[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4423
  • Last Modified:

File Replication Service errors on 2008 DCs

Hello, I have 4 DCs running windows 2008r2. We have two domains per site with a total of two sites. I've been seeing the following error messages for the last month or so in each of the DC event viewers under FRS:

Event ID 13562

Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller HDC1.corp.newstandard.com for FRS replica set configuration information.
 
 The nTDSConnection object cn=1f196ff6-3ea7-49d3-84c8-f00fff4b06ef,cn=ntds settings,cn=hdc1,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=corp,dc=newstandard,dc=com is conflicting with cn=1769bde3-568e-4d0f-87b8-f94659168877,cn=ntds settings,cn=hdc1,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=corp,dc=newstandard,dc=com. Using cn=1f196ff6-3ea7-49d3-84c8-f00fff4b06ef,cn=ntds settings,cn=hdc1,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=corp,dc=newstandard,dc=com

and

Event ID 13508

The File Replication Service is having trouble enabling replication from RMDC1 to HDC1 for c:\windows\sysvol\domain using the DNS name RMDC1.corp.newstandard.com. FRS will keep retrying.
 Following are some of the reasons you would see this warning.
 
 [1] FRS can not correctly resolve the DNS name RMDC1.corp.newstandard.com from this computer.
 [2] FRS is not running on RMDC1.corp.newstandard.com.
 [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
 
 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

It appears that the DCs at either site are having trouble replicating to the remote site. DCdiags on the servers pass and they are all able to ping one another by FQDN etc. I do have IPv6 enabled on the DCs, but there is no address assigned to them and I've noticed PARTIAL SITE MAPPING events logged for them. I was going to disable the IPv6 on the LAN settings of the DCs, but I was told never to do this. I've also noticed that one of the DCs auto-created duplicate connections of itself under AD sites and Services on the two remote DCs. I deleted the duplicate ones.

I'm not sure what the issue could be as everything was working fine up until a month ago when I noticed the errors. I found a few KB articles that talke about using ADSI EDIT, but I'm not able to find the conflicting entries. Any help would be greatly appreciated.
0
jmchristy
Asked:
jmchristy
  • 5
  • 4
1 Solution
 
Vinchenzo-the-SecondCommented:
If your not using IPv6 then disable it, you need to edit the registry to disable it.  I can send you a reg file if you like.

Can you a dcdiag /v, on the servers with issues and let me know if any errors
0
 
Vinchenzo-the-SecondCommented:
If your not using IPv6 then disable it, you need to edit the registry to disable it.  I can send you a reg file if you like.

Can you a dcdiag /v, on the servers with issues and let me know if any errors
0
 
jmchristyAuthor Commented:
here are the results. I see a few errors for the FRS replication and some errors regarding printer drivers, which aren't important. If I disabled IPv6, wouldn't that cause issues down the road if we did enable it? I've just had a few people tell me not to turn it off.


