Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 13561 Source: NtFrs

Source
Level
Description
The File Replication Service has detected that the replica set "DOMAIN
SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.

Replica set name is    : "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"
Replica root path is   : "c:\winnt\sysvol\domain"
Replica root volume is : "\\.\C:"
  A Replica set hits JRNL_WRAP_ERROR when the record that it is trying to
read from the NTFS USN journal is not found. This can occur because of one
of the following reasons.

[1] Volume "\\.\C:" has been formatted.
[2] The NTFS USN journal on volume "\\.\C:" has been deleted.
[3] The NTFS USN journal on volume "\\.\C:" has been truncated. Chkdsk can
truncate the journal if it finds corrupt entries at the end of the journal.
[4] File Replication Service was not running on this computer for a long
time.
[5] File Replication Service could not keep up with the rate of Disk IO
activity on "\\.\C:".

Following recovery steps will be taken to automatically recover from this
error state.
[1] At the first poll which will occur in 5 minutes this computer will be
deleted from the replica set.
[2] At the poll following the deletion this computer will be re-added to
the replica set. The re-addition will trigger a full tree sync for the
replica set.
Comments
 
This event can occur if you are running the Legato NetWorker program to back up volumes and the Legato NetWorker program uses the Update Sequence Number (USN) journal to log all changes that are made to the files in these volumes. See ME912026 for information on fixing this problem.
Some clues to what is going on can be found in ME292438.
From a newsgroup post: "In my case there was something wrong with SYSVOL on DC1. All I needed to do was instruct FRS to initiate an authoritative restore of SYSVOL, and everything worked out nicely. To do that, all I needed to do was to follow the instructions in article ME316790".

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...