versions

 

If you are running into environments and working on aspects of them such as Exchange, OCS, PKI, or other Active Directory integrated applications, you will encounter situations where you may need to update the AD schema. Of course, the first question is, what version am I at today?

Here's a handy way to find out:

Query for the objectVersion attribute of the CN=Schema,CN=Configuration,DC=yourdomainhere of your Active Directory domain and compare the value to the table below.

I've provided links to the schema update information (where available), if you are curious as to what is updated in each.

objectVersion
AD Schema Update

13 - Windows 2000 Server

30 - Windows Server 2003 **

31 - Windows Server 2003 R2

44 - Windows Server 2008

** The Windows Server 2003 upgrade from 2000 also adds the CN=Windows2003Update,CN=ForestUpdates,CN=Configuration,DC=yourdomainhere and sets its revision attribute to 9. This hasn't been used again, yet.

Exchange Server saves the current version of its schema updates in an attribute of two locations.

For /forestprep operations, query the rangeUpper attribute of the CN=ms-Exch-Schema-Version-Pt,CN=Schema,CN=Configuration,DC=yourdomainhere object.

For /domainprep operations, query the Microsoft Exchange System Objects object in each domain for its objectVersion value.

The table below provides the number to version translation.

Value
Exchange Version

4406 - Exchange 2000 Server

6936 -  Exchange Server 2003

10628 - Exchange Server 2007

 

 

 

Top Issues for Microsoft Support for Windows Server 2008 Hyper-V (Q2)

 

Top Issues for Microsoft Support for Windows Server 2008 Hyper-V (Q2)

It is time to update everyone on the types of issues our support engineers have been seeing for Hyper-V. The issues are categorized below with the top issue(s) in each category listed with possible resolutions and additional comments as needed. I think you will notice that the issues for Q2 have not changed much from Q1. Hopefully, the more people read our updates, the fewer occurrences we will see for some of these and eventually they will disappear altogether.

Deployment\Planning

Issue #1

Customers looking for Hyper-V documentation

Resolution: Information is provided on the Hyper-V TechNet Library which includes links to several Product Team blogs. Additionally, the Microsoft Virtualization site contains information that can be used to get a Hyper-V based solution up and running quickly.

Installation Issues

Issue #1

After the Hyper-V role is installed, the customer creates a virtual machine, but it fails to start with the following error:

The virtual machine could not be started because the hypervisor is not running.

Cause: Hardware virtualization or DEP was disabled in the BIOS.

Resolution: Enable Hardware virtualization or DEP in the BIOS. In some cases, the server needs to be physically shutdown in order for the new BIOS settings to take effect.

Issue #2

System hangs on restart at "Configuring Updates Stage 3 of 3" after the Hyper-V role is enabled, disabled, or updated.

Cause: This issue can be caused by the HP Network Configuration utility.

Resolution: Perform the steps documented in KB950792.

Issue #3

Customer was experiencing an issue on a pre-release version of Hyper-V.

Resolution: Upgrade to the release version (KB950050) of Hyper-V.

Virtual Devices\Drivers

Issue #1

Synthetic NIC was listed as an unknown device in device manager.

Cause: Integration Components need to be installed.

Resolution: Install the Integration Services by opening the Virtual Machine Connection window, and then select Insert Integration Services Setup Disk on the Action menu.

Issue #2

Stop 0x0000001A on a Microsoft Hyper-V Server 2008 or Server 2008 system with the Hyper-V role installed.

Cause: Vid.sys driver issue.

Resolution: Install hotfix KB957967 to address this issue.

Issue #3

Stop 0x00000050 on a Microsoft Hyper-V Server 2008 or Server 2008 system with the Hyper-V role installed.

Cause: Storvsp.sys driver issue.

Resolution: If a VM has a SCSI controller with no disks attached, this bugcheck can occur. The resolution is to remove any SCSI controllers which don't have disks attached. This issue is fixed in SP2.

Issue #4

After you move a Windows Vista or Windows Server 2008 virtual machine from Virtual PC or Virtual Server, the Vmbus device fails to load. When you check the properties of the device in device manager, the device status displays one of the following messages:

This device cannot find enough free resources that it can use. (Code 12).

This device cannot start. (Code 10).

Cause: This issue occurs because the Windows Vista or Windows Server 2008 virtual machine is using the incorrect HAL.

Resolution: Perform the steps documented in KB954282.

Issue #5

Unable to associate the virtual COM port to a physical COM port.

Cause: By design (documented in the help file).

Snapshots

Issue #1

Snapshots were lost

Cause: Parent VHD was expanded. If snapshots are associated with a virtual hard disk, the parent vhd file should never be expanded. This is documented in the Edit Disk wizard:

Resolution: Restore data from backup.

Issue #2

Snapshots were deleted.

Cause: The most common cause is that the customer deleted the .avhd files to reclaim disk space (not realizing that the .avhd files were the snapshots).

Resolution: Restore data from backup.

Integration Components

Issue #1

A Windows 2000 (SP4) virtual machine with the Integration Components installed may shut down slowly.

Cause: This problem is caused by a bug in the operating system (outside of Hyper-V).

Resolution: KB959781 documents the workarounds for this issue on Server 2008. The issue is fixed in Windows Server 2008 R2.

Issue #2

Attempting to install the Integration Components on a Server 2003 virtual machine fails with the following error:

Unsupported Guest OS

An error has occurred:  The specified program requires a newer version of Windows.

