Discussion:
FRS: Error 13508
(too old to reply)
Asgard Hostmaster
2004-10-14 02:11:52 UTC
Permalink
Hi folks,
I'm still struggling with getting FRS working properly. To recap, the only
thing i'm trying to replicate is SYSVOL. I've been through all the KBs and
such I can find, and have cleared a few issues, but still no luck getting it
working properly.

Checking the NTFRS logs, I'm down to this repeated error -

<FrsHashCalcString: 3156: 4832: S0: 21:05:06> Name =
S-1-5-21-484763869-1972579041-1417001333-1809
<SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++ ERROR - Invalid
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809

I'm very confident the problem relates to this, however I can't find it
addressed anywhere on the MS site or newsgroups or elsewhere on the net.
I've tried resetting the machine password on SB-2 using netdom, but the
error is still there. How is security defined for FRS machine transactions?

thanks,
David
Asgard Hostmaster
2004-10-14 02:18:13 UTC
Permalink
just to add, the NTFRS logs on the other server say -

WS ERROR_ACCESS_DENIED

So it seems obvious to be some kind of permissions problem. Perhaps a
Kerberos problem?
Post by Asgard Hostmaster
Hi folks,
I'm still struggling with getting FRS working properly. To recap, the only
thing i'm trying to replicate is SYSVOL. I've been through all the KBs and
such I can find, and have cleared a few issues, but still no luck getting
it working properly.
Checking the NTFRS logs, I'm down to this repeated error -
<FrsHashCalcString: 3156: 4832: S0: 21:05:06> Name =
S-1-5-21-484763869-1972579041-1417001333-1809
<SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++ ERROR - Invalid
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809
I'm very confident the problem relates to this, however I can't find it
addressed anywhere on the MS site or newsgroups or elsewhere on the net.
I've tried resetting the machine password on SB-2 using netdom, but the
error is still there. How is security defined for FRS machine
transactions?
thanks,
David
Asgard Hostmaster
2004-10-16 13:49:39 UTC
Permalink
Removing and readding each Domain Controller in turn has fixed this error.
Now I'm managing to replicate SYSVOL and two other folders, but the third
refuses. Error in ntfrs.log now is -

<SndCsMain: 3200: 867: S0: 07:24:06> :SR: Cmd 0026f378, CxtG 4281a4ba, WS
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - rpc call]
<SndCsMain: 3200: 889: S0: 07:24:06> :SR: Cmd 0026f378, CxtG 4281a4ba, WS
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - Send Penalty]
<FrsDsFindComputer: 3392: 8786: S2: 07:25:48> :DS: Computer FQDN is
cn=sb-3,ou=domain controllers,dc=mydomain,dc=net
<FrsDsFindComputer: 3392: 8792: S2: 07:25:48> :DS: Computer's dns name is
sb-3.mydomain.net
<FrsDsFindComputer: 3392: 8806: S2: 07:25:48> :DS: Settings reference is
cn=ntds
settings,cn=sb-3,cn=servers,cn=san-antonio,cn=sites,cn=configuration,dc=mydomain,dc=net
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No NTFRSSubscriber
object found under cn=dfs volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no parent
computer for DFS|CLIENTSITES : WStatus: ERROR_FILE_NOT_FOUND

Any suggestions on where to look now?
Post by Asgard Hostmaster
just to add, the NTFRS logs on the other server say -
WS ERROR_ACCESS_DENIED
So it seems obvious to be some kind of permissions problem. Perhaps a
Kerberos problem?
Post by Asgard Hostmaster
Hi folks,
I'm still struggling with getting FRS working properly. To recap, the
only thing i'm trying to replicate is SYSVOL. I've been through all the
KBs and such I can find, and have cleared a few issues, but still no luck
getting it working properly.
Checking the NTFRS logs, I'm down to this repeated error -
<FrsHashCalcString: 3156: 4832: S0: 21:05:06> Name =
S-1-5-21-484763869-1972579041-1417001333-1809
<SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++ ERROR - Invalid
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809
I'm very confident the problem relates to this, however I can't find it
addressed anywhere on the MS site or newsgroups or elsewhere on the net.
I've tried resetting the machine password on SB-2 using netdom, but the
error is still there. How is security defined for FRS machine
transactions?
thanks,
David
Glenn LeCheminant
2004-10-16 17:28:13 UTC
Permalink
FRS stores all its topology info in AD.
this diag spells it out pretty clearly
Post by Asgard Hostmaster
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no parent
Post by Asgard Hostmaster
computer for DFS|CLIENTSITES
You need to compare your working computer objects to these.
You may be able to manually repair the objects.
I suspect the cn=2076db4e-718a-4a61-ac1d-9ae239578d26 object is missing the
MEMBERREF attribute pointing back to the member server object.

The FRS technical reference has a good diagram on how FRS objects and
attributes are glued together in AD.
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/W2K3TR_frs_intro.asp

If you cannot repair the objects manually, then you can D2 the server which
will force it to rejoin the replica set and rewrite these objects.
Post by Asgard Hostmaster
Removing and readding each Domain Controller in turn has fixed this error.
Now I'm managing to replicate SYSVOL and two other folders, but the third
refuses. Error in ntfrs.log now is -
<SndCsMain: 3200: 867: S0: 07:24:06> :SR: Cmd 0026f378, CxtG 4281a4ba, WS
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - rpc call]
<SndCsMain: 3200: 889: S0: 07:24:06> :SR: Cmd 0026f378, CxtG 4281a4ba, WS
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - Send Penalty]
<FrsDsFindComputer: 3392: 8786: S2: 07:25:48> :DS: Computer FQDN is
cn=sb-3,ou=domain controllers,dc=mydomain,dc=net
<FrsDsFindComputer: 3392: 8792: S2: 07:25:48> :DS: Computer's dns name is
sb-3.mydomain.net
<FrsDsFindComputer: 3392: 8806: S2: 07:25:48> :DS: Settings reference is
cn=ntds
settings,cn=sb-3,cn=servers,cn=san-antonio,cn=sites,cn=configuration,dc=mydo
main,dc=net
Post by Asgard Hostmaster
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No NTFRSSubscriber
object found under cn=dfs volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no parent
computer for DFS|CLIENTSITES : WStatus: ERROR_FILE_NOT_FOUND
Any suggestions on where to look now?
Post by Asgard Hostmaster
just to add, the NTFRS logs on the other server say -
WS ERROR_ACCESS_DENIED
So it seems obvious to be some kind of permissions problem. Perhaps a
Kerberos problem?
Post by Asgard Hostmaster
Hi folks,
I'm still struggling with getting FRS working properly. To recap, the
only thing i'm trying to replicate is SYSVOL. I've been through all the
KBs and such I can find, and have cleared a few issues, but still no luck
getting it working properly.
Checking the NTFRS logs, I'm down to this repeated error -
<FrsHashCalcString: 3156: 4832: S0: 21:05:06> Name =
S-1-5-21-484763869-1972579041-1417001333-1809
<SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++ ERROR - Invalid
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809
I'm very confident the problem relates to this, however I can't find it
addressed anywhere on the MS site or newsgroups or elsewhere on the net.
I've tried resetting the machine password on SB-2 using netdom, but the
error is still there. How is security defined for FRS machine transactions?
thanks,
David
Asgard Hostmaster
2004-10-16 19:25:13 UTC
Permalink
Hi Glen,

Thanks very much for the reply! The cn=2076db4e-718a-4a61-ac1d-9ae239578d26
object itself has no frsMemberReference attribute, only
frsMemberReferenceBL, which is not set. Beneath it are the 3 subscriber
objects, two of which are replicating fine and one of which, DFS|CLIENTSITES
is not. All of them have frsMemberReference set correctly.
Post by Glenn LeCheminant
FRS stores all its topology info in AD.
this diag spells it out pretty clearly
Post by Asgard Hostmaster
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no parent
Post by Asgard Hostmaster
computer for DFS|CLIENTSITES
You need to compare your working computer objects to these.
You may be able to manually repair the objects.
I suspect the cn=2076db4e-718a-4a61-ac1d-9ae239578d26 object is missing the
MEMBERREF attribute pointing back to the member server object.
The FRS technical reference has a good diagram on how FRS objects and
attributes are glued together in AD.
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/W2K3TR_frs_intro.asp
If you cannot repair the objects manually, then you can D2 the server which
will force it to rejoin the replica set and rewrite these objects.
Post by Asgard Hostmaster
Removing and readding each Domain Controller in turn has fixed this error.
Now I'm managing to replicate SYSVOL and two other folders, but the third
refuses. Error in ntfrs.log now is -
<SndCsMain: 3200: 867: S0: 07:24:06> :SR: Cmd 0026f378, CxtG 4281a4ba, WS
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - rpc call]
<SndCsMain: 3200: 889: S0: 07:24:06> :SR: Cmd 0026f378, CxtG 4281a4ba, WS
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - Send
Penalty]
Post by Asgard Hostmaster
<FrsDsFindComputer: 3392: 8786: S2: 07:25:48> :DS: Computer FQDN is
cn=sb-3,ou=domain controllers,dc=mydomain,dc=net
<FrsDsFindComputer: 3392: 8792: S2: 07:25:48> :DS: Computer's dns name is
sb-3.mydomain.net
<FrsDsFindComputer: 3392: 8806: S2: 07:25:48> :DS: Settings reference is
cn=ntds
settings,cn=sb-3,cn=servers,cn=san-antonio,cn=sites,cn=configuration,dc=mydo
main,dc=net
Post by Asgard Hostmaster
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No NTFRSSubscriber
object found under cn=dfs volumes,cn=ntfrs
subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no parent
computer for DFS|CLIENTSITES : WStatus: ERROR_FILE_NOT_FOUND
Any suggestions on where to look now?
Post by Asgard Hostmaster
just to add, the NTFRS logs on the other server say -
WS ERROR_ACCESS_DENIED
So it seems obvious to be some kind of permissions problem. Perhaps a
Kerberos problem?
Post by Asgard Hostmaster
Hi folks,
I'm still struggling with getting FRS working properly. To recap, the
only thing i'm trying to replicate is SYSVOL. I've been through all the
KBs and such I can find, and have cleared a few issues, but still no
luck
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
getting it working properly.
Checking the NTFRS logs, I'm down to this repeated error -
<FrsHashCalcString: 3156: 4832: S0: 21:05:06> Name =
S-1-5-21-484763869-1972579041-1417001333-1809
<SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++ ERROR - Invalid
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809
I'm very confident the problem relates to this, however I can't find it
addressed anywhere on the MS site or newsgroups or elsewhere on the
net.
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
I've tried resetting the machine password on SB-2 using netdom, but the
error is still there. How is security defined for FRS machine transactions?
thanks,
David
Glenn L
2004-10-16 20:39:39 UTC
Permalink
Run FRSDIAG against the failing member.
then paste the contents of FRS-DS config log into this thread.
Can't remember the exact name of the log file, but it is the one that dumps
the FRS topology from AD into a text file.
I should be able to see from that if the error in the debug log is bogus or
not.

