Active Directory replication between domain controllers is not working and Event 13568 is logged in the File Replication log with the following message
The File Replication Service has detected that the replica set “DOMAIN SYSTEM VOLUME (SYSVOL SHARE)” is in JRNL_WRAP_ERROR.
The description for Event 13568 is very helpful. It’s one of the few error events that actually tells you how to fix the problem in the error description. If you have a single Domain Controller, these steps are very straightforward. However, if you have multiple domain controllers you need to determine which domain controller has the most up-to-date replica. These instructions assume that the server with the journal wrap error is also the server with the most up-to-date replica of your SYSVOL share.
Open the registry editor and navigate to:
You will find a REG_DWORD key called “Enable Journal Wrap Automatic Restore”. Change the value of this key to 1.
If the value name is not present you may add it with the New->DWORD Value function under the Edit Menu item. Type the value name exactly as shown above.
Restart the File Replication Service. You can do this through the Services Control Panel or by typing these commands:
net stop ntfrs
net start ntfrs
Now you must wait 5 minutes. After 5 minutes have gone by, you should check the File Replication Service event log for event 13516 indicating that “The File Replication Service is no longer preventing the computer SERVERNAME from becoming a domain controller”. If you see this event, everything is good and you can skip to step 3
In some cases you may see event id 13520 which says “The File Replication Service moved the preexisting files in c:\windows\sysvol\domain to c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog.”
To fix this we need to do an authoritative restore. Open the registry editor and navigate to:
Stop the ntfrs service
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
Set Burflags to D4 (hexadecimal)
Move files from c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog back to c:\windows\sysvol\domain
Restart the ntfrs service
Wait for event 13516
Check to make sure the sysvol folder is shared
Go back into the Registry Editor and change the “Enable Journal Wrap Automatic Restore” back to 0