Event Id 13508: The File Replication Service is having trouble enabling replication...

Halonix666
Halonix666 used Ask the Experts™
on
I have a windows 2000 network running 4 domain controllers. 3 on the main site and one in another site. Server 2 is DNM, and SM, server 1 is everything else. Both have the Global Catalog. Server 3 is just another DC with the global catalog. Server 4 in the other site is another DC with the GC. Ever server has a DNS server on it except server 3, and none are configured to look at themselves for domain name lookup in the primary dns field.

Every morning I get this error message
Event Id: 13508
Source: NtFrs

The File Replication Service is having trouble enabling replication from AZGOV-DC2 to AZGOV-DC1 for c:\windows\sysvol\domain using the DNS name azgov-dc2.azgov.state.az.us. FRS will keep retrying.
 Following are some of the reasons you would see this warning.
 
 [1] FRS can not correctly resolve the DNS name azgov-dc2.azgov.state.az.us from this computer.
 [2] FRS is not running on azgov-dc2.azgov.state.az.us.
 [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
 
 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

According to MS this message is usually followed by a 13509 to show that communication was finally made, but I never see that message. Sysvol replicatoin seems to be working but I am concerned that there might be something else wrong here. I can nslookup every server from any other server, and dns isnt reporting any errors or anything. All the Host records and ptr's are in the dns database, so I dont see how it could be a dns issue. Anybody have any idea?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
There are a lot of suggestions for this error on
http://www.eventid.net/display.asp?eventid=13508&eventno=349&source=NtFrs&phase=1

maybe they will help

Commented:
The following workaround worked for me. Make the following changes in the registry to instruct FRS to handle the JRNL_WRAP_ERROR status automatically:
1. Stop FRS.
2. Start Registry Editor (Regedt32.exe).
3. Locate and click the following key in the registry:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters
4. On the Edit menu, click Add Value, and then add the following registry value:
   Value name: Enable Journal Wrap Automatic Restore
   Data type: REG_DWORD
   Radix: Hexadecimal
   Value data: 1 (Default 0)
5. Quit Registry Editor.
6. Restart FRS.
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
tonyteri, that appears to have fixed the problem. I saw that page that had that solution was posted on before I posted this Im not sure why I didnt try that! :) Anyhow thanks for the tip!

Commented:
Error 13508 means the DC cannot become a Domain controller. Check if the syslog folder and netlogon folder have been shared by the DC. If they haven't it sounds like some of the ports are closed that enable the DC to replicate ( probably due to a firewall).

Try this link it will tell you what ports need to be open and ways around a firewall.
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/confeat/adrepfir.mspx


If there is a ristriction on your network for UDP byte size it will stop Kerberos Authentication from working

Try this link
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Operations/4f504103-1a16-41e1-853a-c68b77bf3f7e.mspx

There is also a link to a utility on this page called Portquery that will allow you to test for the open ports you need.
iistechIT Architect

Commented:
FWIW to searchers -

The event log options listed:
 [1] FRS can not correctly resolve the DNS name azgov-dc2.azgov.state.az.us from this computer.
 [2] FRS is not running on azgov-dc2.azgov.state.az.us.
 [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.

Pointed me to the correct fix for our systems, which is covered in this Microsoft article:
http://support.microsoft.com/default.aspx/kb/240942

Here's how I fixed our systems:
* I went to two of the three DC's that did NOT have the DNS suffix entered, and I entered the appropriate DNS suffix "subdom.domain.net".
* I checked the "Register this connection's addresses in DNS" option.
* I checked the "Use this connection's DNS suffix in DNS registration" option.
* I ran the following at a command prompt: net stop ntfrs & net start ntfrs

After the NTFRS service was restarted, the errors were gone.

Apparently, because the proper DNS suffix was not explicitly entered on two of  the three DC's, it was using different domain registration info. Had the third DC also not had the DNS suffix entered, it probably would have been fine all the way around, but someone entered it on that one DC a while back and it had no effect until the servers were rebooted for patching.

Rob "I"
IT Tech Lead

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial