Problem: Exchange 2010, 2008R2, Event 106 MSExchange Common

Solution: Reload the correct performance counter file in Powershell

Get the "D:\Program Files\Microsoft\Exchange Server\V14\Setup\Perf" path

Open Exchange Powershell:

Add-pssnapin Microsoft.Exchange.Management.PowerShell.Setup

D:\Program Files\Microsoft\Exchange Server\V14\Setup\Perf\RpcClientAccessPerformanceCounters.ini

Your worst case scenario in terms of risk would be at the end if all does not solve it you have to re-index the Exchange Databases.

In would wait with that UNTIL you check all the Permissions/Counters and if they are registered correct!

https://social.technet.microsoft.com/Forums/exchange/en-US/5d56b384-2071-49ad-a74f-b76ca8615b94/exchange-2010-msexchange-common-error-106-performance-counter-updating-error?forum=exchangesvrgenerallegacy

https://social.technet.microsoft.com/Forums/exchange/en-US/079598ef-08fe-49b6-af5f-8920d8b34a39/msexchange-common-error?forum=exchange2010

Here is the official Linkl for the RE-INDEX (Last options if it currently fails all of the time)

https://technet.microsoft.com/en-us/library/aa995966.aspx

Error after importing a SAN/UC Certificate in Exchange 2010:

Error 1: "The certificate is invalid for exchange server usage"

This is because of a missing ROOT and Intermediate CA not imported.

Now Error After you resolved you get:

Error 2: "The certificate status could not be determined because the revocation check failed"

That means the Certificate Service (Certutil) can reach some URL from Microsoft or from the Cert PKI provider (Example Comodo)

Error: When your see the second error you are unable to"Export" a certificate in EMC / Exchange 2010 GUI. (Like for Load Balancer or CAS-Array)

HINT> If the certificate Status is NOT valid you still are able to "ENABLE"  the imported Certificate with Powershell.  We are unsure if Export would work.

See http://www.butsch.ch/post/Generate-SAN-UC-Certificate-SSL-on-Exchange-2010.aspx on how to do that.

First error comes "The certificate is invalid for exchange server usage" because suddenly your up to date Windows Server does not have an actual updated ROOT CA from some Cert Publishers.

1. Import the Root CA Files you got together with the provider on your Exchange 2010 CAS Server.

1. If you have a ROOT CA (Certificate Authority) you may publish the Root CA through your OWN CA to the Windows Domain. Type CERTUTIL in command to find out if you have/had one and then please ask the PKI-Engineer in your environment to help (If you have one ;-)

Here is how to manual import on the Exchange 2010 CAS:

The file you got from your PKI-Provider together with your certificate.

Start > mmc

Import the Root CA you got from your ISP to your Exchange 2010 CAS Server.

1. ROOT CA (Most with Root in the name) to "Trusted >Root Certification Authorities")

Import the second Certificate you got from the Provider to "Intermediate"

After this you see in the Exchange 2010 EMC under Server (on right side)

The certificate status could not be determined because the revocation check failed

Check which Certificate paths the Exchange wants to have access to AND open those on the FIREWALL/WEBFILTER or use the correct PROXY Settings. Open the URL string you see in a Browser and check if you can download the files. Just make sure your Exchange 2010 can reach those URLs.

certutil -URLcache CRL (Check)

Here is an output from certutil -URLcache

http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab

http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl

http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl

http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab

http://crl.microsoft.com/pki/crl/products/CSPCA.crl

http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab

Also and esp. for Comodo Certificates check and validate where your CERT itself want to go and OPEN those URL.

certutil -verify -urlfetch c:\edv\13296984.crt (13296984.crt filename of your provider Certificate)

----------------  Certificate AIA  ----------------

 Failed "AIA" Time: 0

   Error retrieving URL: The operation timed out 0x80072ee2 (WIN32: 12002)

   http://crt.comodoca.com/COMODOHigh-AssuranceSecureServerCA.crt

  ----------------  Certificate CDP  ----------------

 Failed "CDP" Time: 0

   Error retrieving URL: The operation timed out 0x80072ee2 (WIN32: 12002)

   http://crl.comodoca.com/COMODOHigh-AssuranceSecureServerCA.crl

 ----------------  Certificate OCSP  ----------------

 Failed "OCSP" Time: 0

   Error retrieving URL: The operation timed out 0x80072ee2 (WIN32: 12002)

   http://ocsp.comodoca.com

   Revocation Check Failed "Certificate (0)" Time: 0
    [0.0] http://crt.usertrust.com/AddTrustExternalCARoot.p7c

