SYSVOL Replication Failing - 13508 (Network Steve Forum)

SYSVOL Replication Failing - 13508

We have two 2008 R2 DCs and our second DC has been getting the 13508 for months. I have checked the logs and have found no instance of 13509.

I have recently set up a third DC (server 2012 R2) and am now getting the message on that machine as well. Except, now it's showing the message for DC1 and DC2.

The File Replication Service is having trouble enabling replication from DC2 to DC3 for c:\windows\sysvol\domain using the DNS name DC2. FRS will keep retrying.

Following are some of the reasons you would see this warning.

[1] FRS can not correctly resolve the DNS name DC2 from this computer.

[2] FRS is not running on DC2.

[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.

This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

I'm not exactly sure what that means, but I continued to do some diagnostics. I was able to ping the FQDN with no problem. I disabled the firewalls on all boxes and tested with no luck. There is now internal firewall blocking anything and the proper ports are open and listening.

In addition, I have noticed on the DC that is NOT receiving the 13508 error has had a couple 13562 errors-

Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller DC1 for FRS replica set configuration information.

Could not bind to a Domain Controller. Will try again at next polling cycle.

Other than that, there are no FRS errors on DC1. Here are the results of DCDiag on DC1:

Directory Server Diagnosis

Performing initial setup:

Trying to find home server...

Home Server = DC1

* Identified AD Forest.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\DC1

Starting test: Connectivity

......................... DC1 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\DC1

Starting test: Advertising

......................... DC1 passed test Advertising

Starting test: FrsEvent

......................... DC1 passed test FrsEvent

Starting test: DFSREvent

......................... DC1 passed test DFSREvent

Starting test: SysVolCheck

......................... DC1 passed test SysVolCheck

Starting test: KccEvent

......................... DC1 passed test KccEvent

Starting test: KnowsOfRoleHolders

......................... DC1 passed test KnowsOfRoleHolders

Starting test: MachineAccount

......................... DC1 passed test MachineAccount

Starting test: NCSecDesc

Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

Replicating Directory Changes In Filtered Set
access rights for the naming context:

DC=ForestDnsZones,DC=domain,DC=local
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

Replicating Directory Changes In Filtered Set
access rights for the naming context:

DC=DomainDnsZones,DC=domain,DC=local
......................... DC1 failed test NCSecDesc

Starting test: NetLogons

......................... DC1 passed test NetLogons

Starting test: ObjectsReplicated

......................... DC1 passed test ObjectsReplicated

Starting test: Replications

......................... DC1 passed test Replications

Starting test: RidManager

......................... DC1 passed test RidManager

Starting test: Services

......................... DC1 passed test Services

Starting test: SystemLog

......................... DC1 passed test SystemLog

Starting test: VerifyReferences

......................... DC1 passed test VerifyReferences

   Running partition tests on : ForestDnsZones

Starting test: CheckSDRefDom

......................... ForestDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... ForestDnsZones passed test

CrossRefValidation

Running partition tests on : DomainDnsZones

Starting test: CheckSDRefDom

......................... DomainDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... DomainDnsZones passed test

CrossRefValidation

Running partition tests on : Schema

Starting test: CheckSDRefDom

......................... Schema passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Schema passed test CrossRefValidation

Running partition tests on : Configuration

Starting test: CheckSDRefDom

......................... Configuration passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Configuration passed test CrossRefValidation

Running partition tests on : domain

Starting test: CheckSDRefDom

......................... domain passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... domain passed test CrossRefValidation

Running enterprise tests on : domain.local

Starting test: LocatorCheck

......................... domain.local passed test LocatorCheck

Starting test: Intersite

......................... domain.local passed test Intersite

Here is the result from DC2:

Directory Server Diagnosis

Performing initial setup:

Trying to find home server...

Home Server = DC2

* Identified AD Forest.

Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\DC2

Starting test: Connectivity

......................... DC2 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\DC2

Starting test: Advertising

......................... DC2 passed test Advertising

Starting test: FrsEvent

There are warning or error events within the last 24 hours after the

SYSVOL has been shared. Failing SYSVOL replication problems may cause

Group Policy problems.

