nonauthoritative mode restore if you reinitialize the computers in direct replication partner order.

If you determine that you must complete a nonauthoritative restore to return a member back into service, save as much state from that member and from the direct replication partner in the direction that replication is not working. This permits you to review the problem later. You can obtain state information from the FRS and System logs in the Event Viewer.

Note You can configure the FRS logs to record detailed debugging entries. For more information about how to configure FRS logging, click the following article number to view the article in the Microsoft Knowledge Base:

221111 (http://support.microsoft.com/kb/221111/ ) Description of FRS entries in the registry

To perform a nonauthoritative restore, stop the FRS service, configure the BurFlags registry key, and then restart the FRS service. To do so:

Click Start, and then click Run.
In the Open box, type cmd and then press ENTER.
In the Command box, type net stop ntfrs.
Click Start, and then click Run.
In the Open box, type regedit and then press ENTER.
Locate the following subkey in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
In the right pane, double-click BurFlags.
In the Edit DWORD Value dialog box, type D2 and then click OK.
Quit Registry Editor, and then switch to the Command box.
In the Command box, type net start ntfrs.
Quit the Command box.

When the FRS service restarts, the following actions occur:

The value for BurFlags registry key returns to 0.
Files in the reinitialized FRS folders are moved to a Pre-existing folder.
An event 13565 is logged to signal that a nonauthoritative restore is started.
The FRS database is rebuilt.
The member performs an initial join of the replica set from an upstream partner or from the computer that is specified in the Replica Set Parent registry key if a parent has been specified for SYSVOL replica sets.
The reinitialized computer runs a full replication of the affected replica sets when the relevant replication schedule begins.
When the process is complete, an event 13516 is logged to signal that FRS is operational. If the event is not logged, there is a problem with the FRS configuration.

Note: The placement of files in the Pre-existing folder on reinitialized members is a safeguard in FRS designed to prevent accidental data loss. Any files destined for the replica that exist only in the local Pre-existing folder and did not replicate in after the initial replication may then be copied to the appropriate folder. When outbound replication has occurred, delete files in the Pre-existing folder to free up additional drive space.

Authoritative FRS restore

Use authoritative restores only as a final option, such as in the case of directory collisions.

For example, you may require an authoritative restore if you must recover an FRS replica set where replication has completely stopped and requires a rebuild from scratch.

The following list of requirements must be met when before you perform an authoritative FRS restore:

The FRS service must be disabled on all downstream partners (direct and transitive) for the reinitialized replica sets before you restart the FRS service when the authoritative restore has been configured to occur.
Events 13553 and 13516 have been logged in the FRS event log. These events indicate that the membership to the replica set has been established on the computer that is configured for the authoritative restore.
The computer that is configured for the authoritative restore is configured to be authoritative for all the data that you want to replicate to replica set members. This is not the case if you are performing a join on an empty directory. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
266679 (http://support.microsoft.com/kb/266679/ ) Pre-staging the File Replication service replicated files on SYSVOL and Distributed file system shares for optimal synchronization
All other partners in the replica set must be reinitialized with a nonauthoritative restore.

To complete an authoritative restore, stop the FRS service, configure the BurFlags registry key, and then restart the FRS service. To do so:

Click Start, and then click Run.
In the Open box, type cmd and then press ENTER.
In the Command box, type net stop ntfrs.
Click Start, and then click Run.
In the Open box, type regedit and then press ENTER.
Locate the following subkey in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
In the right pane, double click BurFlags.
In the Edit DWORD Value dialog box, type D4 and then click OK.
Quit Registry Editor, and then switch to the Command box.
In the Command box, type net start ntfrs.
Quit the Command box.

When the FRS service is restarted, the following actions occur:

The value for the BurFlags registry key is set back to 0.
An event 13566 is logged to signal that an authoritative restore is started.
Files in the reinitialized FRS replicated directories remain unchanged and become authoritative on direct replication. Additionally, the files become indirect replication partners through transitive replication.
The FRS database is rebuilt based on current file inventory.
When the process is complete, an event 13516 is logged to signal that FRS is operational. If the event is not logged, there is a problem with the FRS configuration.

Global vs. replica set specific reinitialization

There are both global- and replica set-specific BurFlags registry keys. Setting the global BurFlags registry key reinitializes all replica sets that the member holds. Do this only when the computer holds only one replica set, or when the replica sets that it holds are relatively small.

In contrast to configuring the global BurFlags key, the replica set BurFlags key permits you to reinitializes discrete, individual replica sets, allowing healthy replication sets to be left intact.

The global BurFlags registry key is found in the following location in the registry:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup / Restore\Process At Startup

This key can contain the same values as those that are discussed earlier in this article for authoritative and nonauthoritative restores.

