Active Directory, as many know, is the life blood of the domain environment. It provides all authentication, user/group management and access control to the network. So what do you do when it is broken? There are many scenarios that can cause Active Directory to encounter issues; Replication, Low Disk Space, Drive Failures and Power Outages. In this article, I am outlining the infamous JRNL_WRAP_ERROR (Event ID: 13568). If your server is in a JRNL_WRAP_ERROR state, you will see these events Daily in the File Replication Service log in Event Viewer. It can cause issues with Exchange, Authentication and Replication. Luckily, it is relatively easy to resolve, as shown below:

1. MAKE SURE YOU HAVE A BACKUP OF ACTIVE DIRECTORY! As always, having a current backup is your best defense against disaster.

2. Stop the NTFRS service. Open a command prompt and type net stop ntfrs.

3. Open registry editor and navigate to the following location: HKLM\System\CurrentControlSet\Services\NtFrs\Parameters\Backup\Process at Startup.

4. In the right pane, Edit the DWOR value for BurFlags. It should be set to 0. Type D2 and exit registry editor.

5. Return to the command prompt and type: net start ntfrs.

This should take the DC out of JRNL_WRAP_ERROR. Monitor your logs for the next 24 hours to make sure that you do not see any Event ID: 13568 errors in the File Replication Service Logs. If this does not work, you will need to do a non-authoritative restore of Active Directory. You do have a current backup right? There are also instructions for repairing this issue in the Event Log error itself (They Differ from the procedure outlined above but have the same effect).

Jason (Digitalkid)
www.954network.com