+ Post New Thread
Results 1 to 13 of 13
Windows Thread, NTFRS Woes in Technical; Morning Everyone! I just wanted to run this past as many of you as possible (and I will of course ...
  1. #1
    azrael78's Avatar
    Join Date
    Sep 2007
    Location
    Devon
    Posts
    383
    Thank Post
    47
    Thanked 37 Times in 33 Posts
    Rep Power
    20

    Cool NTFRS Woes

    Morning Everyone!

    I just wanted to run this past as many of you as possible (and I will of course run this past my 'Supervisor' who's on holiday.).

    Here we have 2 Forests.
    1x Forest (Curriculum) - 4x Server 2003 DCs.
    1x Forest (Admin) - 4x Server 2003 DCs.

    Both Forests have member servers also within them.

    The problem I've hit in the past week (or so) has been NTFRS in particularly with the NETLOGON share (not SYSVOL).

    We have a large NETLOGON share (1.28GB) which I suspect may be the cause of my woes but I'm not certain. (Only noticed this when I changed the share from 700MB to 1.28GB)

    NTFRS seems to start up okay - no problems here, yet when it comes to replicating the NETLOGON share - some of the DCs (in either domain) end up with xxx_NTFRS_xxxx folders. The original folders are no longer present, just these NTFRS folders.

    I understand this is to do with NTFRS replication - but I cannot find a cause or reason as to why these folders keep appearing.

    So I've done the following:
    1) Stopped NTFRS, Cleared the NETLOGON share - Rolled the contents back out to each server WITHOUT NTFRS running.

    2) Stopped NTFRS, Cleared the NETLOGON share - Rolled out the contents back to 1 server in each domain, turned NTFRS back on.

    3) Stopped NTFRS, Cleared the NETLOGON share - Rolled out the contents out to each server, turned NTFRS back on.

    With the exception of #1 - I keep getting these folders.
    I get no errors or complaints via NETDIAG, DCDIAG or the Event Viewer.
    I have cleared down the NTFRS staging area caches and restarted the service, also to no avail.

    The files in each NETLOGON share on each DC are identical.

    So what I'm planning to do is have just 1 little script in the NETLOGON share that points the clients to a DFSR share instead - and we allow DFSR to handle replication of this large chunk of data instead - so we keep NTFRS turned on but use DFSR for the replication of this huge chunk of data.

    I know I will have to make substantial changes to Group Policy deployments (software) and anything that points to the %LOGONSERVER%\NETLOGON area but I'm prepared for that.

    What I'm asking is the following:

    1) Have any of you got similarly-sized NETLOGON shares on your AD Network?
    2) Do you have issues with NTFRS on this share?
    3) Would you forsee any obvious problems with how I plan to change the whole NETLOGON deal?

    I know in theory I can't forsee any issues or problems with what I'm proposing here - but for such a large change, I like to run it past as many people first incase they have tried it or know about other issues I may hit

    Any feedback would be appreciated as I either have to start and finish this today or pencil it in for Summer... and I'd rather get it done ASAP than leave NTFRS on - having to re-roll out the NETLOGON share contents daily...

    Thanks.

    Az

  2. #2

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,991
    Thank Post
    851
    Thanked 2,653 Times in 2,253 Posts
    Blog Entries
    9
    Rep Power
    764
    I think that your idea to slim down the netlogon share is a good one. The replication engine could be choking because of the volume of data that it is attempting to replicate. I know that Server 2k3 R2's implementation of replication is vastly superior when it comes to dealing with large files.

    I would keep all script type elements on the netlogon share as it is set up specially to give the illusion of full access to the files for every client but I would offload the larger elements to a different share. If this included machine startup and shutdown scripts you will want to remember to set the permissions to allow Domain computers as well and probably the everybody group to be safe when adding new stations.

    Out of interest what do you have in your netlogon share that makes it so large?

  3. #3

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,991
    Thank Post
    851
    Thanked 2,653 Times in 2,253 Posts
    Blog Entries
    9
    Rep Power
    764
    Just had a little look around and this procedure which rebuilds the whole sysvol and netlogon shares could be an option if it continues to give you problems. It has warnings that make it seem like this is a rather extreme measure but a fresh rebuild should definatly squash any consistency issues.

