Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

FRS not replicating SYSVOL group policy objects

Posted on 2008-06-25
11
Medium Priority
?
1,802 Views
Last Modified: 2012-08-13
On two of the our three DCs, we are getting an EventSource: NtFrs EventID: 13508 where it says:
The File Replication Service is having trouble enabling replication from DC0 to DC1 for c:\winnt\sysvol\domain using the DNS name ...

DC1 used to have all the FSMO roles, so I have moved most of them with the exception of the Schema Master and Infrastructure Master to DC0.... Global catalog servers are now running on all three DCs (I did not have it on DC1 but am trying with it back on it).  I don't know if this is when the problem occurred however...

When I add a new group policy object, the object folder gets created on DC0 just fine, but not in the other two DCs.  I've looked at a bunch of articles, but there is one involved MS article: 315457.  

Any other ideas I can try before I plunge into this article?  I've checked DNS, single IP, running SP2 ran dfsutil clear mup cache...

Thanks...
0
Comment
Question by:rose6060
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 39

Expert Comment

by:ChiefIT
ID: 21871231
HMM, not replicating may be a failure to communicate via DNS>

You may have to register the SRV records in DNS. To do so, go to the command prompt and type.

IPconfig /flushdns
IPconfig /registerDNS
Net Stop netlogon
Net Start netlogon

Or, you can try Netdiag /fix:DNS

An DCdiag report would help track this down faster.
0
 

Author Comment

by:rose6060
ID: 21875985
I tried the commands and everything passed using netdiag.  Though, I do have some errors running DCdiag:

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\DC1
Testing server: Default-First-Site-Name\DC1
      Starting test: Replications
         ......................... DC1 passed test Replications

      Starting test: ObjectsReplicated
         ......................... DC1 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... DC1 passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... DC1 failed test frsevent
      Starting test: kccevent
         ......................... DC1 passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/26/2008   08:23:20
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/26/2008   08:23:27
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/26/2008   08:23:28
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/26/2008   08:23:29
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/26/2008   08:23:30
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/26/2008   08:23:34
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/26/2008   08:23:35
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/26/2008   08:23:36
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/26/2008   08:23:37
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/26/2008   08:31:09
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/26/2008   08:31:13
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/26/2008   08:31:14
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/26/2008   08:31:17
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/26/2008   08:31:18
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/26/2008   08:31:19
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/26/2008   08:31:20
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/26/2008   08:31:24
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/26/2008   08:31:25
            (Event String could not be retrieved)
         ......................... DC1 failed test systemlog
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 21876471
OK:

So, let's talk about DFS for a moment.

DFS (Distributive File service) shares out the shares, like Sysvol, to other machines. It uses netbios by default. So, we need Netbios over TCP/IP set up on all machines. Sysvol, of course, holds GPOs among other things.

Now netbios is not a routable protocol. Non-routable means that it will not go over NAT, through a VPN tunnel, or across a firewall in most cases. To route netbios packets, you need WINS and a WINS record between subnets or VPNs.

bottom line:
Enable netbios over TCP/IP for every nic, if you have multiple nics, disable the outside one's ability to provide netbios.
Then, if you have VPNs, or are trying to get things to work across a WAN configuration, you need wins on the servers and a wins record per server so they can communicate between them.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:rose6060
ID: 21876802
I do have netbios over TCP/IP set on each nic, which is set by default.  I do not have a WINS server in our environment.  Also, the DCs are all on the same subnet, so there are no routing issues.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 21877469
OK, good info. We are close.
Now we need to check a couple things.

Ensure that the DNS settings of the NIC in the DC points to itself as the preferred DNS server.
Restart the DNS Server service. Now, try running the dcdiag and netdiag again. Check if the error still exists.

As a side note: All nodes on the network need to be configured with the preferred DNS as the internal DNS servers. This includes Router, mass storage, computers and servers. Since some computers will be dynamic IP and dynamic DNS, you may need to configure DHCP options to tell DHCP to pass down the internal DNS servers to the DHCP clients. To do this go into the DHCP snapin and expand it until you see the options folder. Configure your Preferred DNS servers as your servers and the router IP address.

The only place on the network where you will have to manually configure outside DNS servers is in DNS forwarders. Root hints is a bunch of preconfigured public servers, so you don't have to configure that.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 21877480
Once you have no DCdiag errors, force replicate to your PDCe or other servers within the domain.

You are correct in believing that WINS isn't needed in your environment.
0
 

Author Comment

by:rose6060
ID: 21877751
Thanks again... I forced replication using replmon and frsdiag... DCdiag still shows errors with frsevent:

There are warning or error events within the last 24 hours after the
SYSVOL has been shared.  Failing SYSVOL replication problems may cause
Group Policy problems.

and systemlog:
An Error Event occured.  EventID: 0x00000457
   Time Generated: 06/26/2008   11:36:16
   (Event String could not be retrieved)
0
 
LVL 39

Accepted Solution

by:
ChiefIT earned 2000 total points
ID: 21878177
Rose:

What do the event log errors say on this subject? They have additional information that we may need.
0
 

Author Comment

by:rose6060
ID: 21878960
Yeah!!! Geez, it's replicating again.
I checked the working DC0 and found this error, and followed the directions and it restored the SYSVOL and is replicating now!  Thanks for your help.
Event Type:      Error
Event Source:      NtFrs
Event Category:      None
Event ID:      13568
Date:            6/26/2008
Time:            9:58:23 AM
User:            N/A
Computer:      DC0
Description:
The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.
0
 

Author Closing Comment

by:rose6060
ID: 31470826
Thanks!!
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 21879844
Splendid!!! Glad I could help. Thank you.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question