Glenn
Post by Asgard Hostmaster
Hi Glen,
Thanks very much for the reply! The
cn=2076db4e-718a-4a61-ac1d-9ae239578d26
Post by Asgard Hostmaster
object itself has no frsMemberReference attribute, only
frsMemberReferenceBL, which is not set. Beneath it are the 3 subscriber
objects, two of which are replicating fine and one of which,
DFS|CLIENTSITES
Post by Asgard Hostmaster
is not. All of them have frsMemberReference set correctly.
Post by Glenn LeCheminant
FRS stores all its topology info in AD.
this diag spells it out pretty clearly
Post by Asgard Hostmaster
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no parent
Post by Asgard Hostmaster
computer for DFS|CLIENTSITES
You need to compare your working computer objects to these.
You may be able to manually repair the objects.
I suspect the cn=2076db4e-718a-4a61-ac1d-9ae239578d26 object is missing the
MEMBERREF attribute pointing back to the member server object.
The FRS technical reference has a good diagram on how FRS objects and
attributes are glued together in AD.
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/W2K3TR_frs_intro.asp
Post by Asgard Hostmaster
Post by Glenn LeCheminant
If you cannot repair the objects manually, then you can D2 the server which
will force it to rejoin the replica set and rewrite these objects.
Post by Asgard Hostmaster
Removing and readding each Domain Controller in turn has fixed this error.
Now I'm managing to replicate SYSVOL and two other folders, but the third
refuses. Error in ntfrs.log now is -
<SndCsMain: 3200: 867: S0: 07:24:06> :SR: Cmd 0026f378, CxtG 4281a4ba, WS
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - rpc call]
<SndCsMain: 3200: 889: S0: 07:24:06> :SR: Cmd 0026f378, CxtG 4281a4ba, WS
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - Send
Penalty]
Post by Asgard Hostmaster
<FrsDsFindComputer: 3392: 8786: S2: 07:25:48> :DS: Computer FQDN is
cn=sb-3,ou=domain controllers,dc=mydomain,dc=net
<FrsDsFindComputer: 3392: 8792: S2: 07:25:48> :DS: Computer's dns name is
sb-3.mydomain.net
<FrsDsFindComputer: 3392: 8806: S2: 07:25:48> :DS: Settings reference is
cn=ntds
settings,cn=sb-3,cn=servers,cn=san-antonio,cn=sites,cn=configuration,dc=mydo
Post by Asgard Hostmaster
Post by Glenn LeCheminant
main,dc=net
Post by Asgard Hostmaster
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No NTFRSSubscriber
object found under cn=dfs volumes,cn=ntfrs
subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no parent
computer for DFS|CLIENTSITES : WStatus: ERROR_FILE_NOT_FOUND
Any suggestions on where to look now?
Post by Asgard Hostmaster
just to add, the NTFRS logs on the other server say -
WS ERROR_ACCESS_DENIED
So it seems obvious to be some kind of permissions problem. Perhaps a
Kerberos problem?
Post by Asgard Hostmaster
Hi folks,
I'm still struggling with getting FRS working properly. To recap, the
only thing i'm trying to replicate is SYSVOL. I've been through all the
KBs and such I can find, and have cleared a few issues, but still no
luck
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
getting it working properly.
Checking the NTFRS logs, I'm down to this repeated error -
<FrsHashCalcString: 3156: 4832: S0: 21:05:06> Name =
S-1-5-21-484763869-1972579041-1417001333-1809
<SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++ ERROR - Invalid
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809
I'm very confident the problem relates to this, however I can't find it
addressed anywhere on the MS site or newsgroups or elsewhere on the
net.
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
I've tried resetting the machine password on SB-2 using netdom, but the
error is still there. How is security defined for FRS machine transactions?
thanks,
David
Asgard Hostmaster
2004-10-20 19:14:22 UTC
Permalink
Hi Glen,
Results are posted under the thread "ACLs on FRS files"
David
Post by Glenn L
Run FRSDIAG against the failing member.
then paste the contents of FRS-DS config log into this thread.
Can't remember the exact name of the log file, but it is the one that dumps
the FRS topology from AD into a text file.
I should be able to see from that if the error in the debug log is bogus or
not.
Glenn
Post by Asgard Hostmaster
Hi Glen,
Thanks very much for the reply! The
cn=2076db4e-718a-4a61-ac1d-9ae239578d26
Post by Asgard Hostmaster
object itself has no frsMemberReference attribute, only
frsMemberReferenceBL, which is not set. Beneath it are the 3 subscriber
objects, two of which are replicating fine and one of which,
DFS|CLIENTSITES
Post by Asgard Hostmaster
is not. All of them have frsMemberReference set correctly.
Post by Glenn LeCheminant
FRS stores all its topology info in AD.
this diag spells it out pretty clearly
Post by Asgard Hostmaster
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no parent
Post by Asgard Hostmaster
computer for DFS|CLIENTSITES
You need to compare your working computer objects to these.
You may be able to manually repair the objects.
I suspect the cn=2076db4e-718a-4a61-ac1d-9ae239578d26 object is missing the
MEMBERREF attribute pointing back to the member server object.
The FRS technical reference has a good diagram on how FRS objects and
attributes are glued together in AD.
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/W2K3TR_frs_intro.asp
Post by Asgard Hostmaster
Post by Glenn LeCheminant
If you cannot repair the objects manually, then you can D2 the server which
will force it to rejoin the replica set and rewrite these objects.
Post by Asgard Hostmaster
Removing and readding each Domain Controller in turn has fixed this error.
Now I'm managing to replicate SYSVOL and two other folders, but the
third
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
refuses. Error in ntfrs.log now is -
<SndCsMain: 3200: 867: S0: 07:24:06> :SR: Cmd 0026f378, CxtG 4281a4ba,
WS
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - rpc
call]
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
<SndCsMain: 3200: 889: S0: 07:24:06> :SR: Cmd 0026f378, CxtG 4281a4ba,
WS
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - Send
Penalty]
Post by Asgard Hostmaster
<FrsDsFindComputer: 3392: 8786: S2: 07:25:48> :DS: Computer FQDN is
cn=sb-3,ou=domain controllers,dc=mydomain,dc=net
<FrsDsFindComputer: 3392: 8792: S2: 07:25:48> :DS: Computer's dns name
is
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
sb-3.mydomain.net
<FrsDsFindComputer: 3392: 8806: S2: 07:25:48> :DS: Settings reference
is
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
cn=ntds
settings,cn=sb-3,cn=servers,cn=san-antonio,cn=sites,cn=configuration,dc=mydo
Post by Asgard Hostmaster
Post by Glenn LeCheminant
main,dc=net
Post by Asgard Hostmaster
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under cn=dfs volumes,cn=ntfrs
subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no
parent
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
computer for DFS|CLIENTSITES : WStatus: ERROR_FILE_NOT_FOUND
Any suggestions on where to look now?
Post by Asgard Hostmaster
just to add, the NTFRS logs on the other server say -
WS ERROR_ACCESS_DENIED
So it seems obvious to be some kind of permissions problem. Perhaps a
Kerberos problem?
Post by Asgard Hostmaster
Hi folks,
I'm still struggling with getting FRS working properly. To recap,
the
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
only thing i'm trying to replicate is SYSVOL. I've been through all the
KBs and such I can find, and have cleared a few issues, but still no
luck
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
getting it working properly.
Checking the NTFRS logs, I'm down to this repeated error -
<FrsHashCalcString: 3156: 4832: S0: 21:05:06> Name =
S-1-5-21-484763869-1972579041-1417001333-1809
<SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++ ERROR -
Invalid
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809
I'm very confident the problem relates to this, however I can't
find
it
addressed anywhere on the MS site or newsgroups or elsewhere on the
net.
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
I've tried resetting the machine password on SB-2 using netdom, but the
error is still there. How is security defined for FRS machine transactions?
thanks,
David
Glenn L
2004-10-20 21:32:07 UTC
Permalink
Ah RPC failures, I zoned in on the NTFRS subscriber objects and didn't even
see these in the thread before.

EPT_S_NOT_REGISTERED, To sb-3.mydomain.net Len: (356) [SndFail - rpc
exception]
<SndCsMain: 2432: 895: S0: 13:59:39> :SR: Cmd 00237200, CxtG 82382b81, WS
EPT_S_NOT_REGISTERED, To sb-3.mydomain.net Len: (356) [SndFail - Send
Penalty]


Perhaps the ntfrs subscriber errors are bogus after all.

RPC failures are typically the result of port filtering between the two
networks.
I have lost track of which replica is failing.
The best way IMHO to track down RPC failures is to do a simultaneous network
trace from each replica good gone and bad one.

Stop the FRS service on the bad replica member.
start the simultaneous network traces
start the service and let it churn for a couple minutes.
then stop the traces.

You should be looking for dropped packets. Specifically during the SMB
session setup.
basically the process works are follows. client sends SMB negotiate request
to port 135 on server.
They negotiate SMB dialect,
client sends RPC endpoint mapper request to port 135 on the server.
server responds with high port to communicate on. Typically in the
1025-5000 range.
client then initiates session setup on using the high port as the
destination port.
I often see this high port being blocked at firewalls.
This is a classic cause for repeated 13508s.
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
Post by Asgard Hostmaster
Hi Glen,
Results are posted under the thread "ACLs on FRS files"
David
Post by Glenn L
Run FRSDIAG against the failing member.
then paste the contents of FRS-DS config log into this thread.
Can't remember the exact name of the log file, but it is the one that dumps
the FRS topology from AD into a text file.
I should be able to see from that if the error in the debug log is bogus or
not.
Glenn
Post by Asgard Hostmaster
Hi Glen,
Thanks very much for the reply! The
cn=2076db4e-718a-4a61-ac1d-9ae239578d26
Post by Asgard Hostmaster
object itself has no frsMemberReference attribute, only
frsMemberReferenceBL, which is not set. Beneath it are the 3 subscriber
objects, two of which are replicating fine and one of which,
DFS|CLIENTSITES
Post by Asgard Hostmaster
is not. All of them have frsMemberReference set correctly.
Post by Glenn LeCheminant
FRS stores all its topology info in AD.
this diag spells it out pretty clearly
Post by Asgard Hostmaster
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no parent
Post by Asgard Hostmaster
computer for DFS|CLIENTSITES
You need to compare your working computer objects to these.
You may be able to manually repair the objects.
I suspect the cn=2076db4e-718a-4a61-ac1d-9ae239578d26 object is
missing
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
the
MEMBERREF attribute pointing back to the member server object.
The FRS technical reference has a good diagram on how FRS objects and
attributes are glued together in AD.
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/W2K3TR_frs_intro.asp
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
If you cannot repair the objects manually, then you can D2 the server which
will force it to rejoin the replica set and rewrite these objects.
Post by Asgard Hostmaster
Removing and readding each Domain Controller in turn has fixed this error.
Now I'm managing to replicate SYSVOL and two other folders, but the
third
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
refuses. Error in ntfrs.log now is -
<SndCsMain: 3200: 867: S0: 07:24:06> :SR: Cmd 0026f378, CxtG 4281a4ba,
WS
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - rpc
call]
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
<SndCsMain: 3200: 889: S0: 07:24:06> :SR: Cmd 0026f378, CxtG 4281a4ba,
WS
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - Send
Penalty]
Post by Asgard Hostmaster
<FrsDsFindComputer: 3392: 8786: S2: 07:25:48> :DS: Computer FQDN is
cn=sb-3,ou=domain controllers,dc=mydomain,dc=net
<FrsDsFindComputer: 3392: 8792: S2: 07:25:48> :DS: Computer's dns name
is
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
sb-3.mydomain.net
<FrsDsFindComputer: 3392: 8806: S2: 07:25:48> :DS: Settings reference
is
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
cn=ntds
settings,cn=sb-3,cn=servers,cn=san-antonio,cn=sites,cn=configuration,dc=mydo
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
main,dc=net
Post by Asgard Hostmaster
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under cn=dfs volumes,cn=ntfrs
subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no
parent
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
computer for DFS|CLIENTSITES : WStatus: ERROR_FILE_NOT_FOUND
Any suggestions on where to look now?
Post by Asgard Hostmaster
just to add, the NTFRS logs on the other server say -
WS ERROR_ACCESS_DENIED
So it seems obvious to be some kind of permissions problem.
Perhaps
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
a
Kerberos problem?
Post by Asgard Hostmaster
Hi folks,
I'm still struggling with getting FRS working properly. To recap,
the
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
only thing i'm trying to replicate is SYSVOL. I've been through
all
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
the
KBs and such I can find, and have cleared a few issues, but still no
luck
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
getting it working properly.
Checking the NTFRS logs, I'm down to this repeated error -
<FrsHashCalcString: 3156: 4832: S0: 21:05:06> Name =
S-1-5-21-484763869-1972579041-1417001333-1809
<SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++ ERROR -
Invalid
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809
I'm very confident the problem relates to this, however I can't
find
it
addressed anywhere on the MS site or newsgroups or elsewhere on the
net.
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
I've tried resetting the machine password on SB-2 using netdom,
but
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
the
error is still there. How is security defined for FRS machine
transactions?
thanks,
David
Asgard Hostmaster
2004-10-20 23:47:55 UTC
Permalink
hmmm, I guess this would account for problems coming and going - it depends
which of the upper ports might be blocked and which RPC requests? I asked
the datacentre a couple of weeks ago if they where blocking any ports on
their internal routers that might be causing problems but I had no reply.
I'll try again!

Incidentally, if this is a "classic cause" it should be on a KB or
something! Not something I'd come across as a potential cause of 13508s,
though I suspected it.
Post by Glenn L
Ah RPC failures, I zoned in on the NTFRS subscriber objects and didn't even
see these in the thread before.
EPT_S_NOT_REGISTERED, To sb-3.mydomain.net Len: (356) [SndFail - rpc
exception]
<SndCsMain: 2432: 895: S0: 13:59:39> :SR: Cmd 00237200, CxtG 82382b81, WS
EPT_S_NOT_REGISTERED, To sb-3.mydomain.net Len: (356) [SndFail - Send
Penalty]
Perhaps the ntfrs subscriber errors are bogus after all.
RPC failures are typically the result of port filtering between the two
networks.
I have lost track of which replica is failing.
The best way IMHO to track down RPC failures is to do a simultaneous network
trace from each replica good gone and bad one.
Stop the FRS service on the bad replica member.
start the simultaneous network traces
start the service and let it churn for a couple minutes.
then stop the traces.
You should be looking for dropped packets. Specifically during the SMB
session setup.
basically the process works are follows. client sends SMB negotiate request
to port 135 on server.
They negotiate SMB dialect,
client sends RPC endpoint mapper request to port 135 on the server.
server responds with high port to communicate on. Typically in the
1025-5000 range.
client then initiates session setup on using the high port as the
destination port.
I often see this high port being blocked at firewalls.
This is a classic cause for repeated 13508s.
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
Post by Asgard Hostmaster
Hi Glen,
Results are posted under the thread "ACLs on FRS files"
David
Post by Glenn L
Run FRSDIAG against the failing member.
then paste the contents of FRS-DS config log into this thread.
Can't remember the exact name of the log file, but it is the one that dumps
the FRS topology from AD into a text file.
I should be able to see from that if the error in the debug log is
bogus
or
not.
Glenn
Post by Asgard Hostmaster
Hi Glen,
Thanks very much for the reply! The
cn=2076db4e-718a-4a61-ac1d-9ae239578d26
Post by Asgard Hostmaster
object itself has no frsMemberReference attribute, only
frsMemberReferenceBL, which is not set. Beneath it are the 3 subscriber
objects, two of which are replicating fine and one of which,
DFS|CLIENTSITES
Post by Asgard Hostmaster
is not. All of them have frsMemberReference set correctly.
Post by Glenn LeCheminant
FRS stores all its topology info in AD.
this diag spells it out pretty clearly
Post by Asgard Hostmaster
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no parent
Post by Asgard Hostmaster
computer for DFS|CLIENTSITES
You need to compare your working computer objects to these.
You may be able to manually repair the objects.
I suspect the cn=2076db4e-718a-4a61-ac1d-9ae239578d26 object is
missing
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
the
MEMBERREF attribute pointing back to the member server object.
The FRS technical reference has a good diagram on how FRS objects and
attributes are glued together in AD.
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/W2K3TR_frs_intro.asp
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
If you cannot repair the objects manually, then you can D2 the
server
which
will force it to rejoin the replica set and rewrite these objects.
Post by Asgard Hostmaster
Removing and readding each Domain Controller in turn has fixed this error.
Now I'm managing to replicate SYSVOL and two other folders, but the
third
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
refuses. Error in ntfrs.log now is -
<SndCsMain: 3200: 867: S0: 07:24:06> :SR: Cmd 0026f378, CxtG
4281a4ba,
Post by Asgard Hostmaster
Post by Glenn L
WS
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - rpc
call]
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
<SndCsMain: 3200: 889: S0: 07:24:06> :SR: Cmd 0026f378, CxtG
4281a4ba,
Post by Asgard Hostmaster
Post by Glenn L
WS
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - Send
Penalty]
Post by Asgard Hostmaster
<FrsDsFindComputer: 3392: 8786: S2: 07:25:48> :DS: Computer FQDN is
cn=sb-3,ou=domain controllers,dc=mydomain,dc=net
<FrsDsFindComputer: 3392: 8792: S2: 07:25:48> :DS: Computer's dns
name
Post by Asgard Hostmaster
Post by Glenn L
is
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
sb-3.mydomain.net
<FrsDsFindComputer: 3392: 8806: S2: 07:25:48> :DS: Settings
reference
Post by Asgard Hostmaster
Post by Glenn L
is
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
cn=ntds
settings,cn=sb-3,cn=servers,cn=san-antonio,cn=sites,cn=configuration,dc=mydo
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
main,dc=net
Post by Asgard Hostmaster
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under cn=dfs volumes,cn=ntfrs
subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no
parent
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
computer for DFS|CLIENTSITES : WStatus: ERROR_FILE_NOT_FOUND
Any suggestions on where to look now?
Post by Asgard Hostmaster
just to add, the NTFRS logs on the other server say -
WS ERROR_ACCESS_DENIED
So it seems obvious to be some kind of permissions problem.
Perhaps
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
a
Kerberos problem?
Post by Asgard Hostmaster
Hi folks,
I'm still struggling with getting FRS working properly. To recap,
the
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
only thing i'm trying to replicate is SYSVOL. I've been through
all
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
the
KBs and such I can find, and have cleared a few issues, but
still
no
luck
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
getting it working properly.
Checking the NTFRS logs, I'm down to this repeated error -
<FrsHashCalcString: 3156: 4832: S0: 21:05:06> Name =
S-1-5-21-484763869-1972579041-1417001333-1809
<SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++ ERROR -
Invalid
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809
I'm very confident the problem relates to this, however I can't
find
it
addressed anywhere on the MS site or newsgroups or elsewhere on
the
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
net.
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
I've tried resetting the machine password on SB-2 using netdom,
but
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
the
error is still there. How is security defined for FRS machine
transactions?
thanks,
David
Asgard Hostmaster
2004-10-21 03:03:45 UTC
Permalink
Glen, would you happen to know of a good reference for setting up
replication via VPN? I've successfully connected my two servers with RRAS
however NTFRS insists on using the DNS names for replication which are
registered with the internet IPs. Any advice appreciated!