  Verified "Certificate (1)" Time: 0
    [0.1] http://crt.usertrust.com/AddTrustExternalCARoot.p7c

  Revocation Check Failed "Certificate (0)" Time: 0
    [1.0] http://crt.usertrust.com/AddTrustUTNSGCCA.crt

  ----------------  Certificate CDP  ----------------
  Verified "Base CRL (0bbc)" Time: 0
    [0.0] http://crl.usertrust.com/AddTrustExternalCARoot.crl

  ----------------  Base CRL CDP  ----------------
  No URLs "None" Time: 0
  ----------------  Certificate OCSP  ----------------
  Verified "OCSP" Time: 63
    [0.0] http://ocsp.usertrust.com

OPEN these URL on the Firewall also:

http://crt.comodoca.com/COMODOHigh-AssuranceSecureServerCA.crt
http://crl.comodoca.com/COMODOHigh-AssuranceSecureServerCA.crl
http://ocsp.comodoca.com
http://crt.usertrust.com/AddTrustExternalCARoot.p7c
http://crt.usertrust.com/AddTrustUTNSGCCA.crt
http://crl.usertrust.com/AddTrustExternalCARoot.crl
http://ocsp.usertrust.com

PROXY 

If you have a PROXY do not to EXCLUDE your > Exmaple > *.domain.local from the PROXY or your Exchange EMC want work anymore!

If you can't open the CAS Server to those URL or you don't have the right to do so. Check how to configure the Proxy Setting with NETSH.

http://exchangeserverpro.com/exchange-2010-certificate-revocation-checks-and-proxy-settings/
http://www.geekmungus.co.uk/microsoft-exchange/exchange2010-ucccertificatethecertificateisinvalidforexchangeserverusage
http://blogs.technet.com/b/pki/archive/2007/09/13/how-to-refresh-the-crl-cache-on-windows-vista.aspx
http://blogs.technet.com/b/exchange/archive/2010/07/26/emc-and-certificates-with-failed-revocation-checks-in-exchange-2010.aspx
http://support.microsoft.com/kb/979694/en-us
http://msexchangeguru.com/2012/11/12/certificate-revocation/

certutil -urlcache crl delete (Clean Cache)

certutil -urlcache ocsp delete (Clean Cache)

http://support.microsoft.com/kb/2775511

WIN7 32 & 64BIT / Server 2008 R2 ML / language Neutral

 Das soll es verbessern:

• Logon Schneller
• Policy Handling mit viel Policies auf clients schneller
• Web-based Distributed Authoring and Versioning (WebDAV)
• DFSN-client
• Ordnerumleitung
• Offline-Dateien und Ordner (CSC)
• SMB-client
• Umgeleiteten Drive Buffering Subsystem (RDB)
• multiple UNC Provider (MUP)

Es gibt neu ein Enterprise Pack Update, welches vorwiegend fuer Firmen Umgebungen gedacht ist. Darin sind rund 90 Patche resp. Hotfixe enthalten.

Gibt einige Blogs die schreiben, dass einzelne enthaltene Hotfixe darin mit Ihrer Drittsoftware Probleme macht. Meist kleinere Datenbank Formate.

Fehler dann auch bei SMB 2.0:

http://blogs.msdn.com/b/winsdk/archive/2013/05/13/roll-up-update-kb-2775511-reports-with-smb-2-0-data-truncation.aspx

http://windowssecrets.com/forums/showthread.php/153760-Beware-KB-2775511-a-special-hotfix-rollup-post-Windows-7-SP1

Eventuell wenn jemand gerade an einigen W7 client ist und überhaupt nicht weiter kommt – Vor dem neu aufsetzen > Als letztes den HOTFIX Patch installieren.

Bei den einzelnen Patchen steht teils nicht installieren oder nur in Test Umgebung resp wenn Problem vorhanden. Daher an sich lieber nicht für alle und jeden...