......................... DC2 passed test FrsEvent

Starting test: DFSREvent

......................... DC2 passed test DFSREvent

Starting test: SysVolCheck

......................... DC2 passed test SysVolCheck

Starting test: KccEvent

......................... DC2 passed test KccEvent

Starting test: KnowsOfRoleHolders

......................... DC2 passed test KnowsOfRoleHolders

Starting test: MachineAccount

......................... DC2 passed test MachineAccount

Starting test: NCSecDesc

Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

Replicating Directory Changes In Filtered Set

access rights for the naming context:

DC=ForestDnsZones,DC=domain,DC=local

Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

Replicating Directory Changes In Filtered Set

access rights for the naming context:

DC=DomainDnsZones,DC=domain,DC=local

......................... DC2 failed test NCSecDesc

Starting test: NetLogons

......................... DC2 passed test NetLogons

Starting test: ObjectsReplicated

......................... DC2 passed test ObjectsReplicated

Starting test: Replications

......................... DC2 passed test Replications

Starting test: RidManager

......................... DC2 passed test RidManager

Starting test: Services

......................... DC2 passed test Services

Starting test: SystemLog

A warning event occurred. EventID: 0x8000001D

Time Generated: 03/25/2015 10:53:38

Event String:

The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.

......................... DC2 passed test SystemLog

Starting test: VerifyReferences

......................... DC2 passed test VerifyReferences

Running partition tests on : ForestDnsZones

Starting test: CheckSDRefDom

......................... ForestDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... ForestDnsZones passed test

CrossRefValidation

Running partition tests on : DomainDnsZones

Starting test: CheckSDRefDom

......................... DomainDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... DomainDnsZones passed test

CrossRefValidation

Running partition tests on : Schema

Starting test: CheckSDRefDom

......................... Schema passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Schema passed test CrossRefValidation

Running partition tests on : Configuration

Starting test: CheckSDRefDom

......................... Configuration passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Configuration passed test CrossRefValidation

Running partition tests on : domain

Starting test: CheckSDRefDom

......................... domain passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... domain passed test CrossRefValidation

Running enterprise tests on : domain.local

Starting test: LocatorCheck

......................... domain.local passed test LocatorCheck

Starting test: Intersite

......................... domain.local passed test Intersite

And finally, here is the result from DC3:

* Identified AD Forest.

Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\DC3

Starting test: Connectivity

......................... DC3 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\DC3

Starting test: Advertising

Warning: DsGetDcName returned information for \\DC1.domain.local,

when we were trying to reach DC3.

SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.

......................... DC3 failed test Advertising

Starting test: FrsEvent

There are warning or error events within the last 24 hours after the

SYSVOL has been shared. Failing SYSVOL replication problems may cause

Group Policy problems.

......................... DC3 passed test FrsEvent

Starting test: DFSREvent

......................... DC3 passed test DFSREvent

Starting test: SysVolCheck

......................... DC3 passed test SysVolCheck

Starting test: KccEvent

......................... DC3 passed test KccEvent

Starting test: KnowsOfRoleHolders

......................... DC3 passed test KnowsOfRoleHolders

Starting test: MachineAccount

......................... DC3 passed test MachineAccount

Starting test: NCSecDesc

......................... DC3 passed test NCSecDesc

Starting test: NetLogons

Unable to connect to the NETLOGON share! (\\DC3\netlogon)

[DC3] An net use or LsaPolicy operation failed with error 67,

The network name cannot be found..

......................... DC3 failed test NetLogons

Starting test: ObjectsReplicated

......................... DC3 passed test ObjectsReplicated

Starting test: Replications

......................... DC3 passed test Replications

Starting test: RidManager

......................... DC3 passed test RidManager

Starting test: Services

......................... DC3 passed test Services

Starting test: SystemLog

......................... DC3 passed test SystemLog

Starting test: VerifyReferences

......................... DC3 passed test VerifyReferences

Running partition tests on : DomainDnsZones

Starting test: CheckSDRefDom

......................... DomainDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... DomainDnsZones passed test

CrossRefValidation

Running partition tests on : ForestDnsZones

Starting test: CheckSDRefDom

......................... ForestDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... ForestDnsZones passed test

CrossRefValidation

Running partition tests on : Schema

Starting test: CheckSDRefDom

......................... Schema passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Schema passed test CrossRefValidation

Running partition tests on : Configuration

Starting test: CheckSDRefDom

......................... Configuration passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Configuration passed test CrossRefValidation

Running partition tests on : domain

Starting test: CheckSDRefDom

......................... domain passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... domain passed test CrossRefValidation

Running enterprise tests on : domain.local

Starting test: LocatorCheck

......................... domain.local passed test LocatorCheck

Starting test: Intersite

......................... domain.local passed test Intersite

Any idea what would be causing this and what my next steps would be? Let me know if I can get you any more info.

Thanks for the help in advance!

Edited by DustyB22 Wednesday, March 25, 2015 4:58 PM Changed formatting

March 25th, 2015 4:56pm

Also, I got this from frsdiag on DC2:

Checking for errors in debug logs ...