Cause: The most common cause is that Service Pack 2 for Server 2003 wasn't installed in the virtual machine..

Resolution: Install SP2 in the Server 2003 VM before you install the integration components.

Virtual machine State and Settings

Issue #1

You may experience one of the following issues on a Windows Server 2008 system with the Hyper-V role installed or Microsoft Hyper-V Server 2008:

When you attempt to create or start a virtual machine, you receive one of the following errors:

• The requested operation cannot be performed on a file with a user-mapped section open. ( 0x800704C8 )
• 'VMName' Microsoft Synthetic Ethernet Port (Instance ID {7E0DA81A-A7B4-4DFD-869F-37002C36D816}): Failed to Power On with Error 'The specified network resource or device is no longer available.' (0x80070037).
• The I/O operation has been aborted because of either a thread exit or an application request. (0x800703E3)

Virtual machines disappear from the Hyper-V Management Console.

Cause: This issue can be caused by antivirus software that is installed in the parent partition and the real-time scanning component is configured to monitor the Hyper-V virtual machine files.

Resolution: Perform the steps documented in KB961804.

Issue #2

Creating or starting a virtual machine fails with the following error:

General access denied error' (0x80070005)

Cause: This issue can be caused by the Intel IPMI driver.

Resolution: Perform the steps documented on Intel's site.

High Availability (Failover Clustering)

Issue #1

How to configure Hyper-V on a Failover Cluster.

Resolution: A step-by-step guide is now available which covers how to configure Hyper-V on a Failover Cluster.

Issue #2

Virtual machine settings that are changed on one node in a Failover Cluster are not present when the VM is moved to another node.

Cause: The "Refresh virtual machine configuration" option was not used before attempting a failover.

Resolution: When virtual machine settings are changed on a VM that's on a Failover Cluster, you must select the refresh virtual machine configuration option before the VM is moved to another node. There is a blog that discusses this.

Backup (Hyper-V VSS Writer)

Issue #1

You may experience one of the following symptoms if you try to backup a Hyper-V virtual machine:

· If you back up a Hyper-V virtual machine that has multiple volumes, the backup may fail. If you check the VMMS event log after the backup failure occurs, the following event is logged:

Log Name: Microsoft-Windows-Hyper-V-VMMS-Admin

Source: Microsoft-Windows-Hyper-V-VMMS

Event ID: 10104

Level: Error

Description:

Failed to revert to VSS snapshot on one or more virtual hard disks of the virtual machine '%1'. (Virtual machine ID %2)

· The Microsoft Hyper-V VSS Writer may enter an unstable state if a backup of the Hyper-V virtual machine fails. If you run the vssadmin list writers command, the Microsoft Hyper-V VSS Writer is not listed. To return the Microsoft Hyper-V VSS Writer to a stable state, the Hyper-V Virtual Machine Management service must be restarted.

Resolution: An update (KB959962) is now available to address issues with backing up and restoring Hyper-V virtual machines.

Virtual Network Manager

Issue #1

How to configure a virtual machine to use a VLAN.

Resolution: VLANs are discussed in the following blogs: http://blogs.msdn.com/virtual_pc_guy/archive/2008/03/10/vlan-settings-and-hyper-v.aspx and http://blogs.msdn.com/adamfazio/archive/2008/11/14/understanding-hyper-v-vlans.aspx

Hyper-V Management Console

Issue #1

How to manage Hyper-V remotely.

Resolution: The steps to configure remote administration of Hyper-V are covered in a TechNet article. John Howard also has a very thorough blog on remote administration.

 

 

 

Top Issues for Microsoft Support for Windows Server 2008 Hyper-V (Q2)

 

Top Issues for Microsoft Support for Windows Server 2008 Hyper-V (Q2)

It is time to update everyone on the types of issues our support engineers have been seeing for Hyper-V. The issues are categorized below with the top issue(s) in each category listed with possible resolutions and additional comments as needed. I think you will notice that the issues for Q2 have not changed much from Q1. Hopefully, the more people read our updates, the fewer occurrences we will see for some of these and eventually they will disappear altogether.

Deployment\Planning

Issue #1

Customers looking for Hyper-V documentation

Resolution: Information is provided on the Hyper-V TechNet Library which includes links to several Product Team blogs. Additionally, the Microsoft Virtualization site contains information that can be used to get a Hyper-V based solution up and running quickly.

Installation Issues

Issue #1

After the Hyper-V role is installed, the customer creates a virtual machine, but it fails to start with the following error:

The virtual machine could not be started because the hypervisor is not running.

Cause: Hardware virtualization or DEP was disabled in the BIOS.

Resolution: Enable Hardware virtualization or DEP in the BIOS. In some cases, the server needs to be physically shutdown in order for the new BIOS settings to take effect.

Issue #2

System hangs on restart at "Configuring Updates Stage 3 of 3" after the Hyper-V role is enabled, disabled, or updated.

Cause: This issue can be caused by the HP Network Configuration utility.

Resolution: Perform the steps documented in KB950792.

Issue #3

Customer was experiencing an issue on a pre-release version of Hyper-V.

Resolution: Upgrade to the release version (KB950050) of Hyper-V.

Virtual Devices\Drivers

Issue #1

Synthetic NIC was listed as an unknown device in device manager.