thanks,
david
Post by Glenn L
Ah RPC failures, I zoned in on the NTFRS subscriber objects and didn't even
see these in the thread before.
EPT_S_NOT_REGISTERED, To sb-3.mydomain.net Len: (356) [SndFail - rpc
exception]
<SndCsMain: 2432: 895: S0: 13:59:39> :SR: Cmd 00237200, CxtG 82382b81, WS
EPT_S_NOT_REGISTERED, To sb-3.mydomain.net Len: (356) [SndFail - Send
Penalty]
Perhaps the ntfrs subscriber errors are bogus after all.
RPC failures are typically the result of port filtering between the two
networks.
I have lost track of which replica is failing.
The best way IMHO to track down RPC failures is to do a simultaneous network
trace from each replica good gone and bad one.
Stop the FRS service on the bad replica member.
start the simultaneous network traces
start the service and let it churn for a couple minutes.
then stop the traces.
You should be looking for dropped packets. Specifically during the SMB
session setup.
basically the process works are follows. client sends SMB negotiate request
to port 135 on server.
They negotiate SMB dialect,
client sends RPC endpoint mapper request to port 135 on the server.
server responds with high port to communicate on. Typically in the
1025-5000 range.
client then initiates session setup on using the high port as the
destination port.
I often see this high port being blocked at firewalls.
This is a classic cause for repeated 13508s.
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
Post by Asgard Hostmaster
Hi Glen,
Results are posted under the thread "ACLs on FRS files"
David
Post by Glenn L
Run FRSDIAG against the failing member.
then paste the contents of FRS-DS config log into this thread.
Can't remember the exact name of the log file, but it is the one that dumps
the FRS topology from AD into a text file.
I should be able to see from that if the error in the debug log is
bogus
or
not.
Glenn
Post by Asgard Hostmaster
Hi Glen,
Thanks very much for the reply! The
cn=2076db4e-718a-4a61-ac1d-9ae239578d26
Post by Asgard Hostmaster
object itself has no frsMemberReference attribute, only
frsMemberReferenceBL, which is not set. Beneath it are the 3 subscriber
objects, two of which are replicating fine and one of which,
DFS|CLIENTSITES
Post by Asgard Hostmaster
is not. All of them have frsMemberReference set correctly.
Post by Glenn LeCheminant
FRS stores all its topology info in AD.
this diag spells it out pretty clearly
Post by Asgard Hostmaster
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no parent
Post by Asgard Hostmaster
computer for DFS|CLIENTSITES
You need to compare your working computer objects to these.
You may be able to manually repair the objects.
I suspect the cn=2076db4e-718a-4a61-ac1d-9ae239578d26 object is
missing
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
the
MEMBERREF attribute pointing back to the member server object.
The FRS technical reference has a good diagram on how FRS objects and
attributes are glued together in AD.
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/W2K3TR_frs_intro.asp
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
If you cannot repair the objects manually, then you can D2 the
server
which
will force it to rejoin the replica set and rewrite these objects.
Post by Asgard Hostmaster
Removing and readding each Domain Controller in turn has fixed this error.
Now I'm managing to replicate SYSVOL and two other folders, but the
third
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
refuses. Error in ntfrs.log now is -
<SndCsMain: 3200: 867: S0: 07:24:06> :SR: Cmd 0026f378, CxtG
4281a4ba,
Post by Asgard Hostmaster
Post by Glenn L
WS
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - rpc
call]
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
<SndCsMain: 3200: 889: S0: 07:24:06> :SR: Cmd 0026f378, CxtG
4281a4ba,
Post by Asgard Hostmaster
Post by Glenn L
WS
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - Send
Penalty]
Post by Asgard Hostmaster
<FrsDsFindComputer: 3392: 8786: S2: 07:25:48> :DS: Computer FQDN is
cn=sb-3,ou=domain controllers,dc=mydomain,dc=net
<FrsDsFindComputer: 3392: 8792: S2: 07:25:48> :DS: Computer's dns
name
Post by Asgard Hostmaster
Post by Glenn L
is
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
sb-3.mydomain.net
<FrsDsFindComputer: 3392: 8806: S2: 07:25:48> :DS: Settings
reference
Post by Asgard Hostmaster
Post by Glenn L
is
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
cn=ntds
settings,cn=sb-3,cn=servers,cn=san-antonio,cn=sites,cn=configuration,dc=mydo
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
main,dc=net
Post by Asgard Hostmaster
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under cn=dfs volumes,cn=ntfrs
subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no
parent
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
computer for DFS|CLIENTSITES : WStatus: ERROR_FILE_NOT_FOUND
Any suggestions on where to look now?
Post by Asgard Hostmaster
just to add, the NTFRS logs on the other server say -
WS ERROR_ACCESS_DENIED
So it seems obvious to be some kind of permissions problem.
Perhaps
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
a
Kerberos problem?
Post by Asgard Hostmaster
Hi folks,
I'm still struggling with getting FRS working properly. To recap,
the
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
only thing i'm trying to replicate is SYSVOL. I've been through
all
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
the
KBs and such I can find, and have cleared a few issues, but
still
no
luck
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
getting it working properly.
Checking the NTFRS logs, I'm down to this repeated error -
<FrsHashCalcString: 3156: 4832: S0: 21:05:06> Name =
S-1-5-21-484763869-1972579041-1417001333-1809
<SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++ ERROR -
Invalid
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809
I'm very confident the problem relates to this, however I can't
find
it
addressed anywhere on the MS site or newsgroups or elsewhere on
the
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
net.
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
I've tried resetting the machine password on SB-2 using netdom,
but
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
the
error is still there. How is security defined for FRS machine
transactions?
thanks,
David
Asgard Hostmaster
2004-10-21 06:52:15 UTC
Permalink
Ahh well, I managed to get the VPN up and running fine, but I'm still
getting the same errors in the NTFRS log. Namely -

**********
<FrsDsFindComputer: 3644: 8806: S2: 00:14:56> :DS: Settings reference is
cn=ntds
settings,cn=sb-3,cn=servers,cn=san-antonio,cn=sites,cn=configuration,dc=mydomain,dc=net
<FrsDsGetSubscribers: 3644: 8239: S0: 00:14:56> :DS: No NTFRSSubscriber
object found under cn=dfs volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<FrsDsGetSubscribers: 3644: 8239: S0: 00:14:56> :DS: No NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<RcsCreateSeedingCxtion: 2108: 6938: S0: 00:14:56> :X: ERROR - no parent
computer for DFSROOT|ASGARDWEB : WStatus: ERROR_FILE_NOT_FOUND
**********

and

**********
<SndCsMain: 3512: 867: S0: 00:16:18> :SR: Cmd 00ea7c50, CxtG 222709df, WS
ERROR_ACCESS_DENIED, To SB-2.mydomain.net Len: (356) [SndFail - rpc call]
<SndCsMain: 3512: 889: S0: 00:16:18> :SR: Cmd 00ea7c50, CxtG 222709df, WS
ERROR_ACCESS_DENIED, To SB-2.mydomain.net Len: (356) [SndFail - Send
Penalty]
**********

So it looks like it's not a firewalling problem :-(
Post by Asgard Hostmaster
Glen, would you happen to know of a good reference for setting up
replication via VPN? I've successfully connected my two servers with RRAS
however NTFRS insists on using the DNS names for replication which are
registered with the internet IPs. Any advice appreciated!
thanks,
david
Post by Glenn L
Ah RPC failures, I zoned in on the NTFRS subscriber objects and didn't even
see these in the thread before.
EPT_S_NOT_REGISTERED, To sb-3.mydomain.net Len: (356) [SndFail - rpc
exception]
<SndCsMain: 2432: 895: S0: 13:59:39> :SR: Cmd 00237200, CxtG 82382b81, WS
EPT_S_NOT_REGISTERED, To sb-3.mydomain.net Len: (356) [SndFail - Send
Penalty]
Perhaps the ntfrs subscriber errors are bogus after all.
RPC failures are typically the result of port filtering between the two
networks.
I have lost track of which replica is failing.
The best way IMHO to track down RPC failures is to do a simultaneous network
trace from each replica good gone and bad one.
Stop the FRS service on the bad replica member.
start the simultaneous network traces
start the service and let it churn for a couple minutes.
then stop the traces.
You should be looking for dropped packets. Specifically during the SMB
session setup.
basically the process works are follows. client sends SMB negotiate request
to port 135 on server.
They negotiate SMB dialect,
client sends RPC endpoint mapper request to port 135 on the server.
server responds with high port to communicate on. Typically in the
1025-5000 range.
client then initiates session setup on using the high port as the
destination port.
I often see this high port being blocked at firewalls.
This is a classic cause for repeated 13508s.
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
Post by Asgard Hostmaster
Hi Glen,
Results are posted under the thread "ACLs on FRS files"
David
Post by Glenn L
Run FRSDIAG against the failing member.
then paste the contents of FRS-DS config log into this thread.
Can't remember the exact name of the log file, but it is the one that dumps
the FRS topology from AD into a text file.
I should be able to see from that if the error in the debug log is
bogus
or
not.
Glenn
Post by Asgard Hostmaster
Hi Glen,
Thanks very much for the reply! The
cn=2076db4e-718a-4a61-ac1d-9ae239578d26
Post by Asgard Hostmaster
object itself has no frsMemberReference attribute, only
frsMemberReferenceBL, which is not set. Beneath it are the 3 subscriber
objects, two of which are replicating fine and one of which,
DFS|CLIENTSITES
Post by Asgard Hostmaster
is not. All of them have frsMemberReference set correctly.
Post by Glenn LeCheminant
FRS stores all its topology info in AD.
this diag spells it out pretty clearly
Post by Asgard Hostmaster
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no parent
Post by Asgard Hostmaster
computer for DFS|CLIENTSITES
You need to compare your working computer objects to these.
You may be able to manually repair the objects.
I suspect the cn=2076db4e-718a-4a61-ac1d-9ae239578d26 object is
missing
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
the
MEMBERREF attribute pointing back to the member server object.
The FRS technical reference has a good diagram on how FRS objects and
attributes are glued together in AD.
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/W2K3TR_frs_intro.asp
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
If you cannot repair the objects manually, then you can D2 the
server
which
will force it to rejoin the replica set and rewrite these objects.
Post by Asgard Hostmaster
Removing and readding each Domain Controller in turn has fixed
this
error.
Now I'm managing to replicate SYSVOL and two other folders, but the
third
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
refuses. Error in ntfrs.log now is -
<SndCsMain: 3200: 867: S0: 07:24:06> :SR: Cmd 0026f378, CxtG
4281a4ba,
Post by Asgard Hostmaster
Post by Glenn L
WS
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - rpc
call]
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
<SndCsMain: 3200: 889: S0: 07:24:06> :SR: Cmd 0026f378, CxtG
4281a4ba,
Post by Asgard Hostmaster
Post by Glenn L
WS
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - Send
Penalty]
Post by Asgard Hostmaster
<FrsDsFindComputer: 3392: 8786: S2: 07:25:48> :DS: Computer FQDN is
cn=sb-3,ou=domain controllers,dc=mydomain,dc=net
<FrsDsFindComputer: 3392: 8792: S2: 07:25:48> :DS: Computer's dns
name
Post by Asgard Hostmaster
Post by Glenn L
is
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
sb-3.mydomain.net
<FrsDsFindComputer: 3392: 8806: S2: 07:25:48> :DS: Settings
reference
Post by Asgard Hostmaster
Post by Glenn L
is
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
cn=ntds
settings,cn=sb-3,cn=servers,cn=san-antonio,cn=sites,cn=configuration,dc=mydo
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
main,dc=net
Post by Asgard Hostmaster
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No NTFRSSubscriber
object found under cn=dfs volumes,cn=ntfrs
subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no
parent
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
computer for DFS|CLIENTSITES : WStatus: ERROR_FILE_NOT_FOUND
Any suggestions on where to look now?
Post by Asgard Hostmaster
just to add, the NTFRS logs on the other server say -
WS ERROR_ACCESS_DENIED
So it seems obvious to be some kind of permissions problem.
Perhaps
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
a
Kerberos problem?
Post by Asgard Hostmaster
Hi folks,
I'm still struggling with getting FRS working properly. To recap,
the
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
only thing i'm trying to replicate is SYSVOL. I've been through
all
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
the
KBs and such I can find, and have cleared a few issues, but
still
no
luck
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
getting it working properly.
Checking the NTFRS logs, I'm down to this repeated error -
<FrsHashCalcString: 3156: 4832: S0: 21:05:06> Name =
S-1-5-21-484763869-1972579041-1417001333-1809
<SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++ ERROR -
Invalid
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809
I'm very confident the problem relates to this, however I can't
find
it
addressed anywhere on the MS site or newsgroups or elsewhere on
the
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
net.
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
I've tried resetting the machine password on SB-2 using netdom,
but
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
the
error is still there. How is security defined for FRS machine
transactions?
thanks,
David
Glenn L
2004-10-21 07:00:40 UTC
Permalink
Yes...FRS still has lots of room for improving the ease of troubleshooting
(i.e. KBs)

