Hi.
I have 2 DCs, PDC (2k8) and PDC1 (2k8R2). I recently promoted PDC1 to become a DC and replication occured without error. However now I get the FRS 13508 error and replication will not happen. Can some have a look at my dcdiags below and tell me what is wrong.
I can ping both servers from each other and they resolve correctly.
I have removed our domain name and some AV errors.
DCDIAG from PDC:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server…
Home Server = PDC
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\PDC
Starting test: Connectivity
……………………. PDC passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\PDC
Starting test: Advertising
Warning: PDC is not advertising as a time server.
……………………. PDC failed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
……………………. PDC passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
……………………. PDC failed test DFSREvent
Starting test: SysVolCheck
……………………. PDC passed test SysVolCheck
Starting test: KccEvent
……………………. PDC passed test KccEvent
Starting test: KnowsOfRoleHolders
[PDC1] DsBindWithSpnEx() failed with error -2146893022,
The target principal name is incorrect..
Warning: PDC1 is the Schema Owner, but is not responding to DS RPC
Bind.
[PDC1] LDAP bind failed with error 8341,
A directory service error has occurred..
Warning: PDC1 is the Schema Owner, but is not responding to LDAP Bind.
Warning: PDC1 is the Domain Owner, but is not responding to DS RPC
Bind.
Warning: PDC1 is the Domain Owner, but is not responding to LDAP Bind.
Warning: PDC1 is the PDC Owner, but is not responding to DS RPC Bind.
Warning: PDC1 is the PDC Owner, but is not responding to LDAP Bind.
Warning: PDC1 is the Rid Owner, but is not responding to DS RPC Bind.
Warning: PDC1 is the Rid Owner, but is not responding to LDAP Bind.
Warning: PDC1 is the Infrastructure Update Owner, but is not
responding to DS RPC Bind.
Warning: PDC1 is the Infrastructure Update Owner, but is not
responding to LDAP Bind.
……………………. PDC failed test KnowsOfRoleHolders
Starting test: MachineAccount
……………………. PDC passed test MachineAccount
Starting test: NCSecDesc
……………………. PDC passed test NCSecDesc
Starting test: NetLogons
……………………. PDC passed test NetLogons
Starting test: ObjectsReplicated
……………………. PDC passed test ObjectsReplicated
Starting test: Replications
[Replications Check,PDC] A recent replication attempt failed:
From PDC1 to PDC
Naming Context: DC=ForestDnsZones,DC=domain,DC=org,DC=uk
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2011-08-18 07:13:30.
The last success occurred at 2011-08-12 09:47:14.
151 failures have occurred since the last success.
[Replications Check,PDC] A recent replication attempt failed:
From PDC1 to PDC
Naming Context: DC=DomainDnsZones,DC=domain,DC=org,DC=uk
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2011-08-18 07:13:27.
The last success occurred at 2011-08-12 10:10:45.
155 failures have occurred since the last success.
[Replications Check,PDC] A recent replication attempt failed:
From PDC1 to PDC
Naming Context: CN=Schema,CN=Configuration,DC=domain,DC=org,DC=uk
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2011-08-18 07:10:50.
The last success occurred at 2011-08-12 09:47:14.
151 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,PDC] A recent replication attempt failed:
From PDC1 to PDC
Naming Context: CN=Configuration,DC=domain,DC=org,DC=uk
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2011-08-18 07:13:14.
The last success occurred at 2011-08-12 10:16:14.
408 failures have occurred since the last success.
[Replications Check,PDC] A recent replication attempt failed:
From PDC1 to PDC
Naming Context: DC=domain,DC=org,DC=uk
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2011-08-18 07:31:33.
The last success occurred at 2011-08-17 20:24:08.
84 failures have occurred since the last success.