Doing primary tests

   Testing server: Default-First-Site-Name\NSCDC1
      Starting test: Advertising
         The DC NSCDC1 is advertising itself as a DC and having a DS.
         The DC NSCDC1 is advertising as an LDAP server
         The DC NSCDC1 is advertising as having a writeable directory
         The DC NSCDC1 is advertising as a Key Distribution Center
         The DC NSCDC1 is advertising as a time server
         The DS NSCDC1 is advertising as a GC.
         ......................... NSCDC1 passed test Advertising
      Test omitted by user request: CheckSecurityError
      Test omitted by user request: CutoffServers
      Starting test: FrsEvent
         * The File Replication Service Event log test
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         A warning event occurred.  EventID: 0x800034C5
            Time Generated: 05/09/2011   09:53:25
            Event String:
            The File Replication Service has enabled replication from RMDC1 to N
SCDC1 for c:\windows\sysvol\domain after repeated retries.
         ......................... NSCDC1 passed test FrsEvent
      Starting test: DFSREvent
         The DFS Replication Event Log.
         Skip the test because the server is running FRS.
         ......................... NSCDC1 passed test DFSREvent
      Starting test: SysVolCheck
         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... NSCDC1 passed test SysVolCheck
      Starting test: KccEvent
         * The KCC Event log test
         Found no KCC errors in "Directory Service" Event log in the last 15 min
utes.
         ......................... NSCDC1 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=NSCDC1,CN=Servers,CN=Default-Fi
rst-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=newstandard,DC=com
         Role Domain Owner = CN=NTDS Settings,CN=NSCDC1,CN=Servers,CN=Default-Fi
rst-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=newstandard,DC=com
         Role PDC Owner = CN=NTDS Settings,CN=NSCDC1,CN=Servers,CN=Default-First
-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=newstandard,DC=com
         Role Rid Owner = CN=NTDS Settings,CN=NSCDC1,CN=Servers,CN=Default-First
-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=newstandard,DC=com
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=NSCDC1,CN=Server
s,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=newstandard,DC
=com
         ......................... NSCDC1 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         Checking machine account for DC NSCDC1 on DC NSCDC1.
         * SPN found :LDAP/nscdc1.corp.newstandard.com/corp.newstandard.com
         * SPN found :LDAP/nscdc1.corp.newstandard.com
         * SPN found :LDAP/NSCDC1
         * SPN found :LDAP/nscdc1.corp.newstandard.com/NEWSTANDARD.COM
         * SPN found :LDAP/18293c04-9e3e-4cb6-ba27-b3f2a9574669._msdcs.corp.news
tandard.com
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/18293c04-9e3e-4cb6-ba
27-b3f2a9574669/corp.newstandard.com
         * SPN found :HOST/nscdc1.corp.newstandard.com/corp.newstandard.com
         * SPN found :HOST/nscdc1.corp.newstandard.com
         * SPN found :HOST/NSCDC1
         * SPN found :HOST/nscdc1.corp.newstandard.com/NEWSTANDARD.COM
         * SPN found :GC/nscdc1.corp.newstandard.com/corp.newstandard.com
         ......................... NSCDC1 passed test MachineAccount
      Starting test: NCSecDesc
         * Security Permissions check for all NC's on DC NSCDC1.
         * Security Permissions Check for
           DC=ForestDnsZones,DC=corp,DC=newstandard,DC=com
            (NDNC,Version 3)
         * Security Permissions Check for
           DC=DomainDnsZones,DC=corp,DC=newstandard,DC=com
            (NDNC,Version 3)
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=corp,DC=newstandard,DC=com
            (Schema,Version 3)
         * Security Permissions Check for
           CN=Configuration,DC=corp,DC=newstandard,DC=com
            (Configuration,Version 3)
         * Security Permissions Check for
           DC=corp,DC=newstandard,DC=com
            (Domain,Version 3)
         ......................... NSCDC1 passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         Verified share \\NSCDC1\netlogon
         Verified share \\NSCDC1\sysvol
         ......................... NSCDC1 passed test NetLogons
      Starting test: ObjectsReplicated
         NSCDC1 is in domain DC=corp,DC=newstandard,DC=com
         Checking for CN=NSCDC1,OU=Domain Controllers,DC=corp,DC=newstandard,DC=
com in domain DC=corp,DC=newstandard,DC=com on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=NSCDC1,CN=Servers,CN=Default-First-Sit
e-Name,CN=Sites,CN=Configuration,DC=corp,DC=newstandard,DC=com in domain CN=Conf
iguration,DC=corp,DC=newstandard,DC=com on 1 servers
            Object is up-to-date on all servers.
         ......................... NSCDC1 passed test ObjectsReplicated
      Test omitted by user request: OutboundSecureChannels
      Starting test: Replications
         * Replications Check
         * Replication Latency Check
            DC=ForestDnsZones,DC=corp,DC=newstandard,DC=com
               Latency information for 16 entries in the vector were ignored.
                  16 were retired Invocations.  0 were either: read-only replica
s and are not verifiably latent, or dc's no longer replicating this nc.  0 had n
o latency information (Win2K DC).
            DC=DomainDnsZones,DC=corp,DC=newstandard,DC=com
               Latency information for 16 entries in the vector were ignored.
                  16 were retired Invocations.  0 were either: read-only replica
s and are not verifiably latent, or dc's no longer replicating this nc.  0 had n
o latency information (Win2K DC).
            CN=Schema,CN=Configuration,DC=corp,DC=newstandard,DC=com
               Latency information for 31 entries in the vector were ignored.
                  31 were retired Invocations.  0 were either: read-only replica
s and are not verifiably latent, or dc's no longer replicating this nc.  0 had n
o latency information (Win2K DC).
            CN=Configuration,DC=corp,DC=newstandard,DC=com
               Latency information for 31 entries in the vector were ignored.
                  31 were retired Invocations.  0 were either: read-only replica
s and are not verifiably latent, or dc's no longer replicating this nc.  0 had n
o latency information (Win2K DC).
            DC=corp,DC=newstandard,DC=com
               Latency information for 31 entries in the vector were ignored.
                  31 were retired Invocations.  0 were either: read-only replica
s and are not verifiably latent, or dc's no longer replicating this nc.  0 had n
o latency information (Win2K DC).
         ......................... NSCDC1 passed test Replications
      Starting test: RidManager
         * Available RID Pool for the Domain is 21529 to 1073741823
         * nscdc1.corp.newstandard.com is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 21029 to 21528
         * rIDPreviousAllocationPool is 21029 to 21528
         * rIDNextRID: 21086
         ......................... NSCDC1 passed test RidManager
      Starting test: Services
         * Checking Service: EventSystem
         * Checking Service: RpcSs
         * Checking Service: NTDS
         * Checking Service: DnsCache
         * Checking Service: DFSR
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... NSCDC1 passed test Services
      Starting test: SystemLog
         * The System Event log test
         An error event occurred.  EventID: 0x00000457
            Time Generated: 05/09/2011   13:57:13
            Event String:
            Driver PCL6 Driver for Universal Print required for printer !!prntse
rver!Gestetner MP5500/DSm755 PCL 6 Universal is unknown. Contact the administrat
or to install the driver before you log in again.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 05/09/2011   13:57:14
            Event String:
            Driver Kyocera FS-C5200DN KX required for printer !!prntserver!Kyoce
ra FS-C5200DN KX is unknown. Contact the administrator to install the driver bef
ore you log in again.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 05/09/2011   13:57:14
            Event String:
            Driver CutePDF Writer required for printer CutePDF Writer is unknown
. Contact the administrator to install the driver before you log in again.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 05/09/2011   13:57:18
            Event String:
            Driver Send To Microsoft OneNote 2010 Driver required for printer Se
nd To OneNote 2010 is unknown. Contact the administrator to install the driver b
efore you log in again.
         ......................... NSCDC1 failed test SystemLog
      Test omitted by user request: Topology
      Test omitted by user request: VerifyEnterpriseReferences
      Starting test: VerifyReferences
         The system object reference (serverReference)
         CN=NSCDC1,OU=Domain Controllers,DC=corp,DC=newstandard,DC=com and
         backlink on
         CN=NSCDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configurati
on,DC=corp,DC=newstandard,DC=com
         are correct.
         The system object reference (serverReferenceBL)
         CN=HDC2,CN=Domain System Volume (SYSVOL share),CN=File Replication Serv
ice,CN=System,DC=corp,DC=newstandard,DC=com
         and backlink on
         CN=NTDS Settings,CN=NSCDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sit
es,CN=Configuration,DC=corp,DC=newstandard,DC=com
         are correct.
         The system object reference (frsComputerReferenceBL)
         CN=HDC2,CN=Domain System Volume (SYSVOL share),CN=File Replication Serv
ice,CN=System,DC=corp,DC=newstandard,DC=com
         and backlink on
         CN=NSCDC1,OU=Domain Controllers,DC=corp,DC=newstandard,DC=com are
         correct.
         ......................... NSCDC1 passed test VerifyReferences
      Test omitted by user request: VerifyReplicas