ERROR on NtFrs_0005.log : "ERROR_ACCESS_DENIED" : <SndCsMain: 4348: 904: S0: 11:46:35> :SR: Cmd 0048c1c0, CxtG 6af17002, WS ERROR_ACCESS_DENIED, To DC1 Len: (368) [SndFail - Send Penalty]

ERROR on NtFrs_0005.log : "ERROR_ACCESS_DENIED" : <SndCsMain: 4312: 877: S0: 12:00:03> :SR: Cmd 0048cc40, CxtG 6af17002, WS ERROR_ACCESS_DENIED, To DC1 Len: (368) [SndFail - rpc call]

ERROR on NtFrs_0005.log : "ERROR_ACCESS_DENIED" : <SndCsMain: 4312: 904: S0: 12:00:03> :SR: Cmd 0048cc40, CxtG 6af17002, WS ERROR_ACCESS_DENIED, To DC1 Len: (368) [SndFail - Send Penalty]

ERROR on NtFrs_0005.log : "RPC_S_CALL_FAILED_DNE(Indicates RPC Session was established to target, but there was a failure to send RPC call package. Check for Networking problems!)" : <FrsDsGetName: 2316: 4930: S0: 14:59:56> :DS: ERROR - DsCrackNames(cn=ap-dc01,ou=domain controllers,dc=ap,dc=appareo, 00000002); WStatus: RPC_S_CALL_FAILED_DNE

Found 4422 ERROR_ACCESS_DENIED error(s)! Latest ones (up to 3) listed above

Found 1 RPC_S_CALL_FAILED_DNE error(s)! Latest ones (up to 3) listed above

Free Windows Admin Tool Kit Click here and download it now

March 25th, 2015 5:08pm

DC3 is showing as a not suitable DC. I believe because the SYSVOL/Netlogon shares are missing. You can run \\localhost on it to check.

I would recommend that you start with a non-authoritative restore of SYSVOL on DC3: http://support.microsoft.com/en-us/kb/290762

Also, refer to the recommendations I shared here especially the IP settings: http://www.ahmedmalek.com/web/fr/articles.asp?artid=23

March 25th, 2015 5:46pm

Yeah, it's because of the sysvol situation. It used to show the same thing on DC2, but I forced it into thinking it was replicating.

I've done the non-authoritative restore before on DC2, but I have not tried it on DC3.

I'll check both links out and get back to you as soon as possible.

Thanks!

Free Windows Admin Tool Kit Click here and download it now

March 26th, 2015 6:06pm

I performed a non-authoritative restore on DC3 and got this info in the event log:

Event 13565
Event 13554

The File Replication Service successfully added the connections shown below to the replica set:

"DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"

Outbound to "DC2.domain.local"

Inbound from "DC2.domain.local"

Outbound to "DC1.domain.local"

Inbound from "DC1.domain.local"

Event 13553

The File Replication Service successfully added this computer to the following replica set:

"DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"

Information related to this event is shown below:

Computer DNS name is "DC3.domain.local"

Replica set member name is "DC3"

Replica set root path is "c:\windows\sysvol\domain"

Replica staging directory path is "c:\windows\sysvol\staging\domain"

Replica working directory path is "c:\windows\ntfrs\jet"

Event 13508 (two of them actually. One for DC1 and one for DC2)

I also made sure the IP DNS settings were set according to the link you sent.

March 26th, 2015 6:55pm

All seems good now. Just run \\localhost on the DC to list the available shares. You should find Netlogon and Sysvol shares over there.

Also, use dcdiag and repadmin to make sure that your DCs and AD replication are okay.

Free Windows Admin Tool Kit Click here and download it now

March 26th, 2015 8:53pm

Hello,

It looks like it's still not working. Sysvol isn't showing up under net share and I'm still getting the netlogon and frsEvent fail in dcdiag. Repadmin /showrepl showed that all were successful.

I also tried this with no luck: https://support.microsoft.com/en-us/kb/315457?wa=wsignin1.0

My end goal is to create 3 new domain controllers.  Two of them are to replace DC1 and DC2 and a third will be created as a spare.  DC3 was put in place to replace DC1. After I started configuring DC3, that's when I ran into these sysvol errors that I saw last year on DC2.  So this is the outcome of netdom querry fsmo:

c:\Windows\System32>netdom query fsmo
Schema master              DC2.domain.local
Domain naming master   DC2.domain.local
PDC                               DC1.domain.local
RID pool manager           DC1.domain.local
Infrastructure master      DC1.domain.local
The command completed successfully.
I am wanting DC3 to replace DC1's roles. Once DC4 is in place, it will take over DC2's roles. Is there a way to bypass this error for now and have DC3 take over for DC1? Will that possibly take care of my issues?

March 26th, 2015 9:38pm

Would it hurt to transition to DFS replication if FRS isn't working?

Free Windows Admin Tool Kit Click here and download it now

April 6th, 2015 6:13pm

You do not want to transition to DFSR until your DC's are healthy and replicating. DFSR migration naturally depends on SYSVOL itself. It must already be shared and the DC must be advertising and available, or migration at each stage will never complete.

