rose6060
asked on
FRS not replicating SYSVOL group policy objects
On two of the our three DCs, we are getting an EventSource: NtFrs EventID: 13508 where it says:
The File Replication Service is having trouble enabling replication from DC0 to DC1 for c:\winnt\sysvol\domain using the DNS name ...
DC1 used to have all the FSMO roles, so I have moved most of them with the exception of the Schema Master and Infrastructure Master to DC0.... Global catalog servers are now running on all three DCs (I did not have it on DC1 but am trying with it back on it). I don't know if this is when the problem occurred however...
When I add a new group policy object, the object folder gets created on DC0 just fine, but not in the other two DCs. I've looked at a bunch of articles, but there is one involved MS article: 315457.
Any other ideas I can try before I plunge into this article? I've checked DNS, single IP, running SP2 ran dfsutil clear mup cache...
Thanks...
The File Replication Service is having trouble enabling replication from DC0 to DC1 for c:\winnt\sysvol\domain using the DNS name ...
DC1 used to have all the FSMO roles, so I have moved most of them with the exception of the Schema Master and Infrastructure Master to DC0.... Global catalog servers are now running on all three DCs (I did not have it on DC1 but am trying with it back on it). I don't know if this is when the problem occurred however...
When I add a new group policy object, the object folder gets created on DC0 just fine, but not in the other two DCs. I've looked at a bunch of articles, but there is one involved MS article: 315457.
Any other ideas I can try before I plunge into this article? I've checked DNS, single IP, running SP2 ran dfsutil clear mup cache...
Thanks...
ASKER
I tried the commands and everything passed using netdiag. Though, I do have some errors running DCdiag:
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC
Testing server: Default-First-Site-Name\DC
Starting test: Replications
......................... DC1 passed test Replications
Starting test: ObjectsReplicated
......................... DC1 passed test ObjectsReplicated
Starting test: frssysvol
......................... DC1 passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... DC1 failed test frsevent
Starting test: kccevent
......................... DC1 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:23:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:23:27
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:23:28
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:23:29
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:23:34
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:23:35
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:23:36
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:23:37
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:31:09
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:31:13
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:31:14
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:31:17
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:31:18
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:31:19
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:31:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:31:24
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:31:25
(Event String could not be retrieved)
......................... DC1 failed test systemlog
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC
Testing server: Default-First-Site-Name\DC
Starting test: Replications
......................... DC1 passed test Replications
Starting test: ObjectsReplicated
......................... DC1 passed test ObjectsReplicated
Starting test: frssysvol
......................... DC1 passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... DC1 failed test frsevent
Starting test: kccevent
......................... DC1 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:23:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:23:27
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:23:28
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:23:29
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:23:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:23:34
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:23:35
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:23:36
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:23:37
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:31:09
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:31:13
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:31:14
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:31:17
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:31:18
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:31:19
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:31:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:31:24
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 08:31:25
(Event String could not be retrieved)
......................... DC1 failed test systemlog
OK:
So, let's talk about DFS for a moment.
DFS (Distributive File service) shares out the shares, like Sysvol, to other machines. It uses netbios by default. So, we need Netbios over TCP/IP set up on all machines. Sysvol, of course, holds GPOs among other things.
Now netbios is not a routable protocol. Non-routable means that it will not go over NAT, through a VPN tunnel, or across a firewall in most cases. To route netbios packets, you need WINS and a WINS record between subnets or VPNs.
bottom line:
Enable netbios over TCP/IP for every nic, if you have multiple nics, disable the outside one's ability to provide netbios.
Then, if you have VPNs, or are trying to get things to work across a WAN configuration, you need wins on the servers and a wins record per server so they can communicate between them.
So, let's talk about DFS for a moment.
DFS (Distributive File service) shares out the shares, like Sysvol, to other machines. It uses netbios by default. So, we need Netbios over TCP/IP set up on all machines. Sysvol, of course, holds GPOs among other things.
Now netbios is not a routable protocol. Non-routable means that it will not go over NAT, through a VPN tunnel, or across a firewall in most cases. To route netbios packets, you need WINS and a WINS record between subnets or VPNs.
bottom line:
Enable netbios over TCP/IP for every nic, if you have multiple nics, disable the outside one's ability to provide netbios.
Then, if you have VPNs, or are trying to get things to work across a WAN configuration, you need wins on the servers and a wins record per server so they can communicate between them.
ASKER
I do have netbios over TCP/IP set on each nic, which is set by default. I do not have a WINS server in our environment. Also, the DCs are all on the same subnet, so there are no routing issues.
OK, good info. We are close.
Now we need to check a couple things.
Ensure that the DNS settings of the NIC in the DC points to itself as the preferred DNS server.
Restart the DNS Server service. Now, try running the dcdiag and netdiag again. Check if the error still exists.
As a side note: All nodes on the network need to be configured with the preferred DNS as the internal DNS servers. This includes Router, mass storage, computers and servers. Since some computers will be dynamic IP and dynamic DNS, you may need to configure DHCP options to tell DHCP to pass down the internal DNS servers to the DHCP clients. To do this go into the DHCP snapin and expand it until you see the options folder. Configure your Preferred DNS servers as your servers and the router IP address.
The only place on the network where you will have to manually configure outside DNS servers is in DNS forwarders. Root hints is a bunch of preconfigured public servers, so you don't have to configure that.
Now we need to check a couple things.
Ensure that the DNS settings of the NIC in the DC points to itself as the preferred DNS server.
Restart the DNS Server service. Now, try running the dcdiag and netdiag again. Check if the error still exists.
As a side note: All nodes on the network need to be configured with the preferred DNS as the internal DNS servers. This includes Router, mass storage, computers and servers. Since some computers will be dynamic IP and dynamic DNS, you may need to configure DHCP options to tell DHCP to pass down the internal DNS servers to the DHCP clients. To do this go into the DHCP snapin and expand it until you see the options folder. Configure your Preferred DNS servers as your servers and the router IP address.
The only place on the network where you will have to manually configure outside DNS servers is in DNS forwarders. Root hints is a bunch of preconfigured public servers, so you don't have to configure that.
Once you have no DCdiag errors, force replicate to your PDCe or other servers within the domain.
You are correct in believing that WINS isn't needed in your environment.
You are correct in believing that WINS isn't needed in your environment.
ASKER
Thanks again... I forced replication using replmon and frsdiag... DCdiag still shows errors with frsevent:
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
and systemlog:
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 11:36:16
(Event String could not be retrieved)
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
and systemlog:
An Error Event occured. EventID: 0x00000457
Time Generated: 06/26/2008 11:36:16
(Event String could not be retrieved)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yeah!!! Geez, it's replicating again.
I checked the working DC0 and found this error, and followed the directions and it restored the SYSVOL and is replicating now! Thanks for your help.
Event Type: Error
Event Source: NtFrs
Event Category: None
Event ID: 13568
Date: 6/26/2008
Time: 9:58:23 AM
User: N/A
Computer: DC0
Description:
The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.
I checked the working DC0 and found this error, and followed the directions and it restored the SYSVOL and is replicating now! Thanks for your help.
Event Type: Error
Event Source: NtFrs
Event Category: None
Event ID: 13568
Date: 6/26/2008
Time: 9:58:23 AM
User: N/A
Computer: DC0
Description:
The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.
ASKER
Thanks!!
Splendid!!! Glad I could help. Thank you.
You may have to register the SRV records in DNS. To do so, go to the command prompt and type.
IPconfig /flushdns
IPconfig /registerDNS
Net Stop netlogon
Net Start netlogon
Or, you can try Netdiag /fix:DNS
An DCdiag report would help track this down faster.