Cause: Integration Components need to be installed.

Resolution: Install the Integration Services by opening the Virtual Machine Connection window, and then select Insert Integration Services Setup Disk on the Action menu.

Issue #2

Stop 0x0000001A on a Microsoft Hyper-V Server 2008 or Server 2008 system with the Hyper-V role installed.

Cause: Vid.sys driver issue.

Resolution: Install hotfix KB957967 to address this issue.

Issue #3

Stop 0x00000050 on a Microsoft Hyper-V Server 2008 or Server 2008 system with the Hyper-V role installed.

Cause: Storvsp.sys driver issue.

Resolution: If a VM has a SCSI controller with no disks attached, this bugcheck can occur. The resolution is to remove any SCSI controllers which don't have disks attached. This issue is fixed in SP2.

Issue #4

After you move a Windows Vista or Windows Server 2008 virtual machine from Virtual PC or Virtual Server, the Vmbus device fails to load. When you check the properties of the device in device manager, the device status displays one of the following messages:

This device cannot find enough free resources that it can use. (Code 12).

This device cannot start. (Code 10).

Cause: This issue occurs because the Windows Vista or Windows Server 2008 virtual machine is using the incorrect HAL.

Resolution: Perform the steps documented in KB954282.

Issue #5

Unable to associate the virtual COM port to a physical COM port.

Cause: By design (documented in the help file).

Snapshots

Issue #1

Snapshots were lost

Cause: Parent VHD was expanded. If snapshots are associated with a virtual hard disk, the parent vhd file should never be expanded. This is documented in the Edit Disk wizard:

Resolution: Restore data from backup.

Issue #2

Snapshots were deleted.

Cause: The most common cause is that the customer deleted the .avhd files to reclaim disk space (not realizing that the .avhd files were the snapshots).

Resolution: Restore data from backup.

Integration Components

Issue #1

A Windows 2000 (SP4) virtual machine with the Integration Components installed may shut down slowly.

Cause: This problem is caused by a bug in the operating system (outside of Hyper-V).

Resolution: KB959781 documents the workarounds for this issue on Server 2008. The issue is fixed in Windows Server 2008 R2.

Issue #2

Attempting to install the Integration Components on a Server 2003 virtual machine fails with the following error:

Unsupported Guest OS

An error has occurred:  The specified program requires a newer version of Windows.

Cause: The most common cause is that Service Pack 2 for Server 2003 wasn't installed in the virtual machine..

Resolution: Install SP2 in the Server 2003 VM before you install the integration components.

Virtual machine State and Settings

Issue #1

You may experience one of the following issues on a Windows Server 2008 system with the Hyper-V role installed or Microsoft Hyper-V Server 2008:

When you attempt to create or start a virtual machine, you receive one of the following errors:

• The requested operation cannot be performed on a file with a user-mapped section open. ( 0x800704C8 )
• 'VMName' Microsoft Synthetic Ethernet Port (Instance ID {7E0DA81A-A7B4-4DFD-869F-37002C36D816}): Failed to Power On with Error 'The specified network resource or device is no longer available.' (0x80070037).
• The I/O operation has been aborted because of either a thread exit or an application request. (0x800703E3)

Virtual machines disappear from the Hyper-V Management Console.

Cause: This issue can be caused by antivirus software that is installed in the parent partition and the real-time scanning component is configured to monitor the Hyper-V virtual machine files.

Resolution: Perform the steps documented in KB961804.

Issue #2

Creating or starting a virtual machine fails with the following error:

General access denied error' (0x80070005)

Cause: This issue can be caused by the Intel IPMI driver.

Resolution: Perform the steps documented on Intel's site.

High Availability (Failover Clustering)

Issue #1

How to configure Hyper-V on a Failover Cluster.

Resolution: A step-by-step guide is now available which covers how to configure Hyper-V on a Failover Cluster.

Issue #2

Virtual machine settings that are changed on one node in a Failover Cluster are not present when the VM is moved to another node.

Cause: The "Refresh virtual machine configuration" option was not used before attempting a failover.

Resolution: When virtual machine settings are changed on a VM that's on a Failover Cluster, you must select the refresh virtual machine configuration option before the VM is moved to another node. There is a blog that discusses this.

Backup (Hyper-V VSS Writer)

Issue #1

You may experience one of the following symptoms if you try to backup a Hyper-V virtual machine:

· If you back up a Hyper-V virtual machine that has multiple volumes, the backup may fail. If you check the VMMS event log after the backup failure occurs, the following event is logged:

Log Name: Microsoft-Windows-Hyper-V-VMMS-Admin

Source: Microsoft-Windows-Hyper-V-VMMS

Event ID: 10104

Level: Error

Description:

Failed to revert to VSS snapshot on one or more virtual hard disks of the virtual machine '%1'. (Virtual machine ID %2)

· The Microsoft Hyper-V VSS Writer may enter an unstable state if a backup of the Hyper-V virtual machine fails. If you run the vssadmin list writers command, the Microsoft Hyper-V VSS Writer is not listed. To return the Microsoft Hyper-V VSS Writer to a stable state, the Hyper-V Virtual Machine Management service must be restarted.

Resolution: An update (KB959962) is now available to address issues with backing up and restoring Hyper-V virtual machines.

Virtual Network Manager

Issue #1

How to configure a virtual machine to use a VLAN.