April 6th, 2015 6:44pm

What if everything is copied over manually, the reg key is set to 1 for sysvol, and the folders are shared out? Is that still not advisable to do? I'm out of ideas and I haven't been able to find anything to get the FRS replication resolved.

I did notice, however, that when trying to do an authoritative FRS restore, I never see the 13566 in the event log on the machine I set to D4. The BurFlags go back to 0, but nothing shows up in the event log after that.

Also, when forcing FRS replication through FRSDiag, I get this on DC1:

Detecting this machine's domain role ... Domain Controller (PDC)

Gathering ntfrsutl sets output and gathering all Upstream Partners ....Done!

Triggering Pull replication FROM all detected Upstream Partners ...

Could not detect any upstream partners, this server seems to be Orphaned! You should double check this!

Is this normal since this is the PDC?

Free Windows Admin Tool Kit Click here and download it now

April 6th, 2015 9:28pm

Hi,

Did you refer to this article about Troubleshooting FRS Events 13508 without FRS Event 13509?

https://msdn.microsoft.com/en-us/library/bb727056.aspx#EMAA

Regards.

April 8th, 2015 3:06am

Hi,

Please check in FRSDiag log files are you getting below errors.

NtFrs_000X.log:<var>FrsNewDsGetSysvolCxtions: S0: HH:MM:SS</var> :DS: WARN - Member (cn=DC1,cn=domain system volume (sysvol share),cn=file replication service,cn=system,dc=a,dc=com) of sysvol replica set lacks server reference;

Free Windows Admin Tool Kit Click here and download it now

April 8th, 2015 4:55am

Hi Vivian,

Yep, I have tested this before a couple times and everything tested ok.

April 8th, 2015 9:20am

Hello,

Is this is the FRSDiag_Log file? If so, I don't see that type of message anywhere. On the FRSDiag when I select all the DCs and select go, I get the following:

DC1:

------------------------------------------------------------

FRSDiag v1.7 on 4/8/2015 8:10:49 AM

.\DC1 on 2015-04-08 at 8.10.49 AM

------------------------------------------------------------

Checking for errors/warnings in FRS Event Log .... passed

Checking for errors in Directory Service Event Log .... passed

Checking for minimum FRS version requirement ... passed

Checking for errors/warnings in ntfrsutl ds ... passed

Checking for Replica Set configuration triggers... passed

Checking for suspicious file Backlog size... passed

Checking Overall Disk Space and SYSVOL structure (note: integrity is not checked)... passed

Checking for suspicious inlog entries ... passed

Checking for suspicious outlog entries ... passed

Checking for appropriate staging area size ... passed

Checking for errors in debug logs ... passed

Checking NtFrs Service (and dependent services) state...passed

Checking NtFrs related Registry Keys for possible problems...passed

Checking Repadmin Showreps for errors...passed

Final Result = passed

DC2:

------------------------------------------------------------

FRSDiag v1.7 on 4/8/2015 8:10:49 AM

.\DC2 on 2015-04-08 at 8.10.49 AM

------------------------------------------------------------

Checking for errors/warnings in FRS Event Log ....

NtFrs 4/8/2015 2:56:42 AM Warning 13508 The File Replication Service is having trouble enabling replication from DC1 to DC2 for c:\windows\sysvol\domain using the DNS name DC1.domain.local. FRS will keep retrying. Following are some of the reasons you would see this warning. [1] FRS can not correctly resolve the DNS name DC1.domain.local from this computer. [2] FRS is not running on DC1.domain.local. [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers. This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

NtFrs 4/8/2015 2:33:02 AM Warning 13508 The File Replication Service is having trouble enabling replication from DC3 to DC2 for c:\windows\sysvol\domain using the DNS name DC3.domain.local. FRS will keep retrying. Following are some of the reasons you would see this warning. [1] FRS can not correctly resolve the DNS name DC3.domain.local from this computer. [2] FRS is not running on DC3.domain.local. [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers. This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

NtFrs 4/7/2015 1:27:11 AM Warning 13508 The File Replication Service is having trouble enabling replication from DC3 to DC2 for c:\windows\sysvol\domain using the DNS name DC3.domain.local. FRS will keep retrying. Following are some of the reasons you would see this warning. [1] FRS can not correctly resolve the DNS name DC3.domain.local from this computer. [2] FRS is not running on DC3.domain.local. [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers. This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

NtFrs 4/7/2015 1:25:07 AM Warning 13565 File Replication Service is initializing the system volume with data from another domain controller. Computer DC2 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL. To check for the SYSVOL share, at the command prompt, type: net share When File Replication Service completes the initialization process, the SYSVOL share will appear. The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers.