You can locate the replica set specific BurFlags registry key by determining the GUID for the replica set that you want to configure. To determine which GUID corresponds to which replica set and configure a restore, follow these steps:

Click Start, and then click Run.
In the Open box, type cmd and then press ENTER.
In the Command box, type net stop ntfrs.
Click Start, and then click Run.
In the Open box, type regedit and then press ENTER.
To determine the GUID that represents the replica set that you want to configure, follow these steps:
1. Locate the following key in the registry:
  KEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Replica Sets
2. Below the Replica Sets subkey, there are one or more subkeys that are identified by a GUID. In the left pane, click the GUID, and then in the right pane note the Data that is listed for the Replica Set Root value. This file system path will indicate which replica set is represented by this GUID.
3. Repeat step 4 for each GUID that is listed below the Replica Sets subkey until you locate the replica set that you want to configure. Note the GUID.
Locate the following key in the registry:
KEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Cumulative Replica Sets
Below the Cumulative Replica Sets subkey, locate the GUID you noted in step 6c.
In the right pane, double click BurFlags.
In the Edit DWORD Value dialog box, type D2 to complete a nonauthoritative restore or type D4 to complete an authoritative restore, and then click OK.
Quit Registry Editor, and then switch to the Command box.
In the Command box, type net start ntfrs.
Quit the Command box.

Considerations before you configure authoritative or nonauthoritative restores of FRS members

If you configure an FRS member to complete an authoritative or nonauthoritative restore by using the BurFlags registry subkey, you do not resolve the issues that initially caused the replication problem. If you cannot determine the cause of the replication difficulties, the members will typically revert back to the problematic situation as replication continues.

A detailed breakdown on FRS interdependencies is beyond the scope of this article, but your troubleshooting should include the following actions:

Verify that Active Directory replication is successful. Resolve Active Directory replication issues before you perform additional FRS troubleshooting. Use the Repadmin /showreps command to verify that Active Directory replication is occurring successfully. The Repadmin.exe tool is located in the Support\Tools folder on the Windows 2000 CD-ROM.
Verify that inbound and outbound Active Directory replication occurs between all domain controllers that host SYSVOL replica sets and between all domain controllers that host computer accounts for servers that participate in DFS replica sets.
Verify that FRS member objects, subscriber objects and connection objects exist in the Active Directory for all the computers that participate in FRS replication.
Verify that inbound and outbound connection objects exist for all domain controllers in the domain for SYSVOL replica sets.
Verify that all the members of DFS replica sets have at least inbound connection objects in a topology to avoid islands of replication.
Review the FRS and SYSTEM event logs on direct replication partners that are having difficulty.
Review the FRS debug logs in the %SYSTEMROOT%\DEBUG\NTFRS_*.LOG between the direct replication partners that are having replication problems.

For more information about how to troubleshoot, click the following article number to view the article in the Microsoft Knowledge Base:

Using the BurFlags registry key to reinitialize File Replication Service replica sets

Overview

233427 (http://support.microsoft.com/kb/233427/ ) Files and folders that are not backed up when the Ntbackup.exe tool is used in Windows Server 2003, Windows XP, and Windows 2000

Restoring FRS replicas

The global BurFlags registry key contains REG_DWORD values, and is located in the following location in the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup

The most common values for the BurFlags registry key are:

D2, also known as a nonauthoritative mode restore
D4, also known as an authoritative mode restore

You can also perform BurFlags restores at the same time as you restore data from backup or from any other known good source, and then restart the service.

Nonauthoritative restore

Nonauthoritative restores are the most common way to reinitialize individual members of FRS replica sets that are having difficulty. These difficulties may include:

Assertions in the FRS service
Corruption of the local jet database
Journal wrap errors
FRS replication failures

221111 (http://support.microsoft.com/kb/221111/ ) Description of FRS entries in the registry

To perform a nonauthoritative restore, stop the FRS service, configure the BurFlags registry key, and then restart the FRS service. To do so:

Click Start, and then click Run.
In the Open box, type cmd and then press ENTER.
In the Command box, type net stop ntfrs.
Click Start, and then click Run.
In the Open box, type regedit and then press ENTER.
Locate the following subkey in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
In the right pane, double-click BurFlags.
In the Edit DWORD Value dialog box, type D2 and then click OK.
Quit Registry Editor, and then switch to the Command box.
In the Command box, type net start ntfrs.
Quit the Command box.

When the FRS service restarts, the following actions occur:

The value for BurFlags registry key returns to 0.
Files in the reinitialized FRS folders are moved to a Pre-existing folder.
An event 13565 is logged to signal that a nonauthoritative restore is started.
The FRS database is rebuilt.
The member performs an initial join of the replica set from an upstream partner or from the computer that is specified in the Replica Set Parent registry key if a parent has been specified for SYSVOL replica sets.
The reinitialized computer runs a full replication of the affected replica sets when the relevant replication schedule begins.
When the process is complete, an event 13516 is logged to signal that FRS is operational. If the event is not logged, there is a problem with the FRS configuration.

Authoritative FRS restore

The FRS service must be disabled on all downstream partners (direct and transitive) for the reinitialized replica sets before you restart the FRS service when the authoritative restore has been configured to occur.
Events 13553 and 13516 have been logged in the FRS event log. These events indicate that the membership to the replica set has been established on the computer that is configured for the authoritative restore.
The computer that is configured for the authoritative restore is configured to be authoritative for all the data that you want to replicate to replica set members. This is not the case if you are performing a join on an empty directory. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
266679 (http://support.microsoft.com/kb/266679/ ) Pre-staging the File Replication service replicated files on SYSVOL and Distributed file system shares for optimal synchronization
All other partners in the replica set must be reinitialized with a nonauthoritative restore.

To complete an authoritative restore, stop the FRS service, configure the BurFlags registry key, and then restart the FRS service. To do so:

Click Start, and then click Run.
In the Open box, type cmd and then press ENTER.
In the Command box, type net stop ntfrs.
Click Start, and then click Run.
In the Open box, type regedit and then press ENTER.
Locate the following subkey in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
In the right pane, double click BurFlags.
In the Edit DWORD Value dialog box, type D4 and then click OK.
Quit Registry Editor, and then switch to the Command box.
In the Command box, type net start ntfrs.
Quit the Command box.

