New Domain controller is having trouble replicating from an existing DC, 13508 Event ID for FRS

active-directory replication domain-controller file-replication-services

29,222

Solution 1

Usually these sorts of issues are related to DNS in some way. I would start by verifying the Client DNS settings on both DCs and making sure you can ping both ways between DC-02 & DC-04 (you only mentioned you can ping from DC-04 to DC-02). Then I'd try restarting both the Netlogon & FRS services on both DC-02 & DC-04, and then checking for any errors in the corresponding event logs (check the FRS event log on both DCs to see if there is any other info). Verify that restarting netlogon has re-registered the DCs SRV records in DNS (under _msdcs, _sites, _tcp, _udp, etc).

You can also check the following:

Check the Server’s Computer object in Active Directory to ensure it has a child object, called NTDS-Settings.
Verify that the SYSVOL share has been created and is active
Use “net share” in the command prompt to see if “SYSVOL” is listed.
- Verify the Domain Membership of the DC.
Use “netdiag /test:member” and verify the test passes.
- Verify the DC can communicate with other DCs.
Use “netdiag /test:dsgetdc and verify the test passes.
- Verify the DC can replicate with other DCs.
Use “netdiag /test:replications and verify the test passes.
- Verify the replication permissions are correct.
Use “dcdiag /test:netlogons and verify the test passes.

You will know when replication is working properly when you get an Event ID 13516 Source Ntfrs in the FRS event log stating that FRS is no longer preventing DC-04 from becoming a domain controller.

Solution 2

Try forcing a replication from the other domain controller:

ntfrsutl forcerepl DC-04 /r "domain system volume (sysvol share)" /p DC-03.domainname.com

https://blogs.technet.com/b/justinturner/archive/2007/04/27/quick-tip-force-frs-replication.aspx

29,222

Mike

Updated on September 18, 2022

Comments

Mike almost 2 years

This question is related to a previous one I asked regarding backing up Domain Controllers and RODC's. Basically I am making some changes in regards to the DC's in my network. I am looking to add a writable 2008R2 DC as well as a 2008R2 RODC to my domain.

I have created a writable 2008R2 DC called "DC-04", it is set up and appears to be working fine with one exception. When I run dcdiag /v on this new domain controller, I get an error during the FRS event test. This error corresponds to Event 13508 that I am getting and it states:

"The File Replication Service is having trouble enabling Replication from DC-02 to DC-04 for c:\windows\sysvol\domain using the DNS name dc-02.domain.com. FRS will keep retrying."

Some information that may be helpful:

DC-02 is running 2003R2 x86, it also holds all 5 FSMO roles

There is another DC called DC-03 also running 2003R2 x86, no errors come up on DC-04 regarding replication from this DC

All DC's are Global Catalogs and have DNS

I can ping dc-02.domain.com from dc-04, so DNS seems ok

FRS service is running on DC-02

Any ideas or things to check would be greatly appreciated.

Thanks!
- Admin almost 12 years
  
  Ugh, FRS sucks. I mean, really sucks. Is it possible to upgrade to DFS or DFS-R? (2k8 FL required, IIRC.) That's the first thing I'd try, because FRS just doesn't work and is such a massive pain to fix that it's best to not use it if at all possible.
Mike almost 12 years

Thanks Greg. It already seems to be replicating fine from DC-03 to DC-04. So what will this command accomplish? I need it to replicate from DC-02 to DC-04 which is where the problem is. Am I missing something?
Mike almost 12 years

I tried that command with DC-02 in place of DC-03, since DC-02 is where I am having trouble replicating from. The results were: Local Comp name: DC-04 ReplicaSetGuid: (null) CxtionGuid:(null) Is it bad that those two are null?
Mike almost 12 years

Yup, all DC's are in that OU, and if I go to Properties > Security Tab > Advanced for all of them I see that the box for "include inheritable permissions from this objects parent" is checked
Mike almost 12 years

Thanks Cheekaleak, here are my results: verified that each DC has a correct IP address and can be pinged by name from DC-02 to DC-04 and vice versa. So that ensures DNS settings are ok I assume? Restarted NetLogon and FRS Service on both machines. On DC-02 I got what I think is my best lead in the event log - Event 13568 "The FRS Service has detected that the replica set DOMAIN SYSTEM VOLUME (SYSVOL SHARE) is in JRNL_WRAP_ERROR" - On DC-04 I got 13516 that FRS is no longer preventing DC-04 from being a DC, and another 13508 that there is trouble replicating from dc-02 to dc-04
Mike almost 12 years

I can also see the DC's SRV records in DNS, The server's object in AD also has NTDS-settings, SYSVOL is present on DC-04 and shows up in the net share command, netdiag doesn't work on 2008R2 apparently so I couldn't try those, but dcdiag-replications and dcdiag-netlogons passed successfully - Any idea about that event logged on DC-02? I got the 13516 on DC-04 but it still appears replication is not working despite that.
HostBits almost 12 years

It sounds to me like your issue is related to the error on DC02 with the SYSVOL, I would start down that path and see where it takes you. You could also just try restarting FRS on both DCs again (has resolved issues for me in the past).
Mike almost 12 years

Your suggestions led me in the right direction, I started looking into the error on DC-02 and turns out I needed to do a non-authoritative restore of the replica sets on that machine, then a 13509 was logged on DC-04 indicating replication was enabled from DC-02 to DC-04. For anyone looking at this post with the same problem, this is what I did: support.microsoft.com/kb/290762
HostBits almost 12 years

Excellent! Glad you got it figured out.