Resolution: VLANs are discussed in the following blogs: http://blogs.msdn.com/virtual_pc_guy/archive/2008/03/10/vlan-settings-and-hyper-v.aspx and http://blogs.msdn.com/adamfazio/archive/2008/11/14/understanding-hyper-v-vlans.aspx

Hyper-V Management Console

Issue #1

How to manage Hyper-V remotely.

Resolution: The steps to configure remote administration of Hyper-V are covered in a TechNet article. John Howard also has a very thorough blog on remote administration.

 

 

 

versions

 

If you are running into environments and working on aspects of them such as Exchange, OCS, PKI, or other Active Directory integrated applications, you will encounter situations where you may need to update the AD schema. Of course, the first question is, what version am I at today?

Here's a handy way to find out:

Query for the objectVersion attribute of the CN=Schema,CN=Configuration,DC=yourdomainhere of your Active Directory domain and compare the value to the table below.

I've provided links to the schema update information (where available), if you are curious as to what is updated in each.

objectVersion
AD Schema Update

13 - Windows 2000 Server

30 - Windows Server 2003 **

31 - Windows Server 2003 R2

44 - Windows Server 2008

** The Windows Server 2003 upgrade from 2000 also adds the CN=Windows2003Update,CN=ForestUpdates,CN=Configuration,DC=yourdomainhere and sets its revision attribute to 9. This hasn't been used again, yet.

Exchange Server saves the current version of its schema updates in an attribute of two locations.

For /forestprep operations, query the rangeUpper attribute of the CN=ms-Exch-Schema-Version-Pt,CN=Schema,CN=Configuration,DC=yourdomainhere object.

For /domainprep operations, query the Microsoft Exchange System Objects object in each domain for its objectVersion value.

The table below provides the number to version translation.

Value
Exchange Version

4406 - Exchange 2000 Server

6936 -  Exchange Server 2003

10628 - Exchange Server 2007

 

 

 

Using the BurFlags registry key to reinitialize File Replication Service replica sets

 

Overview

FRS is a multi-threaded, multi-master replication engine that Windows Server 2003 and Windows 2000 domain controllers use to replicate system policies and logon scripts for Windows Server 2003, Windows 2000, and earlier-version clients. In Microsoft Windows NT, the LanMan Replication (LMREP) service handled replication. FRS replaced LMREP in Windows 2000. You can also use FRS to replicate content between Windows 2000 servers that host the same fault-tolerant Distributed File System (DFS) roots or child node replicas.

When you deploy Windows-based domain controllers or member servers that use FRS to replicate files in SYSVOL or DFS shares, you may have to restore or reinitialize individual members of a replica set if replication has stopped or is inconsistent. In some scenarios, you may have to rebuild the whole replica set from scratch.

The FRS BurFlags registry key is used to perform authoritative or nonauthoritative restores on FRS members of DFS or SYSVOL replica sets.

Note System state backups of Windows member servers and domain controllers do not include the FRS database that maintains a mapping of files that are held in local FRS trees and a master list of FRS files. For more information about exclusions for Ntbackup.exe, click the following article number to view the article in the Microsoft Knowledge Base:

233427  (http://support.microsoft.com/kb/233427/ ) Files and folders that are not backed up when the Ntbackup.exe tool is used in Windows Server 2003, Windows XP, and Windows 2000

Restoring FRS replicas

The global BurFlags registry key contains REG_DWORD values, and is located in the following location in the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup

The most common values for the BurFlags registry key are:

• D2, also known as a nonauthoritative mode restore
• D4, also known as an authoritative mode restore

You can also perform BurFlags restores at the same time as you restore data from backup or from any other known good source, and then restart the service.

Nonauthoritative restore

Nonauthoritative restores are the most common way to reinitialize individual members of FRS replica sets that are having difficulty. These difficulties may include:

• Assertions in the FRS service
• Corruption of the local jet database
• Journal wrap errors
• FRS replication failures

Attempt nonauthoritative restores only after you discover FRS dependencies and you understand and resolve the root cause. For more information about how to discover FRS dependencies, see the "Considerations before configuring authoritative or nonauthoritative restores of FRS members" section later in this article.

Members who are nonauthoritatively restored must have inbound connections from operational upstream partners where you are performing Active Directory and FRS replication. In a large replica set that has at least one known good replica member, you can recover all the remaining replica members by using a nonauthoritative mode restore if you reinitialize the computers in direct replication partner order.

If you determine that you must complete a nonauthoritative restore to return a member back into service, save as much state from that member and from the direct replication partner in the direction that replication is not working. This permits you to review the problem later. You can obtain state information from the FRS and System logs in the Event Viewer.

Note You can configure the FRS logs to record detailed debugging entries. For more information about how to configure FRS logging, click the following article number to view the article in the Microsoft Knowledge Base:

221111  (http://support.microsoft.com/kb/221111/ ) Description of FRS entries in the registry

To perform a nonauthoritative restore, stop the FRS service, configure the BurFlags registry key, and then restart the FRS service. To do so:

1. Click Start, and then click Run.
2. In the Open box, type cmd and then press ENTER.
3. In the Command box, type net stop ntfrs.
4. Click Start, and then click Run.
5. In the Open box, type regedit and then press ENTER.
6. Locate the following subkey in the registry:
   HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
7. In the right pane, double-click BurFlags.
8. In the Edit DWORD Value dialog box, type D2 and then click OK.
9. Quit Registry Editor, and then switch to the Command box.
10. In the Command box, type net start ntfrs.
11. Quit the Command box.