NtFrs 4/6/2015 3:25:32 PM Warning 13520 The File Replication Service moved the preexisting files in c:\windows\sysvol\domain to c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog. The File Replication Service may delete the files in c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog at any time. Files can be saved from deletion by copying them out of c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog. Copying the files into c:\windows\sysvol\domain may lead to name conflicts if the files already exist on some other replicating partner. In some cases, the File Replication Service may copy a file from c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog into c:\windows\sysvol\domain instead of replicating the file from some other replicating partner. Space can be recovered at any time by deleting the files in c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog.

NtFrs 4/6/2015 3:25:32 PM Warning 13565 File Replication Service is initializing the system volume with data from another domain controller. Computer DC2 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL. To check for the SYSVOL share, at the command prompt, type: net share When File Replication Service completes the initialization process, the SYSVOL share will appear. The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers.

NtFrs 4/3/2015 10:17:06 AM Warning 13567 File Replication Service has detected and suppressed an average of 15 or more file updates every hour for the last 3 hours because the updates did not change the contents of the file. The tracking records in FRS debug logs will have the filename and event time for the suppressed updates. The tracking records have the date and time followed by :T: as their prefix. Updates that do not change the content of the file are suppressed to prevent unnecessary replication traffic. Following are common examples of updates that do not change the contents of the file. [1] Overwriting a file with a copy of the same file. [2] Setting the same ACLs on a file multiple times. [3] Restoring an identical copy of the file over an existing one. Suppression of updates can be disabled by running regedit. Click on Start, Run and type regedit. Expand HKEY_LOCAL_MACHINE, SYSTEM, CurrentControlSet, Services, NtFrs, Parameters, and create or update the value "Suppress Identical Updates To Files" to 0 (Default is 1) to force identical updates to replicate.

NtFrs 4/2/2015 6:28:57 PM Warning 13567 File Replication Service has detected and suppressed an average of 15 or more file updates every hour for the last 3 hours because the updates did not change the contents of the file. The tracking records in FRS debug logs will have the filename and event time for the suppressed updates. The tracking records have the date and time followed by :T: as their prefix. Updates that do not change the content of the file are suppressed to prevent unnecessary replication traffic. Following are common examples of updates that do not change the contents of the file. [1] Overwriting a file with a copy of the same file. [2] Setting the same ACLs on a file multiple times. [3] Restoring an identical copy of the file over an existing one. Suppression of updates can be disabled by running regedit. Click on Start, Run and type regedit. Expand HKEY_LOCAL_MACHINE, SYSTEM, CurrentControlSet, Services, NtFrs, Parameters, and create or update the value "Suppress Identical Updates To Files" to 0 (Default is 1) to force identical updates to replicate.

NtFrs 4/2/2015 4:10:11 PM Warning 13565 File Replication Service is initializing the system volume with data from another domain controller. Computer DC2 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL. To check for the SYSVOL share, at the command prompt, type: net share When File Replication Service completes the initialization process, the SYSVOL share will appear. The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers.

NtFrs 4/2/2015 3:56:38 PM Warning 13520 The File Replication Service moved the preexisting files in c:\windows\sysvol\domain to c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog. The File Replication Service may delete the files in c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog at any time. Files can be saved from deletion by copying them out of c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog. Copying the files into c:\windows\sysvol\domain may lead to name conflicts if the files already exist on some other replicating partner. In some cases, the File Replication Service may copy a file from c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog into c:\windows\sysvol\domain instead of replicating the file from some other replicating partner. Space can be recovered at any time by deleting the files in c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog.

NtFrs 4/2/2015 3:56:37 PM Warning 13565 File Replication Service is initializing the system volume with data from another domain controller. Computer DC2 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL. To check for the SYSVOL share, at the command prompt, type: net share When File Replication Service completes the initialization process, the SYSVOL share will appear. The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers.

WARNING: Found Event ID 13508 errors without trailing 13509 ... see above for (up to) the 3 latest entries!

......... failed 9

Checking for errors in Directory Service Event Log .... passed

Checking for minimum FRS version requirement ... passed

Checking for errors/warnings in ntfrsutl ds ... passed

Checking for Replica Set configuration triggers... passed

Checking for suspicious file Backlog size... passed

Checking Overall Disk Space and SYSVOL structure (note: integrity is not checked)... passed

Checking for suspicious inlog entries ... passed

Checking for suspicious outlog entries ... passed

Checking for appropriate staging area size ... passed

Checking for errors in debug logs ...

