SYSVOL and NETLOGON Share Missing

DISCLAIMER: The information in this guide is provided "as is" without any guarantee of completeness, accuracy, timeliness, or of the results obtained from the use of this information. The author assumes no responsibility for any errors or omissions in the content. It is meant for general information purposes only and should not be used as a substitute for professional advice. The author is not responsible for any damages caused by the use of this information. By using this guide, you agree to hold the author harmless from any and all claims, damages, or expenses that may arise from your use of the information.

Introduction

SYSVOL and Netlogon shares aren't shared on a domain controller. The following symptoms or conditions may also occur:

• The sysvol folder is empty.
• The affected domain controller was recently promoted.
• The environment contains domain controllers running versions of Windows earlier than Windows Server 2012 R2.
• DFS Replication is used to replicate the SYSVOL Share replicated folder.
• An upstream domain controller's DFS Replication service is in an error state.

Domain controllers without SYSVOL shared can't replicate inbound because of upstream (source) domain controllers being in an error state. Frequently (but not limited to), the upstream servers have stopped replication because of a dirty shutdown (event ID 2213).

Requirements

• Domain Controller environment is using DFSR.

Instructions

Before following the instructions in this guide, It is highly recommended to review further troubleshooting steps and considerations by Microsoft to accurately assess if these steps are required.

1. On the Domain Controller missing the SYSVOL and/or NETLOGON share, launch regedit.exe as an administrator. 
   
   
2. Launch Regedit and browse to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters. Change SysVolReady value data from 0 to 1, click OK and close Regedit. 
   

   

   
   
3. The previous step will create the SYSVOL share. However, the NETLOGON share isn't created yet. In Windows Explorer, navigate to C:\Windows\SYSVOL\domain\ and create a new folder and name it "scripts".
   
   
4. Restart the Netlogon service.
   
   
5. In Windows Explorer, navigate to \\localhost\ to verify the share status - SYSVOL and NETLOGON shared folders should now be present.
   
   
6. SYSVOL and NETLOGON shares are working, but there may not be any group policies or scripts being replicated via FRS or DFSR.
   
   
7. Using the Command Prompt, verify the SYSVOL share replication state(s):
   

   For /f %i IN ('dsquery server -o rdn') do @echo %i && @wmic /node:"%i" /namespace:\\root\microsoftdfs path dfsrreplicatedfolderinfo WHERE replicatedfoldername='SYSVOL share' get replicationgroupname,replicatedfoldername,state

   Ideally, a state of 4 is normal (good). However, further troubleshooting will be required with a state other than 4, which may require an Authoritative or Non-Authoritative synchronization for DFSR. The screenshot below is an example of a two domain controller environment and their respective SYSVOL share state.
   
   

   
   
   

   Numerical State Status:
   
   0 = Uninitialized
   1 = Initialized
   2 = Initial Sync
   3 = Auto Recovery
   4 = Normal
   5 = In Error
   

Sources

• learn.microsoft.com - How to troubleshoot missing SYSVOL and Netlogon shares
  
• noelpulis.com - Fix: Missing Sysvol and Netlogon after domain controller promotion

KB Change/Issue Log

yyyy/mm/dd - Title

Issue

N/A

Solution

N/A

KB Meta