When the FRS service is restarted, the following actions occur:

The value for the BurFlags registry key is set back to 0.
An event 13566 is logged to signal that an authoritative restore is started.
Files in the reinitialized FRS replicated directories remain unchanged and become authoritative on direct replication. Additionally, the files become indirect replication partners through transitive replication.
The FRS database is rebuilt based on current file inventory.
When the process is complete, an event 13516 is logged to signal that FRS is operational. If the event is not logged, there is a problem with the FRS configuration.

Global vs. replica set specific reinitialization

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup / Restore\Process At Startup

Click Start, and then click Run.
In the Open box, type cmd and then press ENTER.
In the Command box, type net stop ntfrs.
Click Start, and then click Run.
In the Open box, type regedit and then press ENTER.
To determine the GUID that represents the replica set that you want to configure, follow these steps:
1. Locate the following key in the registry:
  KEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Replica Sets
2. Below the Replica Sets subkey, there are one or more subkeys that are identified by a GUID. In the left pane, click the GUID, and then in the right pane note the Data that is listed for the Replica Set Root value. This file system path will indicate which replica set is represented by this GUID.
3. Repeat step 4 for each GUID that is listed below the Replica Sets subkey until you locate the replica set that you want to configure. Note the GUID.
Locate the following key in the registry:
KEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Cumulative Replica Sets
Below the Cumulative Replica Sets subkey, locate the GUID you noted in step 6c.
In the right pane, double click BurFlags.
In the Edit DWORD Value dialog box, type D2 to complete a nonauthoritative restore or type D4 to complete an authoritative restore, and then click OK.
Quit Registry Editor, and then switch to the Command box.
In the Command box, type net start ntfrs.
Quit the Command box.

Considerations before you configure authoritative or nonauthoritative restores of FRS members

Verify that Active Directory replication is successful. Resolve Active Directory replication issues before you perform additional FRS troubleshooting. Use the Repadmin /showreps command to verify that Active Directory replication is occurring successfully. The Repadmin.exe tool is located in the Support\Tools folder on the Windows 2000 CD-ROM.
Verify that inbound and outbound Active Directory replication occurs between all domain controllers that host SYSVOL replica sets and between all domain controllers that host computer accounts for servers that participate in DFS replica sets.
Verify that FRS member objects, subscriber objects and connection objects exist in the Active Directory for all the computers that participate in FRS replication.
Verify that inbound and outbound connection objects exist for all domain controllers in the domain for SYSVOL replica sets.
Verify that all the members of DFS replica sets have at least inbound connection objects in a topology to avoid islands of replication.
Review the FRS and SYSTEM event logs on direct replication partners that are having difficulty.
Review the FRS debug logs in the %SYSTEMROOT%\DEBUG\NTFRS_*.LOG between the direct replication partners that are having replication problems.

For more information about how to troubleshoot, click the following article number to view the article in the Microsoft Knowledge Base:

Using the BurFlags registry key to reinitialize File Replication Service replica sets

Overview

233427 (http://support.microsoft.com/kb/233427/ ) Files and folders that are not backed up when the Ntbackup.exe tool is used in Windows Server 2003, Windows XP, and Windows 2000

Restoring FRS replicas

The global BurFlags registry key contains REG_DWORD values, and is located in the following location in the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup

The most common values for the BurFlags registry key are:

D2, also known as a nonauthoritative mode restore
D4, also known as an authoritative mode restore

You can also perform BurFlags restores at the same time as you restore data from backup or from any other known good source, and then restart the service.

Nonauthoritative restore

Nonauthoritative restores are the most common way to reinitialize individual members of FRS replica sets that are having difficulty. These difficulties may include:

Assertions in the FRS service
Corruption of the local jet database
Journal wrap errors
FRS replication failures

221111 (http://support.microsoft.com/kb/221111/ ) Description of FRS entries in the registry

To perform a nonauthoritative restore, stop the FRS service, configure the BurFlags registry key, and then restart the FRS service. To do so:

Click Start, and then click Run.
In the Open box, type cmd and then press ENTER.
In the Command box, type net stop ntfrs.
Click Start, and then click Run.
In the Open box, type regedit and then press ENTER.
Locate the following subkey in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
In the right pane, double-click BurFlags.
In the Edit DWORD Value dialog box, type D2 and then click OK.
Quit Registry Editor, and then switch to the Command box.
In the Command box, type net start ntfrs.
Quit the Command box.

When the FRS service restarts, the following actions occur:

The value for BurFlags registry key returns to 0.
Files in the reinitialized FRS folders are moved to a Pre-existing folder.
An event 13565 is logged to signal that a nonauthoritative restore is started.
The FRS database is rebuilt.
The member performs an initial join of the replica set from an upstream partner or from the computer that is specified in the Replica Set Parent registry key if a parent has been specified for SYSVOL replica sets.
The reinitialized computer runs a full replication of the affected replica sets when the relevant replication schedule begins.
When the process is complete, an event 13516 is logged to signal that FRS is operational. If the event is not logged, there is a problem with the FRS configuration.

