Solved

Event ID 13508 on DC

Posted on 2012-12-23
7
3 solutions
887 Views
Last Modified: 2013-01-06
I am not that good with AD and dont want to mess anything and hope can get some resolution today as tomorrow users will be back and dont want any issues than
0
Comment
Question by:S_K_S
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Join The Community
7 Comments
 
LVL 52

Assisted Solution

by:Manpreet SIngh Khatra
Manpreet SIngh Khatra earned 200 total points
ID: 38717139
Procedures for Troubleshooting FRS Event 13508
http://technet.microsoft.com/en-us/library/bb727056.aspx#EMAA

Run the below commands and check for any errors
Dcdiag /q, Netdiag /q
Check if the Time sync is in place
Firstly check if below Registry is in place on the server that shows errors

In my case these changes didn't resolve the problem:
1. Stop FRS.
2. Start Registry Editor (Regedt32.exe).
3. Locate and click the following key in the registry:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters
4. On the Edit menu, click Add Value, and then add the following registry value:
   Value name: Enable Journal Wrap Automatic Restore
   Data type: REG_DWORD
   Radix: Hexadecimal
   Value data: 1 (Default 0)
5. Locate and click the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore/Process at Startup
6. On the Edit menu, click Add Value, and then add the following registry value:
   Value name: BurFlags
   Data type: REG_DWORD
   Radix: Hexadecimal
   Value data: D2
7. Quit Registry Editor.
8. Start FRS service


   net time \\ComputerName_Of_Authoritative_Time_Server /set /y
   net stop ntfrs
   net start ntfrs


- Rancy
"Merry Christmas and Happy New Year"
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 38717140
0
 
LVL 6

Author Comment

by:S_K_S
ID: 38717196
TG-TIS can you tell me what specific steps your refering to as few are listed in the post from Rancy and not sure if there you are wanting to check something rather than working on entire post

Regards
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Free download
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 38717202
The steps I'm referring too appear to be idetical to the steps Rancy quoted. It appears someone copied them to the Microsoft sire (or vise versa) a while back.
0
 
LVL 6

Author Comment

by:S_K_S
ID: 38717207
No worries is there something you can suggest that i can check ? Would like to take all options and work on them in one time

Regards
0
 
LVL 24

Assisted Solution

by:Sandeshdubey
Sandeshdubey earned 150 total points
ID: 38717827
There are multiple reasons for event id 13508 to occur it could be due network latency issue.Ad sites and services are not set corectly,replication issue,dns misconfig,required port not open for AD replication,secure channel broken,etc.

I would recommend to first check the health of dc by running dcdiag /q and repadmin /replsum and post the log if error is reported along with ipconfig /all details of DC's.

I would suggest contact network/security team to verify whether all the related AD ports being configured and allowed on the firewall for communication. Portquery is free tool from the MS which can be downloaded and installed to verify the necessary ports are opened or not.
 
Also, disable local windows firewall service, by default it is enabled in vista/windows 2008 and above. Check the network connectivity and latency.
 Disable Windows Firewall:http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx

Active Directory and Active Directory Domain Services Port Requirements
 http://technet.microsoft.com/en-us/library/dd772723%28WS.10%29.aspx

Best practices for DNS client settings on DC and domain members.
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/

If manual connection are created in AD sites and service then remove the same and run repadmin /kcc to regerate the topology:
http://blogs.technet.com/b/markmoro/archive/2011/08/05/you-are-not-smarter-than-the-kcc.aspx

See this similar thread too:
http://qa.social.technet.microsoft.com/Forums/en-US/winserverDS/thread/7652f4ac-6974-4bdc-9b31-7632c85b0811

Hope this helps
0
 
LVL 18

Accepted Solution

by:
Sarang Tinguria earned 150 total points
ID: 38719583
first check that you have proper Connection objects has been created in Sites and Services

Browse \\WorkingDC.domain.local copy sysvol & netlogon and keep backup on ProblemDC &  WorkingDC (If can not browse check network connectivity/Port and don't proceed further)

Go to WorkingDC  stop NTFRS service open regedit and go to "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup" change the burflag value to D4 Start NTFRS(File Replication service) service and wait for File Replication event ID 13516 now Go to ProblemDC  stop NTFRS service open regedit go to "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at <samp>Startup" change the burflag value to D2 -> Start NTFRS(File Replication service) service and wait for File Replication event ID 13516 now

Check Now your sysvol and netlogon shares are available

Above is called Authoritive(D4) and non-Authoritive Restore (D2)

Refer http://support.microsoft.com/kb/257338 for more info
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Learn More
Question has a verified solution.

If you are experiencing a similar issue, please ask a related question
Webinar: Secure Your Active Directory
Article by: Experts Exchange
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Protecting Active Directory Credentials Amidst New Threats [VIDEO]
Article by: Gene
Let's recap what we learned from yesterday's Skyport Systems webinar.
Transferring Active Directory FSMO Roles to a Windows 2012 Domain Controller
Video by: Rodney
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
[Webinar] Is Your Active Directory as Secure as You Think?
Video by: Experts Exchange
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Advertise Here

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Advertise Here