ERROR on NtFrs_0005.log : "ERROR_ACCESS_DENIED" : <SndCsMain: 4416: 904: S0: 08:00:40> :SR: Cmd 003f5d40, CxtG 6af17002, WS ERROR_ACCESS_DENIED, To DC1.domain.local Len: (368) [SndFail - Send Penalty]

ERROR on NtFrs_0005.log : "ERROR_ACCESS_DENIED" : <SndCsMain: 4416: 877: S0: 08:07:51> :SR: Cmd 003f5d40, CxtG 6af17002, WS ERROR_ACCESS_DENIED, To DC1.domain.local Len: (368) [SndFail - rpc call]

ERROR on NtFrs_0005.log : "ERROR_ACCESS_DENIED" : <SndCsMain: 4416: 904: S0: 08:07:51> :SR: Cmd 003f5d40, CxtG 6af17002, WS ERROR_ACCESS_DENIED, To DC1.domain.local Len: (368) [SndFail - Send Penalty]

ERROR on NtFrs_0004.log : "EPT_S_NOT_REGISTERED(This may indicate that DNS returns the IP address of the wrong computer. Check DNS records being returned, Check if FRS is currently running on the target server. Check if Ntfrs is registered with the End-Point-Mapper on target server!)" : <SndCsMain: 300: 883: S0: 15:25:44> ++ ERROR - EXCEPTION (000006d9) : WStatus: EPT_S_NOT_REGISTERED

ERROR on NtFrs_0004.log : "EPT_S_NOT_REGISTERED(This may indicate that DNS returns the IP address of the wrong computer. Check DNS records being returned, Check if FRS is currently running on the target server. Check if Ntfrs is registered with the End-Point-Mapper on target server!)" : <SndCsMain: 300: 884: S0: 15:25:44> :SR: Cmd 002a3060, CxtG e2bb412a, WS EPT_S_NOT_REGISTERED, To DC3.domain.local Len: (366) [SndFail - rpc exception]

ERROR on NtFrs_0004.log : "EPT_S_NOT_REGISTERED(This may indicate that DNS returns the IP address of the wrong computer. Check DNS records being returned, Check if FRS is currently running on the target server. Check if Ntfrs is registered with the End-Point-Mapper on target server!)" : <SndCsMain: 300: 904: S0: 15:25:44> :SR: Cmd 002a3060, CxtG e2bb412a, WS EPT_S_NOT_REGISTERED, To DC3.domain.local Len: (366) [SndFail - Send Penalty]

ERROR on NtFrs_0003.log : "RPC_S_CALL_FAILED_DNE(Indicates RPC Session was established to target, but there was a failure to send RPC call package. Check for Networking problems!)" : <SndCsMain: 1312: 883: S0: 10:19:22> ++ ERROR - EXCEPTION (000006bf) : WStatus: RPC_S_CALL_FAILED_DNE

ERROR on NtFrs_0003.log : "RPC_S_CALL_FAILED_DNE(Indicates RPC Session was established to target, but there was a failure to send RPC call package. Check for Networking problems!)" : <SndCsMain: 1312: 884: S0: 10:19:22> :SR: Cmd 06bf9240, CxtG e2bb412a, WS RPC_S_CALL_FAILED_DNE, To DC3.domain.local Len: (366) [SndFail - rpc exception]

ERROR on NtFrs_0003.log : "RPC_S_CALL_FAILED_DNE(Indicates RPC Session was established to target, but there was a failure to send RPC call package. Check for Networking problems!)" : <SndCsMain: 1312: 904: S0: 10:19:22> :SR: Cmd 06bf9240, CxtG e2bb412a, WS RPC_S_CALL_FAILED_DNE, To DC3.domain.local Len: (366) [SndFail - Send Penalty]

Found 2230 ERROR_ACCESS_DENIED error(s)! Latest ones (up to 3) listed above

Found 6 EPT_S_NOT_REGISTERED error(s)! Latest ones (up to 3) listed above

Found 3 RPC_S_CALL_FAILED_DNE error(s)! Latest ones (up to 3) listed above

......... failed with 2239 error entries

Checking NtFrs Service (and dependent services) state...

ERROR : Cannot access SYSVOL share on DC2

ERROR : Cannot access NETLOGON share on DC2

......... failed 2

Checking NtFrs related Registry Keys for possible problems...

SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\SysvolReady = 0 :: ERROR: SysvolReady is not set to 1 :: SYSVOL is likely not Sharing! This key should NOT be changed manually but this should be addressed! See article KB.327781 (How to Troubleshoot Missing SYSVOL and NETLOGON Shares on Windows Server) for further information!

failed with 1 error(s) and 0 warning(s)

Checking Repadmin Showreps for errors...passed

Final Result = failed with 2251 error(s)

DC3:

------------------------------------------------------------

FRSDiag v1.7 on 4/8/2015 8:10:49 AM

.\DC3 on 2015-04-08 at 8.10.49 AM

------------------------------------------------------------

Checking for errors/warnings in FRS Event Log ....