When the FRS service restarts, the following actions occur:

• The value for BurFlags registry key returns to 0.
• Files in the reinitialized FRS folders are moved to a Pre-existing folder.
• An event 13565 is logged to signal that a nonauthoritative restore is started.
• The FRS database is rebuilt.
• The member performs an initial join of the replica set from an upstream partner or from the computer that is specified in the Replica Set Parent registry key if a parent has been specified for SYSVOL replica sets.
• The reinitialized computer runs a full replication of the affected replica sets when the relevant replication schedule begins.
• When the process is complete, an event 13516 is logged to signal that FRS is operational. If the event is not logged, there is a problem with the FRS configuration.

Note: The placement of files in the Pre-existing folder on reinitialized members is a safeguard in FRS designed to prevent accidental data loss. Any files destined for the replica that exist only in the local Pre-existing folder and did not replicate in after the initial replication may then be copied to the appropriate folder. When outbound replication has occurred, delete files in the Pre-existing folder to free up additional drive space.

Authoritative FRS restore

Use authoritative restores only as a final option, such as in the case of directory collisions.

For example, you may require an authoritative restore if you must recover an FRS replica set where replication has completely stopped and requires a rebuild from scratch.

The following list of requirements must be met when before you perform an authoritative FRS restore:

1. The FRS service must be disabled on all downstream partners (direct and transitive) for the reinitialized replica sets before you restart the FRS service when the authoritative restore has been configured to occur.
2. Events 13553 and 13516 have been logged in the FRS event log. These events indicate that the membership to the replica set has been established on the computer that is configured for the authoritative restore.
3. The computer that is configured for the authoritative restore is configured to be authoritative for all the data that you want to replicate to replica set members. This is not the case if you are performing a join on an empty directory. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
   266679  (http://support.microsoft.com/kb/266679/ ) Pre-staging the File Replication service replicated files on SYSVOL and Distributed file system shares for optimal synchronization
4. All other partners in the replica set must be reinitialized with a nonauthoritative restore.

To complete an authoritative restore, stop the FRS service, configure the BurFlags registry key, and then restart the FRS service. To do so:

1. Click Start, and then click Run.
2. In the Open box, type cmd and then press ENTER.
3. In the Command box, type net stop ntfrs.
4. Click Start, and then click Run.
5. In the Open box, type regedit and then press ENTER.
6. Locate the following subkey in the registry:
   HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
7. In the right pane, double click BurFlags.
8. In the Edit DWORD Value dialog box, type D4 and then click OK.
9. Quit Registry Editor, and then switch to the Command box.
10. In the Command box, type net start ntfrs.
11. Quit the Command box.

When the FRS service is restarted, the following actions occur:

• The value for the BurFlags registry key is set back to 0.
• An event 13566 is logged to signal that an authoritative restore is started.
• Files in the reinitialized FRS replicated directories remain unchanged and become authoritative on direct replication. Additionally, the files become indirect replication partners through transitive replication.
• The FRS database is rebuilt based on current file inventory.
• When the process is complete, an event 13516 is logged to signal that FRS is operational. If the event is not logged, there is a problem with the FRS configuration.

Global vs. replica set specific reinitialization

There are both global- and replica set-specific BurFlags registry keys. Setting the global BurFlags registry key reinitializes all replica sets that the member holds. Do this only when the computer holds only one replica set, or when the replica sets that it holds are relatively small.

In contrast to configuring the global BurFlags key, the replica set BurFlags key permits you to reinitializes discrete, individual replica sets, allowing healthy replication sets to be left intact.

The global BurFlags registry key is found in the following location in the registry:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup / Restore\Process At Startup

This key can contain the same values as those that are discussed earlier in this article for authoritative and nonauthoritative restores.

You can locate the replica set specific BurFlags registry key by determining the GUID for the replica set that you want to configure. To determine which GUID corresponds to which replica set and configure a restore, follow these steps:

1. Click Start, and then click Run.
2. In the Open box, type cmd and then press ENTER.
3. In the Command box, type net stop ntfrs.
4. Click Start, and then click Run.
5. In the Open box, type regedit and then press ENTER.
6. To determine the GUID that represents the replica set that you want to configure, follow these steps:
   1. Locate the following key in the registry:
      KEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Replica Sets
   2. Below the Replica Sets subkey, there are one or more subkeys that are identified by a GUID. In the left pane, click the GUID, and then in the right pane note the Data that is listed for the Replica Set Root value. This file system path will indicate which replica set is represented by this GUID.
   3. Repeat step 4 for each GUID that is listed below the Replica Sets subkey until you locate the replica set that you want to configure. Note the GUID.
7. Locate the following key in the registry:
   KEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Cumulative Replica Sets
8. Below the Cumulative Replica Sets subkey, locate the GUID you noted in step 6c.
9. In the right pane, double click BurFlags.
10. In the Edit DWORD Value dialog box, type D2 to complete a nonauthoritative restore or type D4 to complete an authoritative restore, and then click OK.
11. Quit Registry Editor, and then switch to the Command box.
12. In the Command box, type net start ntfrs.
13. Quit the Command box.