Rather than setup VPN structure, there is an easier way. Assuming your
router admins are willing to open one port.
You can force FRS replication to use a specific high RPC port.
http://support.microsoft.com/default.aspx?scid=kb;en-us;319553

Also, here is the "all inclusive" link for Windows server system port
requirements.
http://support.microsoft.com/default.aspx?scid=kb;en-us;832017
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
Post by Asgard Hostmaster
Glen, would you happen to know of a good reference for setting up
replication via VPN? I've successfully connected my two servers with RRAS
however NTFRS insists on using the DNS names for replication which are
registered with the internet IPs. Any advice appreciated!
thanks,
david
Post by Glenn L
Ah RPC failures, I zoned in on the NTFRS subscriber objects and didn't even
see these in the thread before.
EPT_S_NOT_REGISTERED, To sb-3.mydomain.net Len: (356) [SndFail - rpc
exception]
<SndCsMain: 2432: 895: S0: 13:59:39> :SR: Cmd 00237200, CxtG 82382b81, WS
EPT_S_NOT_REGISTERED, To sb-3.mydomain.net Len: (356) [SndFail - Send
Penalty]
Perhaps the ntfrs subscriber errors are bogus after all.
RPC failures are typically the result of port filtering between the two
networks.
I have lost track of which replica is failing.
The best way IMHO to track down RPC failures is to do a simultaneous network
trace from each replica good gone and bad one.
Stop the FRS service on the bad replica member.
start the simultaneous network traces
start the service and let it churn for a couple minutes.
then stop the traces.
You should be looking for dropped packets. Specifically during the SMB
session setup.
basically the process works are follows. client sends SMB negotiate request
to port 135 on server.
They negotiate SMB dialect,
client sends RPC endpoint mapper request to port 135 on the server.
server responds with high port to communicate on. Typically in the
1025-5000 range.
client then initiates session setup on using the high port as the
destination port.
I often see this high port being blocked at firewalls.
This is a classic cause for repeated 13508s.
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
Post by Asgard Hostmaster
Hi Glen,
Results are posted under the thread "ACLs on FRS files"
David
Post by Glenn L
Run FRSDIAG against the failing member.
then paste the contents of FRS-DS config log into this thread.
Can't remember the exact name of the log file, but it is the one that dumps
the FRS topology from AD into a text file.
I should be able to see from that if the error in the debug log is
bogus
or
not.
Glenn
Post by Asgard Hostmaster
Hi Glen,
Thanks very much for the reply! The
cn=2076db4e-718a-4a61-ac1d-9ae239578d26
Post by Asgard Hostmaster
object itself has no frsMemberReference attribute, only
frsMemberReferenceBL, which is not set. Beneath it are the 3 subscriber
objects, two of which are replicating fine and one of which,
DFS|CLIENTSITES
Post by Asgard Hostmaster
is not. All of them have frsMemberReference set correctly.
Post by Glenn LeCheminant
FRS stores all its topology info in AD.
this diag spells it out pretty clearly
Post by Asgard Hostmaster
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no parent
Post by Asgard Hostmaster
computer for DFS|CLIENTSITES
You need to compare your working computer objects to these.
You may be able to manually repair the objects.
I suspect the cn=2076db4e-718a-4a61-ac1d-9ae239578d26 object is
missing
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
the
MEMBERREF attribute pointing back to the member server object.
The FRS technical reference has a good diagram on how FRS objects and
attributes are glued together in AD.
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/W2K3TR_frs_intro.asp
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
If you cannot repair the objects manually, then you can D2 the
server
which
will force it to rejoin the replica set and rewrite these objects.
Post by Asgard Hostmaster
Removing and readding each Domain Controller in turn has fixed
this
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
error.
Now I'm managing to replicate SYSVOL and two other folders, but the
third
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
refuses. Error in ntfrs.log now is -
<SndCsMain: 3200: 867: S0: 07:24:06> :SR: Cmd 0026f378, CxtG
4281a4ba,
Post by Asgard Hostmaster
Post by Glenn L
WS
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - rpc
call]
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
<SndCsMain: 3200: 889: S0: 07:24:06> :SR: Cmd 0026f378, CxtG
4281a4ba,
Post by Asgard Hostmaster
Post by Glenn L
WS
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail - Send
Penalty]
Post by Asgard Hostmaster
<FrsDsFindComputer: 3392: 8786: S2: 07:25:48> :DS: Computer FQDN is
cn=sb-3,ou=domain controllers,dc=mydomain,dc=net
<FrsDsFindComputer: 3392: 8792: S2: 07:25:48> :DS: Computer's dns
name
Post by Asgard Hostmaster
Post by Glenn L
is
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
sb-3.mydomain.net
<FrsDsFindComputer: 3392: 8806: S2: 07:25:48> :DS: Settings
reference
Post by Asgard Hostmaster
Post by Glenn L
is
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
cn=ntds
settings,cn=sb-3,cn=servers,cn=san-antonio,cn=sites,cn=configuration,dc=mydo
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
main,dc=net
Post by Asgard Hostmaster
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No NTFRSSubscriber
object found under cn=dfs volumes,cn=ntfrs
subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No NTFRSSubscriber
object found under cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no
parent
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
computer for DFS|CLIENTSITES : WStatus: ERROR_FILE_NOT_FOUND
Any suggestions on where to look now?
Post by Asgard Hostmaster
just to add, the NTFRS logs on the other server say -
WS ERROR_ACCESS_DENIED
So it seems obvious to be some kind of permissions problem.
Perhaps
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
a
Kerberos problem?
Post by Asgard Hostmaster
Hi folks,
I'm still struggling with getting FRS working properly. To recap,
the
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
only thing i'm trying to replicate is SYSVOL. I've been through
all
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
the
KBs and such I can find, and have cleared a few issues, but
still
no
luck
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
getting it working properly.
Checking the NTFRS logs, I'm down to this repeated error -
<FrsHashCalcString: 3156: 4832: S0: 21:05:06> Name =
S-1-5-21-484763869-1972579041-1417001333-1809
<SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++ ERROR -
Invalid
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809
I'm very confident the problem relates to this, however I can't
find
it
addressed anywhere on the MS site or newsgroups or elsewhere on
the
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
net.
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
I've tried resetting the machine password on SB-2 using netdom,
but
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
the
error is still there. How is security defined for FRS machine
transactions?
thanks,
David
Glenn L
2004-10-21 09:35:41 UTC
Permalink
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
<SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++ ERROR -
Invalid
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809
Are you still seeing these invalid partner errors in the FRS debug logs?

If so, I have a hunch on root cause and ultimately how to fix it.

The server that reported this error thinks SB-2$ has a machine SID of
S-1-5-21-484763869-1972579041-1417001333-1809
If SB-2$ lost its computer account in the domain and it had to be rejoined,
it would get a new SID.
However, FRS stores this info in its local database and has no way to
dynamically update it if this event occurs.
Therefore FRS replication breaks down.
You can actually determine what the current machine SID for SB-2$ is by
using a resource kit tool. (I can't think of the name of it.)

You were right on in your original post. I should have caught
on.....completely glossed over it in favor of the nosubscriber errors.

The only way to update the FRS database is to blow it away (the one that is
reporting the errors), and force the replica to re-initialize.
couple of ways to accomplish this.

stop FRS
rename %systemroot%\ntfrs\jet folder.
start FRS

or

stop FRS
HKLM\system\ccs\services\ntfrs\parameters\backup/restore\process at startup
modify "burflags" to a HEX value of D2
start FRS.

Both of these processes will reinitialize the database forcing the member to
rejoin the replica set (and learn the SIDs of its upstream neighbors)
ALL DATA in the set will be moved into the ntfrs-preexisting folder.
then an optimized synchronization will take place. any data that is the same
on an upstream neighbor will be moved from the ntfrs pre-existing
anything different will be copied across the network.
This can take a considerable amount of time depending on the number of
files, processor, memory, and to a lesser extent bandwidth.

If this is what you are experiencing, then it is rather rare.
But it is common enough for MS to provide a bit more resiliency in FRS IMHO.
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
Post by Glenn L
Yes...FRS still has lots of room for improving the ease of troubleshooting
(i.e. KBs)
Rather than setup VPN structure, there is an easier way. Assuming your
router admins are willing to open one port.
You can force FRS replication to use a specific high RPC port.
http://support.microsoft.com/default.aspx?scid=kb;en-us;319553
Also, here is the "all inclusive" link for Windows server system port
requirements.
http://support.microsoft.com/default.aspx?scid=kb;en-us;832017
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
Post by Asgard Hostmaster
Glen, would you happen to know of a good reference for setting up
replication via VPN? I've successfully connected my two servers with RRAS
however NTFRS insists on using the DNS names for replication which are
registered with the internet IPs. Any advice appreciated!
thanks,
david
Post by Asgard Hostmaster
Ah RPC failures, I zoned in on the NTFRS subscriber objects and
didn't
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
even
see these in the thread before.
EPT_S_NOT_REGISTERED, To sb-3.mydomain.net Len: (356) [SndFail - rpc
exception]
<SndCsMain: 2432: 895: S0: 13:59:39> :SR: Cmd 00237200, CxtG 82382b81,
WS
Post by Asgard Hostmaster
Post by Asgard Hostmaster
EPT_S_NOT_REGISTERED, To sb-3.mydomain.net Len: (356) [SndFail - Send
Penalty]
Perhaps the ntfrs subscriber errors are bogus after all.
RPC failures are typically the result of port filtering between the two
networks.
I have lost track of which replica is failing.
The best way IMHO to track down RPC failures is to do a simultaneous network
trace from each replica good gone and bad one.
Stop the FRS service on the bad replica member.
start the simultaneous network traces
start the service and let it churn for a couple minutes.
then stop the traces.
You should be looking for dropped packets. Specifically during the SMB
session setup.
basically the process works are follows. client sends SMB negotiate request
to port 135 on server.
They negotiate SMB dialect,
client sends RPC endpoint mapper request to port 135 on the server.
server responds with high port to communicate on. Typically in the
1025-5000 range.
client then initiates session setup on using the high port as the
destination port.
I often see this high port being blocked at firewalls.
This is a classic cause for repeated 13508s.
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
Post by Asgard Hostmaster
Hi Glen,
Results are posted under the thread "ACLs on FRS files"
David
Post by Glenn L
Run FRSDIAG against the failing member.
then paste the contents of FRS-DS config log into this thread.
Can't remember the exact name of the log file, but it is the one
that
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
dumps
the FRS topology from AD into a text file.
I should be able to see from that if the error in the debug log is
bogus
or
not.
Glenn
Post by Asgard Hostmaster
Hi Glen,
Thanks very much for the reply! The
cn=2076db4e-718a-4a61-ac1d-9ae239578d26
Post by Asgard Hostmaster
object itself has no frsMemberReference attribute, only
frsMemberReferenceBL, which is not set. Beneath it are the 3 subscriber
objects, two of which are replicating fine and one of which,
DFS|CLIENTSITES
Post by Asgard Hostmaster
is not. All of them have frsMemberReference set correctly.
Post by Glenn LeCheminant
FRS stores all its topology info in AD.
this diag spells it out pretty clearly
Post by Asgard Hostmaster
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under
cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no
parent
Post by Asgard Hostmaster
computer for DFS|CLIENTSITES
You need to compare your working computer objects to these.
You may be able to manually repair the objects.
I suspect the cn=2076db4e-718a-4a61-ac1d-9ae239578d26 object is
missing
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
the
MEMBERREF attribute pointing back to the member server object.
The FRS technical reference has a good diagram on how FRS
objects
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
and
attributes are glued together in AD.
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/W2K3TR_frs_intro.asp
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
If you cannot repair the objects manually, then you can D2 the
server
which
will force it to rejoin the replica set and rewrite these objects.
Post by Asgard Hostmaster
Removing and readding each Domain Controller in turn has fixed
this
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
error.
Now I'm managing to replicate SYSVOL and two other folders, but
the
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
third
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
refuses. Error in ntfrs.log now is -
<SndCsMain: 3200: 867: S0: 07:24:06> :SR: Cmd 0026f378, CxtG
4281a4ba,
Post by Asgard Hostmaster
Post by Glenn L
WS
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail -
rpc
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
call]
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
<SndCsMain: 3200: 889: S0: 07:24:06> :SR: Cmd 0026f378, CxtG
4281a4ba,
Post by Asgard Hostmaster
Post by Glenn L
WS
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail -
Send
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Penalty]
Post by Asgard Hostmaster
<FrsDsFindComputer: 3392: 8786: S2: 07:25:48> :DS: Computer
FQDN
Post by Glenn L
is
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
cn=sb-3,ou=domain controllers,dc=mydomain,dc=net
<FrsDsFindComputer: 3392: 8792: S2: 07:25:48> :DS: Computer's dns
name
Post by Asgard Hostmaster
Post by Glenn L
is
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
sb-3.mydomain.net
<FrsDsFindComputer: 3392: 8806: S2: 07:25:48> :DS: Settings
reference
Post by Asgard Hostmaster
Post by Glenn L
is
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
cn=ntds
settings,cn=sb-3,cn=servers,cn=san-antonio,cn=sites,cn=configuration,dc=mydo
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
main,dc=net
Post by Asgard Hostmaster
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under cn=dfs volumes,cn=ntfrs
subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under
cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR - no
parent
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
computer for DFS|CLIENTSITES : WStatus: ERROR_FILE_NOT_FOUND
Any suggestions on where to look now?
Post by Asgard Hostmaster
just to add, the NTFRS logs on the other server say -
WS ERROR_ACCESS_DENIED
So it seems obvious to be some kind of permissions problem.
Perhaps
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
a
Kerberos problem?
Post by Asgard Hostmaster
Hi folks,
I'm still struggling with getting FRS working properly. To
recap,
the
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
only thing i'm trying to replicate is SYSVOL. I've been
through
Post by Asgard Hostmaster
Post by Asgard Hostmaster
all
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
the
KBs and such I can find, and have cleared a few issues, but
still
no
luck
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
getting it working properly.
Checking the NTFRS logs, I'm down to this repeated error -
<FrsHashCalcString: 3156: 4832: S0: 21:05:06> Name =
S-1-5-21-484763869-1972579041-1417001333-1809
<SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++ ERROR -
Invalid
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809
I'm very confident the problem relates to this, however I
can't
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
find
it
addressed anywhere on the MS site or newsgroups or elsewhere
on
Post by Asgard Hostmaster
Post by Asgard Hostmaster
the
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
net.
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
I've tried resetting the machine password on SB-2 using
netdom,
Post by Asgard Hostmaster
Post by Asgard Hostmaster
but
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
the
error is still there. How is security defined for FRS machine
transactions?
thanks,
David
Asgard Hostmaster
2004-10-21 21:16:19 UTC
Permalink
Hi Glen,
First, let me say I really appreciate your help here! We are slowly getting
somewhere. I deleted the jet databases on SB-2 and restarted. I'm
replicating over a VPN so that there's no firewall issues. I've configured
all the Active Directory DNS records manually and removed all dynamic
updating in order to force the servers to only communicate via the VPN. This
seems to be working

The good news is that some folder replication is now happenning.

The bad news is that the FRS service on the w2K server is now crashing every
15 to 20 minutes or so. NTFRS logs give errors similiar to the following
before it happens -



<VvJoinSend: 2220: 1864: S0: 15:48:26> :V:
members_signup_tu.htm (084289b8): VVjoin sending create
<FrsHashCalcString: 3172: 4777: S0: 15:48:26> Name =
S-1-5-21-484763869-1972579041-1417001333-2391
<FrsDsFindComputer: 524: 8723: S2: 15:48:26> :DS: Computer's
dns name is SB-2.mydomain.net
<FrsHashCalcString: 3172: 4777: S0: 15:48:26> Name =
S-1-5-21-484763869-1972579041-1417001333-2391
<FrsDsFindComputer: 524: 8737: S2: 15:48:27> :DS: Settings
reference is cn=ntds
settings,cn=sb-2,cn=servers,cn=san-antonio,cn=sites,cn=configuration,dc=mydomain,dc=net
<VvJoinSend: 2220: 1864: S0: 15:48:27> :V:
members_unsubscribe_mis.asp (084289b9): VVjoin sending create
<FrsDsGetSubscribers: 524: 8169: S0: 15:48:27> :DS: No
NTFRSSubscriber object found under cn=dfs volumes,cn=ntfrs
subscriptions,cn=sb-2,ou=domain controllers,dc=mydomain,dc=net!
<FrsHashCalcString: 3172: 4777: S0: 15:48:27> Name =
S-1-5-21-484763869-1972579041-1417001333-2391
<FrsDsGetSubscribers: 524: 8169: S0: 15:48:27> :DS: No
NTFRSSubscriber object found under
cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs volumes,cn=ntfrs
subscriptions,cn=sb-2,ou=domain controllers,dc=mydomain,dc=net!
<VvJoinSend: 2220: 1864: S0: 15:48:28> :V:
members_unsubscribe_misused.asp (084289ba): VVjoin sending create
<FrsHashCalcString: 3172: 4777: S0: 15:48:28> Name =
S-1-5-21-484763869-1972579041-1417001333-2391
<FrsHashCalcString: 3172: 4777: S0: 15:48:29> Name =
S-1-5-21-484763869-1972579041-1417001333-2391
<VvJoinSend: 2220: 1864: S0: 15:48:29> :V:
newsletter.htm (084289bb): VVjoin sending create
<FrsHashCalcString: 3172: 4777: S0: 15:48:29> Name =
S-1-5-21-484763869-1972579041-1417001333-2391
<FrsHashCalcString: 3172: 4777: S0: 15:48:30> Name =
S-1-5-21-484763869-1972579041-1417001333-2391
<DBService: 2876: 4825: S0: 15:48:31> ++ ERROR -
EXCEPTION (c0000005) : WStatus: EXCEPTION_ACCESS_VIOLATION
<DBService: 2876: 4837: S0: 15:48:31> DBService
finally. WStatus: EXCEPTION_ACCESS_VIOLATION
<DBService: 2876: 4843: S0: 15:48:31> DBService
terminated abnormally, forcing service shutdown.
<FrsPrintEvent: 1672: 606: S0: 15:48:32> :E: Eventlog
written for EVENT_FRS_STOPPING (13502) severity: Info at: Thu, Oct 21 2004
15:48:32
<MainFrsShutDown: 1672: 912: S1: 15:48:32> :S: Using 90 as
ShutDownTimeOut
<MainStartShutDown: 1672: 751: S0: 15:48:32> :S: SHUTDOWN IN
PROGRESS...

Any ideas?

thanks!
David
Post by Glenn L
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
<SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++ ERROR -
Invalid
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809
Are you still seeing these invalid partner errors in the FRS debug logs?
If so, I have a hunch on root cause and ultimately how to fix it.
The server that reported this error thinks SB-2$ has a machine SID of
S-1-5-21-484763869-1972579041-1417001333-1809
If SB-2$ lost its computer account in the domain and it had to be rejoined,
it would get a new SID.
However, FRS stores this info in its local database and has no way to
dynamically update it if this event occurs.
Therefore FRS replication breaks down.
You can actually determine what the current machine SID for SB-2$ is by
using a resource kit tool. (I can't think of the name of it.)
You were right on in your original post. I should have caught
on.....completely glossed over it in favor of the nosubscriber errors.
The only way to update the FRS database is to blow it away (the one that is
reporting the errors), and force the replica to re-initialize.
couple of ways to accomplish this.
stop FRS
rename %systemroot%\ntfrs\jet folder.
start FRS
or
stop FRS
HKLM\system\ccs\services\ntfrs\parameters\backup/restore\process at startup
modify "burflags" to a HEX value of D2
start FRS.
Both of these processes will reinitialize the database forcing the member to
rejoin the replica set (and learn the SIDs of its upstream neighbors)
ALL DATA in the set will be moved into the ntfrs-preexisting folder.
then an optimized synchronization will take place. any data that is the same
on an upstream neighbor will be moved from the ntfrs pre-existing
anything different will be copied across the network.
This can take a considerable amount of time depending on the number of
files, processor, memory, and to a lesser extent bandwidth.
If this is what you are experiencing, then it is rather rare.
But it is common enough for MS to provide a bit more resiliency in FRS IMHO.
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
Post by Glenn L
Yes...FRS still has lots of room for improving the ease of
troubleshooting
(i.e. KBs)
Rather than setup VPN structure, there is an easier way. Assuming your
router admins are willing to open one port.
You can force FRS replication to use a specific high RPC port.
http://support.microsoft.com/default.aspx?scid=kb;en-us;319553
Also, here is the "all inclusive" link for Windows server system port
requirements.
http://support.microsoft.com/default.aspx?scid=kb;en-us;832017
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
Post by Asgard Hostmaster
Glen, would you happen to know of a good reference for setting up
replication via VPN? I've successfully connected my two servers with
RRAS
Post by Glenn L
Post by Asgard Hostmaster
however NTFRS insists on using the DNS names for replication which are
registered with the internet IPs. Any advice appreciated!
thanks,
david
Post by Asgard Hostmaster
Ah RPC failures, I zoned in on the NTFRS subscriber objects and
didn't
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
even
see these in the thread before.
EPT_S_NOT_REGISTERED, To sb-3.mydomain.net Len: (356) [SndFail - rpc
exception]
<SndCsMain: 2432: 895: S0: 13:59:39> :SR: Cmd 00237200, CxtG 82382b81,
WS
Post by Asgard Hostmaster
Post by Asgard Hostmaster
EPT_S_NOT_REGISTERED, To sb-3.mydomain.net Len: (356) [SndFail - Send
Penalty]
Perhaps the ntfrs subscriber errors are bogus after all.
RPC failures are typically the result of port filtering between the
two
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
networks.
I have lost track of which replica is failing.
The best way IMHO to track down RPC failures is to do a simultaneous network
trace from each replica good gone and bad one.
Stop the FRS service on the bad replica member.
start the simultaneous network traces
start the service and let it churn for a couple minutes.
then stop the traces.
You should be looking for dropped packets. Specifically during the
SMB
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
session setup.
basically the process works are follows. client sends SMB negotiate request
to port 135 on server.
They negotiate SMB dialect,
client sends RPC endpoint mapper request to port 135 on the server.
server responds with high port to communicate on. Typically in the
1025-5000 range.
client then initiates session setup on using the high port as the
destination port.
I often see this high port being blocked at firewalls.
This is a classic cause for repeated 13508s.
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
Post by Asgard Hostmaster
Hi Glen,
Results are posted under the thread "ACLs on FRS files"
David
Post by Glenn L
Run FRSDIAG against the failing member.
then paste the contents of FRS-DS config log into this thread.
Can't remember the exact name of the log file, but it is the one
that
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
dumps
the FRS topology from AD into a text file.
I should be able to see from that if the error in the debug log is
bogus
or
not.
Glenn
Post by Asgard Hostmaster
Hi Glen,
Thanks very much for the reply! The
cn=2076db4e-718a-4a61-ac1d-9ae239578d26
Post by Asgard Hostmaster
object itself has no frsMemberReference attribute, only
frsMemberReferenceBL, which is not set. Beneath it are the 3 subscriber
objects, two of which are replicating fine and one of which,
DFS|CLIENTSITES
Post by Asgard Hostmaster
is not. All of them have frsMemberReference set correctly.
Post by Glenn LeCheminant
FRS stores all its topology info in AD.
this diag spells it out pretty clearly
Post by Asgard Hostmaster
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under
cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR -
no
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
parent
Post by Asgard Hostmaster
computer for DFS|CLIENTSITES
You need to compare your working computer objects to these.
You may be able to manually repair the objects.
I suspect the cn=2076db4e-718a-4a61-ac1d-9ae239578d26 object is
missing
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
the
MEMBERREF attribute pointing back to the member server object.
The FRS technical reference has a good diagram on how FRS
objects
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
and
attributes are glued together in AD.
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/W2K3TR_frs_intro.asp
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
If you cannot repair the objects manually, then you can D2 the
server
which
will force it to rejoin the replica set and rewrite these
objects.
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Removing and readding each Domain Controller in turn has fixed
this
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
error.
Now I'm managing to replicate SYSVOL and two other folders, but
the
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
third
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
refuses. Error in ntfrs.log now is -
<SndCsMain: 3200: 867: S0: 07:24:06> :SR: Cmd 0026f378, CxtG
4281a4ba,
Post by Asgard Hostmaster
Post by Glenn L
WS
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail -
rpc
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
call]
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
<SndCsMain: 3200: 889: S0: 07:24:06> :SR: Cmd 0026f378, CxtG
4281a4ba,
Post by Asgard Hostmaster
Post by Glenn L
WS
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail -
Send
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Penalty]
Post by Asgard Hostmaster
<FrsDsFindComputer: 3392: 8786: S2: 07:25:48> :DS: Computer
FQDN
Post by Glenn L
is
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
cn=sb-3,ou=domain controllers,dc=mydomain,dc=net
<FrsDsFindComputer: 3392: 8792: S2: 07:25:48> :DS: Computer's
dns
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
name
Post by Asgard Hostmaster
Post by Glenn L
is
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
sb-3.mydomain.net
<FrsDsFindComputer: 3392: 8806: S2: 07:25:48> :DS: Settings
reference
Post by Asgard Hostmaster
Post by Glenn L
is
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
cn=ntds
settings,cn=sb-3,cn=servers,cn=san-antonio,cn=sites,cn=configuration,dc=mydo
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
main,dc=net
Post by Asgard Hostmaster
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under cn=dfs volumes,cn=ntfrs
subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under
cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR -
no
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
parent
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
computer for DFS|CLIENTSITES : WStatus: ERROR_FILE_NOT_FOUND
Any suggestions on where to look now?
Post by Asgard Hostmaster
just to add, the NTFRS logs on the other server say -
WS ERROR_ACCESS_DENIED
So it seems obvious to be some kind of permissions problem.
Perhaps
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
a
Kerberos problem?
Post by Asgard Hostmaster
Hi folks,
I'm still struggling with getting FRS working properly. To
recap,
the
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
only thing i'm trying to replicate is SYSVOL. I've been
through
Post by Asgard Hostmaster
Post by Asgard Hostmaster
all
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
the
KBs and such I can find, and have cleared a few issues, but
still
no
luck
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
getting it working properly.
Checking the NTFRS logs, I'm down to this repeated error -
<FrsHashCalcString: 3156: 4832: S0: 21:05:06> Name =
S-1-5-21-484763869-1972579041-1417001333-1809
<SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++
ERROR -
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Invalid
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809
I'm very confident the problem relates to this, however I
can't
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
find
it
addressed anywhere on the MS site or newsgroups or elsewhere
on
Post by Asgard Hostmaster
Post by Asgard Hostmaster
the
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
net.
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
I've tried resetting the machine password on SB-2 using
netdom,
Post by Asgard Hostmaster
Post by Asgard Hostmaster
but
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
the
error is still there. How is security defined for FRS
machine
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
transactions?
thanks,
David
Glenn L
2004-10-22 05:49:06 UTC
Permalink
Ah don't you just love FRS.
First of all, it was the server that was reporting the invalid partner
errors that needed its database deleted. Not SB-2s database.