Authoritative FRS restore

The FRS service must be disabled on all downstream partners (direct and transitive) for the reinitialized replica sets before you restart the FRS service when the authoritative restore has been configured to occur.
Events 13553 and 13516 have been logged in the FRS event log. These events indicate that the membership to the replica set has been established on the computer that is configured for the authoritative restore.
The computer that is configured for the authoritative restore is configured to be authoritative for all the data that you want to replicate to replica set members. This is not the case if you are performing a join on an empty directory. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
266679 (http://support.microsoft.com/kb/266679/ ) Pre-staging the File Replication service replicated files on SYSVOL and Distributed file system shares for optimal synchronization
All other partners in the replica set must be reinitialized with a nonauthoritative restore.

To complete an authoritative restore, stop the FRS service, configure the BurFlags registry key, and then restart the FRS service. To do so:

Click Start, and then click Run.
In the Open box, type cmd and then press ENTER.
In the Command box, type net stop ntfrs.
Click Start, and then click Run.
In the Open box, type regedit and then press ENTER.
Locate the following subkey in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
In the right pane, double click BurFlags.
In the Edit DWORD Value dialog box, type D4 and then click OK.
Quit Registry Editor, and then switch to the Command box.
In the Command box, type net start ntfrs.
Quit the Command box.

When the FRS service is restarted, the following actions occur:

The value for the BurFlags registry key is set back to 0.
An event 13566 is logged to signal that an authoritative restore is started.
Files in the reinitialized FRS replicated directories remain unchanged and become authoritative on direct replication. Additionally, the files become indirect replication partners through transitive replication.
The FRS database is rebuilt based on current file inventory.
When the process is complete, an event 13516 is logged to signal that FRS is operational. If the event is not logged, there is a problem with the FRS configuration.

Global vs. replica set specific reinitialization

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup / Restore\Process At Startup

Click Start, and then click Run.
In the Open box, type cmd and then press ENTER.
In the Command box, type net stop ntfrs.
Click Start, and then click Run.
In the Open box, type regedit and then press ENTER.
To determine the GUID that represents the replica set that you want to configure, follow these steps:
1. Locate the following key in the registry:
  KEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Replica Sets
2. Below the Replica Sets subkey, there are one or more subkeys that are identified by a GUID. In the left pane, click the GUID, and then in the right pane note the Data that is listed for the Replica Set Root value. This file system path will indicate which replica set is represented by this GUID.
3. Repeat step 4 for each GUID that is listed below the Replica Sets subkey until you locate the replica set that you want to configure. Note the GUID.
Locate the following key in the registry:
KEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Cumulative Replica Sets
Below the Cumulative Replica Sets subkey, locate the GUID you noted in step 6c.
In the right pane, double click BurFlags.
In the Edit DWORD Value dialog box, type D2 to complete a nonauthoritative restore or type D4 to complete an authoritative restore, and then click OK.
Quit Registry Editor, and then switch to the Command box.
In the Command box, type net start ntfrs.
Quit the Command box.

Considerations before you configure authoritative or nonauthoritative restores of FRS members

Verify that Active Directory replication is successful. Resolve Active Directory replication issues before you perform additional FRS troubleshooting. Use the Repadmin /showreps command to verify that Active Directory replication is occurring successfully. The Repadmin.exe tool is located in the Support\Tools folder on the Windows 2000 CD-ROM.
Verify that inbound and outbound Active Directory replication occurs between all domain controllers that host SYSVOL replica sets and between all domain controllers that host computer accounts for servers that participate in DFS replica sets.
Verify that FRS member objects, subscriber objects and connection objects exist in the Active Directory for all the computers that participate in FRS replication.
Verify that inbound and outbound connection objects exist for all domain controllers in the domain for SYSVOL replica sets.
Verify that all the members of DFS replica sets have at least inbound connection objects in a topology to avoid islands of replication.
Review the FRS and SYSTEM event logs on direct replication partners that are having difficulty.
Review the FRS debug logs in the %SYSTEMROOT%\DEBUG\NTFRS_*.LOG between the direct replication partners that are having replication problems.

For more information about how to troubleshoot, click the following article number to view the article in the Microsoft Knowledge Base:

Using the BurFlags registry key to reinitialize File Replication Service replica sets

Overview

233427 (http://support.microsoft.com/kb/233427/ ) Files and folders that are not backed up when the Ntbackup.exe tool is used in Windows Server 2003, Windows XP, and Windows 2000

Restoring FRS replicas

The global BurFlags registry key contains REG_DWORD values, and is located in the following location in the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup

The most common values for the BurFlags registry key are:

D2, also known as a nonauthoritative mode restore
D4, also known as an authoritative mode restore

You can also perform BurFlags restores at the same time as you restore data from backup or from any other known good source, and then restart the service.

Nonauthoritative restore

Nonauthoritative restores are the most common way to reinitialize individual members of FRS replica sets that are having difficulty. These difficulties may include:

Assertions in the FRS service
Corruption of the local jet database
Journal wrap errors
FRS replication failures

221111 (http://support.microsoft.com/kb/221111/ ) Description of FRS entries in the registry

To perform a nonauthoritative restore, stop the FRS service, configure the BurFlags registry key, and then restart the FRS service. To do so:

Click Start, and then click Run.
In the Open box, type cmd and then press ENTER.
In the Command box, type net stop ntfrs.
Click Start, and then click Run.
In the Open box, type regedit and then press ENTER.
Locate the following subkey in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
In the right pane, double-click BurFlags.
In the Edit DWORD Value dialog box, type D2 and then click OK.
Quit Registry Editor, and then switch to the Command box.
In the Command box, type net start ntfrs.
Quit the Command box.

