Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

FrsEvent dcdiag server 2008

Posted on 2014-12-22
10
Medium Priority
?
268 Views
Last Modified: 2015-01-11
dcdiag report below, how do i fix Frsevent ? it failed.


Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = FWBCH-SRV

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\FWBCH-SRV

      Starting test: Connectivity

         ......................... FWBCH-SRV passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\FWBCH-SRV

      Starting test: Advertising

         ......................... FWBCH-SRV passed test Advertising

      Starting test: FrsEvent

         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... FWBCH-SRV failed test FrsEvent

      Starting test: DFSREvent

         ......................... FWBCH-SRV passed test DFSREvent

      Starting test: SysVolCheck

         ......................... FWBCH-SRV passed test SysVolCheck

      Starting test: KccEvent

         ......................... FWBCH-SRV passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... FWBCH-SRV passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... FWBCH-SRV passed test MachineAccount

      Starting test: NCSecDesc

         ......................... FWBCH-SRV passed test NCSecDesc

      Starting test: NetLogons

         ......................... FWBCH-SRV passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... FWBCH-SRV passed test ObjectsReplicated

      Starting test: Replications

         ......................... FWBCH-SRV passed test Replications

      Starting test: RidManager

         ......................... FWBCH-SRV passed test RidManager

      Starting test: Services

         ......................... FWBCH-SRV passed test Services

      Starting test: SystemLog

         

      Starting test: VerifyReferences

         ......................... FWBCH-SRV passed test VerifyReferences

   
   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : fwbch

      Starting test: CheckSDRefDom

         ......................... fwbch passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... fwbch passed test CrossRefValidation

   
   Running enterprise tests on : fwbch.local

      Starting test: LocatorCheck

         ......................... fwbch.local passed test LocatorCheck

      Starting test: Intersite

         ......................... fwbch.local passed test Intersite
0
Comment
Question by:wjl3698
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
10 Comments
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40513223
was the server rebooted in the last 24 hours?
if so, i would ignore it; usually happens during the reboot process as some services might come up before others and throw warnings but then stops once it's running
0
 

Author Comment

by:wjl3698
ID: 40513229
The server has been running for 3 days. net share i can see netlogon share and  SYSVOL.
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40513237
can you find the event log entry?
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:wjl3698
ID: 40513241
i cleared all system logs and reran dcdiag and still getting this error.
0
 

Accepted Solution

by:
wjl3698 earned 0 total points
ID: 40513273
i cleared DFS replication event logs and file replication service logs and reran dcdiag and it is now cleared up. so which log does Frsevent test use? because i would need to fix the errors in those logs so it doesn't keep on happening.
0
 
LVL 4

Expert Comment

by:Vishalnarse
ID: 40513498
Hi

make sure that you can ping between the DCs with ip address, computer name and FQDN. Also make sure that no firewall is blocking AD replication traffic.

On the new DCs check also that the sysvol and netlogon folder exist and you can access them.

Did you wait after adprep commands, that remote sites have got all updates before promoting the new DCs?

Check in AD sites and services, that all DCs are listed and that the sites are using the correct subnet and that the replication topology is created either automatically or done manual for your needs.

Did you use latest SP/patches on the servers?

To stop the OutboundSecureChannels errors, use /skip:outboundsecurechannels. The tests are not valid and can be instead tested with NETDOM.EXE and NLTEST.EXE.
0
 

Author Comment

by:wjl3698
ID: 40513597
ping between the DCs?, i only have one DC. with 30 computers. with DNS/AD Roles.
sysvol and netlogon folder does  exist on net share command and can access them.

i'm not promoting any DCs. single DC with this issue.
i'm not promoting any DC. and current DC has all updates.
all DCs are listed, only one because i only have one.
0
 
LVL 4

Expert Comment

by:Vishalnarse
ID: 40515180
Hi,

Open command prompt and run "net share" on each DC to confirm the SYSVOL and NETLOGON shares are available.

Run "repadmin /replsum" and "ipconfig /all" of problem DC and post the result.

Ensure the following on each DC:

Each DC / DNS server points to its private IP address as primary DNS server and other internal/remote DNS servers as secondary DNS in TCP/IP property.
Each DC has just one IP address, if multiple NICs are present, disable unused NICs. Active NIC should be on top in NIC bind order.
Once you are done with above, open command prompt and run "ipconfig /flushdns & ipconfig /registerdns", restart DNS server and NETLOGON service on each DC.

Dcdiag fails for NCSecDesc test :
If you have not run adprep/rodcprep, Dcdiag.exe will return an error when it runs the NCSecDesc test. If you do not plan to add an RODC to the forest, you can disregard this error. If you plan to add an RODC to the forest, you must run adprep /rodcprep.
http://support.microsoft.com/kb/967482

DCDIAG another error message regarding the Group Policy :
"The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description."
As per Microsoft:

"This problem occurs on new 2008 DC in to a 2003 domain because the version number of the KRBTGT account increases when you perform an authoritative restoration. The KRBTGT account is a service account that is used by the Kerberos Key Distribution Center (KDC) service".

See KB939820 for a hotfix applicable to Microsoft Windows Server 2003 : http://support.microsoft.com/kb/939820

Reference: http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/3fdc100f-16cb-4d4d-b1ca-4ce00bc7bbcc/

Refer to http://support.microsoft.com/kb/272279
You might want to also use any of the NTFRS troubleshooting utilities - http://www.microsoft.com/windowsserver2003/technologies/storage/dfs/tshootfrs.mspx

Regards,
0
 
LVL 4

Expert Comment

by:Vishalnarse
ID: 40515205
Hello,

SYSVOL share has become corrupt and you need to pull a new copy from the other DCs.
Browse on every DC to  \\domain.local\sysvol\domain.local\Policies one of them should have policies missing.
After you found problematic server log on to it and open up regedit.

1. Browse to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters
2. Create new DWORD value "Enable Journal Wrap Automatic Restore" and set it to 1
3. Stop/start the ntfrs service (net stop/start ntfrs)
4. Note the entries in the FRS log. (13560, 13520)
5. Change the value "Enable Journal Wrap Automatic Restore" to 0
6. Wait for replication to complete (13553, 13554)
7. Note success (13516 - no longer preventing from becoming DC)
8. Note other servers are now seeing event ID 13509 (NtFrs once again has connection)

Regards,
0
 

Author Closing Comment

by:wjl3698
ID: 40542853
i did this and fixed my alert.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question