What service pack level is the W2K server reporting the AVs?

Also, What is the layout. I need a mental picture. OS versions and SP levels
You have three servers in this replica set right?
SB-2 is one of them.
Two of them replicate back and forth successfully right?

give me a recap............
Post by Asgard Hostmaster
Hi Glen,
First, let me say I really appreciate your help here! We are slowly getting
somewhere. I deleted the jet databases on SB-2 and restarted. I'm
replicating over a VPN so that there's no firewall issues. I've configured
all the Active Directory DNS records manually and removed all dynamic
updating in order to force the servers to only communicate via the VPN. This
seems to be working
The good news is that some folder replication is now happenning.
The bad news is that the FRS service on the w2K server is now crashing every
15 to 20 minutes or so. NTFRS logs give errors similiar to the following
before it happens -
members_signup_tu.htm (084289b8): VVjoin sending create
<FrsHashCalcString: 3172: 4777: S0: 15:48:26> Name =
S-1-5-21-484763869-1972579041-1417001333-2391
<FrsDsFindComputer: 524: 8723: S2: 15:48:26> :DS: Computer's
dns name is SB-2.mydomain.net
<FrsHashCalcString: 3172: 4777: S0: 15:48:26> Name =
S-1-5-21-484763869-1972579041-1417001333-2391
<FrsDsFindComputer: 524: 8737: S2: 15:48:27> :DS: Settings
reference is cn=ntds
settings,cn=sb-2,cn=servers,cn=san-antonio,cn=sites,cn=configuration,dc=mydomain,dc=net
members_unsubscribe_mis.asp (084289b9): VVjoin sending create
<FrsDsGetSubscribers: 524: 8169: S0: 15:48:27> :DS: No
NTFRSSubscriber object found under cn=dfs volumes,cn=ntfrs
subscriptions,cn=sb-2,ou=domain controllers,dc=mydomain,dc=net!
<FrsHashCalcString: 3172: 4777: S0: 15:48:27> Name =
S-1-5-21-484763869-1972579041-1417001333-2391
<FrsDsGetSubscribers: 524: 8169: S0: 15:48:27> :DS: No
NTFRSSubscriber object found under
cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs volumes,cn=ntfrs
subscriptions,cn=sb-2,ou=domain controllers,dc=mydomain,dc=net!
members_unsubscribe_misused.asp (084289ba): VVjoin sending create
<FrsHashCalcString: 3172: 4777: S0: 15:48:28> Name =
S-1-5-21-484763869-1972579041-1417001333-2391
<FrsHashCalcString: 3172: 4777: S0: 15:48:29> Name =
S-1-5-21-484763869-1972579041-1417001333-2391
newsletter.htm (084289bb): VVjoin sending create
<FrsHashCalcString: 3172: 4777: S0: 15:48:29> Name =
S-1-5-21-484763869-1972579041-1417001333-2391
<FrsHashCalcString: 3172: 4777: S0: 15:48:30> Name =
S-1-5-21-484763869-1972579041-1417001333-2391
<DBService: 2876: 4825: S0: 15:48:31> ++ ERROR -
EXCEPTION (c0000005) : WStatus: EXCEPTION_ACCESS_VIOLATION
<DBService: 2876: 4837: S0: 15:48:31> DBService
finally. WStatus: EXCEPTION_ACCESS_VIOLATION
<DBService: 2876: 4843: S0: 15:48:31> DBService
terminated abnormally, forcing service shutdown.
<FrsPrintEvent: 1672: 606: S0: 15:48:32> :E: Eventlog
written for EVENT_FRS_STOPPING (13502) severity: Info at: Thu, Oct 21 2004
15:48:32
<MainFrsShutDown: 1672: 912: S1: 15:48:32> :S: Using 90 as
ShutDownTimeOut
<MainStartShutDown: 1672: 751: S0: 15:48:32> :S: SHUTDOWN IN
PROGRESS...
Any ideas?
thanks!
David
Post by Glenn L
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
<SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++ ERROR -
Invalid
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809
Are you still seeing these invalid partner errors in the FRS debug logs?
If so, I have a hunch on root cause and ultimately how to fix it.
The server that reported this error thinks SB-2$ has a machine SID of
S-1-5-21-484763869-1972579041-1417001333-1809
If SB-2$ lost its computer account in the domain and it had to be rejoined,
it would get a new SID.
However, FRS stores this info in its local database and has no way to
dynamically update it if this event occurs.
Therefore FRS replication breaks down.
You can actually determine what the current machine SID for SB-2$ is by
using a resource kit tool. (I can't think of the name of it.)
You were right on in your original post. I should have caught
on.....completely glossed over it in favor of the nosubscriber errors.
The only way to update the FRS database is to blow it away (the one that is
reporting the errors), and force the replica to re-initialize.
couple of ways to accomplish this.
stop FRS
rename %systemroot%\ntfrs\jet folder.
start FRS
or
stop FRS
HKLM\system\ccs\services\ntfrs\parameters\backup/restore\process at startup
modify "burflags" to a HEX value of D2
start FRS.
Both of these processes will reinitialize the database forcing the member to
rejoin the replica set (and learn the SIDs of its upstream neighbors)
ALL DATA in the set will be moved into the ntfrs-preexisting folder.
then an optimized synchronization will take place. any data that is the same
on an upstream neighbor will be moved from the ntfrs pre-existing
anything different will be copied across the network.
This can take a considerable amount of time depending on the number of
files, processor, memory, and to a lesser extent bandwidth.
If this is what you are experiencing, then it is rather rare.
But it is common enough for MS to provide a bit more resiliency in FRS IMHO.
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
Post by Glenn L
Yes...FRS still has lots of room for improving the ease of
troubleshooting
(i.e. KBs)
Rather than setup VPN structure, there is an easier way. Assuming your
router admins are willing to open one port.
You can force FRS replication to use a specific high RPC port.
http://support.microsoft.com/default.aspx?scid=kb;en-us;319553
Also, here is the "all inclusive" link for Windows server system port
requirements.
http://support.microsoft.com/default.aspx?scid=kb;en-us;832017
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
Post by Asgard Hostmaster
Glen, would you happen to know of a good reference for setting up
replication via VPN? I've successfully connected my two servers with
RRAS
Post by Glenn L
Post by Asgard Hostmaster
however NTFRS insists on using the DNS names for replication which are
registered with the internet IPs. Any advice appreciated!
thanks,
david
Post by Asgard Hostmaster
Ah RPC failures, I zoned in on the NTFRS subscriber objects and
didn't
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
even
see these in the thread before.
EPT_S_NOT_REGISTERED, To sb-3.mydomain.net Len: (356) [SndFail - rpc
exception]
<SndCsMain: 2432: 895: S0: 13:59:39> :SR: Cmd 00237200, CxtG 82382b81,
WS
Post by Asgard Hostmaster
Post by Asgard Hostmaster
EPT_S_NOT_REGISTERED, To sb-3.mydomain.net Len: (356) [SndFail - Send
Penalty]
Perhaps the ntfrs subscriber errors are bogus after all.
RPC failures are typically the result of port filtering between the
two
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
networks.
I have lost track of which replica is failing.
The best way IMHO to track down RPC failures is to do a simultaneous network
trace from each replica good gone and bad one.
Stop the FRS service on the bad replica member.
start the simultaneous network traces
start the service and let it churn for a couple minutes.
then stop the traces.
You should be looking for dropped packets. Specifically during the
SMB
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
session setup.
basically the process works are follows. client sends SMB negotiate request
to port 135 on server.
They negotiate SMB dialect,
client sends RPC endpoint mapper request to port 135 on the server.
server responds with high port to communicate on. Typically in the
1025-5000 range.
client then initiates session setup on using the high port as the
destination port.
I often see this high port being blocked at firewalls.
This is a classic cause for repeated 13508s.
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
Post by Asgard Hostmaster
Hi Glen,
Results are posted under the thread "ACLs on FRS files"
David
Post by Glenn L
Run FRSDIAG against the failing member.
then paste the contents of FRS-DS config log into this thread.
Can't remember the exact name of the log file, but it is the one
that
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
dumps
the FRS topology from AD into a text file.
I should be able to see from that if the error in the debug log is
bogus
or
not.
Glenn
Post by Asgard Hostmaster
Hi Glen,
Thanks very much for the reply! The
cn=2076db4e-718a-4a61-ac1d-9ae239578d26
Post by Asgard Hostmaster
object itself has no frsMemberReference attribute, only
frsMemberReferenceBL, which is not set. Beneath it are the 3
subscriber
objects, two of which are replicating fine and one of which,
DFS|CLIENTSITES
Post by Asgard Hostmaster
is not. All of them have frsMemberReference set correctly.
Post by Glenn LeCheminant
FRS stores all its topology info in AD.
this diag spells it out pretty clearly
Post by Asgard Hostmaster
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under
cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR -
no
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
parent
Post by Asgard Hostmaster
computer for DFS|CLIENTSITES
You need to compare your working computer objects to these.
You may be able to manually repair the objects.
I suspect the cn=2076db4e-718a-4a61-ac1d-9ae239578d26 object is
missing
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
the
MEMBERREF attribute pointing back to the member server object.
The FRS technical reference has a good diagram on how FRS
objects
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
and
attributes are glued together in AD.
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/W2K3TR_frs_intro.asp
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
If you cannot repair the objects manually, then you can D2 the
server
which
will force it to rejoin the replica set and rewrite these
objects.
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Removing and readding each Domain Controller in turn has fixed
this
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
error.
Now I'm managing to replicate SYSVOL and two other folders, but
the
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
third
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
refuses. Error in ntfrs.log now is -
<SndCsMain: 3200: 867: S0: 07:24:06> :SR: Cmd 0026f378, CxtG
4281a4ba,
Post by Asgard Hostmaster
Post by Glenn L
WS
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail -
rpc
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
call]
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
<SndCsMain: 3200: 889: S0: 07:24:06> :SR: Cmd 0026f378, CxtG
4281a4ba,
Post by Asgard Hostmaster
Post by Glenn L
WS
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail -
Send
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Penalty]
Post by Asgard Hostmaster
<FrsDsFindComputer: 3392: 8786: S2: 07:25:48> :DS: Computer
FQDN
Post by Glenn L
is
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
cn=sb-3,ou=domain controllers,dc=mydomain,dc=net
<FrsDsFindComputer: 3392: 8792: S2: 07:25:48> :DS: Computer's
dns
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
name
Post by Asgard Hostmaster
Post by Glenn L
is
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
sb-3.mydomain.net
<FrsDsFindComputer: 3392: 8806: S2: 07:25:48> :DS: Settings
reference
Post by Asgard Hostmaster
Post by Glenn L
is
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
cn=ntds
settings,cn=sb-3,cn=servers,cn=san-antonio,cn=sites,cn=configuration,dc=mydo
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
main,dc=net
Post by Asgard Hostmaster
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under cn=dfs volumes,cn=ntfrs
subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under
cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR -
no
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
parent
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
computer for DFS|CLIENTSITES : WStatus: ERROR_FILE_NOT_FOUND
Any suggestions on where to look now?
Post by Asgard Hostmaster
just to add, the NTFRS logs on the other server say -
WS ERROR_ACCESS_DENIED
So it seems obvious to be some kind of permissions problem.
Perhaps
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
a
Kerberos problem?
Post by Asgard Hostmaster
Hi folks,
I'm still struggling with getting FRS working properly. To
recap,
the
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
only thing i'm trying to replicate is SYSVOL. I've been
through
Post by Asgard Hostmaster
Post by Asgard Hostmaster
all
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
the
KBs and such I can find, and have cleared a few issues, but
still
no
luck
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
getting it working properly.
Checking the NTFRS logs, I'm down to this repeated error -
<FrsHashCalcString: 3156: 4832: S0: 21:05:06> Name =
S-1-5-21-484763869-1972579041-1417001333-1809
<SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++
ERROR -
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Invalid
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809
I'm very confident the problem relates to this, however I
can't
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
find
it
addressed anywhere on the MS site or newsgroups or
elsewhere
on
Post by Asgard Hostmaster
Post by Asgard Hostmaster
the
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
net.
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
I've tried resetting the machine password on SB-2 using
netdom,
Post by Asgard Hostmaster
Post by Asgard Hostmaster
but
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
the
error is still there. How is security defined for FRS
machine
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
transactions?
thanks,
David
Glenn L
2004-10-22 05:53:02 UTC
Permalink
I need a recap of the setup.
3 servers right? names, OS, SP levels?
two of them are replicating back and forth successfully right? which two
Post by Asgard Hostmaster
Hi Glen,
First, let me say I really appreciate your help here! We are slowly getting
somewhere. I deleted the jet databases on SB-2 and restarted. I'm
replicating over a VPN so that there's no firewall issues. I've configured
all the Active Directory DNS records manually and removed all dynamic
updating in order to force the servers to only communicate via the VPN. This