When the FRS service restarts, the following actions occur:

The value for BurFlags registry key returns to 0.
Files in the reinitialized FRS folders are moved to a Pre-existing folder.
An event 13565 is logged to signal that a nonauthoritative restore is started.
The FRS database is rebuilt.
The member performs an initial join of the replica set from an upstream partner or from the computer that is specified in the Replica Set Parent registry key if a parent has been specified for SYSVOL replica sets.
The reinitialized computer runs a full replication of the affected replica sets when the relevant replication schedule begins.
When the process is complete, an event 13516 is logged to signal that FRS is operational. If the event is not logged, there is a problem with the FRS configuration.

Authoritative FRS restore

The FRS service must be disabled on all downstream partners (direct and transitive) for the reinitialized replica sets before you restart the FRS service when the authoritative restore has been configured to occur.
Events 13553 and 13516 have been logged in the FRS event log. These events indicate that the membership to the replica set has been established on the computer that is configured for the authoritative restore.
The computer that is configured for the authoritative restore is configured to be authoritative for all the data that you want to replicate to replica set members. This is not the case if you are performing a join on an empty directory. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
266679 (http://support.microsoft.com/kb/266679/ ) Pre-staging the File Replication service replicated files on SYSVOL and Distributed file system shares for optimal synchronization
All other partners in the replica set must be reinitialized with a nonauthoritative restore.

To complete an authoritative restore, stop the FRS service, configure the BurFlags registry key, and then restart the FRS service. To do so:

Click Start, and then click Run.
In the Open box, type cmd and then press ENTER.
In the Command box, type net stop ntfrs.
Click Start, and then click Run.
In the Open box, type regedit and then press ENTER.
Locate the following subkey in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
In the right pane, double click BurFlags.
In the Edit DWORD Value dialog box, type D4 and then click OK.
Quit Registry Editor, and then switch to the Command box.
In the Command box, type net start ntfrs.
Quit the Command box.

When the FRS service is restarted, the following actions occur:

The value for the BurFlags registry key is set back to 0.
An event 13566 is logged to signal that an authoritative restore is started.
Files in the reinitialized FRS replicated directories remain unchanged and become authoritative on direct replication. Additionally, the files become indirect replication partners through transitive replication.
The FRS database is rebuilt based on current file inventory.
When the process is complete, an event 13516 is logged to signal that FRS is operational. If the event is not logged, there is a problem with the FRS configuration.

Global vs. replica set specific reinitialization

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup / Restore\Process At Startup

Click Start, and then click Run.
In the Open box, type cmd and then press ENTER.
In the Command box, type net stop ntfrs.
Click Start, and then click Run.
In the Open box, type regedit and then press ENTER.
To determine the GUID that represents the replica set that you want to configure, follow these steps:
1. Locate the following key in the registry:
  KEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Replica Sets
2. Below the Replica Sets subkey, there are one or more subkeys that are identified by a GUID. In the left pane, click the GUID, and then in the right pane note the Data that is listed for the Replica Set Root value. This file system path will indicate which replica set is represented by this GUID.
3. Repeat step 4 for each GUID that is listed below the Replica Sets subkey until you locate the replica set that you want to configure. Note the GUID.
Locate the following key in the registry:
KEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Cumulative Replica Sets
Below the Cumulative Replica Sets subkey, locate the GUID you noted in step 6c.
In the right pane, double click BurFlags.
In the Edit DWORD Value dialog box, type D2 to complete a nonauthoritative restore or type D4 to complete an authoritative restore, and then click OK.
Quit Registry Editor, and then switch to the Command box.
In the Command box, type net start ntfrs.
Quit the Command box.

Considerations before you configure authoritative or nonauthoritative restores of FRS members

Verify that Active Directory replication is successful. Resolve Active Directory replication issues before you perform additional FRS troubleshooting. Use the Repadmin /showreps command to verify that Active Directory replication is occurring successfully. The Repadmin.exe tool is located in the Support\Tools folder on the Windows 2000 CD-ROM.
Verify that inbound and outbound Active Directory replication occurs between all domain controllers that host SYSVOL replica sets and between all domain controllers that host computer accounts for servers that participate in DFS replica sets.
Verify that FRS member objects, subscriber objects and connection objects exist in the Active Directory for all the computers that participate in FRS replication.
Verify that inbound and outbound connection objects exist for all domain controllers in the domain for SYSVOL replica sets.
Verify that all the members of DFS replica sets have at least inbound connection objects in a topology to avoid islands of replication.
Review the FRS and SYSTEM event logs on direct replication partners that are having difficulty.
Review the FRS debug logs in the %SYSTEMROOT%\DEBUG\NTFRS_*.LOG between the direct replication partners that are having replication problems.

For more information about how to troubleshoot, click the following article number to view the article in the Microsoft Knowledge Base:

3 WAN Protocols you should know: HDLC, PPP, and Frame-Relay

What is HDLC?