      Test omitted by user request: DNS
      Test omitted by user request: DNS

   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : corp
      Starting test: CheckSDRefDom
         ......................... corp passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... corp passed test CrossRefValidation

   Running enterprise tests on : corp.newstandard.com
      Test omitted by user request: DNS
      Test omitted by user request: DNS
      Starting test: LocatorCheck
         GC Name: \\nscdc1.corp.newstandard.com
         Locator Flags: 0xe00033fd
         PDC Name: \\nscdc1.corp.newstandard.com
         Locator Flags: 0xe00033fd
         Time Server Name: \\nscdc1.corp.newstandard.com
         Locator Flags: 0xe00033fd
         Preferred Time Server Name: \\nscdc1.corp.newstandard.com
         Locator Flags: 0xe00033fd
         KDC Name: \\nscdc1.corp.newstandard.com
         Locator Flags: 0xe00033fd
         ......................... corp.newstandard.com passed test
         LocatorCheck
      Starting test: Intersite
         Skipping site RockyMt, this site is outside the scope provided by the
         command line arguments provided.
         Skipping site Default-First-Site-Name, this site is outside the scope
         provided by the command line arguments provided.
         ......................... corp.newstandard.com passed test Intersite
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
Vinchenzo-the-SecondCommented:
If in the in future you want use IPv6, then just re-enable it on the servers.  I'll get back you when I've looked at the log.
0
 
Vinchenzo-the-SecondCommented:
Can you run the following on the NSCDC1 and post the output:
repadmin /showrepl

repadmin /replsum

Do you have any event errors this morning?