NtFrs 4/7/2015 4:52:26 PM Warning 13508 The File Replication Service is having trouble enabling replication from DC1 to DC3 for c:\windows\sysvol\domain using the DNS name DC1.domain.local. FRS will keep retrying. Following are some of the reasons you would see this warning. [1] FRS can not correctly resolve the DNS name DC1.domain.local from this computer. [2] FRS is not running on DC1.domain.local. [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers. This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

NtFrs 4/7/2015 4:33:35 PM Warning 13508 The File Replication Service is having trouble enabling replication from DC2 to DC3 for c:\windows\sysvol\domain using the DNS name DC2.domain.local. FRS will keep retrying. Following are some of the reasons you would see this warning. [1] FRS can not correctly resolve the DNS name DC2.domain.local from this computer. [2] FRS is not running on DC2.domain.local. [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers. This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

NtFrs 4/6/2015 3:27:45 PM Warning 13508 The File Replication Service is having trouble enabling replication from DC1 to DC3 for c:\windows\sysvol\domain using the DNS name DC1.domain.local. FRS will keep retrying. Following are some of the reasons you would see this warning. [1] FRS can not correctly resolve the DNS name DC1.domain.local from this computer. [2] FRS is not running on DC1.domain.local. [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers. This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

NtFrs 4/6/2015 3:26:03 PM Warning 13520 The File Replication Service moved the preexisting files in c:\windows\sysvol\domain to c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog. The File Replication Service may delete the files in c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog at any time. Files can be saved from deletion by copying them out of c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog. Copying the files into c:\windows\sysvol\domain may lead to name conflicts if the files already exist on some other replicating partner. In some cases, the File Replication Service may copy a file from c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog into c:\windows\sysvol\domain instead of replicating the file from some other replicating partner. Space can be recovered at any time by deleting the files in c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog.

NtFrs 4/6/2015 3:26:03 PM Warning 13565 File Replication Service is initializing the system volume with data from another domain controller. Computer DC3 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL. To check for the SYSVOL share, at the command prompt, type: net share When File Replication Service completes the initialization process, the SYSVOL share will appear. The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers.

NtFrs 4/6/2015 1:42:46 PM Warning 13518 The File Replication Service did not grant the user "itadmin" access to the API "Get Internal Information". Permissions for "Get Internal Information" can be changed by running regedit. Click on Start, Run, and type regedit. Expand HKEY_LOCAL_MACHINE, SYSTEM, CurrentControlSet, Services, NtFrs, Parameters, Access Checks, and highlight "Get Internal Information". Click on the toolbar option Security and then Permissions... Access checks can be disabled for "Get Internal Information". Double click on "Access checks are [Enabled or Disabled]" and change the string to Disabled.

NtFrs 4/3/2015 10:24:13 AM Warning 13565 File Replication Service is initializing the system volume with data from another domain controller. Computer DC3 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL. To check for the SYSVOL share, at the command prompt, type: net share When File Replication Service completes the initialization process, the SYSVOL share will appear. The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers.

NtFrs 4/3/2015 10:20:13 AM Warning 13520 The File Replication Service moved the preexisting files in c:\windows\sysvol\domain to c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog. The File Replication Service may delete the files in c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog at any time. Files can be saved from deletion by copying them out of c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog. Copying the files into c:\windows\sysvol\domain may lead to name conflicts if the files already exist on some other replicating partner. In some cases, the File Replication Service may copy a file from c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog into c:\windows\sysvol\domain instead of replicating the file from some other replicating partner. Space can be recovered at any time by deleting the files in c:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog.

NtFrs 4/3/2015 10:20:13 AM Warning 13565 File Replication Service is initializing the system volume with data from another domain controller. Computer DC3 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL. To check for the SYSVOL share, at the command prompt, type: net share When File Replication Service completes the initialization process, the SYSVOL share will appear. The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers.

NtFrs 4/2/2015 5:30:36 PM Warning 13567 File Replication Service has detected and suppressed an average of 15 or more file updates every hour for the last 3 hours because the updates did not change the contents of the file. The tracking records in FRS debug logs will have the filename and event time for the suppressed updates. The tracking records have the date and time followed by :T: as their prefix. Updates that do not change the content of the file are suppressed to prevent unnecessary replication traffic. Following are common examples of updates that do not change the contents of the file. [1] Overwriting a file with a copy of the same file. [2] Setting the same ACLs on a file multiple times. [3] Restoring an identical copy of the file over an existing one. Suppression of updates can be disabled by running regedit. Click on Start, Run and type regedit. Expand HKEY_LOCAL_MACHINE, SYSTEM, CurrentControlSet, Services, NtFrs, Parameters, and create or update the value "Suppress Identical Updates To Files" to 0 (Default is 1) to force identical updates to replicate.