……………………. PDC failed test Replications
Starting test: RidManager
……………………. PDC failed test RidManager
Starting test: Services
……………………. PDC passed test Services
Starting test: SystemLog
An Error Event occurred. EventID: 0xC0001B77
Time Generated: 08/18/2011 06:32:20
Event String:
The processing of Group Policy failed. Windows attempted to read the file
\\DOMAIN\sysvol\DOMAIN\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one
or more of the following:
An Error Event occurred. EventID: 0xC0001B77
Time Generated: 08/18/2011 06:34:40
Event String:
Event String:
The processing of Group Policy failed. Windows attempted to read the file
\\DOMAIN\sysvol\DOMAIN\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one
or more of the following:
An Error Event occurred. EventID: 0xC0001B77
Event String:
The processing of Group Policy failed. Windows attempted to read the file
\\DOMAIN\sysvol\DOMAIN\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one
or more of the following:
An Error Event occurred. EventID: 0xC0001B77
Time Generated: 08/18/2011 06:45:11
Event String:
Event String:
The processing of Group Policy failed. Windows attempted to read the file
\\DOMAIN\sysvol\DOMAIN\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one
or more of the following:
An Error Event occurred. EventID: 0xC0001B77
Time Generated: 08/18/2011 06:49:51
Event String:
The processing of Group Policy failed. Windows attempted to read the file
\\DOMAIN\sysvol\DOMAIN\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one
or more of the following:
An Error Event occurred. EventID: 0xC0001B77
Time Generated: 08/18/2011 06:55:42
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server pdc$. The target name used was
E3514235-4B06-11D1-AB04-00C04FC2DCD2/4558ba77-7318-4362-a2c7-983e70085699/DOMAIN@DOMAIN. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered
on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for
the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified,
and the target domain (DOMAIN) is different from the client domain (DOMAIN), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An Error Event occurred. EventID: 0xC0001B77
Time Generated: 08/18/2011 06:59:12
Event String:
The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly
if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.
An Warning Event occurred. EventID: 0x825A0018
Time Generated: 08/18/2011 07:01:54
Event String:
Time Provider NtpClient: No valid response has been received from domain controller PDC1.DOMAIN after 8 attempts to contact it. This domain controller will be discarded as a time source and
NtpClient will attempt to discover a new domain controller from which to synchronize. The error was: The client fails authenticating a response with a bad signature.
The server service was unable to recreate the share acullen$ because the directory G:\Users\Pupils\CSM\acullen no longer exists. Please run «net share acullen$ /delete» to delete the
share, or recreate the directory G:\Users\Pupils\CSM\acullen.
An Warning Event occurred. EventID: 0x800009CF
Time Generated: 08/18/2011 07:10:19
Event String:
The server service was unable to recreate the share aowen$ because the directory G:\Users\Pupils\CSM\aowen no longer exists. Please run «net share aowen$ /delete» to delete the share,
or recreate the directory G:\Users\Pupils\CSM\aowen.
An Warning Event occurred. EventID: 0x800009CF
Time Generated: 08/18/2011 07:10:19
Event String:
The server service was unable to recreate the share bgreg$ because the directory G:\Users\Pupils\CSM\bgreg no longer exists. Please run «net share bgreg$ /delete» to delete the share,
or recreate the directory G:\Users\Pupils\CSM\bgreg.
An Warning Event occurred. EventID: 0x800009CF
Time Generated: 08/18/2011 07:10:19
Event String:
The server service was unable to recreate the share cfiona$ because the directory G:\Users\Pupils\CSM\cfiona no longer exists. Please run «net share cfiona$ /delete» to delete the share,
or recreate the directory G:\Users\Pupils\CSM\cfiona.
An Warning Event occurred. EventID: 0x800009CF
Time Generated: 08/18/2011 07:10:19
Event String:
The server service was unable to recreate the share csam$ because the directory G:\Users\Pupils\CSM\csam no longer exists. Please run «net share csam$ /delete» to delete the share,
or recreate the directory G:\Users\Pupils\CSM\csam.
An Warning Event occurred. EventID: 0x00000C18
Time Generated: 08/18/2011 07:10:50
Event String:
The primary Domain Controller for this domain could not be located.
An Warning Event occurred. EventID: 0x8000A000
Time Generated: 08/18/2011 07:10:50
Event String:
The Security System detected an authentication error for the server ldap/PDC.DOMAIN. The failure code from authentication protocol Kerberos was «There are currently no logon servers available
to service the logon request.