Considerations before you configure authoritative or nonauthoritative restores of FRS members

If you configure an FRS member to complete an authoritative or nonauthoritative restore by using the BurFlags registry subkey, you do not resolve the issues that initially caused the replication problem. If you cannot determine the cause of the replication difficulties, the members will typically revert back to the problematic situation as replication continues.

A detailed breakdown on FRS interdependencies is beyond the scope of this article, but your troubleshooting should include the following actions:

• Verify that Active Directory replication is successful. Resolve Active Directory replication issues before you perform additional FRS troubleshooting. Use the Repadmin /showreps command to verify that Active Directory replication is occurring successfully. The Repadmin.exe tool is located in the Support\Tools folder on the Windows 2000 CD-ROM.
• Verify that inbound and outbound Active Directory replication occurs between all domain controllers that host SYSVOL replica sets and between all domain controllers that host computer accounts for servers that participate in DFS replica sets.
• Verify that FRS member objects, subscriber objects and connection objects exist in the Active Directory for all the computers that participate in FRS replication.
• Verify that inbound and outbound connection objects exist for all domain controllers in the domain for SYSVOL replica sets.
• Verify that all the members of DFS replica sets have at least inbound connection objects in a topology to avoid islands of replication.
• Review the FRS and SYSTEM event logs on direct replication partners that are having difficulty.
• Review the FRS debug logs in the %SYSTEMROOT%\DEBUG\NTFRS_*.LOG between the direct replication partners that are having replication problems.

For more information about how to troubleshoot, click the following article number to view the article in the Microsoft Knowledge Base:

Using the BurFlags registry key to reinitialize File Replication Service replica sets

 

Overview

FRS is a multi-threaded, multi-master replication engine that Windows Server 2003 and Windows 2000 domain controllers use to replicate system policies and logon scripts for Windows Server 2003, Windows 2000, and earlier-version clients. In Microsoft Windows NT, the LanMan Replication (LMREP) service handled replication. FRS replaced LMREP in Windows 2000. You can also use FRS to replicate content between Windows 2000 servers that host the same fault-tolerant Distributed File System (DFS) roots or child node replicas.

When you deploy Windows-based domain controllers or member servers that use FRS to replicate files in SYSVOL or DFS shares, you may have to restore or reinitialize individual members of a replica set if replication has stopped or is inconsistent. In some scenarios, you may have to rebuild the whole replica set from scratch.

The FRS BurFlags registry key is used to perform authoritative or nonauthoritative restores on FRS members of DFS or SYSVOL replica sets.

Note System state backups of Windows member servers and domain controllers do not include the FRS database that maintains a mapping of files that are held in local FRS trees and a master list of FRS files. For more information about exclusions for Ntbackup.exe, click the following article number to view the article in the Microsoft Knowledge Base:

233427  (http://support.microsoft.com/kb/233427/ ) Files and folders that are not backed up when the Ntbackup.exe tool is used in Windows Server 2003, Windows XP, and Windows 2000

Restoring FRS replicas

The global BurFlags registry key contains REG_DWORD values, and is located in the following location in the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup

The most common values for the BurFlags registry key are:

• D2, also known as a nonauthoritative mode restore
• D4, also known as an authoritative mode restore

You can also perform BurFlags restores at the same time as you restore data from backup or from any other known good source, and then restart the service.

Nonauthoritative restore

Nonauthoritative restores are the most common way to reinitialize individual members of FRS replica sets that are having difficulty. These difficulties may include:

• Assertions in the FRS service
• Corruption of the local jet database
• Journal wrap errors
• FRS replication failures

Attempt nonauthoritative restores only after you discover FRS dependencies and you understand and resolve the root cause. For more information about how to discover FRS dependencies, see the "Considerations before configuring authoritative or nonauthoritative restores of FRS members" section later in this article.

Members who are nonauthoritatively restored must have inbound connections from operational upstream partners where you are performing Active Directory and FRS replication. In a large replica set that has at least one known good replica member, you can recover all the remaining replica members by using a nonauthoritative mode restore if you reinitialize the computers in direct replication partner order.

If you determine that you must complete a nonauthoritative restore to return a member back into service, save as much state from that member and from the direct replication partner in the direction that replication is not working. This permits you to review the problem later. You can obtain state information from the FRS and System logs in the Event Viewer.

Note You can configure the FRS logs to record detailed debugging entries. For more information about how to configure FRS logging, click the following article number to view the article in the Microsoft Knowledge Base:

221111  (http://support.microsoft.com/kb/221111/ ) Description of FRS entries in the registry

To perform a nonauthoritative restore, stop the FRS service, configure the BurFlags registry key, and then restart the FRS service. To do so:

1. Click Start, and then click Run.
2. In the Open box, type cmd and then press ENTER.
3. In the Command box, type net stop ntfrs.
4. Click Start, and then click Run.
5. In the Open box, type regedit and then press ENTER.
6. Locate the following subkey in the registry:
   HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
7. In the right pane, double-click BurFlags.
8. In the Edit DWORD Value dialog box, type D2 and then click OK.
9. Quit Registry Editor, and then switch to the Command box.
10. In the Command box, type net start ntfrs.
11. Quit the Command box.

