Link to home
Start Free TrialLog in
Avatar of Halonix666
Halonix666

asked on

Event Id 13508: The File Replication Service is having trouble enabling replication...

I have a windows 2000 network running 4 domain controllers. 3 on the main site and one in another site. Server 2 is DNM, and SM, server 1 is everything else. Both have the Global Catalog. Server 3 is just another DC with the global catalog. Server 4 in the other site is another DC with the GC. Ever server has a DNS server on it except server 3, and none are configured to look at themselves for domain name lookup in the primary dns field.

Every morning I get this error message
Event Id: 13508
Source: NtFrs

The File Replication Service is having trouble enabling replication from AZGOV-DC2 to AZGOV-DC1 for c:\windows\sysvol\domain using the DNS name azgov-dc2.azgov.state.az.us. FRS will keep retrying.
 Following are some of the reasons you would see this warning.
 
 [1] FRS can not correctly resolve the DNS name azgov-dc2.azgov.state.az.us from this computer.
 [2] FRS is not running on azgov-dc2.azgov.state.az.us.
 [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
 
 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

According to MS this message is usually followed by a 13509 to show that communication was finally made, but I never see that message. Sysvol replicatoin seems to be working but I am concerned that there might be something else wrong here. I can nslookup every server from any other server, and dns isnt reporting any errors or anything. All the Host records and ptr's are in the dns database, so I dont see how it could be a dns issue. Anybody have any idea?
Avatar of anil_u
anil_u

There are a lot of suggestions for this error on
http://www.eventid.net/display.asp?eventid=13508&eventno=349&source=NtFrs&phase=1

maybe they will help

ASKER CERTIFIED SOLUTION
Avatar of tonyteri
tonyteri
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Halonix666

ASKER

tonyteri, that appears to have fixed the problem. I saw that page that had that solution was posted on before I posted this Im not sure why I didnt try that! :) Anyhow thanks for the tip!
Error 13508 means the DC cannot become a Domain controller. Check if the syslog folder and netlogon folder have been shared by the DC. If they haven't it sounds like some of the ports are closed that enable the DC to replicate ( probably due to a firewall).

Try this link it will tell you what ports need to be open and ways around a firewall.
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/confeat/adrepfir.mspx


If there is a ristriction on your network for UDP byte size it will stop Kerberos Authentication from working

Try this link
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Operations/4f504103-1a16-41e1-853a-c68b77bf3f7e.mspx

There is also a link to a utility on this page called Portquery that will allow you to test for the open ports you need.
FWIW to searchers -

The event log options listed:
 [1] FRS can not correctly resolve the DNS name azgov-dc2.azgov.state.az.us from this computer.
 [2] FRS is not running on azgov-dc2.azgov.state.az.us.
 [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.

Pointed me to the correct fix for our systems, which is covered in this Microsoft article:
http://support.microsoft.com/default.aspx/kb/240942

Here's how I fixed our systems:
* I went to two of the three DC's that did NOT have the DNS suffix entered, and I entered the appropriate DNS suffix "subdom.domain.net".
* I checked the "Register this connection's addresses in DNS" option.
* I checked the "Use this connection's DNS suffix in DNS registration" option.
* I ran the following at a command prompt: net stop ntfrs & net start ntfrs

After the NTFRS service was restarted, the errors were gone.

Apparently, because the proper DNS suffix was not explicitly entered on two of  the three DC's, it was using different domain registration info. Had the third DC also not had the DNS suffix entered, it probably would have been fine all the way around, but someone entered it on that one DC a while back and it had no effect until the servers were rebooted for patching.

Rob "I"
IT Tech Lead