An Warning Event occurred. EventID: 0x8000001D
Time Generated: 08/18/2011 07:10:58
Event String:
The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly
if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.
An Error Event occurred. EventID: 0x40000004
Time Generated: 08/18/2011 07:11:21
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server pdc$. The target name used was BROADCLYST\PDC1$. This indicates that the target server failed to decrypt the ticket
provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used
by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server
and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (DOMAIN) is different from the client domain (DOMAIN), check if there are identically named server accounts in these two domains, or
use the fully-qualified name to identify the server.
An Error Event occurred. EventID: 0xC0001B58
Time Generated: 08/18/2011 07:11:31
Event String:
The Parallel port driver service failed to start due to the following error:
An Warning Event occurred. EventID: 0x825A0081
Time Generated: 08/18/2011 07:11:42
Event String:
NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error
was: The entry is not found. (0x800706E1)
An Error Event occurred. EventID: 0xC0001B77
Time Generated: 08/18/2011 07:11:42
Event String:
The Sophos Message Router service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
An Error Event occurred. EventID: 0xC0001B72
Time Generated: 08/18/2011 07:11:42
Event String:
The following boot-start or system-start driver(s) failed to load:
An Error Event occurred. EventID: 0x40000004
Time Generated: 08/18/2011 07:11:44
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server pdc$. The target name used was cifs/PDC1.DOMAIN. This indicates that the target server failed to decrypt the ticket
provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used
by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server
and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (DOMAIN) is different from the client domain (DOMAIN), check if there are identically named server accounts in these two domains, or
use the fully-qualified name to identify the server.
An Error Event occurred. EventID: 0x00000BBA
Time Generated: 08/18/2011 07:11:45
Event String:
Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.
An Error Event occurred. EventID: 0x00000448
Time Generated: 08/18/2011 07:11:44
Event String:
The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object
LDAP://CN=Machine,CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=domain,DC=org,DC=uk. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the
file name and path that caused the failure.
An Warning Event occurred. EventID: 0x825A0081
Time Generated: 08/18/2011 07:11:59
Event String:
NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error
was: The entry is not found. (0x800706E1)
An Error Event occurred. EventID: 0x00000422
Time Generated: 08/18/2011 07:12:20
Event String:
The processing of Group Policy failed. Windows attempted to read the file
\\DOMAIN\sysvol\DOMAIN\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one
or more of the following:
An Error Event occurred. EventID: 0xC0002720
Time Generated: 08/18/2011 07:12:26
Event String:
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
An Error Event occurred. EventID: 0xC0001B77
Time Generated: 08/18/2011 07:12:53
Event String:
The Sophos Message Router service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
An Error Event occurred. EventID: 0x40000004
Time Generated: 08/18/2011 07:13:14
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server pdc$. The target name used was
E3514235-4B06-11D1-AB04-00C04FC2DCD2/4558ba77-7318-4362-a2c7-983e70085699/DOMAIN@DOMAIN. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered
on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for
the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified,
and the target domain (DOMAIN) is different from the client domain (DOMAIN), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An Warning Event occurred. EventID: 0x000727AA
Time Generated: 08/18/2011 07:13:44
Event String:
The WinRM service failed to create the following SPNs: WSMAN/PDC.DOMAIN; WSMAN/PDC.
ient received a KRB_AP_ERR_MODIFIED error from the server pdc$. The target name used was LDAP/4558ba77-7318-4362-a2c7-983e70085699._msdcs.DOMAIN. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when
the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when
the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current
password. If the server name is not fully qualified, and the target domain (DOMAIN) is different from the client domain (DOMAIN), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An Error Event occurred. EventID: 0x40000004
Time Generated: 08/18/2011 07:15:54
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server pdc$. The target name used was ldap/pdc1.DOMAIN. This indicates that the target server failed to decrypt the ticket
provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used
by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server
and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (DOMAIN) is different from the client domain (DOMAIN), check if there are identically named server accounts in these two domains, or
use the fully-qualified name to identify the server.