seems to be working
The good news is that some folder replication is now happenning.
The bad news is that the FRS service on the w2K server is now crashing every
15 to 20 minutes or so. NTFRS logs give errors similiar to the following
before it happens -
members_signup_tu.htm (084289b8): VVjoin sending create
<FrsHashCalcString: 3172: 4777: S0: 15:48:26> Name =
S-1-5-21-484763869-1972579041-1417001333-2391
<FrsDsFindComputer: 524: 8723: S2: 15:48:26> :DS: Computer's
dns name is SB-2.mydomain.net
<FrsHashCalcString: 3172: 4777: S0: 15:48:26> Name =
S-1-5-21-484763869-1972579041-1417001333-2391
<FrsDsFindComputer: 524: 8737: S2: 15:48:27> :DS: Settings
reference is cn=ntds
settings,cn=sb-2,cn=servers,cn=san-antonio,cn=sites,cn=configuration,dc=mydomain,dc=net
members_unsubscribe_mis.asp (084289b9): VVjoin sending create
<FrsDsGetSubscribers: 524: 8169: S0: 15:48:27> :DS: No
NTFRSSubscriber object found under cn=dfs volumes,cn=ntfrs
subscriptions,cn=sb-2,ou=domain controllers,dc=mydomain,dc=net!
<FrsHashCalcString: 3172: 4777: S0: 15:48:27> Name =
S-1-5-21-484763869-1972579041-1417001333-2391
<FrsDsGetSubscribers: 524: 8169: S0: 15:48:27> :DS: No
NTFRSSubscriber object found under
cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs volumes,cn=ntfrs
subscriptions,cn=sb-2,ou=domain controllers,dc=mydomain,dc=net!
members_unsubscribe_misused.asp (084289ba): VVjoin sending create
<FrsHashCalcString: 3172: 4777: S0: 15:48:28> Name =
S-1-5-21-484763869-1972579041-1417001333-2391
<FrsHashCalcString: 3172: 4777: S0: 15:48:29> Name =
S-1-5-21-484763869-1972579041-1417001333-2391
newsletter.htm (084289bb): VVjoin sending create
<FrsHashCalcString: 3172: 4777: S0: 15:48:29> Name =
S-1-5-21-484763869-1972579041-1417001333-2391
<FrsHashCalcString: 3172: 4777: S0: 15:48:30> Name =
S-1-5-21-484763869-1972579041-1417001333-2391
<DBService: 2876: 4825: S0: 15:48:31> ++ ERROR -
EXCEPTION (c0000005) : WStatus: EXCEPTION_ACCESS_VIOLATION
<DBService: 2876: 4837: S0: 15:48:31> DBService
finally. WStatus: EXCEPTION_ACCESS_VIOLATION
<DBService: 2876: 4843: S0: 15:48:31> DBService
terminated abnormally, forcing service shutdown.
<FrsPrintEvent: 1672: 606: S0: 15:48:32> :E: Eventlog
written for EVENT_FRS_STOPPING (13502) severity: Info at: Thu, Oct 21 2004
15:48:32
<MainFrsShutDown: 1672: 912: S1: 15:48:32> :S: Using 90 as
ShutDownTimeOut
<MainStartShutDown: 1672: 751: S0: 15:48:32> :S: SHUTDOWN IN
PROGRESS...
Any ideas?
thanks!
David
Post by Glenn L
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
<SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++ ERROR -
Invalid
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809
Are you still seeing these invalid partner errors in the FRS debug logs?
If so, I have a hunch on root cause and ultimately how to fix it.
The server that reported this error thinks SB-2$ has a machine SID of
S-1-5-21-484763869-1972579041-1417001333-1809
If SB-2$ lost its computer account in the domain and it had to be rejoined,
it would get a new SID.
However, FRS stores this info in its local database and has no way to
dynamically update it if this event occurs.
Therefore FRS replication breaks down.
You can actually determine what the current machine SID for SB-2$ is by
using a resource kit tool. (I can't think of the name of it.)
You were right on in your original post. I should have caught
on.....completely glossed over it in favor of the nosubscriber errors.
The only way to update the FRS database is to blow it away (the one that is
reporting the errors), and force the replica to re-initialize.
couple of ways to accomplish this.
stop FRS
rename %systemroot%\ntfrs\jet folder.
start FRS
or
stop FRS
HKLM\system\ccs\services\ntfrs\parameters\backup/restore\process at startup
modify "burflags" to a HEX value of D2
start FRS.
Both of these processes will reinitialize the database forcing the member to
rejoin the replica set (and learn the SIDs of its upstream neighbors)
ALL DATA in the set will be moved into the ntfrs-preexisting folder.
then an optimized synchronization will take place. any data that is the same
on an upstream neighbor will be moved from the ntfrs pre-existing
anything different will be copied across the network.
This can take a considerable amount of time depending on the number of
files, processor, memory, and to a lesser extent bandwidth.
If this is what you are experiencing, then it is rather rare.
But it is common enough for MS to provide a bit more resiliency in FRS IMHO.
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
Post by Glenn L
Yes...FRS still has lots of room for improving the ease of
troubleshooting
(i.e. KBs)
Rather than setup VPN structure, there is an easier way. Assuming your
router admins are willing to open one port.
You can force FRS replication to use a specific high RPC port.
http://support.microsoft.com/default.aspx?scid=kb;en-us;319553
Also, here is the "all inclusive" link for Windows server system port
requirements.
http://support.microsoft.com/default.aspx?scid=kb;en-us;832017
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
Post by Asgard Hostmaster
Glen, would you happen to know of a good reference for setting up
replication via VPN? I've successfully connected my two servers with
RRAS
Post by Glenn L
Post by Asgard Hostmaster
however NTFRS insists on using the DNS names for replication which are
registered with the internet IPs. Any advice appreciated!
thanks,
david
Post by Asgard Hostmaster
Ah RPC failures, I zoned in on the NTFRS subscriber objects and
didn't
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
even
see these in the thread before.
EPT_S_NOT_REGISTERED, To sb-3.mydomain.net Len: (356) [SndFail - rpc
exception]
<SndCsMain: 2432: 895: S0: 13:59:39> :SR: Cmd 00237200, CxtG 82382b81,
WS
Post by Asgard Hostmaster
Post by Asgard Hostmaster
EPT_S_NOT_REGISTERED, To sb-3.mydomain.net Len: (356) [SndFail - Send
Penalty]
Perhaps the ntfrs subscriber errors are bogus after all.
RPC failures are typically the result of port filtering between the
two
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
networks.
I have lost track of which replica is failing.
The best way IMHO to track down RPC failures is to do a simultaneous network
trace from each replica good gone and bad one.
Stop the FRS service on the bad replica member.
start the simultaneous network traces
start the service and let it churn for a couple minutes.
then stop the traces.
You should be looking for dropped packets. Specifically during the
SMB
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
session setup.
basically the process works are follows. client sends SMB negotiate request
to port 135 on server.
They negotiate SMB dialect,
client sends RPC endpoint mapper request to port 135 on the server.
server responds with high port to communicate on. Typically in the
1025-5000 range.
client then initiates session setup on using the high port as the
destination port.
I often see this high port being blocked at firewalls.
This is a classic cause for repeated 13508s.
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
Post by Asgard Hostmaster
Hi Glen,
Results are posted under the thread "ACLs on FRS files"
David
Post by Glenn L
Run FRSDIAG against the failing member.
then paste the contents of FRS-DS config log into this thread.
Can't remember the exact name of the log file, but it is the one
that
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
dumps
the FRS topology from AD into a text file.
I should be able to see from that if the error in the debug log is
bogus
or
not.
Glenn
Post by Asgard Hostmaster
Hi Glen,
Thanks very much for the reply! The
cn=2076db4e-718a-4a61-ac1d-9ae239578d26
Post by Asgard Hostmaster
object itself has no frsMemberReference attribute, only
frsMemberReferenceBL, which is not set. Beneath it are the 3
subscriber
objects, two of which are replicating fine and one of which,
DFS|CLIENTSITES
Post by Asgard Hostmaster
is not. All of them have frsMemberReference set correctly.
Post by Glenn LeCheminant
FRS stores all its topology info in AD.
this diag spells it out pretty clearly
Post by Asgard Hostmaster
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under
cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR -
no
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
parent
Post by Asgard Hostmaster
computer for DFS|CLIENTSITES
You need to compare your working computer objects to these.
You may be able to manually repair the objects.
I suspect the cn=2076db4e-718a-4a61-ac1d-9ae239578d26 object is
missing
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
the
MEMBERREF attribute pointing back to the member server object.
The FRS technical reference has a good diagram on how FRS
objects
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
and
attributes are glued together in AD.
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/W2K3TR_frs_intro.asp
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
If you cannot repair the objects manually, then you can D2 the
server
which
will force it to rejoin the replica set and rewrite these
objects.
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Removing and readding each Domain Controller in turn has fixed
this
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
error.
Now I'm managing to replicate SYSVOL and two other folders, but
the
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
third
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
refuses. Error in ntfrs.log now is -
<SndCsMain: 3200: 867: S0: 07:24:06> :SR: Cmd 0026f378, CxtG
4281a4ba,
Post by Asgard Hostmaster
Post by Glenn L
WS
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail -
rpc
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
call]
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
<SndCsMain: 3200: 889: S0: 07:24:06> :SR: Cmd 0026f378, CxtG
4281a4ba,
Post by Asgard Hostmaster
Post by Glenn L
WS
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
ERROR_INVALID_DATA, To SB-2.mydomain.net Len: (388) [SndFail -
Send
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Penalty]
Post by Asgard Hostmaster
<FrsDsFindComputer: 3392: 8786: S2: 07:25:48> :DS: Computer
FQDN
Post by Glenn L
is
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
cn=sb-3,ou=domain controllers,dc=mydomain,dc=net
<FrsDsFindComputer: 3392: 8792: S2: 07:25:48> :DS: Computer's
dns
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
name
Post by Asgard Hostmaster
Post by Glenn L
is
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
sb-3.mydomain.net
<FrsDsFindComputer: 3392: 8806: S2: 07:25:48> :DS: Settings
reference
Post by Asgard Hostmaster
Post by Glenn L
is
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
cn=ntds
settings,cn=sb-3,cn=servers,cn=san-antonio,cn=sites,cn=configuration,dc=mydo
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
main,dc=net
Post by Asgard Hostmaster
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under cn=dfs volumes,cn=ntfrs
subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<FrsDsGetSubscribers: 3392: 8239: S0: 07:25:48> :DS: No
NTFRSSubscriber
object found under
cn=2076db4e-718a-4a61-ac1d-9ae239578d26,cn=dfs
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
volumes,cn=ntfrs subscriptions,cn=sb-3,ou=domain
controllers,dc=mydomain,dc=net!
<RcsCreateSeedingCxtion: 2828: 6938: S0: 07:25:48> :X: ERROR -
no
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
parent
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
computer for DFS|CLIENTSITES : WStatus: ERROR_FILE_NOT_FOUND
Any suggestions on where to look now?
Post by Asgard Hostmaster
just to add, the NTFRS logs on the other server say -
WS ERROR_ACCESS_DENIED
So it seems obvious to be some kind of permissions problem.
Perhaps
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
a
Kerberos problem?
Post by Asgard Hostmaster
Hi folks,
I'm still struggling with getting FRS working properly. To
recap,
the
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
only thing i'm trying to replicate is SYSVOL. I've been
through
Post by Asgard Hostmaster
Post by Asgard Hostmaster
all
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
the
KBs and such I can find, and have cleared a few issues, but
still
no
luck
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
getting it working properly.
Checking the NTFRS logs, I'm down to this repeated error -
<FrsHashCalcString: 3156: 4832: S0: 21:05:06> Name =
S-1-5-21-484763869-1972579041-1417001333-1809
<SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++
ERROR -
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Invalid
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809
I'm very confident the problem relates to this, however I
can't
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
find
it
addressed anywhere on the MS site or newsgroups or
elsewhere
on
Post by Asgard Hostmaster
Post by Asgard Hostmaster
the
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
net.
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
I've tried resetting the machine password on SB-2 using
netdom,
Post by Asgard Hostmaster
Post by Asgard Hostmaster
but
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
the
error is still there. How is security defined for FRS
machine
Post by Glenn L
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Glenn L
Post by Asgard Hostmaster
Post by Glenn LeCheminant
Post by Asgard Hostmaster
Post by Asgard Hostmaster
Post by Asgard Hostmaster
transactions?
thanks,
David
Asgard Hostmaster
2004-10-22 13:14:23 UTC
Permalink
I have two servers at a remote data center, SB-2 and SB-3. Actually I have
three, but the third is linux, so can be ignored :-)

SB-2 is Windows 2000 standard
SB-3 is Windows 2003 standard
both have all the latest publicly released SPs, patches

SB-3 is currently the PDC, SB-2 has all other roles
SB-3 hosts the dfsroot
SYSVOL is now apparently replicating fine.
After getting that working I began adding other folders for replication.
First a folder of about 10mb total called ASGARD. It now seems to be
replicating just fine.
I then added the folder I'm particularly wanting to replicate, CLIENTWEBS.
Its about 8GB, 400 folders and well, heaps of files :-). Note that I have
increased the FRS staging space to 10Gb in the registry.

On SB-2, about 2 minutes after NTFRS is started I'm getting the errors below
in the event log and then NTFRS is shutdown. It restarts 20mins later and
the whole cycle starts again. If I remove CLIENTWEBS from the DFS set,
things start to work again

******************************************
Event Type: Error
Event Source: NtFrs
Event Category: None
Event ID: 13552
Date: 10/22/2004
Time: 6:49:53 AM
User: N/A
Computer: SB-2
Description:
The File Replication Service is unable to add this computer to the following
replica set:
"DFSROOT|CLIENTWEBS"

This could be caused by a number of problems such as:
-- an invalid root path,
-- a missing directory,
-- a missing disk volume,
-- a file system on the volume that does not support NTFS 5.0

The information below may help to resolve the problem:
Computer DNS name is "SB-2.asgard.net"
Replica set member name is "{717F03BF-916B-4CAC-A6E4-E14AD118275C}"
Replica set root path is "c:\inetpub\clients"
Replica staging directory path is "c:\frs-staging"
Replica working directory path is "c:\winnt\ntfrs\jet"
Windows error status code is
FRS error status code is FrsErrorSuccess

Other event log messages may also help determine the problem. Correct the
problem and the service will attempt to restart replication automatically at
a later time.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
******************************************

******************************************
Event Type: Error
Event Source: NtFrs
Event Category: None
Event ID: 13555
Date: 10/22/2004
Time: 6:49:58 AM
User: N/A
Computer: SB-2
Description:
The File Replication Service is in an error state. Files will not replicate
to or from one or all of the replica sets on this computer until the
following recovery steps are performed: <removed for brevity>
******************************************

******************************************
Event Type: Information
Event Source: NtFrs
Event Category: None
Event ID: 13516
Date: 10/22/2004
Time: 6:50:09 AM
User: N/A
Computer: SB-2
Description:
The File Replication Service is no longer preventing the computer SB-2 from
becoming a domain controller. The system volume has been successfully
initialized and the Netlogon service has been notified that the system
volume is now ready to be shared as SYSVOL.

Type "net share" to check for the SYSVOL share.
******************************************

******************************************
Event Type: Error
Event Source: NtFrs
Event Category: None
Event ID: 13506
Date: 10/22/2004
Time: 6:55:50 AM
User: N/A
Computer: SB-2
Description:
The File Replication Service failed a consistency check
(!Cxtion->Inbound)
in "OutLogCleanupWorker:" at line 5000.

The File Replication Service will restart automatically at a later time. If
this problem persists a subsequent entry in this event log describes the
recovery procedure.
For more information about the automatic restart right click on My Computer
and then click on Manage, System Tools, Services, File Replication Service,
and Recovery.
******************************************
Glenn L
2004-10-24 16:07:29 UTC
Permalink
This post might be inappropriate. Click to display it.
Asgard Hostmaster
2004-10-25 13:28:13 UTC
Permalink
Hi Glen,

Already tried that numerous times. However, I have made some progress in
narrowing the problem. NTFRS is only dying when my main replication folder
is added. If I add small test folders, then everything now works fine.
Adding the main folder, around 8GB, all seems to be working, ie no errors,
but there is no replication. I assume this is because the source machine is
still processing the files. So, I've tried just leaving it to see what
happens. The ntfrs.jdb file keeps growing, after about a day it's around
150mb or so and at this point the NTFRS service keeps crashing every 30 mins
or so. If I remove the problem link, rename the jet folder, and restart,
then replication on the other folders works just fine.

So it either means NTFRS just doesn't like that folder, or it's hitting some
other problem when the journal gets too big (yes I had raised the size in
the registry).
Post by Glenn L
My experience with 13506 errors is limited.
The ones I have come across have required a restore of the replica member.
(blow away the FRS database)
Since you only have 2 replica members, it may be quicker to shotgun this
rather than troubleshooting anything furtherr.
Stop FRS on both systems.
pick the system you want to be the master replica.
HKLM\system\ccs\services\NTFRS\parameters\backup/restore\process at startup
Modify "burflags" to a HEX value of D4
Start FRS on this system.
The FRS service should complete its processing (walk the tree and create
file IDs for every folder and file in the dataset) before starting FRS on
the downstream partner.
When this process completes (NTFRS processor utilization drops to 0) proceed
to the other member.
HLKM\system\ccs\services\NTFRS\parameters\backup/restore\process at startup
Modify "burflags" to a HEX value of D2
Start FRS on this system.
All data should synchronize.
--
Glenn L
CCNA, MCSE 2000, MCSE 2003 + Security
Post by Asgard Hostmaster
I have two servers at a remote data center, SB-2 and SB-3. Actually I have
three, but the third is linux, so can be ignored :-)
SB-2 is Windows 2000 standard
SB-3 is Windows 2003 standard
both have all the latest publicly released SPs, patches
SB-3 is currently the PDC, SB-2 has all other roles
SB-3 hosts the dfsroot
SYSVOL is now apparently replicating fine.
After getting that working I began adding other folders for replication.
First a folder of about 10mb total called ASGARD. It now seems to be
replicating just fine.
I then added the folder I'm particularly wanting to replicate, CLIENTWEBS.
Its about 8GB, 400 folders and well, heaps of files :-). Note that I have
increased the FRS staging space to 10Gb in the registry.
On SB-2, about 2 minutes after NTFRS is started I'm getting the errors
below
Post by Asgard Hostmaster
in the event log and then NTFRS is shutdown. It restarts 20mins later and
the whole cycle starts again. If I remove CLIENTWEBS from the DFS set,
things start to work again
******************************************
Event Type: Error
Event Source: NtFrs
Event Category: None
Event ID: 13552
Date: 10/22/2004
Time: 6:49:53 AM
User: N/A
Computer: SB-2
The File Replication Service is unable to add this computer to the
following
Post by Asgard Hostmaster
"DFSROOT|CLIENTWEBS"
-- an invalid root path,
-- a missing directory,
-- a missing disk volume,
-- a file system on the volume that does not support NTFS 5.0
Computer DNS name is "SB-2.asgard.net"
Replica set member name is "{717F03BF-916B-4CAC-A6E4-E14AD118275C}"
Replica set root path is "c:\inetpub\clients"
Replica staging directory path is "c:\frs-staging"
Replica working directory path is "c:\winnt\ntfrs\jet"
Windows error status code is
FRS error status code is FrsErrorSuccess
Other event log messages may also help determine the problem. Correct the
problem and the service will attempt to restart replication automatically
at
Post by Asgard Hostmaster
a later time.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
******************************************
******************************************
Event Type: Error
Event Source: NtFrs
Event Category: None
Event ID: 13555
Date: 10/22/2004
Time: 6:49:58 AM
User: N/A
Computer: SB-2
The File Replication Service is in an error state. Files will not
replicate
Post by Asgard Hostmaster
to or from one or all of the replica sets on this computer until the
following recovery steps are performed: <removed for brevity>
******************************************
******************************************
Event Type: Information
Event Source: NtFrs
Event Category: None
Event ID: 13516
Date: 10/22/2004
Time: 6:50:09 AM
User: N/A
Computer: SB-2
The File Replication Service is no longer preventing the computer SB-2
from
Post by Asgard Hostmaster
becoming a domain controller. The system volume has been successfully
initialized and the Netlogon service has been notified that the system
volume is now ready to be shared as SYSVOL.
Type "net share" to check for the SYSVOL share.
******************************************
******************************************
Event Type: Error
Event Source: NtFrs
Event Category: None
Event ID: 13506
Date: 10/22/2004
Time: 6:55:50 AM
User: N/A
Computer: SB-2
The File Replication Service failed a consistency check
(!Cxtion->Inbound)
in "OutLogCleanupWorker:" at line 5000.
The File Replication Service will restart automatically at a later time.
If
Post by Asgard Hostmaster
this problem persists a subsequent entry in this event log describes the
recovery procedure.
For more information about the automatic restart right click on My
Computer
Post by Asgard Hostmaster
and then click on Manage, System Tools, Services, File Replication
Service,
Post by Asgard Hostmaster
and Recovery.
******************************************
admir
2004-10-26 09:23:46 UTC
Permalink
Hi there,

I have exectly the same problem. (Error 13508)

I have bean posting this issue for sometime but no response. I Have 2
replicas. One of them is a folder with about 30 subfolders and other is
about 800 subfolders. The one with 800 subfolders is having trouble
replicating. The real kouse of this is unknown to me but I have notesd
that stagging folder is on diferent partition then replica. So what I am
about to do is change the location of the frs stagging folder to the
same partition as replica.

Annyway I will let you know.

Gr,

Admir
Post by Asgard Hostmaster
Hi folks,
I'm still struggling with getting FRS working properly. To recap, the only
thing i'm trying to replicate is SYSVOL. I've been through all the KBs and
such I can find, and have cleared a few issues, but still no luck getting it
working properly.
Checking the NTFRS logs, I'm down to this repeated error -
<FrsHashCalcString: 3156: 4832: S0: 21:05:06> Name =
S-1-5-21-484763869-1972579041-1417001333-1809
<SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++ ERROR - Invalid
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809
I'm very confident the problem relates to this, however I can't find it
addressed anywhere on the MS site or newsgroups or elsewhere on the net.
I've tried resetting the machine password on SB-2 using netdom, but the
error is still there. How is security defined for FRS machine
transactions?
Post by Asgard Hostmaster
thanks,
David
admir
2004-10-27 10:13:27 UTC
Permalink
Hi there,

I have not changed the location of the stagging folder. I just made sure I
have inaffspace on the disks and that staging space is inaff.
Next think I did is I gave full rights to "SYSTEM" on evry posible folder
that had to do anything with DFS and its replicas.
After that I restarted FRS. in the begining I get event id 13508 on both
servers after 10 minutes or so one of the servers (The one that is running
DFS root and where replicas are) starts showing even id 13509, saying that
replication started. This applayes for both folders. (the big one and the
small one)

On the other hand other server that is holding the originals is still
showing event id 13508.

In ntfrs log files (NtFrs_0001.log tru NtFrs_0005.log) shows this error
several times.


FrsOpenSourceFileById 68736:00:00 80256:00:00 S0 10 56 21> ++ ERROR -
NtCreateFile failed NTStatus STATUS_OPLOCK_NOT_GRANTED



What does this mean and how can I fix it?



On the server where dfs root is runing I get folowing Errors several times:



<RcsCreateSeedingCxtion 9548 7078 S0 12 2 44> X ERROR - no parent computer
found for DFSROOT|CURSI WStatus ERROR_FILE_NOT_FOUND



And



FrsOpenSourceFileById 2832 3344 S0 12 2 10> ++ ERROR - NtCreateFile failed
NTStatus STATUS_OBJECT_NAME_NOT_FOUND



I am realy confused cos sysvol is replicating just fine and the other folder
(folder with less subfolders) too.



please help.
Post by Asgard Hostmaster
Hi folks,
I'm still struggling with getting FRS working properly. To recap, the only
thing i'm trying to replicate is SYSVOL. I've been through all the KBs and
such I can find, and have cleared a few issues, but still no luck getting it
working properly.
Checking the NTFRS logs, I'm down to this repeated error -
<FrsHashCalcString: 3156: 4832: S0: 21:05:06> Name =
S-1-5-21-484763869-1972579041-1417001333-1809
<SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++ ERROR - Invalid
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809
I'm very confident the problem relates to this, however I can't find it
addressed anywhere on the MS site or newsgroups or elsewhere on the net.
I've tried resetting the machine password on SB-2 using netdom, but the
error is still there. How is security defined for FRS machine
transactions?
Post by Asgard Hostmaster
thanks,
David
Asgard Hostmaster
2004-10-29 00:08:00 UTC
Permalink
I've given up trying to replicate the large folder, I'm now looking at
trying to setup replication for each individual subfolder and see if I can
narrow the problem down
Post by admir
Hi there,
I have not changed the location of the stagging folder. I just made sure I
have inaffspace on the disks and that staging space is inaff.
Next think I did is I gave full rights to "SYSTEM" on evry posible folder
that had to do anything with DFS and its replicas.
After that I restarted FRS. in the begining I get event id 13508 on both
servers after 10 minutes or so one of the servers (The one that is running
DFS root and where replicas are) starts showing even id 13509, saying that
replication started. This applayes for both folders. (the big one and the
small one)
On the other hand other server that is holding the originals is still
showing event id 13508.
In ntfrs log files (NtFrs_0001.log tru NtFrs_0005.log) shows this error
several times.
FrsOpenSourceFileById 68736:00:00 80256:00:00 S0 10 56 21> ++ ERROR -
NtCreateFile failed NTStatus STATUS_OPLOCK_NOT_GRANTED
What does this mean and how can I fix it?
<RcsCreateSeedingCxtion 9548 7078 S0 12 2 44> X ERROR - no parent computer
found for DFSROOT|CURSI WStatus ERROR_FILE_NOT_FOUND
And
FrsOpenSourceFileById 2832 3344 S0 12 2 10> ++ ERROR - NtCreateFile failed
NTStatus STATUS_OBJECT_NAME_NOT_FOUND
I am realy confused cos sysvol is replicating just fine and the other folder
(folder with less subfolders) too.
please help.
Post by Asgard Hostmaster
Hi folks,
I'm still struggling with getting FRS working properly. To recap, the only
thing i'm trying to replicate is SYSVOL. I've been through all the KBs and
such I can find, and have cleared a few issues, but still no luck getting
it
Post by Asgard Hostmaster
working properly.
Checking the NTFRS logs, I'm down to this repeated error -
<FrsHashCalcString: 3156: 4832: S0: 21:05:06> Name =
S-1-5-21-484763869-1972579041-1417001333-1809
<SERVER_FrsRpcSendCommPkt: 3156: 442: S0: 21:05:06> ++ ERROR - Invalid
Partner: AuthClient:ASGARD\SB-2$,
AuthSid:S-1-5-21-484763869-1972579041-1417001333-1809
I'm very confident the problem relates to this, however I can't find it
addressed anywhere on the MS site or newsgroups or elsewhere on the net.
I've tried resetting the machine password on SB-2 using netdom, but the
error is still there. How is security defined for FRS machine
transactions?
Post by Asgard Hostmaster
thanks,
David
Continue reading on narkive:
Loading...