HDLC stands for High-Level Data Link Control protocol. Like the two other WAN protocols mentioned in this article, HDLC is a Layer 2 protocol (see OSI Model for more information on Layers). HDLC is a simple protocol used to connect point to point serial devices. For example, you have point to point leased line connecting two locations, in two different cities. HDLC would be the protocol with the least amount of configuration required to connect these two locations. HDLC would be running over the WAN, between the two locations. Each router would be de-encapsulating HDLC and turning dropping it off on the LAN.

HDLC performs error correction, just like Ethernet. Cisco's version of HDLC is actually proprietary because they added a protocol type field. Thus, Cisco HDLC can only work with other Cisco devices.

HDLC is actually the default protocol on all Cisco serial interfaces. If you do a show running-config on a Cisco router, your serial interfaces (by default) won't have any encapsulation. This is because they are configured to the default of HDLC. If you do a show interface serial 0/0, you'll see that you are running HDLC. Here is an example:

What is PPP?

You may have heard of the Point to Point Protocol (PPP) because it is used for most every dial up connection to the Internet. PPP is documented in RFC 1661. PPP is based on HDLC and is very similar. Both work well to connect point to point leased lines.

The differences between PPP and HDLC are:

PPP is not proprietary when used on a Cisco router
PPP has several sub-protocols that make it function.
PPP is feature-rich with dial up networking features

Because PPP has so many dial-up networking features, it has become the most popular dial up networking protocol in use today. Here are some of the dial-up networking features it offers:

Link quality management monitors the quality of the dial-up link and how many errors have been taken. It can bring the link down if the link is receiving too many errors.
Multilink can bring up multiple PPP dialup links and bond them together to function as one.
Authentication is supported with PAP and CHAP. These protocols take your username and password to ensure that you are allowed access to the network you are dialing in to.

To change from HDLC to PPP, on a Cisco router, use the encapsulation ppp command, like this:

After changing the encapsulation to ppp, I typed ppp ? to list the PPP options available. There are many PPP options when compared to HDLC. The list of PPP options in the screenshot is only a partial list of what is available.

What is Frame-Relay?

Frame Relay is a Layer 2 protocol and commonly known as a service from carriers. For example, people will say "I ordered a frame-relay circuit". Frame relay creates a private network through a carrier's network. This is done with permanent virtual circuits (PVC). A PVC is a connection from one site, to another site, through the carrier's network. This is really just a configuration entry that a carrier makes on their frame relay switches.

Obtaining a frame-relay circuit is done by ordering a T1 or fractional T1 from the carrier. On top of that, you order a frame-relay port, matching the size of the circuit you ordered. Finally, you order a PVC that connects your frame relay port to another of your ports inside the network.

The benefits to frame-relay are:

Ability to have a single circuit that connects to the "frame relay cloud" and gain access to all other sites (as long as you have PVCs). As the number of locations grow, you would save more and more money because you don't need as many circuits as you would if you were trying to fully-mesh your network with point to point leased lines.
Improved disaster recovery because all you have to do is to order a single circuit to the cloud and PVC's to gain access to all remote sites.
By using the PVCs, you can design your WAN however you want. Meaning, you define what sites have direct connections to other sites and you only pay the small monthly PVC fee for each connection.

Some other terms you should know, concerning frame relay are:

LMI = local management interface. LMI is the management protocol of frame relay. LMI is sent between the frame relay switches and routers to communicate what DLCI's are available and if there is congestion in the network.
DLCI = data link connection identifier. This is a number used to identify each PVC in the frame relay network.
CIR = committed information rate. This is the amount bandwidth you pay to guarantee you will receive, on each PVC. Generally you have much less CIR than you have port speed. You can, of course, burst above your CIR to your port speed but that traffic is marked DE.
DE = discard eligible. Traffic marked DE (that was above your CIR) CAN be discarded by the frame-relay network if there is congestion.
FECN & BECN = forward explicit congestion notification & backward explicit congestion notification. These are bits set inside LMI packets to alert the frame-relay devices that there is congestion in the network.

3 WAN Protocols you should know: HDLC, PPP, and Frame-Relay

What is HDLC?

HDLC performs error correction, just like Ethernet. Cisco's version of HDLC is actually proprietary because they added a protocol type field. Thus, Cisco HDLC can only work with other Cisco devices.

What is PPP?

The differences between PPP and HDLC are:

PPP is not proprietary when used on a Cisco router
PPP has several sub-protocols that make it function.
PPP is feature-rich with dial up networking features

Because PPP has so many dial-up networking features, it has become the most popular dial up networking protocol in use today. Here are some of the dial-up networking features it offers:

Link quality management monitors the quality of the dial-up link and how many errors have been taken. It can bring the link down if the link is receiving too many errors.
Multilink can bring up multiple PPP dialup links and bond them together to function as one.
Authentication is supported with PAP and CHAP. These protocols take your username and password to ensure that you are allowed access to the network you are dialing in to.

To change from HDLC to PPP, on a Cisco router, use the encapsulation ppp command, like this:

What is Frame-Relay?

The benefits to frame-relay are:

Ability to have a single circuit that connects to the "frame relay cloud" and gain access to all other sites (as long as you have PVCs). As the number of locations grow, you would save more and more money because you don't need as many circuits as you would if you were trying to fully-mesh your network with point to point leased lines.
Improved disaster recovery because all you have to do is to order a single circuit to the cloud and PVC's to gain access to all remote sites.
By using the PVCs, you can design your WAN however you want. Meaning, you define what sites have direct connections to other sites and you only pay the small monthly PVC fee for each connection.