An Warning Event occurred. EventID: 0x80000008
Time Generated: 08/18/2011 07:16:05
Event String:
The Sophos Message Router service terminated unexpectedly. It has done this 9 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
An Error Event occurred. EventID: 0x40000004
Time Generated: 08/18/2011 07:21:50
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server pdc$. The target name used was cifs/pdc1.DOMAIN. This indicates that the target server failed to decrypt the ticket
provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used
by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server
and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (DOMAIN) is different from the client domain (DOMAIN), check if there are identically named server accounts in these two domains, or
use the fully-qualified name to identify the server.
An Error Event occurred. EventID: 0x00000422
Time Generated: 08/18/2011 07:21:50
The processing of Group Policy failed. Windows attempted to read the file
\\DOMAIN\sysvol\DOMAIN\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one
or more of the following:
An Error Event occurred. EventID: 0x40000004
Time Generated: 08/18/2011 07:27:01
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server pdc$. The target name used was Rpcss/pdc1. This indicates that the target server failed to decrypt the ticket provided
by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server.
This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC
are both updated to use the current password. If the server name is not fully qualified, and the target domain (DOMAIN) is different from the client domain (DOMAIN), check if there are identically named server accounts in these two domains, or use the fully-qualified
name to identify the server.
An Error Event occurred. EventID: 0xC0001B77
Time Generated: 08/18/2011 07:28:04
The processing of Group Policy failed. Windows attempted to read the file
\\DOMAIN\sysvol\DOMAIN\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one
or more of the following:
……………………. PDC failed test SystemLog
Starting test: VerifyReferences
……………………. PDC passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
……………………. ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
……………………. ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
……………………. DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
……………………. DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
……………………. Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
……………………. Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
……………………. Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
……………………. Configuration passed test CrossRefValidation
Running partition tests on : domain
Starting test: CheckSDRefDom
……………………. domain passed test CheckSDRefDom
Starting test: CrossRefValidation
……………………. domain passed test CrossRefValidation
Running enterprise tests on : DOMAIN
Starting test: LocatorCheck
……………………. DOMAIN passed test LocatorCheck
Starting test: Intersite
……………………. DOMAIN passed test Intersite
DCDIAG from PDC1:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server…
Home Server = PDC1
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\PDC1
Starting test: Connectivity
……………………. PDC1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\PDC1
Starting test: Advertising
……………………. PDC1 passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
……………………. PDC1 passed test FrsEvent
Starting test: DFSREvent
……………………. PDC1 passed test DFSREvent
Starting test: SysVolCheck
……………………. PDC1 passed test SysVolCheck
Starting test: KccEvent
……………………. PDC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
……………………. PDC1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
……………………. PDC1 passed test MachineAccount
Starting test: NCSecDesc
……………………. PDC1 passed test NCSecDesc
Starting test: NetLogons
……………………. PDC1 passed test NetLogons
Starting test: ObjectsReplicated
……………………. PDC1 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,PDC1] A recent replication attempt failed:
From PDC to PDC1
Naming Context: DC=ForestDnsZones,DC=domain,DC=org,DC=uk
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2011-08-18 05:52:51.
The last success occurred at 2011-08-17 20:31:38.
12 failures have occurred since the last success.
[PDC] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
[Replications Check,PDC1] A recent replication attempt failed:
From PDC to PDC1
Naming Context: DC=DomainDnsZones,DC=domain,DC=org,DC=uk
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2011-08-18 05:52:51.
The last success occurred at 2011-08-17 19:56:08.
13 failures have occurred since the last success.
[Replications Check,PDC1] A recent replication attempt failed:
From PDC to PDC1
Naming Context: CN=Schema,CN=Configuration,DC=domain,DC=org,DC=uk
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2011-08-18 05:53:50.
The last success occurred at 2011-08-17 19:56:07.
11 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,PDC1] A recent replication attempt failed:
From PDC to PDC1
Naming Context: CN=Configuration,DC=domain,DC=org,DC=uk
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2011-08-18 05:53:27.
The last success occurred at 2011-08-17 20:15:35.
12 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,PDC1] A recent replication attempt failed:
From PDC to PDC1
Naming Context: DC=domain,DC=org,DC=uk
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2011-08-18 05:52:51.
The last success occurred at 2011-08-17 20:15:02.
12 failures have occurred since the last success.
The source remains down. Please check the machine.
……………………. PDC1 failed test Replications
Starting test: RidManager
……………………. PDC1 passed test RidManager
Starting test: Services
……………………. PDC1 passed test Services
Starting test: SystemLog
……………………. PDC1 passed test SystemLog
Starting test: VerifyReferences
……………………. PDC1 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
……………………. ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
……………………. ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
……………………. DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
……………………. DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
……………………. Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
……………………. Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
……………………. Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
……………………. Configuration passed test CrossRefValidation
Running partition tests on : domain
Starting test: CheckSDRefDom
……………………. domain passed test CheckSDRefDom
Starting test: CrossRefValidation
……………………. domain passed test CrossRefValidation
Running enterprise tests on : domain.org.uk
Starting test: LocatorCheck
……………………. domain.org.uk passed test LocatorCheck
Starting test: Intersite
……………………. domain.org.uk passed test Intersite
Thanks
I have installed 2 new domain controllers in a domain where there already exist a domain controller.
File Replication Service seems to have problems and therefor these two new domain controllers cant finish setup SYSVOL/NETLOGON shares etc.
There is an event logged under File Replication Service saying the following:
————————————————————————————————
The File Replication Service is having trouble enabling replication from DC01 to DC02 for c:\windows\sysvol\domain using the DNS name DC01.domain.com. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name DC01.domain.com from this computer.
[2] FRS is not running on DC01.domain.com.
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
————————————————————————————————
I have tried a Nonauthoritative restore ref this article https://support.microsoft.com/en-us/help/290762/using-the-burflags-registry-key-to-reinitialize-file-replication-service
After that it logged the above event after a few minutes. It also added these events:
————————————————————————————————
The File Replication Service successfully added the connections shown below to the replica set:
«DOMAIN SYSTEM VOLUME (SYSVOL SHARE)»
Inbound from «DC01.domain.com»
Outbound to «DC01.domain.com»
Outbound to «DC03.domain.com»
Inbound from «DC03.domain.com»
————————————————————————————————
The File Replication Service successfully added this computer to the following replica set:
«DOMAIN SYSTEM VOLUME (SYSVOL SHARE)»
Information related to this event is shown below:
Computer DNS name is «DC02.domain.com»
Replica set member name is «DC02»
Replica set root path is «c:\windows\sysvol\domain»
Replica staging directory path is «c:\windows\sysvol\staging\domain»
Replica working directory path is «c:\windows\ntfrs\jet»
————————————————————————————————
Have you checked out this link from MS http:/ Opens a new window
Procedures for Troubleshooting FRS Event 13508 without Event 13509
-
Examine the FRS event ID 13508 to determine the machine that FRS has been unable to communicate with.
-
Determine whether the remote machine is working properly, and verify that FRS is running on it. Type the following command at a command prompt on the computer that logged the FRS event ID 13508 and press ENTER:
ntfrsutl version <FQDN of remote domain controller>
If this fails, check network connectivity by using the Ping command to ping the fully qualified domain name (FQDN) of the remote domain controller from the computer that logged the FRS event ID 13508. If this fails, then troubleshoot as a DNS or TCP/IP issue. If it succeeds, confirm that the FRS service is started on the remote domain controller.
-
Determine whether FRS has ever been able to communicate with the remote computer by looking for FRS event ID 13509 in the event log and see if the FRS problem correlates to recent change management to networking, firewalls, DNS configuration, or Active Directory infrastructure.
-
Determine whether anything between the two machines is capable of blocking RPC traffic, such as a firewall or router.
-
Confirm that Active Directory replication is working. For more information about troubleshooting Active Directory replication, see Troubleshooting Active Directory Replication Problems Opens a new window in this guide.