When the FRS service restarts, the following actions occur:

• The value for BurFlags registry key returns to 0.
• Files in the reinitialized FRS folders are moved to a Pre-existing folder.
• An event 13565 is logged to signal that a nonauthoritative restore is started.
• The FRS database is rebuilt.
• The member performs an initial join of the replica set from an upstream partner or from the computer that is specified in the Replica Set Parent registry key if a parent has been specified for SYSVOL replica sets.
• The reinitialized computer runs a full replication of the affected replica sets when the relevant replication schedule begins.
• When the process is complete, an event 13516 is logged to signal that FRS is operational. If the event is not logged, there is a problem with the FRS configuration.

Note: The placement of files in the Pre-existing folder on reinitialized members is a safeguard in FRS designed to prevent accidental data loss. Any files destined for the replica that exist only in the local Pre-existing folder and did not replicate in after the initial replication may then be copied to the appropriate folder. When outbound replication has occurred, delete files in the Pre-existing folder to free up additional drive space.

Authoritative FRS restore

Use authoritative restores only as a final option, such as in the case of directory collisions.

For example, you may require an authoritative restore if you must recover an FRS replica set where replication has completely stopped and requires a rebuild from scratch.

The following list of requirements must be met when before you perform an authoritative FRS restore:

1. The FRS service must be disabled on all downstream partners (direct and transitive) for the reinitialized replica sets before you restart the FRS service when the authoritative restore has been configured to occur.
2. Events 13553 and 13516 have been logged in the FRS event log. These events indicate that the membership to the replica set has been established on the computer that is configured for the authoritative restore.
3. The computer that is configured for the authoritative restore is configured to be authoritative for all the data that you want to replicate to replica set members. This is not the case if you are performing a join on an empty directory. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
   266679  (http://support.microsoft.com/kb/266679/ ) Pre-staging the File Replication service replicated files on SYSVOL and Distributed file system shares for optimal synchronization
4. All other partners in the replica set must be reinitialized with a nonauthoritative restore.

To complete an authoritative restore, stop the FRS service, configure the BurFlags registry key, and then restart the FRS service. To do so:

1. Click Start, and then click Run.
2. In the Open box, type cmd and then press ENTER.
3. In the Command box, type net stop ntfrs.
4. Click Start, and then click Run.
5. In the Open box, type regedit and then press ENTER.
6. Locate the following subkey in the registry:
   HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
7. In the right pane, double click BurFlags.
8. In the Edit DWORD Value dialog box, type D4 and then click OK.
9. Quit Registry Editor, and then switch to the Command box.
10. In the Command box, type net start ntfrs.
11. Quit the Command box.

When the FRS service is restarted, the following actions occur:

• The value for the BurFlags registry key is set back to 0.
• An event 13566 is logged to signal that an authoritative restore is started.
• Files in the reinitialized FRS replicated directories remain unchanged and become authoritative on direct replication. Additionally, the files become indirect replication partners through transitive replication.
• The FRS database is rebuilt based on current file inventory.
• When the process is complete, an event 13516 is logged to signal that FRS is operational. If the event is not logged, there is a problem with the FRS configuration.

Global vs. replica set specific reinitialization

There are both global- and replica set-specific BurFlags registry keys. Setting the global BurFlags registry key reinitializes all replica sets that the member holds. Do this only when the computer holds only one replica set, or when the replica sets that it holds are relatively small.

In contrast to configuring the global BurFlags key, the replica set BurFlags key permits you to reinitializes discrete, individual replica sets, allowing healthy replication sets to be left intact.

The global BurFlags registry key is found in the following location in the registry:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup / Restore\Process At Startup

This key can contain the same values as those that are discussed earlier in this article for authoritative and nonauthoritative restores.

You can locate the replica set specific BurFlags registry key by determining the GUID for the replica set that you want to configure. To determine which GUID corresponds to which replica set and configure a restore, follow these steps:

1. Click Start, and then click Run.
2. In the Open box, type cmd and then press ENTER.
3. In the Command box, type net stop ntfrs.
4. Click Start, and then click Run.
5. In the Open box, type regedit and then press ENTER.
6. To determine the GUID that represents the replica set that you want to configure, follow these steps:
   1. Locate the following key in the registry:
      KEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Replica Sets
   2. Below the Replica Sets subkey, there are one or more subkeys that are identified by a GUID. In the left pane, click the GUID, and then in the right pane note the Data that is listed for the Replica Set Root value. This file system path will indicate which replica set is represented by this GUID.
   3. Repeat step 4 for each GUID that is listed below the Replica Sets subkey until you locate the replica set that you want to configure. Note the GUID.
7. Locate the following key in the registry:
   KEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Cumulative Replica Sets
8. Below the Cumulative Replica Sets subkey, locate the GUID you noted in step 6c.
9. In the right pane, double click BurFlags.
10. In the Edit DWORD Value dialog box, type D2 to complete a nonauthoritative restore or type D4 to complete an authoritative restore, and then click OK.
11. Quit Registry Editor, and then switch to the Command box.
12. In the Command box, type net start ntfrs.
13. Quit the Command box.

Considerations before you configure authoritative or nonauthoritative restores of FRS members

If you configure an FRS member to complete an authoritative or nonauthoritative restore by using the BurFlags registry subkey, you do not resolve the issues that initially caused the replication problem. If you cannot determine the cause of the replication difficulties, the members will typically revert back to the problematic situation as replication continues.

