fix warning 13508

Hi all
I have this error on File replication log
1/30/2008      5:02:45 PM      NtFrs      Warning      None      13508      N/A      SERVER1      The File Replication Service is having trouble enabling replication from SERVER2 to SERVER1 for c:\winnt\sysvol\domain using the DNS name server2.ingenieria.corp. FRS will keep retrying.
 Following are some of the reasons you would see this warning.
 
 [1] FRS can not correctly resolve the DNS name server2.ingenieria.corp from this computer.
 [2] FRS is not running on server2.ingenieria.corp.
 [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
 
 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
1/29/2008      4:17:45 PM      NtFrs      Warning      None      13508      N/A      SERVER1      The File Replication Service is having trouble enabling replication from SERVER2 to SERVER1 for c:\winnt\sysvol\domain using the DNS name server2.ingenieria.corp. FRS will keep retrying.
 Following are some of the reasons you would see this warning.
 
 [1] FRS can not correctly resolve the DNS name server2.ingenieria.corp from this computer.
 [2] FRS is not running on server2.ingenieria.corp.
 [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
 
 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

How can I fix this?
thank you
Ernesto
ErnestoAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
briancassinConnect With a Mentor Commented:
did you do the resync as recommended above ? I am assuming so

try this

 If the computer account for a DC does NOT have the right to access this computer from the network, you would experience this problem

Open Active Directrory Users and Computers.

2. Right-click Domain Controllers and press Properties.

3. Expand Group Policy / Default Domain Controllers Policy.

4. Press Edit.

5. Expand Computer Configuration / Windows Settings / Security Settings / Local Policies.

6. Press User Rights Assignment.

7. Double-click Access this computer from the network.

8. Add the Enterprise Domain Controllers group to the list.

NOTE: Do NOT add the Domain Controllers group as it can NOT contain domain controllers from other domains.

9. Force the group policy to be applied by using Secedit.exe

Replication should start working after the GPO is in effect.

0
 
dnudelmanCommented:
Para resolver este problema, sincronice los equipos con la hora de reloj de controlador de dominio. Siga estos pasos:
1. Ejecute el comando siguiente en todos los equipos para sincronizar la hora de reloj con los controladores de dominio:

net time \\(domain controller name) /set /y
2. Detenga y a continuación, reinicie el Servicio de replicación de archivos en todos los servidores que experimentan el problema.  
3. Abra Visor de sucesos para comprobar que no cuánto más no se está produciendo los errores.  
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
ErnestoAuthor Commented:
thank you a lot,
I think is somthing deep
i can access the server by name, only by IP it hapens with all the server devices, printers and shares too
Thank you
0
 
briancassinCommented:
have you checked your event viewer for DNS errors ?

Are the errors you listed above the only errors you are getting ?
0
 
ErnestoAuthor Commented:
I lost all the sincronization between my pdc and bdc
please help
0
 
briancassinCommented:
I need more information to be able to help you have you checked your event viewer logs ?
Do you see other errors listed ?


try running dcdiag

see here for more info and switches
http://technet2.microsoft.com/windowsserver/en/library/5237db58-a1e8-40cd-ae8a-7f52848a90f21033.mspx?mfr=true
0
 
ErnestoAuthor Commented:
ok i runit whit this results.
I run it in my pdc and bdc

PDC RESULTS
******************************************
Testing server: Default-First-Site-Name\SERVER1
      Starting test: Connectivity
         ......................... SERVER1 passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\SERVER1
      Starting test: Replications
         ......................... SERVER1 passed test Replications
      Starting test: NCSecDesc
         ......................... SERVER1 passed test NCSecDesc
      Starting test: NetLogons
         ......................... SERVER1 passed test NetLogons
      Starting test: Advertising
         ......................... SERVER1 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... SERVER1 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... SERVER1 passed test RidManager
      Starting test: MachineAccount
         ......................... SERVER1 passed test MachineAccount
      Starting test: Services
         ......................... SERVER1 passed test Services
      Starting test: ObjectsReplicated
         ......................... SERVER1 passed test ObjectsReplicated
      Starting test: frssysvol
         There are errors after the SYSVOL has been shared.
         The SYSVOL can prevent the AD from starting.
         ......................... SERVER1 passed test frssysvol
      Starting test: kccevent
         ......................... SERVER1 passed test kccevent
      Starting test: systemlog
         ......................... SERVER1 passed test systemlog
   
   Running enterprise tests on : ingenieria.corp
      Starting test: Intersite
         ......................... ingenieria.corp passed test Intersite
      Starting test: FsmoCheck
         ......................... ingenieria.corp passed test FsmoCheck
******************************************
BDC RESULTS
******************************
Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\SERVER2
      Starting test: Connectivity
         ......................... SERVER2 passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\SERVER2
      Starting test: Replications
         [Replications Check,SERVER2] A recent replication attempt failed:
            From SERVER1 to SERVER2
            Naming Context: CN=Schema,CN=Configuration,DC=ingenieria,DC=corp
            The replication generated an error (5):
            Access is denied.
            The failure occurred at 2008-01-31 10:48.00.
            The last success occurred at 2008-01-23 17:48.26.
            189 failures have occurred since the last success.
         [SERVER1] DsBind() failed with error -2146893022,
         The target principal name is incorrect..
         [Replications Check,SERVER2] A recent replication attempt failed:
            From SERVER1 to SERVER2
            Naming Context: CN=Configuration,DC=ingenieria,DC=corp
            The replication generated an error (5):
            Access is denied.
            The failure occurred at 2008-01-31 11:31.38.
            The last success occurred at 2008-01-23 18:19.45.
            1743 failures have occurred since the last success.
         [Replications Check,SERVER2] A recent replication attempt failed:
            From SERVER1 to SERVER2
            Naming Context: DC=ingenieria,DC=corp
            The replication generated an error (5):
            Access is denied.
            The failure occurred at 2008-01-31 11:34.10.
            The last success occurred at 2008-01-23 18:22.17.
            1550 failures have occurred since the last success.
         ......................... SERVER2 passed test Replications
      Starting test: NCSecDesc
         ......................... SERVER2 passed test NCSecDesc
      Starting test: NetLogons
         ......................... SERVER2 passed test NetLogons
      Starting test: Advertising
         ......................... SERVER2 passed test Advertising
      Starting test: KnowsOfRoleHolders
         Warning: SERVER1 is the Schema Owner, but is not responding to DS RPC Bind.
         [SERVER1] LDAP bind failed with error 31,
         A device attached to the system is not functioning..
         Warning: SERVER1 is the Schema Owner, but is not responding to LDAP Bind.
         Warning: SERVER1 is the Domain Owner, but is not responding to DS RPC Bind.
         Warning: SERVER1 is the Domain Owner, but is not responding to LDAP Bind.
         Warning: SERVER1 is the PDC Owner, but is not responding to DS RPC Bind.
         Warning: SERVER1 is the PDC Owner, but is not responding to LDAP Bind.
         Warning: SERVER1 is the Rid Owner, but is not responding to DS RPC Bind.
         Warning: SERVER1 is the Rid Owner, but is not responding to LDAP Bind.
         Warning: SERVER1 is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
         Warning: SERVER1 is the Infrastructure Update Owner, but is not responding to LDAP Bind.
         ......................... SERVER2 failed test KnowsOfRoleHolders
      Starting test: RidManager
         [SERVER2] DsBindWithCred() failed with error -2146893022. The target principal name is incorrect.
         ......................... SERVER2 failed test RidManager
      Starting test: MachineAccount
         ......................... SERVER2 passed test MachineAccount
      Starting test: Services
         ......................... SERVER2 passed test Services
      Starting test: ObjectsReplicated
         ......................... SERVER2 passed test ObjectsReplicated
      Starting test: frssysvol
         There are errors after the SYSVOL has been shared.
         The SYSVOL can prevent the AD from starting.
         ......................... SERVER2 passed test frssysvol
      Starting test: kccevent
         ......................... SERVER2 passed test kccevent
      Starting test: systemlog
         ......................... SERVER2 passed test systemlog
   