 Ich vermute, dass dies ein SP2 Pre Check auf Kosten der Kunden ist. Aber immer noch besser als 10 Hotfixe Pro Problem anzufordern wenn es eilt…

Man kann diesen nicht direkt downloaden sondern muss in via Windows Update Catalog im WSUS integrieren lassen (Import). ,am kann das File aber aber ab einem client von

C:\Windows\Downloaded Installations drab kopieren oder mit Glueck (oder wissen ;-) das entsprechen File auf dem WSUSCONTENT finden.

These single Patches are included and people who have an idea of Deployment or Server Managment know what the single terms are.

The page is Language Neutral and has for some patches diffrent languages

language="neutral"

It's for Windows 7 32BIT and 64BIT and i think same patch for 2008R2? At least the package goes for sure in that direction FailoverCluster-Core-WOW64-Package or the FX RDP.

Hot wo automate a Powershell on Windows Server:

http://exchangeshare.wordpress.com/2008/12/08/how-to-schedule-powershell-script-for-an-exchange-task/

Free ActiveRoles Management Shell for Active Directory 32/64-bit from Quest:

http://www.quest.com/powershell/activeroles-server.aspx
http://ss64.com/ps/quest.html

How to load the Powershell Plugins into the Shell (As example Exchange and the Quest)

http://technet.microsoft.com/en-us/library/bb963745.aspx

Add-PSSnapIn -Name Microsoft.Exchange.Management.PowerShell.Admin,Quest.ActiveRoles.ADManagement

http://poshcode.org/2231

Here is how to skip/catch the error if the SNAP in has laready been registered.

1. #Load Exchange PS Snapin
2. If (@(Get-PSSnapin -Registered | Where-Object {$_.Name -eq "Microsoft.Exchange.Management.PowerShell.E2010"} ).count -eq 1) {
3.     If (@(Get-PSSnapin | Where-Object {$_.Name -eq "Microsoft.Exchange.Management.PowerShell.E2010"} ).count -eq 0) {
4.          Write-Host "Loading Exchange Snapin Please Wait...."; Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010}
5.          }
6.  
7. #Load Exchange PS Snapin
8. If (@(Get-PSSnapin -Registered | Where-Object {$_.Name -eq "Microsoft.Exchange.Management.PowerShell.Admin"} ).count -eq 1){
9.     If (@(Get-PSSnapin | Where-Object {$_.Name -eq "Microsoft.Exchange.Management.PowerShell.Admin"} ).count -eq 0) {
10.         Write-Host "Loading Exchange Snapin Please Wait...."; Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin}
11.         }

Removing mailbox export and import requests from command New-MailboxExportRequest -Mailbox $Identity -FilePath $pstshare$user".pst"

http://thoughtsofanidlemind.wordpress.com/2010/12/21/removing-mailbox-export-and-import-requests/

Exchange Running Powershell from Batch on Server 2008/R2 32/64BIT, c:\windows\Sysnative Patch

If your recieve the error while running a Powershell from Batch:

WARNING: The following errors occurred when loading console D:\ProgramFiles\Microsoft\Exchange Server\bin\exshell.psc1:
Cannot load Windows PowerShell snap-in Microsoft.Exchange.Management.PowerShell.Admin because of the following error:
No snap-ins have been registered for Windows PowerShell version 2.
Command 'c:\batch\butsch.ps1' could not be executed because so me Windows PowerShell snap-ins did not load.

You may have to call the Powershell from within the Batch this way:

my_batch.cmd

The sysnative was the soltion and not registering Components new or compiling the batch with 64BIT (In some surounding code with .exe)

The Hotfix which is mentioned in almost 70% of the Blogs is for Server 2003 and not for 2008.

http://social.technet.microsoft.com/Forums/en-US/winserverpowershell/thread/41c9cd78-74ad-4903-8a77-be6c09724669

A heavily fragmented file in an NTFS file system volume may not grow beyond a certain size

http://support.microsoft.com/kb/967351/en-us

Von interesse fuer SQL und Exchange Betreuer. Doch kein Gerücht! nun offiziell ;-) Defrag Firmen haben Freude.

A heavily fragmented file in an NTFS file system volume may not grow beyond a certain size caused by an implementation limit in structures that are used to describe the allocations.