Regarding IPv6 its more over head on the server if its enabled.  I disable it for clients if they don't use it.
0
 
jmchristyAuthor Commented:
Okay, I ran both of those. Doesn't look like any failures. Could you send me that Reg to disable IPv6? I may as well get rid of it if it's not necessary.

Source DSA          largest delta    fails/total %%   error
 HDC1                      17m:35s    0 /   5    0
 NSCDC1                01h:17m:11s    0 /  10    0
 RMDC1                     21m:05s    0 /  10    0
 RMDC2                 01h:30m:19s    0 /  10    0


Destination DSA     largest delta    fails/total %%   error
 HDC1                  01h:30m:21s    0 /  10    0
 NSCDC1                    17m:37s    0 /  10    0
 RMDC1                 01h:17m:13s    0 /  10    0
 RMDC2                     21m:06s    0 /   5    0

Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\NSCDC1
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 18293c04-9e3e-4cb6-ba27-b3f2a9574669
DSA invocationID: 236a7284-cedb-468f-8d35-d6791e4af1ff

==== INBOUND NEIGHBORS ======================================

DC=corp,DC=newstandard,DC=com
    RockyMt\RMDC1 via RPC
        DSA object GUID: 2ecf531d-10c6-4c74-abf2-31057371e66b
        Last attempt @ 2011-05-10 07:12:57 was successful.
    Default-First-Site-Name\HDC1 via RPC
        DSA object GUID: fd4024dc-6135-4932-a5ef-fd13cefa7573
        Last attempt @ 2011-05-10 07:16:04 was successful.

CN=Configuration,DC=corp,DC=newstandard,DC=com
    Default-First-Site-Name\HDC1 via RPC
        DSA object GUID: fd4024dc-6135-4932-a5ef-fd13cefa7573
        Last attempt @ 2011-05-10 06:57:57 was successful.
    RockyMt\RMDC1 via RPC
        DSA object GUID: 2ecf531d-10c6-4c74-abf2-31057371e66b
        Last attempt @ 2011-05-10 07:12:57 was successful.

CN=Schema,CN=Configuration,DC=corp,DC=newstandard,DC=com
    Default-First-Site-Name\HDC1 via RPC
        DSA object GUID: fd4024dc-6135-4932-a5ef-fd13cefa7573
        Last attempt @ 2011-05-10 06:57:57 was successful.
    RockyMt\RMDC1 via RPC
        DSA object GUID: 2ecf531d-10c6-4c74-abf2-31057371e66b
        Last attempt @ 2011-05-10 07:12:57 was successful.

DC=DomainDnsZones,DC=corp,DC=newstandard,DC=com
    RockyMt\RMDC1 via RPC
        DSA object GUID: 2ecf531d-10c6-4c74-abf2-31057371e66b
        Last attempt @ 2011-05-10 07:12:57 was successful.
    Default-First-Site-Name\HDC1 via RPC
        DSA object GUID: fd4024dc-6135-4932-a5ef-fd13cefa7573
        Last attempt @ 2011-05-10 07:13:57 was successful.

DC=ForestDnsZones,DC=corp,DC=newstandard,DC=com
    Default-First-Site-Name\HDC1 via RPC
        DSA object GUID: fd4024dc-6135-4932-a5ef-fd13cefa7573
        Last attempt @ 2011-05-10 06:57:57 was successful.
    RockyMt\RMDC1 via RPC
        DSA object GUID: 2ecf531d-10c6-4c74-abf2-31057371e66b
        Last attempt @ 2011-05-10 07:12:58 was successful.
0
 
jmchristyAuthor Commented:
I've also noticed that in my DNS my DCs have 6to4 adapters that registerd their IPv6 addresses. So, when you ping the DCs by their hostname, they will occasionally reply with those addresses. However, those addresses aren't mapped to any subnet. Should I deleted them from my DNS server and changed the IPv6 on the LAN settings to not register its address with DNS?
0
 
Vinchenzo-the-SecondCommented:
The replication seems to be ok, is there any event errors in the logs today?

You can remove the IPv6 entries in DNS.  Once you disable it anyway DNS will scanvenge the recored if you have enabled.  I've attached the REG file, just delete the txt extension.  Once you've applied the reg file, just go into the properties on network connection and just uncheck the box "Internet Protocol Version 6 (TCP/IPv6)",
Disable-IPv6-All-Components.reg.txt
0
 
jmchristyAuthor Commented:
No, I haven't seen anything in the event viewer today. I'll keep my eye on it. Thanks for all the help. Points awarded!
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now