WARNING: Found Event ID 13508 errors without trailing 13509 ... see above for (up to) the 3 latest entries!

......... failed 8

Checking for errors in Directory Service Event Log .... passed

Checking for minimum FRS version requirement ... passed

Checking for errors/warnings in ntfrsutl ds ... passed

Checking for Replica Set configuration triggers... passed

Checking for suspicious file Backlog size... passed

Checking Overall Disk Space and SYSVOL structure (note: integrity is not checked)... passed

Checking for suspicious inlog entries ... passed

Checking for suspicious outlog entries ... passed

Checking for appropriate staging area size ... passed

Checking for errors in debug logs ...

ERROR on NtFrs_0005.log : "ERROR_ACCESS_DENIED" : <SndCsMain: 7060: 904: S0: 07:54:33> :SR: Cmd 63f84670, CxtG aac0c4ed, WS ERROR_ACCESS_DENIED, To DC1.domain.local Len: (366) [SndFail - Send Penalty]

ERROR on NtFrs_0005.log : "ERROR_ACCESS_DENIED" : <SndCsMain: 288: 877: S0: 08:00:12> :SR: Cmd 63f947f0, CxtG aac0c4ed, WS ERROR_ACCESS_DENIED, To DC1.domain.local Len: (366) [SndFail - rpc call]

ERROR on NtFrs_0005.log : "ERROR_ACCESS_DENIED" : <SndCsMain: 288: 904: S0: 08:00:13> :SR: Cmd 63f947f0, CxtG aac0c4ed, WS ERROR_ACCESS_DENIED, To DC1.domain.local Len: (366) [SndFail - Send Penalty]

Found 1786 ERROR_ACCESS_DENIED error(s)! Latest ones (up to 3) listed above

......... failed with 1786 error entries

Checking NtFrs Service (and dependent services) state...

ERROR : Cannot access SYSVOL share on DC3

ERROR : Cannot access NETLOGON share on DC3

......... failed 2

Checking NtFrs related Registry Keys for possible problems...

failed with 1 error(s) and 0 warning(s)

Checking Repadmin Showreps for errors...passed

Final Result = failed with 1797 error(s)

Keep in mind that this is after I tried an authoritative restore.

Free Windows Admin Tool Kit Click here and download it now

April 8th, 2015 9:32am

Hi,

Can you see the DNS SRV records for the Dc's. Also Check that all of your domain controllers are in the domain controllers OU in Active Directory and that the security tab for each domain controller is set to inherit permissions from the parent

What is the outcome of following command

ntfrsutl forcerepl DC-01 /r "domain system volume (sysvol share)" /p DC-4.domainname.com

April 8th, 2015 10:45am

Hi Purvesh,

I checked in DNS on all DCs and there is _Kerberos and _ldap for each DC under _msdcs.domain.local>dc>_sites>Default-First-Site-Name>_tcp

For double measure, I also performed the command through nslookup:

c:\>nslookup
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
        primary name server = localhost
        responsible mail addr = nobody.invalid
        serial = 1
        refresh = 600 (10 mins)
        retry   = 1200 (20 mins)
        expire = 604800 (7 days)
        default TTL = 10800 (3 hours)
Default Server: UnKnown
Address: ::1

> set type=all
> _ldap._tcp.dc._msdcs.domain.local
Server: UnKnown
Address: ::1

_ldap._tcp.dc._msdcs.domain.local SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = DC1.domain.local
_ldap._tcp.dc._msdcs.domain.local SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = DC2.domain.local
_ldap._tcp.dc._msdcs.domain.local SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = DC3.domain.local
DC1.domain.local      internet address = <IP Address removed>
DC1.domain.local      AAAA IPv6 address = <IP Address removed>
DC2.domain.local       internet address = <IP Address removed>
DC2.domain.local       AAAA IPv6 address = <IP Address removed>
DC3.domain.local       internet address = <IP Address removed>
>

The DCs are in the proper OU and the security tab says "Disable Inheritance" so I figure it's set to inherit.

Here is the result of the command performed on DC2:

C:\>ntfrsutl forcerepl DC1 /r "domain system volume (sysvol share)" /p DC2.domain.local
LocalComputerName = DC1
ReplicaSetGuid = (null)
CxtionGuid = (null)
ReplicaSetName = domain system volume (sysvol share)
PartnerDnsName = DC2.domain.local

Free Windows Admin Tool Kit Click here and download it now

April 8th, 2015 2:54pm

Hi,

Have you check that Administrator Permission on C:\Windows etc.

April 9th, 2015 12:03am

This topic is archived. No further replies will be accepted.