   Running enterprise tests on : ingenieria.corp
      Starting test: Intersite
         ......................... ingenieria.corp passed test Intersite
      Starting test: FsmoCheck
         ......................... ingenieria.corp passed test FsmoCheck



THANK YOU



0
 
ErnestoAuthor Commented:
please
explain
***
9. Force the group policy to be applied by using Secedit.exe

Replication should start working after the GPO is in effect.

thank you

0
 
briancassinCommented:
after you do the above at the command prompt you type

To trigger Group Policy application for the local computer, type the following line at a command prompt:

secedit /refreshpolicy machine_policy



http://support.microsoft.com/kb/227448
0
 
Kini pradeepIT Technology Senior ConsultantCommented:
Since it says that the target principal name is incorrect, it could be that the secure channel is busted.
did you try to reset the secre channel ?
If not then you could stop the KDC service on this DC, use Klist to purge all the kerberos tickets, then
Run the netdom cmd to rest the secure channel.
Netdom resetpwd /server:<IP Address of PDC>
/userd:<domain_name>\administrator_account /passwordd:*
you could either reboot the server or if its not possible, try to access a share on the pdc using the \\ UNC path. then restart the KDC service. Then you could try forcing replication using AD sites and services or if they are in seperate sites, use the Replmon tool.



0
 
ErnestoAuthor Commented:
is any way to start over again
i mean delete de bdc and promote again?
thank you
0
 
ErnestoAuthor Commented:
put an example of  secedit /refreshpolicy machine_policy
because didn't work
thank you
0
 
briancassinCommented:
your using windows 2000 server right ?


try this

SECEDIT /REFRESHPOLICY MACHINE_POLICY /ENFORCE
0
 
ErnestoAuthor Commented:
kprad
could you explain it more detailed?
thank you
edo
0
 
ErnestoAuthor Commented:
OK
SECEDIT RUNS
WHAT MORE I NEED TO VALIDATE
THANK YOU A LOT
EDO
0
 
ErnestoAuthor Commented:
I'm reestar the FRC and the error persist,
any more that  i can do?
thanks
0
 
Kini pradeepIT Technology Senior ConsultantCommented:
you could check the following:
1. check the secure channel between the so called BDC and the PDC emulator.
to do this use the Nltest utility from the support tools.
the command would be nltest /sc_query:<domain name>
chances are that the command would not complete sucessfully.
If not then, try to rest the secure channel. but before doing that stop the KDC service on the DC. Use the Klist  to purge any exisiting kerberos tickets. Klist is a part of the win 2003 reskit.
http://www.microsoft.com/downloads/details.aspx?FamilyID=9d467a69-57ff-4ae7-96ee-b18c4790cffd&DisplayLang=en

use klist purge and hit enter, purge all the existing tickets. Then use the netdom cmd as specified above to reset the secure channel, then try to access the C$ share on the PDC using the unc path from this DC.
start the KDC service that was stopped on the BDC.
now use the ad sites and services snap in and try to replicate .
0
 
ErnestoAuthor Commented:
is windows 2000 server
works as well?
0
 
Kini pradeepIT Technology Senior ConsultantCommented:
yes it does.
0
 
ErnestoAuthor Commented:
it seems the pdc don't know that have a bdc
because
I can't transfer the master role because say's  the PDC is offline
and don't report bdc that it could be server2 and says only server1

0
 
ErnestoAuthor Commented:
I re star the servers in order pdc bdc
seems is fixed
but still has the warning when triyng to replicate server2 against server1

thank you
0
All Courses

From novice to tech pro — start learning today.