FRS not replicating properly Event ID 13508 without 13509

Posted on 2011-05-12
Last Modified: 2013-08-07
I have 3 sites: site a, site b site c
I have 3 W2K8 R2 DC's: DC-A in site A, DC-B in Site B, DC-C in Site C.
Windows 2008 Domain Functional Level.  All Windows 2003 DC have been demoted.

I recently deployed new Windows 2008 R2 DC's in all three sites.  I started with Site A and everything worked perfectly.  Next, I setup DC-B in site B and everything is working properly.  Active Directory and FRS is replicating properly.  Next, I setup DC-C in Site C.  Active Directory is replicating correctly but FRS is failing.  I am also missing my Netlogon share when typing net share.  I followed this Microsoft KB: but had no success.

I get the Event ID 13508 in the File Replication Service log on DC C.  It says

The File Replication Service is having trouble enabling replication from DC-B to DC-C for c:\windows\sysvol\domain using the DNS name DC-B. FRS will keep retrying.
 Following are some of the reasons you would see this warning.
 [1] FRS can not correctly resolve the DNS name DC-B  from this computer.
 [2] FRS is not running on
 [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established

1. I can ping FQDN and resolve DC-B from DC-C and vise versa.
2. FRS is running on all 3 DC's.
3.  RPC is working.
4.  Corporate Firewalls between all three sites allow Any-Any.

Question by:srfoster77
    LVL 13

    Expert Comment

    What does DCdiag /s:DC-C
    LVL 14

    Expert Comment

    Can u run a dcdiag /v.  Stop the FRS service.  Stop the netlogon service.  Start netlogon the FRS.  Let me know if its shared?

    Author Comment

    Everything passes except for the following.

     Starting test: NetLogons

             Unable to connect to the NETLOGON share! (\\DC-C\netlogon)

             [DC-C] An net use or LsaPolicy operation failed with error 67,

             The network name cannot be found..

             ......................... DC-C failed test NetLogons


    Starting test: SystemLog

             An error event occurred.  EventID: 0x00000422

                Time Generated: 05/12/2011   09:06:11

                Event String:

                The processing of Group Policy failed. Windows attempted to read the file \\domain\sysvol\domain\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:

    I get the second error because the c:\windows\sysvol\policies folder is empty.
    LVL 14

    Expert Comment

    Stop and start the services netlogon and frs

    Author Comment

    FRS stopped, then Netlogon
    Netlogon started, then FRS

    Still no Netlogon share with command: net share.
    LVL 31

    Expert Comment

    Kindly run this for us:

    DCDIAG /test:DNS

    You need to get DNS running and working correctly before you will be able to address your other issues.


    Author Comment

    dcdiag /test:DNS comes back with everything passed.
    LVL 14

    Expert Comment

    I think it be quicker if you just demote the DC and promote it.

    Accepted Solution

    The problem ended up being a firewall rule that was hidden.  Everythign is working now.

    Author Closing Comment

    There was a firewall rule preventing FRS to work properly.

    Expert Comment

    What firewall rule?  That's a little vague.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    If you migrate a Terminal Server licenses server inside the 2008 server family, you can takte advantage of the build-in migration tool. If you like to migrate an older 2003 Server (and the installed client CALs) to a 2008 R2 server for example, you …
    Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
    This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
    This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now