System Update Readyness Tool

Ist KEIN precheck fuer 2008R2 oder W7 sondern behebt bestehende Fehler in Windows Komponenten, welche Updatess durch WSUS verhindern automatisch. Z.B. bei Framework. Korrigiert falsche MSI Source Pfade!

http://support.microsoft.com/kb/947821/en-us

Cached Logon Credentials

Update vom 12.09.11 fuer die Cached Credentials. Ein Laptop kann sich maximal 50 mal ohne Domain Controller anmelden. Dies kann man steuern und ist vielen nicht bekannt. Bei der Planung vom Hoe Site Offices wird dies oft vergessen.

http://support.microsoft.com/kb/172931/en-us

Blue/Black Screen nach Update von Service Pack 1 fuer Windows 7 oder Server 2008R2

http://support.microsoft.com/kb/975484/

975484 Your computer may freeze or restart to a black screen that has a "0xc0000034" error message after you install Service Pack 1 on Windows 7 or Windows 2008 R2

Windows 7 or Windows Server 2008 R2 stops responding when an application performs many I/O operations to a network share

http://support.microsoft.com/kb/2582112/

This issue occurs because of a new behavior of the Server Message Block (SMB) mini-redirector (mrxsmb.sys) in Windows 7 and in Windows Server 2008 R2.
In Windows 7 and Windows Server 2008 R2, a power request object is created and then destroyed for every SMB network file operation. When an application performs heavy I/O to the network share, many threads that read or write to the network share create many power request objects. Therefore, the Power service cannot process the power request objects as fast as they are generated.

Windows 7, After Restore Point, The trust relationship between this workstation and the primary domain failed

Every client has a computer account which is in sync with the Domain Controller. If the computer account is too old (Like on VMWARE Snapshots) and does not match the one on the DC you fail to logon with the computer account. One of my developer machines is a Member of a Server 2003 R2 Domain.

After installation an Acronis 10 WS i had a horrible error with the SNAPMAN Plugin again. And not this time i could not recover even with the long KB from Acronis. So i went back to a restore point... I hate that and normaly i never have done it.

Well gues what if the "Restore point" is a certain amount of days old the Computer can't sync/Log on to the DC: That's somehow correct and usefull in terms of security but MS should warn user. Hopefully you have the local Admin password to acces the client. Otherwise you will have to use Hiren or some other boot CD to reset the Windows 7 SP1 admin password.

Disjoin/Rejoin the Domain and you are back in the game.

Please read both:

http://www.butsch.ch/post/Windows-7-Restore-Point-The-trust-relationship-between-this-workstation-and-the-primary-domain-failed.aspx
http://www.butsch.ch/post/Prevent-VM-MachineXP-computer-account-expire-in-Active-Directory.aspx

Setup of KMS server in Enterprise an several unwanted KMS DNS Entrys

While installing a KMS Server for Enterprise we had already had two or three DNS entrys per Domain Controller already there. But the KMS was not installed and planned before.

We found out that the person installing the Server 2008R2 used tke KMS-key to activate the Server itself instead of using a MAK key. You only need the KMS ONCE per company or Domain

and then leave the Server 2008R2, WIndows 7, Vista as they are. They will connect to the KMS Server and do the rest. Everything goes over one or two KMS keys or KMS Groups.

Mostly people don't understand that you need to activate a minimum of 5 servers or 25 windows 7 or 5 Office 2010 to get the whole thing running.

If you try to run with 4 servers 2008R as example at the end it will fail (After Grace period).

 So while looking at DNS an TCP\ you had two _VLMCS entrys there. If you don't want Round Robin Redudancy

something is wrong here. (Worng keys used for installing the Server)

If you use the KMS key for installing a nommal 2008R2 Windows automaticly thinks THIS is the KMS licence

server an dthus install the KMS licence server in the background.

http://social.technet.microsoft.com/Forums/en/itprovistaactivation/thread/62726fca-02ff-4d86-8781-aafa18cb0b2a

You need to change the product key of the machines that should not be KMS

slmgr /IPK xxxxx-xxxxx-xxxxx-xxxxx-xxxxx

Then activate with that key

Slmgr /ATO

Then we need to stop and restart the service( the name is different depending on the product)

For Windows Vista or for Windows Server 2008

For Windows 7 or for Windows Server 2008 R2

For computers that are running Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows 2000, Windows XP, Windows Vista, or Windows 7

Do not scan the following files and folders. These files are not at risk of infection. If you scan these files, serious performance problems may occur because of file locking. Where a specific set of files is identified by name, exclude only those files instead of the whole folder. Sometimes, the whole folder must be excluded. Do not exclude any one of these based on the file name extension. For example, do not exclude all files that have a .dit extension. Microsoft has no control over other files that may use the same extensions as the following files:

Microsoft Windows Update or Automatic Update related files

• The Windows Update or Automatic Update database file. This file is located in the following folder:%windir%\SoftwareDistribution\DatastoreExclude the Datastore.edb file.
• The transaction log files. These files are located in the following folder:%windir%\SoftwareDistribution\Datastore\LogsExclude the following files:
  • Edb*.log
    Note The wildcard character indicates that there may be several files.
  • Res1.log. The file is named Edbres00001.jrs for Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2.
  • Res2.log. The file is named Edbres00002.jrs for Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2.
  • Edb.chk
  • Tmp.edb
  • The following files in the %windir%\security path should be added to the exclusions list:
    • *.edb
    • *.sdb
    • *.log
    • *.chk

    Note If these files are not excluded, security databases are typically corrupted, and Group Policy cannot be applied when you scan the folder. The wildcard character indicates that there may be several files. Specifically, you must exclude the following files:

    • Edb.chk
    • Edb.log
    • *.log
    • Security.sdb in the <drive>:\windows\security\database folder

Group Policy related files

• Group Policy user registry information. These files are located in the following folder:%allusersprofile%\Exclude the following file: NTUser.pol
• Group Policy client settings file. These files are located in the following folder:%Systemroot%\system32\GroupPolicy\Exclude the following file: registry.pol

For Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, and Windows 2000 domain controllers

Because domain controllers provide an important service to clients, the risk of disruption of their activities from malicious code from a virus must be minimized. Antivirus software is the generally accepted way to lessen the risk of virus infection. Install and configure antivirus software so that the risk to the domain controller is reduced as much as possible and so that performance is affected as little as possible. The following list contains recommendations to help you configure and install antivirus software on a Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, or on a Windows 2000 domain controller:
Warning We recommend that you apply the following specified configuration to a test configuration to make sure that in your specific environment it does not introduce unexpected factors or compromise the stability of the system. The risk from too much scanning is that files are inappropriately flagged as having been changed. This results in too much replication in Active Directory. If testing verifies that replication is not affected by the following recommendations, you can apply the antivirus software to the production environment.
Note Specific recommendations from antivirus software vendors may supersede the recommendations in the article.

• Antivirus software must be installed on all domain controllers in the enterprise. Ideally, try to install such software on all other server and client systems that have to interact with the domain controllers. It is optimal to catch the virus at the earliest point, such as at the firewall or at the client system where the virus is first introduced. This prevents the virus from ever reaching the infrastructure systems that the clients depend on.
• Use a version of antivirus software that is designed to work with Active Directory domain controllers and that uses the correct Application Programming Interfaces (APIs) to access files on the server. Older versions of most vendor software inappropriately change file metadata as it is scanned. This causes the File Replication Service engine to recognize a file change and therefore schedule the file for replication. Newer versions prevent this problem. For more information, click the following article number to view the article in the Microsoft Knowledge Base:815263 (http://support.microsoft.com/kb/815263/ ) Antivirus, backup, and disk optimization programs that are compatible with the File Replication service
• Do not use a domain controller to browse the Web or to perform any other activities that may introduce malicious code.
• When you can, do not use the domain controller as a file sharing server. Virus scanning software must be run against all files in those shares, and this can put an unsatisfactory load on the processor and the memory resources of the server
• Do not put Active Directory or FRS database and log files on NTFS file system compressed volumes.
  For more information, click the following article number to view the article in the Microsoft Knowledge Base:318116 (http://support.microsoft.com/kb/318116/ ) Issues with Jet Databases on compressed drives
• Do not scan the following files and folders. These files are not at risk of infection, and if you include them, this may cause serious performance problems because of file locking. Where a specific set of files is identified by name, exclude only those files instead of the whole folder. Sometimes, the whole folder must be excluded. Do not exclude any of these based on the file-name extension. For example, do not exclude all files that have a .dit extension. Microsoft has no control over other files that may use the same extension as those shown here.
  Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:322756 (http://support.microsoft.com/kb/322756/ ) How to back up and restore the registry in Windows

   

  • Active Directory and Active Directory-related files:
    • Main NTDS database files. The location of these files is specified in the following registry key:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\DSA Database FileThe default location is %windir%\ntds. Exclude the following files:

      Ntds.dit
      Ntds.pat

    • Active Directory transaction log files. The location of these files is specified in the following registry key:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\Database Log Files PathThe default location is %windir%\ntds. Exclude the following files:

      EDB*.log (The wildcard character indicates that there may be several files.)
      Res1.log (The file is named Edbres00001.jrs for Windows Server 2008, and Windows Server 2008 R2.)
      Res2.log (The file is named Edbres00001.jrs for Windows Server 2008, and Windows Server 2008 R2.)
      Ntds.pat

      Note Windows Server 2003 no longer uses the Ntds.pat file.

    • The NTDS Working folder that is specified in the following registry key:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\DSA Working DirectoryExclude the following files:

      Temp.edb
      Edb.chk

  • SYSVOL files:
    • The File Replication Service (FRS) Working folder that is specified in the following registry key:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Working DirectoryExclude the following files:

      FRS Working Dir\jet\sys\edb.chk
      FRS Working Dir\jet\ntfrs.jdb
      FRS Working Dir\jet\log\*.log

    • The FRS Database Log files that are located in the following registry key:HKEY_LOCAL_MACHINE\system\currentcontrolset\services\NtFrs\Parameters\DB Log File DirectoryThe default location is %windir%\ntfrs. Exclude the following files:

      FRS Working Dir\jet\log\*.log (if the registry key is not set)
      FRS Working Dir\jet\log\edbres00001.jrs (Windows Server 2008, and Windows Server 2008 R2)
      FRS Working Dir\jet\log\edbres00002.jrs (Windows Server 2008, and Windows Server 2008 R2)
      DB Log File Directory\log\*.log (if the registry key is set)

    • The Staging folder that is specified in the following registry key and all the Staging folder’s sub-folders:HKEY_LOCAL_MACHINE\system\currentcontrolset\services\NtFrs\Parameters\Replica Sets\GUID\Replica Set StageThe current location of the Staging folder and all its sub-folders is the file system reparse target of the replica set staging folders. Staging defaults to the following location:
      %systemroot%\sysvol\staging areas
      The current location of the SYSVOL\SYSVOL folder and all its sub-folders is the file system reparse target of the replica set root. The SYSVOL\SYSVOL folder defaults to the following location:
      %systemroot%\sysvol\sysvol
    • The FRS Preinstall folder that is in the following location:Replica_root\DO_NOT_REMOVE_NtFrs_PreInstall_DirectoryThe Preinstall folder is always open when FRS is running.

    In summary, the targeted and excluded list of folders for a SYSVOL tree that is placed in its default location would look similar to the following:

    1. %systemroot%\sysvol                                                  Exclude
    2. %systemroot%\sysvol\domain                                           Scan
    3. %systemroot%\sysvol\domain\DO_NOT_REMOVE_NtFrs_PreInstall_Directory  Exclude
    4. %systemroot%\sysvol\domain\Policies                                  Scan
    5. %systemroot%\sysvol\domain\Scripts                                   Scan
    6. %systemroot%\sysvol\staging                                          Exclude
    7. %systemroot%\sysvol\staging areas                                    Exclude
    8. %systemroot%\sysvol\sysvol                                           Exclude

    If any one of these folders or files have been moved or placed in a different location, scan or exclude the equivalent element.

  • DFSThe same resources that are excluded for a SYSVOL replica set must also be excluded when FRS is used to replicate shares that are mapped to the DFS root and link targets on Windows Server 2008-based, Windows Server 2003-based, or Windows 2000-based member computers or domain controllers.
  • DHCPBy default, DHCP files that should be excluded are present in the following folder on the server:%systemroot%\System32\DHCP

    Note You should exclude all files and subfolders that exist in this folder.

    The location of DHCP files can be changed. To determine the current location of the DHCP files on the server, check the DatabasePath, DhcpLogFilePath, and BackupDatabasePath parameters under the following registry subkey:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\DHCPServer\Parameters

For Windows Server 2008, Windows Server 2003, and Windows 2000 domain controllers

• DNS: You should exclude all files and subfolders that exist in the following folder:%systemroot%\system32\dns
• WINS: You should exclude all files and subfolders that exist in the following folder:%systemroot%\system32\wins