Some other terms you should know, concerning frame relay are:

LMI = local management interface. LMI is the management protocol of frame relay. LMI is sent between the frame relay switches and routers to communicate what DLCI's are available and if there is congestion in the network.
DLCI = data link connection identifier. This is a number used to identify each PVC in the frame relay network.
CIR = committed information rate. This is the amount bandwidth you pay to guarantee you will receive, on each PVC. Generally you have much less CIR than you have port speed. You can, of course, burst above your CIR to your port speed but that traffic is marked DE.
DE = discard eligible. Traffic marked DE (that was above your CIR) CAN be discarded by the frame-relay network if there is congestion.
FECN & BECN = forward explicit congestion notification & backward explicit congestion notification. These are bits set inside LMI packets to alert the frame-relay devices that there is congestion in the network.

3 WAN Protocols you should know: HDLC, PPP, and Frame-Relay

What is HDLC?

HDLC performs error correction, just like Ethernet. Cisco's version of HDLC is actually proprietary because they added a protocol type field. Thus, Cisco HDLC can only work with other Cisco devices.

What is PPP?

The differences between PPP and HDLC are:

PPP is not proprietary when used on a Cisco router
PPP has several sub-protocols that make it function.
PPP is feature-rich with dial up networking features

Because PPP has so many dial-up networking features, it has become the most popular dial up networking protocol in use today. Here are some of the dial-up networking features it offers:

Link quality management monitors the quality of the dial-up link and how many errors have been taken. It can bring the link down if the link is receiving too many errors.
Multilink can bring up multiple PPP dialup links and bond them together to function as one.
Authentication is supported with PAP and CHAP. These protocols take your username and password to ensure that you are allowed access to the network you are dialing in to.

To change from HDLC to PPP, on a Cisco router, use the encapsulation ppp command, like this:

What is Frame-Relay?

The benefits to frame-relay are:

Ability to have a single circuit that connects to the "frame relay cloud" and gain access to all other sites (as long as you have PVCs). As the number of locations grow, you would save more and more money because you don't need as many circuits as you would if you were trying to fully-mesh your network with point to point leased lines.
Improved disaster recovery because all you have to do is to order a single circuit to the cloud and PVC's to gain access to all remote sites.
By using the PVCs, you can design your WAN however you want. Meaning, you define what sites have direct connections to other sites and you only pay the small monthly PVC fee for each connection.

Some other terms you should know, concerning frame relay are:

LMI = local management interface. LMI is the management protocol of frame relay. LMI is sent between the frame relay switches and routers to communicate what DLCI's are available and if there is congestion in the network.
DLCI = data link connection identifier. This is a number used to identify each PVC in the frame relay network.
CIR = committed information rate. This is the amount bandwidth you pay to guarantee you will receive, on each PVC. Generally you have much less CIR than you have port speed. You can, of course, burst above your CIR to your port speed but that traffic is marked DE.
DE = discard eligible. Traffic marked DE (that was above your CIR) CAN be discarded by the frame-relay network if there is congestion.
FECN & BECN = forward explicit congestion notification & backward explicit congestion notification. These are bits set inside LMI packets to alert the frame-relay devices that there is congestion in the network.

3 WAN Protocols you should know: HDLC, PPP, and Frame-Relay

What is HDLC?

HDLC performs error correction, just like Ethernet. Cisco's version of HDLC is actually proprietary because they added a protocol type field. Thus, Cisco HDLC can only work with other Cisco devices.

What is PPP?

The differences between PPP and HDLC are:

PPP is not proprietary when used on a Cisco router
PPP has several sub-protocols that make it function.
PPP is feature-rich with dial up networking features

Because PPP has so many dial-up networking features, it has become the most popular dial up networking protocol in use today. Here are some of the dial-up networking features it offers:

Link quality management monitors the quality of the dial-up link and how many errors have been taken. It can bring the link down if the link is receiving too many errors.
Multilink can bring up multiple PPP dialup links and bond them together to function as one.
Authentication is supported with PAP and CHAP. These protocols take your username and password to ensure that you are allowed access to the network you are dialing in to.

To change from HDLC to PPP, on a Cisco router, use the encapsulation ppp command, like this:

What is Frame-Relay?

The benefits to frame-relay are:

Ability to have a single circuit that connects to the "frame relay cloud" and gain access to all other sites (as long as you have PVCs). As the number of locations grow, you would save more and more money because you don't need as many circuits as you would if you were trying to fully-mesh your network with point to point leased lines.
Improved disaster recovery because all you have to do is to order a single circuit to the cloud and PVC's to gain access to all remote sites.
By using the PVCs, you can design your WAN however you want. Meaning, you define what sites have direct connections to other sites and you only pay the small monthly PVC fee for each connection.

Some other terms you should know, concerning frame relay are:

LMI = local management interface. LMI is the management protocol of frame relay. LMI is sent between the frame relay switches and routers to communicate what DLCI's are available and if there is congestion in the network.
DLCI = data link connection identifier. This is a number used to identify each PVC in the frame relay network.
CIR = committed information rate. This is the amount bandwidth you pay to guarantee you will receive, on each PVC. Generally you have much less CIR than you have port speed. You can, of course, burst above your CIR to your port speed but that traffic is marked DE.
DE = discard eligible. Traffic marked DE (that was above your CIR) CAN be discarded by the frame-relay network if there is congestion.
FECN & BECN = forward explicit congestion notification & backward explicit congestion notification. These are bits set inside LMI packets to alert the frame-relay devices that there is congestion in the network.