A detailed breakdown on FRS interdependencies is beyond the scope of this article, but your troubleshooting should include the following actions:

• Verify that Active Directory replication is successful. Resolve Active Directory replication issues before you perform additional FRS troubleshooting. Use the Repadmin /showreps command to verify that Active Directory replication is occurring successfully. The Repadmin.exe tool is located in the Support\Tools folder on the Windows 2000 CD-ROM.
• Verify that inbound and outbound Active Directory replication occurs between all domain controllers that host SYSVOL replica sets and between all domain controllers that host computer accounts for servers that participate in DFS replica sets.
• Verify that FRS member objects, subscriber objects and connection objects exist in the Active Directory for all the computers that participate in FRS replication.
• Verify that inbound and outbound connection objects exist for all domain controllers in the domain for SYSVOL replica sets.
• Verify that all the members of DFS replica sets have at least inbound connection objects in a topology to avoid islands of replication.
• Review the FRS and SYSTEM event logs on direct replication partners that are having difficulty.
• Review the FRS debug logs in the %SYSTEMROOT%\DEBUG\NTFRS_*.LOG between the direct replication partners that are having replication problems.

For more information about how to troubleshoot, click the following article number to view the article in the Microsoft Knowledge Base:

3 WAN Protocols you should know: HDLC, PPP, and Frame-Relay

3 WAN Protocols you should know: HDLC, PPP, and Frame-Relay

 

What is HDLC?

HDLC stands for High-Level Data Link Control protocol. Like the two other WAN protocols mentioned in this article, HDLC is a Layer 2 protocol (see OSI Model for more information on Layers). HDLC is a simple protocol used to connect point to point serial devices. For example, you have point to point leased line connecting two locations, in two different cities. HDLC would be the protocol with the least amount of configuration required to connect these two locations. HDLC would be running over the WAN, between the two locations. Each router would be de-encapsulating HDLC and turning dropping it off on the LAN.

HDLC performs error correction, just like Ethernet. Cisco's version of HDLC is actually proprietary because they added a protocol type field. Thus, Cisco HDLC can only work with other Cisco devices.

HDLC is actually the default protocol on all Cisco serial interfaces. If you do a show running-config on a Cisco router, your serial interfaces (by default) won't have any encapsulation. This is because they are configured to the default of HDLC. If you do a show interface serial 0/0, you'll see that you are running HDLC. Here is an example:

What is PPP?

You may have heard of the Point to Point Protocol (PPP) because it is used for most every dial up connection to the Internet. PPP is documented in RFC 1661. PPP is based on HDLC and is very similar. Both work well to connect point to point leased lines.

The differences between PPP and HDLC are:

• PPP is not proprietary when used on a Cisco router

• PPP has several sub-protocols that make it function.

• PPP is feature-rich with dial up networking features

Because PPP has so many dial-up networking features, it has become the most popular dial up networking protocol in use today. Here are some of the dial-up networking features it offers:

• Link quality management monitors the quality of the dial-up link and how many errors have been taken. It can bring the link down if the link is receiving too many errors.

• Multilink can bring up multiple PPP dialup links and bond them together to function as one.

• Authentication is supported with PAP and CHAP. These protocols take your username and password to ensure that you are allowed access to the network you are dialing in to.

To change from HDLC to PPP, on a Cisco router, use the encapsulation ppp command, like this:

After changing the encapsulation to ppp, I typed ppp ? to list the PPP options available. There are many PPP options when compared to HDLC. The list of PPP options in the screenshot is only a partial list of what is available.

What is Frame-Relay?

Frame Relay is a Layer 2 protocol and commonly known as a service from carriers. For example, people will say "I ordered a frame-relay circuit". Frame relay creates a private network through a carrier's network. This is done with permanent virtual circuits (PVC). A PVC is a connection from one site, to another site, through the carrier's network. This is really just a configuration entry that a carrier makes on their frame relay switches.

Obtaining a frame-relay circuit is done by ordering a T1 or fractional T1 from the carrier. On top of that, you order a frame-relay port, matching the size of the circuit you ordered. Finally, you order a PVC that connects your frame relay port to another of your ports inside the network.

The benefits to frame-relay are:

• Ability to have a single circuit that connects to the "frame relay cloud" and gain access to all other sites (as long as you have PVCs). As the number of locations grow, you would save more and more money because you don't need as many circuits as you would if you were trying to fully-mesh your network with point to point leased lines.

• Improved disaster recovery because all you have to do is to order a single circuit to the cloud and PVC's to gain access to all remote sites.

• By using the PVCs, you can design your WAN however you want. Meaning, you define what sites have direct connections to other sites and you only pay the small monthly PVC fee for each connection.

Some other terms you should know, concerning frame relay are:

• LMI = local management interface. LMI is the management protocol of frame relay. LMI is sent between the frame relay switches and routers to communicate what DLCI's are available and if there is congestion in the network.

• DLCI = data link connection identifier. This is a number used to identify each PVC in the frame relay network.

• CIR = committed information rate. This is the amount bandwidth you pay to guarantee you will receive, on each PVC. Generally you have much less CIR than you have port speed. You can, of course, burst above your CIR to your port speed but that traffic is marked DE.

• DE = discard eligible. Traffic marked DE (that was above your CIR) CAN be discarded by the frame-relay network if there is congestion.

• FECN & BECN = forward explicit congestion notification & backward explicit congestion notification. These are bits set inside LMI packets to alert the frame-relay devices that there is congestion in the network.