Was this post helpful?
thumb_up
thumb_down
After I promoted a Windows Server 2008 to Additional Domain Controller and start receiving event id 13508 File Replication Service. Additionally, Event id 13508 was preventing Additional Domain Controller from replication with Primary Domain Controller. Finally, I applied below solution to resolved the event id 13508 and source ntfrs issue on server. Now, let’s start with the issue and here is the error for your reference and comparison with yours own.
Event Type: Warning Event Source: NtFrs
Event Category: None Event ID: 13508
Date: 6/14/2012 Time: 10:15:11 AM
User:v N/A Computer: SATURN
Description:
The File Replication Service is having trouble enabling replication from vm-dc1 to SATURN for c:\windows\sysvol\domain using the DNS name vm-dc1.rizwanranjha.com. FRS will keep retrying.
Possible Reasons: Event ID 13508
Specifically, following are some of the reasons for seeing this warning.
- In fact, FRS or File Replication Service can not correctly resolving the DNS name vm-dc1.rizwanranjha.com from this computer.
- Consequently, File Replication Service or FRS is not running on vm-dc1.rizwanranjha.com
- Finally, The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
This event id will appear once per connection and the fixation will result an other event indicating a successful connection. For more information, see Microsoft Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Possible Solutions
Event id 13508 issue requires me to read before I found a windows registry tweak to resolve this replication error. Likewise, here are the steps for windows registry tweak to resolve this event id 13508
- Stop File Replication service
- Click on Start and open Run
- Type CMD in run and press OK.
- In the Command Prompt window type ‘net stop ntfrs‘ and press enter
- Use RegEdit to edit “BurFlags” in the key
- “HKLM\System\CurrentControlSet\Services\Ntfrs\Parameters\Backup/Restore\Process at Startup“
- * edit the dword key “BurFlags” in Hex format.
- * Change from 0 to D2 or D4
- D2 – Non-Authoritative restore (pull from another DC)
- D4 – Authoritative restore
Start File Replication Service on Computer
Again, to Start the File Replication services, we need to start ntfrs services. This services can be started from services.msc or using the method below.
- Click on Start > Run and type CMD and click OK to open.
- In Command Prompt Windows type ‘net start ntfrs‘ and Press Enter.
Firewall for PRC Traffic on Computer
- Additionally, check for Firewall (Windows / Router) between two Systems, you can disable firewall or can check that RPC traffic is able to communicate with the remote computer?
Event ID 13509 Found on Computer?
If you found Event ID 13509 in your System’s events logs than you need to do the following;
- Indeed, File Replication Service Restart can be helpful in some cases.
- Secondly, Firewalls off or allow can be a solution
- Finally, DNS configuration, or Active Directory infrastructure is working or not can also help in this issue.
Moreover, hopefully this article will help you to solve this issue, if you found it useful, please share it with others.
I have 3 Domain Controllers. We will call them DC1, DC2 and DC3. DC3 and DC2 show Event ID 13508 in their FRS logs with no follow-up event(13509 I think) to say the error had been fixed. DC1’s FRS log no matter what you do never shows any events besides FRS service stopped and started.
DC1 holds the SYSVOL that needs to be replicated to the other DC’s. The other DC’s sysvol folders are empty.
I have tried the burflag method of fixing this but I haven’t had any luck. My procedure for that was to stop all FRS services on all DC’s. Then set the burflag on DC1 to D4 and the other two DCs burflag to D2. Started FRS on DC1 and the only event’s I see in DC1’s FRS event logs are service stopped and service started messages. This fact is leading me to believe that something is wrong on FRS for DC1. I believe there should be events 13553 and 13516 in the FRS event logs after an authoritative sysvol restore.
The other two DC’s do not have anything in their SYSVOL, otherwise I would have made one of them the authoritative sysvol.
DC1 is MS Server 2003 Enterprise Edition SP2
DC2 is MS Server 2003 Standard Edition SP1
DC3 is MS Server 2003 R2 Standard Edition SP2
I did not setup this domain originally but I am now the administrator of it, so I don’t have a lot of background on why certain things may have been done in the past.
My main goal is to try and fix these issues to get myself better prepared to decommision DC1 and add a DC running Server 2008 to my domain.
Thanks.