    I would try slimming down the netlogon share first and keep this as plan B:

    How to rebuild the SYSVOL tree and its content in a domain

  4. #4
    azrael78's Avatar
    Join Date
    Sep 2007
    Location
    Devon
    Posts
    383
    Thank Post
    47
    Thanked 37 Times in 33 Posts
    Rep Power
    20
    Quote Originally Posted by SYNACK View Post
    I think that your idea to slim down the netlogon share is a good one. The replication engine could be choking because of the volume of data that it is attempting to replicate. I know that Server 2k3 R2's implementation of replication is vastly superior when it comes to dealing with large files.
    Yeah, that's why I was thinking drop NTFRS and use DFSR. Server 2008 uses DFSR for everything even SYSVOL, so I can't see why I can't use the same idea.

    Quote Originally Posted by SYNACK View Post
    I would keep all script type elements on the netlogon share as it is set up specially to give the illusion of full access to the files for every client but I would offload the larger elements to a different share. If this included machine startup and shutdown scripts you will want to remember to set the permissions to allow Domain computers as well and probably the everybody group to be safe when adding new stations.
    I understand what you are saying here - but it's hard to differentiate between scripts and the larger chunks of data without seriously rewriting alot of the scripts and as I only have 1 day to do this in, I figure move the whole lot for speed - make changes later when it's all working.

    Oddly enough we do have a startup and shutdown script - but they seem quite happy with the default permissions (as they run as NT AUTHORITY\SYSTEM on the workstations) and seem content with the default NETLOGON permissions - however I will certainly keep your suggestion in mind.

    Quote Originally Posted by SYNACK View Post
    Out of interest what do you have in your netlogon share that makes it so large?
    A whole heap of BIG MSIs - damned QCA Testing stuff and a whole heap of them stored here - simply because we figured NTFRS could handle it without choking and dying it has been. How wrong we were... and how wrong I was for not telling my juniors to NOT fill the NETLOGON share full of MSIs and other fun items

    Az

  5. #5
    azrael78's Avatar
    Join Date
    Sep 2007
    Location
    Devon
    Posts
    383
    Thank Post
    47
    Thanked 37 Times in 33 Posts
    Rep Power
    20
    Quote Originally Posted by SYNACK View Post
    Just had a little look around and this procedure which rebuilds the whole sysvol and netlogon shares could be an option if it continues to give you problems. It has warnings that make it seem like this is a rather extreme measure but a fresh rebuild should definatly squash any consistency issues.

    I would try slimming down the netlogon share first and keep this as plan B:

    How to rebuild the SYSVOL tree and its content in a domain
    I've done this wonderful thing before - not because of NTFRS but because of SYSVOL corruption on a knackered RAID array which replicated itself... it was great fun - thank god for off-disk backups.

    (I used to copy the whole SYSVOL folder to my PC before we got our backups sorted out)

    But yeah it is extreme - I don't think the issue is consistency, I think it's more because NTFRS is choking to death under the sheer bulk and size of the data we are asking it to handle. DFSR (In Server 2003 R2 and Server 2008) should handle this much better (as we currently use DFSR to replicate profiles between servers and they aren't small little things either).

    Az

  6. #6

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,991
    Thank Post
    851
    Thanked 2,653 Times in 2,253 Posts
    Blog Entries
    9
    Rep Power
    764
    We use DFS here for our distribution share, around 40GB worth of MSIs and shared apps which it handles without fault. I had no idea that NTFRS would choke with so little data though. How is the bandwidth avalibility for the servers as I'm sure that I read a paper a while ago about using a separate network just for data replication.

  7. #7
    azrael78's Avatar
    Join Date
    Sep 2007
    Location
    Devon
    Posts
    383
    Thank Post
    47
    Thanked 37 Times in 33 Posts
    Rep Power
    20
    Quote Originally Posted by SYNACK View Post
    We use DFS here for our distribution share, around 40GB worth of MSIs and shared apps which it handles without fault. I had no idea that NTFRS would choke with so little data though. How is the bandwidth avalibility for the servers as I'm sure that I read a paper a while ago about using a separate network just for data replication.
    They are all connected up to some really good kit - all on Gigabit Ethernet and bandwidth doing other tasks (like file copies, logging in etc) are all fine, no problems or complaints.

    Az

  8. #8
    azrael78's Avatar
    Join Date
    Sep 2007
    Location
    Devon
    Posts
    383
    Thank Post
    47
    Thanked 37 Times in 33 Posts
    Rep Power
    20
    Righty - just spoke to my 'Supervisor' - he's agreed with me that the issue MUST be dealt with sooner but has told me to not start anything today as I can't garauntee I can have it all up and working for Monday AM.

    Instead I've been told to get the infrastructure (for using DFSR) in place as much as I can without changing stuff.

    So, I'm leaving NTFRS on today - turning it off before I leave later, re-rolling the NETLOGON share back out and hoping that on Monday the things just work okay.

    What a NIGHTMARE!

    Az

  9. #9

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,154
    Thank Post
    114
    Thanked 527 Times in 450 Posts
    Blog Entries
    2
    Rep Power
    123
    One of the things which will cause some of the problems I think you're seeing is trying to hurry along replication by manually copying stuff - this then gives you the NTFRS-folder names. NTFRS thinks that the files are different even though the folder names are the same and so creates the morphed names.

    Have you tried using ultrasound (MS tool) to monitor the replication? this can show you the state of the backlogs etc.

    I would definitely move the big stuff you need replicating to DFSR - we've never had big files under sysvol (remember netlogon is a folder under sysvol) but we did replicate multi-gigabyte folders with NTFRS and if ever it went wrong it was a nightmare to get them back in sync (weeks!!!)

  10. #10

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,241
    Thank Post
    239
    Thanked 1,567 Times in 1,249 Posts
    Rep Power
    339
    I agree that the NETLOGON share should contain just scripts and reg files (and BGInfo, if you use this), but other than that nothing else.

    As for distributing MSIs, on all my networks I create a share called Distribution with the appropriate permissions and place all MSIs in this share, or within a sub folder of the share.

    For anything else, you should simply create additional shares

  11. #11
    azrael78's Avatar
    Join Date
    Sep 2007
    Location
    Devon
    Posts
    383
    Thank Post
    47
    Thanked 37 Times in 33 Posts
    Rep Power
    20
    Quote Originally Posted by srochford View Post
    One of the things which will cause some of the problems I think you're seeing is trying to hurry along replication by manually copying stuff - this then gives you the NTFRS-folder names. NTFRS thinks that the files are different even though the folder names are the same and so creates the morphed names.

    Have you tried using ultrasound (MS tool) to monitor the replication? this can show you the state of the backlogs etc.

    I would definitely move the big stuff you need replicating to DFSR - we've never had big files under sysvol (remember netlogon is a folder under sysvol) but we did replicate multi-gigabyte folders with NTFRS and if ever it went wrong it was a nightmare to get them back in sync (weeks!!!)
    Well I've tried Ultrasound but the silly agent thing won't install - when I try to install it manually it just says it can't install and rolls itself out again.

    So I've not had much luck with that - but I've certainly thought about it and tried it.

  12. #12

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,154
    Thank Post
    114
    Thanked 527 Times in 450 Posts
    Blog Entries
    2
    Rep Power
    123
    Quote Originally Posted by azrael78 View Post
    Well I've tried Ultrasound but the silly agent thing won't install - when I try to install it manually it just says it can't install and rolls itself out again.

    So I've not had much luck with that - but I've certainly thought about it and tried it.
    There's a reason for this which I've now forgotten :-(

    Run the MSI for the agent manually and turn on verbose logging - I think that will tell you the problem. I do remember we had problems getting it working but a bit of prodding did get it working!

  13. #13
    azrael78's Avatar
    Join Date
    Sep 2007
    Location
    Devon
    Posts
    383
    Thank Post
    47
    Thanked 37 Times in 33 Posts
    Rep Power
    20
    If you remember, lemme know

    Az

SHARE:
+ Post New Thread

Similar Threads

  1. WMI Woes
    By Gatt in forum Windows
    Replies: 2
    Last Post: 16th January 2008, 04:46 PM
  2. Projector Woes
    By Pete10141748 in forum Hardware
    Replies: 7
    Last Post: 29th November 2007, 05:34 PM
  3. USB LPT Printer woes
    By Ste_Harve in forum Hardware
    Replies: 8
    Last Post: 10th August 2007, 04:39 PM
  4. Wireless Woes!
    By CHR1S in forum Wireless Networks
    Replies: 16
    Last Post: 23rd May 2007, 09:08 AM
  5. Ris woes
    By Uraken in forum Windows
    Replies: 3
    Last Post: 4th April 2007, 10:04 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •