Discussion:
NTfrs errors
(too old to reply)
markh
2005-08-19 00:32:00 UTC
Permalink
Hi there, I am currently working with two servers (production and office). I
am getting numerous errors on the office server stating it cannot replicate
with the production server. The error is as follows:

Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 17/08/2005
Time: 4:46:33 AM
User: N/A
Computer: BMPSERVER
Description:
The File Replication Service is having trouble enabling replication from
CEDAR to BMPSERVER for c:\winnt\sysvol\domain using the DNS name
cedar.BMP.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.

[1] FRS can not correctly resolve the DNS name cedar.BMP.local from this
computer.
[2] FRS is not running on cedar.BMP.local.
[3] The topology information in the Active Directory for this replica has
not yet replicated to all the Domain Controllers.

This event log message will appear once per connection, After the problem
is fixed you will see another event log message indicating that the
connection has been established.
Data:
0000: d5 04 00 00 Õ...

I am extremely new to replication and all its nuances.

Whilst researching i found that both servers had the file replication
service started but only the production server had the SYSVOL and NETLOGON
folders shared.

I think this is the cause of the problem where the replication service
cannot find the files to replicate on the office server.

If i shared the NETLOGON and SYSVOL folders, would that fix the problem? If
it fixes the problem will it cause any other problems?

Currently we do not use the production server for local computer logon, only
terminal services logon. All local logon are authorised by the office server
never the production server except for the production computers which are
always connected to the production server.

If anyone could help i would be greatly appreciative.

Thanks in advance
Markh
Paul Williams [MVP]
2005-08-19 08:31:37 UTC
Permalink
Post by markh
Whilst researching i found that both servers had the file replication
service started but only the production server had the SYSVOL and NETLOGON
folders shared.
This is to be expected if one is NOT a DC.
Post by markh
I think this is the cause of the problem where the replication service
cannot find the files to replicate on the office server.
Depends. Could be. Can you clarify both are DCs? Or do you have a
domain-based DFS root that is causing this problem?
Post by markh
If i shared the NETLOGON and SYSVOL folders, would that fix the problem?
If it fixes the problem will it cause any other problems?
No this wont. If the DCPROMO was not successful, then you need to rebuild
the SYSVOL. However, you must get name resolution working properly first.
Name resolution (DNS) is probably your problem, as your error indicates that
the server cannot establish an RPC session with its upstream partner. Can
you please provide some additional information on your environment,
particularly how DNS is setup and where these machines are pointing for DNS,
etc.?
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
markh
2005-08-21 23:13:48 UTC
Permalink
Thankyou for the help,
Post by Paul Williams [MVP]
Depends. Could be. Can you clarify both are DCs? Or do you have a
domain-based DFS root that is causing this problem?
The two servers are both DCs running Windows 2000 Server SP4
Post by Paul Williams [MVP]
the SYSVOL. However, you must get name resolution working properly first.
Name resolution (DNS) is probably your problem, as your error indicates that
the server cannot establish an RPC session with its upstream partner. Can
you please provide some additional information on your environment,
particularly how DNS is setup and where these machines are pointing for DNS,
etc.?
Would you be able to let me know what i am meant to be looking for as the
forward lookup zones have both servers known as "Name Server"
The office server is also known as "Start of Authority".

There are also 4 folders called _msdcs, _sites, _tcp, and _udp.

Do ineed to get any info out of them as well?

I am extremely new to these DNS problems.

Thanks again

Markh
Paul Williams [MVP]
2005-08-24 08:15:51 UTC
Permalink
Basically, we just want to check that all is well with DNS. The fact that
both servers are listed as NS records means that they're both DNS servers -
don't worry about the SOA at this moment in time. You most certainly want
and need the _msdcs et al folders - these are critical to AD working.

However, to ensure that replication is indeed working, point both DCs at one
DC for DNS and restart NETLOGON on both. Then type IPCONFIG /REGISTERDNS on
both. After doing this, if you haven't already, install the latest version
of the support tools (the version with the SP - these are either available
on your installation media or via download) and then run REPLMON. Force
replication and verify it works. If it does work, reboot the box that is
missing SYSVOL. If SYSVOL still isn't up and running when you get back up,
you should try and follow this article:
-- http://support.microsoft.com/?id=315457
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
markh
2005-08-24 21:02:40 UTC
Permalink
Post by Paul Williams [MVP]
Basically, we just want to check that all is well with DNS. The fact that
both servers are listed as NS records means that they're both DNS servers -
don't worry about the SOA at this moment in time. You most certainly want
and need the _msdcs et al folders - these are critical to AD working.
However, to ensure that replication is indeed working, point both DCs at one
DC for DNS and restart NETLOGON on both. Then type IPCONFIG /REGISTERDNS on
both. After doing this, if you haven't already, install the latest version
of the support tools (the version with the SP - these are either available
on your installation media or via download) and then run REPLMON. Force
replication and verify it works. If it does work, reboot the box that is
missing SYSVOL. If SYSVOL still isn't up and running when you get back up,
-- http://support.microsoft.com/?id=315457
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
Thankyou so much it fixed our problem.

I pointed it at the office server and reregistered the dns and bang all the
errors stopped. I assumed that the errors being created had to do with
replication or something not setup.

Thanks again it is very muchly appreciated.

Markh
Paul Williams [MVP]
2005-08-26 18:30:24 UTC
Permalink
No problem! DNS should always be one of the first checks you make - and the
SRV RRs, not just A and PTR.

All the best!
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
Doug
2005-08-29 19:03:06 UTC
Permalink
I am having the same problems described by markh. I am getting the
same 13508 error, followed by the 13509 error. I believe the problem I
am having is with the DNS too based on what I have read here and on our
outsourced network administrators opinion. I don't quite understand
your post due to my lack of knowledge with DNS:

Could you please offer me a more extensive explanation as how to point
both DCs at one DC for DNS?

Our DFS_FRS is experiencing file loss in certain cases, especially with
Excel and Word documents. For example, the documents will revert to
older files or will just not be updated all together. Otherwise, the
system seems healthy with other file types.
Paul Williams [MVP]
2005-08-30 08:24:23 UTC
Permalink
Post by Doug
Could you please offer me a more extensive explanation as how to point
both DCs at one DC for DNS?
Sure. Basically the 13508 message means that FRS cannot establish an RPC
session with it's upstream partner to be able to replicate. This can be a
couple of things, but is most likely DNS, as network connectivity problems
would be a lot more prevalent.

DNS is the back bone of AD. AD uses DNS to locate services and systems.
For example, if you have a PC in a site called Cardiff, that client would be
looking for a DC or GC with a DNS lookup like so:

_ldap._tcp.cardiff._sites.dc._msdcs.domain-name.com


Similar lookups are needed to find the KDC and thus get a session key to
connect to another server or PC.

Therefore, DNS must be working - for a whole number of reasons. The reason
I told Mark to move which server is pointing to which DNS server is because
I assumed replication isn't working. If you are using AD-Integrated DNS and
the DCs aren't working, then changing your DC to temporarily point to
another [for DNS] so that it can register in that zone and then be able to
resolve other DCs and therefore replicate is a common way of being able to
fix this problem.

Here's what I would do:

-- Install the support tools
-- Change the troublesome DC to point to another DC for DNS (assuming
AD-Integrated DNS here)
-- Restart NETLOGON
-- Run the command: IPCONFIG /REGISTERDNS
-- Load REPLMON and force replication
-- Change back to previous DNS (assuming a legal choice [1])


To change which DNS server your DCs point to, you simply reconfigure the
primary DNS server in the advanced TCP/IP properties for your NIC. Have a
look at this for some additional, semi-pertinent information:
-- http://www.msresource.net/content/view/22/47/


---
[1] In order for the DNS server to be a valid choice it must be situated
internally and private, and it should support dynamic updates and SRV
records. In general, most people use AD-Integrated DNS and therefore their
DCs are the DNS servers.
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
Continue reading on narkive:
Loading...