Backup Windows Server 2003 Active Directory

To ensure your ability to actually use this backup, you must be aware of the tombstone lifetime. By default, the tombstone is 60 days (for Windows 2000/2003 DCs), or 180 days (for Active Directory based upon Windows Server 2003 SP1 DCs).

Note: Longer tombstone lifetime decreases the chance that a deleted object remains in the local directory of a disconnected DC beyond the time when the object is permanently deleted from online DCs. The tombstone lifetime is not changed automatically when you upgrade to Windows Server 2003 with SP1, but you can change the tombstone lifetime manually after the upgrade. New forests that are installed with Windows Server 2003 with SP1 have a default tombstone lifetime of 180 days. Read my "Changing the Tombstone Lifetime Attribute in Active Directory" article for more info on that.

Any backup older than 60/180 days is not a good backup and cannot be used to restore any DC. You do not need to backup all your DCs' System States, usually backing up the first DC in the Forest + the first DCs in each domain is enough for most scenarios.

Purpose of Performing Regular Backups

You need a current, verified, and reliable backup to:

Restore Active Directory data that becomes lost. By using an authoritative restore process, you can restore individual objects or sets of objects (containers or directory partitions) from their deleted state. Read my "Recovering Deleted Items in Active Directory" article for more info on that.
Recover a DC that cannot start up or operate normally because of software failure or hardware failure.
Install Active Directory from backup media (using the dcpromo /adv command). Read my "Install DC from Media in Windows Server 2003" article for more info on that.
Perform a forest recovery if forest-wide failure occurs.

All these are reasons to have good working and reliable backups.

Note: One of the Active Directory features that was introduced in Windows Server 2003 with Service Pack 1 was the Directory Service Backup Reminders. With this reminder, a new event message, event ID 2089, provides the backup status of each directory partition that a domain controller stores. This includes application directory partitions and Active Directory Application Mode (ADAM) partitions. If halfway through the tombstone lifetime a partition has not been backed up, this event is logged in the Directory Service event log and continues daily until the partition is backed up.

Note: You can only back up the System State data on a local computer. You cannot back up the System State data on a remote computer.

Method #1: Using NTBACKUP

Open NTBACKUP by either going to Run, then NTBACKUP and pressing Enter or by going to Start -> Accessories -> System Tools.
If you are prompted by the Backup or Restore Wizard, I suggest you un-check the "Always Start in Wizard Mode" checkbox, and click on the Advanced Mode link.
Inside NTBACKUP's main window, click on the Backup tab.
Click to select the System State checkbox. Note you cannot manually select components of the System State backup. It's all or nothing.
Enter a backup path for the BKF file. If you're using a tape device, make sure NTBACKUP is aware and properly configured to use it.
Press Start Backup.
The Backup Job Information pops out, allowing you to configure a scheduled backup job and other settings. For the System State backup, do not change any of the other settings except the schedule, if so desired. When done, press Start Backup.
After a few moments of configuration tasks, NTBACKUP will begin the backup job.
When the backup is complete, review the output and close NTBACKUP.

Next, you need to properly label and secure the backup file/tape and if possible, store a copy of it on a remote and secure location.

Method #2: Using the Command Prompt

You can use the command line version of NTBACKUP in order to perform backups from the Command Prompt.

For example, to create a backup job named "System State Backup Job" that backs up the System State data to the file D:\system_state_backup.bkf, type:

ntbackup backup systemstate /J "System State Backup Job" /F "D:\system_state_backup.bkf"

For Microsoft's official documentation on Active Directory backups, see: Active Directory Operations Guide - Active Directory Backup and Restore

Using the BurFlags registry key to reinitialize File Replication Service replica sets

Overview

Restoring FRS replicas

Nonauthoritative restore

Authoritative FRS restore

Global vs. replica set specific reinitialization

Considerations before you configure authoritative or nonauthoritative restores of FRS members

Using the BurFlags registry key to reinitialize File Replication Service replica sets

Overview

Restoring FRS replicas

Nonauthoritative restore

Authoritative FRS restore

Global vs. replica set specific reinitialization

Considerations before you configure authoritative or nonauthoritative restores of FRS members

Using the BurFlags registry key to reinitialize File Replication Service replica sets

Overview

Restoring FRS replicas

Nonauthoritative restore

Authoritative FRS restore

Global vs. replica set specific reinitialization

Considerations before you configure authoritative or nonauthoritative restores of FRS members

Using the BurFlags registry key to reinitialize File Replication Service replica sets

Overview

Restoring FRS replicas

Nonauthoritative restore

Authoritative FRS restore

Global vs. replica set specific reinitialization

Considerations before you configure authoritative or nonauthoritative restores of FRS members

What is HDLC?

What is PPP?

What is Frame-Relay?

What is HDLC?

What is PPP?

What is Frame-Relay?

What is HDLC?

What is PPP?

What is Frame-Relay?

What is HDLC?

What is PPP?

What is Frame-Relay?

Purpose of Performing Regular Backups

Method #1: Using NTBACKUP

Method #2: Using the Command Prompt

Find What you looking for:

Link Box

On Facebook

Followers

Free Post

Subscribe To

Archives

Total Pageviews

Popular Posts