?
Solved

FrsEvent dcdiag server 2008

Posted on 2014-12-22
10
Medium Priority
?
254 Views
Last Modified: 2015-01-11
dcdiag report below, how do i fix Frsevent ? it failed.


Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = FWBCH-SRV

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\FWBCH-SRV

      Starting test: Connectivity

         ......................... FWBCH-SRV passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\FWBCH-SRV

      Starting test: Advertising

         ......................... FWBCH-SRV passed test Advertising

      Starting test: FrsEvent

         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... FWBCH-SRV failed test FrsEvent

      Starting test: DFSREvent

         ......................... FWBCH-SRV passed test DFSREvent

      Starting test: SysVolCheck

         ......................... FWBCH-SRV passed test SysVolCheck

      Starting test: KccEvent

         ......................... FWBCH-SRV passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... FWBCH-SRV passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... FWBCH-SRV passed test MachineAccount

      Starting test: NCSecDesc

         ......................... FWBCH-SRV passed test NCSecDesc

      Starting test: NetLogons

         ......................... FWBCH-SRV passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... FWBCH-SRV passed test ObjectsReplicated

      Starting test: Replications

         ......................... FWBCH-SRV passed test Replications

      Starting test: RidManager

         ......................... FWBCH-SRV passed test RidManager

      Starting test: Services

         ......................... FWBCH-SRV passed test Services

      Starting test: SystemLog

         

      Starting test: VerifyReferences

         ......................... FWBCH-SRV passed test VerifyReferences

   
   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : fwbch

      Starting test: CheckSDRefDom

         ......................... fwbch passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... fwbch passed test CrossRefValidation

   
   Running enterprise tests on : fwbch.local

      Starting test: LocatorCheck

         ......................... fwbch.local passed test LocatorCheck

      Starting test: Intersite

         ......................... fwbch.local passed test Intersite
0
Comment
Question by:wjl3698
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
10 Comments
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40513223
was the server rebooted in the last 24 hours?
if so, i would ignore it; usually happens during the reboot process as some services might come up before others and throw warnings but then stops once it's running
0
 

Author Comment

by:wjl3698
ID: 40513229
The server has been running for 3 days. net share i can see netlogon share and  SYSVOL.
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40513237
can you find the event log entry?
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:wjl3698
ID: 40513241
i cleared all system logs and reran dcdiag and still getting this error.
0
 

Accepted Solution

by:
wjl3698 earned 0 total points
ID: 40513273
i cleared DFS replication event logs and file replication service logs and reran dcdiag and it is now cleared up. so which log does Frsevent test use? because i would need to fix the errors in those logs so it doesn't keep on happening.
0
 
LVL 4

Expert Comment

by:Vishalnarse
ID: 40513498
Hi

make sure that you can ping between the DCs with ip address, computer name and FQDN. Also make sure that no firewall is blocking AD replication traffic.

On the new DCs check also that the sysvol and netlogon folder exist and you can access them.

Did you wait after adprep commands, that remote sites have got all updates before promoting the new DCs?

Check in AD sites and services, that all DCs are listed and that the sites are using the correct subnet and that the replication topology is created either automatically or done manual for your needs.

Did you use latest SP/patches on the servers?

To stop the OutboundSecureChannels errors, use /skip:outboundsecurechannels. The tests are not valid and can be instead tested with NETDOM.EXE and NLTEST.EXE.
0
 

Author Comment

by:wjl3698
ID: 40513597
ping between the DCs?, i only have one DC. with 30 computers. with DNS/AD Roles.
sysvol and netlogon folder does  exist on net share command and can access them.

i'm not promoting any DCs. single DC with this issue.
i'm not promoting any DC. and current DC has all updates.
all DCs are listed, only one because i only have one.
0
 
LVL 4

Expert Comment

by:Vishalnarse
ID: 40515180
Hi,

Open command prompt and run "net share" on each DC to confirm the SYSVOL and NETLOGON shares are available.

Run "repadmin /replsum" and "ipconfig /all" of problem DC and post the result.

Ensure the following on each DC:

Each DC / DNS server points to its private IP address as primary DNS server and other internal/remote DNS servers as secondary DNS in TCP/IP property.
Each DC has just one IP address, if multiple NICs are present, disable unused NICs. Active NIC should be on top in NIC bind order.
Once you are done with above, open command prompt and run "ipconfig /flushdns & ipconfig /registerdns", restart DNS server and NETLOGON service on each DC.

Dcdiag fails for NCSecDesc test :
If you have not run adprep/rodcprep, Dcdiag.exe will return an error when it runs the NCSecDesc test. If you do not plan to add an RODC to the forest, you can disregard this error. If you plan to add an RODC to the forest, you must run adprep /rodcprep.
http://support.microsoft.com/kb/967482

DCDIAG another error message regarding the Group Policy :
"The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description."
As per Microsoft:

"This problem occurs on new 2008 DC in to a 2003 domain because the version number of the KRBTGT account increases when you perform an authoritative restoration. The KRBTGT account is a service account that is used by the Kerberos Key Distribution Center (KDC) service".

See KB939820 for a hotfix applicable to Microsoft Windows Server 2003 : http://support.microsoft.com/kb/939820

Reference: http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/3fdc100f-16cb-4d4d-b1ca-4ce00bc7bbcc/

Refer to http://support.microsoft.com/kb/272279
You might want to also use any of the NTFRS troubleshooting utilities - http://www.microsoft.com/windowsserver2003/technologies/storage/dfs/tshootfrs.mspx

Regards,
0
 
LVL 4

Expert Comment

by:Vishalnarse
ID: 40515205
Hello,

SYSVOL share has become corrupt and you need to pull a new copy from the other DCs.
Browse on every DC to  \\domain.local\sysvol\domain.local\Policies one of them should have policies missing.
After you found problematic server log on to it and open up regedit.

1. Browse to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters
2. Create new DWORD value "Enable Journal Wrap Automatic Restore" and set it to 1
3. Stop/start the ntfrs service (net stop/start ntfrs)
4. Note the entries in the FRS log. (13560, 13520)
5. Change the value "Enable Journal Wrap Automatic Restore" to 0
6. Wait for replication to complete (13553, 13554)
7. Note success (13516 - no longer preventing from becoming DC)
8. Note other servers are now seeing event ID 13509 (NtFrs once again has connection)

Regards,
0
 

Author Closing Comment

by:wjl3698
ID: 40542853
i did this and fixed my alert.
0

Featured Post

New benefit for Premium Members - Upgrade now!

Ready to get started with anonymous questions today? It's easy! Learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Moving your enterprise fax infrastructure from in-house fax machines and servers to the cloud makes sense — from both an efficiency and productivity standpoint. But does migrating to a cloud fax solution mean you will no longer be able to send or re…
New style of hardware planning for Microsoft Exchange server.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question