SYSVOL replication failing on domain controller with DFSR errors 4612, 5002, and 5008

The affected DC may have no SYSVOL or NETLOGON share listed in the output of the net share command.

The DFS Replication event log on the affected DC contains DFSR error 4612:

The DFS Replication service initialized SYSVOL at local path [path] and is waiting to perform initial replication. The replicated folder will remain in the initial synchronization state until it has replicated with its partner [partner]. If the server was in the process of being promoted to a domain controller, the domain controller will not advertise and function as a domain controller until this issue is resolved. This can occur if the specified partner is also in the initial synchronization state, or if sharing violations are encountered on this server or the sync partner. If this event occurred during the migration of SYSVOL from File Replication service (FRS) to DFS Replication, changes will not replicate out until this issue is resolved. This can cause the SYSVOL folder on this server to become out of sync with other domain controllers.

It may also contain errors 5002 and 5008.

Error 5002:
The DFS Replication service encountered an error communicating with partner [partner] for replication group Domain System Volume.

Partner DNS Address: [partner FQDN]

Optional data if available:
Partner WINS Address: [partner hostname]
Partner IP Address: [partner address]

The service will retry the connection periodically.

Error 5008:
The DFS Replication service failed to communicate with partner [partner] for replication group Domain System Volume. This error can occur if the host is unreachable, or if the DFS Replication service is not running on the server.

Partner DNS Address: [partner FQDN]

Optional data if available:
Partner WINS Address: [partner hostname]
Partner IP Address: [partner address]

The service will retry the connection periodically. 

The partner server indicated in the errors is a DC that is no longer available.

Scenario 1: The affected DC is the only one in the domain.

In this scenario, there are no other DCs from which to copy SYSVOL data. Therefore, you must first determine whether SYSVOL data exists on the DC. To do so, browse to %windir%\SYSVOL\domain\Policies in File Explorer. This folder should contain at least two subfolders with long hexadecimal names. Each of those subfolders should in turn contain subfolders named Machine and User, plus a file named GPT.ini. See the screenshot below for an example of valid SYSVOL data:
 

Figure 1: SYSVOL data on a domain controller

If the SYSVOL data is present, an authoritative sync of the data can be performed using the ADSIEdit console. For the steps involved, see How to Perform an Authoritative Sync of SYSVOL Data Using Distributed File System Replication (DFSR). Since there is only one DC in the domain, some steps can be skipped.

If the SYSVOL data is not present, it must be obtained from a backup of another DC, if one exists. If such a backup can be located, restore the SYSVOL data and perform an authoritative sync.

If no backup of the SYSVOL data exists, the dcgpofix command must be used to re-create the default Group Policy Objects.

Scenario 2: There are other DCs in the domain with valid SYSVOL data.

1. Stop the DFS Replication service.
2. Launch the Registry Editor and browse to

   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DFSR\Parameters\SysVols\Seeding SysVols\[Domain name].

3. Locate the Parent Computer entry inside this key. It is likely set to the name of an unavailable DC. Modify this entry and set its value to the DNS name of a DC which is online and has an up-to-date copy of the SYSVOL data.
4. Close the Registry Editor.
5. Start the DFS Replication service.
6. Launch Event Viewer and refresh the DFS Replication event log until event 4604 appears, indicating that initial replication has completed and SYSVOL has been initialized.
7. Run the net share command to confirm the presence of SYSVOL and NETLOGON shares.