Server 2012 R2 file replication failure
We have 2 Server 2012 r2 domain controllers running in VMWare. File replication has been failing with the following event viewer error on DC2 :
Log Name: File Replication Service
Source: NtFrs
Date: 1/3/2019 10:14:44 AM
Event ID: 13555
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MB-DC2.ad.xxx.com
Description:
The File Replication Service is in an error state. Files will not replicate to or from one or all of the replica sets on this computer until the following recovery steps are performed:
Recovery Steps:
[1] The error state may clear itself if you stop and restart the FRS service. This can be done by performing the following in a command window:
net stop ntfrs
net start ntfrs
If this fails to clear up the problem then proceed as follows.
[2] For Active Directory Domain Services Domain Controllers that DO NOT host any DFS alternates or other replica sets with replication enabled:
If there is at least one other Domain Controller in this domain then restore the "system state" of this DC from backup (using ntbackup or other backup-restore utility) and make it non-authoritative.
If there are NO other Domain Controllers in this domain then restore the "system state" of this DC from backup (using ntbackup or other backup-restore utility) and choose the Advanced option which marks the sysvols as primary.
If there are other Domain Controllers in this domain but ALL of them have this event log message then restore one of them as primary (data files from primary will replicate everywhere) and the others as non-authoritative.
[3] For Active Directory Domain Services Domain Controllers that host DFS alternates or other replica sets with replication enabled:
(3-a) If the Dfs alternates on this DC do not have any other replication partners then copy the data under that Dfs share to a safe location.
(3-b) If this server is the only Active Directory Domain Services Domain Controller for this domain then, before going to (3-c), make sure this server does not have any inbound or outbound connections to other servers that were formerly Domain Controllers for this domain but are now off the net (and will never be coming back online) or have been fresh installed without being demoted. To delete connections use the Sites and Services snapin and look for
Sites->NAME_OF_SITE->Serve
(3-c) Restore the "system state" of this DC from backup (using ntbackup or other backup-restore utility) and make it non-authoritative.
(3-d) Copy the data from step (3-a) above to the original location after the sysvol share is published.
[4] For other Windows servers:
(4-a) If any of the DFS alternates or other replica sets hosted by this server do not have any other replication partners then copy the data under its share or replica tree root to a safe location.
(4-b) net stop ntfrs
(4-c) rd /s /q c:\windows\ntfrs\jet
(4-d) net start ntfrs
(4-e) Copy the data from step (4-a) above to the original location after the service has initialized (5 minutes is a safe waiting time).
Note: If this error message is in the eventlog of all the members of a particular replica set then perform steps (4-a) and (4-e) above on only one of the members.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="NtFrs" />
<EventID Qualifiers="49152">13555</
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2019-01-03T15:
<EventRecordID>4473</Event
<Channel>File Replication Service</Channel>
<Computer>MB-DC2.ad.xxx.co
<Security />
</System>
<EventData>
<Data>c:\windows\ntfrs\jet
</EventData>
</Event>
I have tried step 1 with no success. For step 2, I do not know what "DFS alternates or other replica sets with replication enabled" means or if this is the next step I should try. How can I determine if either of my DC's contain DFS alternates or other replica sets?
Log Name: File Replication Service
Source: NtFrs
Date: 1/3/2019 10:14:44 AM
Event ID: 13555
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MB-DC2.ad.xxx.com
Description:
The File Replication Service is in an error state. Files will not replicate to or from one or all of the replica sets on this computer until the following recovery steps are performed:
Recovery Steps:
[1] The error state may clear itself if you stop and restart the FRS service. This can be done by performing the following in a command window:
net stop ntfrs
net start ntfrs
If this fails to clear up the problem then proceed as follows.
[2] For Active Directory Domain Services Domain Controllers that DO NOT host any DFS alternates or other replica sets with replication enabled:
If there is at least one other Domain Controller in this domain then restore the "system state" of this DC from backup (using ntbackup or other backup-restore utility) and make it non-authoritative.
If there are NO other Domain Controllers in this domain then restore the "system state" of this DC from backup (using ntbackup or other backup-restore utility) and choose the Advanced option which marks the sysvols as primary.
If there are other Domain Controllers in this domain but ALL of them have this event log message then restore one of them as primary (data files from primary will replicate everywhere) and the others as non-authoritative.
[3] For Active Directory Domain Services Domain Controllers that host DFS alternates or other replica sets with replication enabled:
(3-a) If the Dfs alternates on this DC do not have any other replication partners then copy the data under that Dfs share to a safe location.
(3-b) If this server is the only Active Directory Domain Services Domain Controller for this domain then, before going to (3-c), make sure this server does not have any inbound or outbound connections to other servers that were formerly Domain Controllers for this domain but are now off the net (and will never be coming back online) or have been fresh installed without being demoted. To delete connections use the Sites and Services snapin and look for
Sites->NAME_OF_SITE->Serve
(3-c) Restore the "system state" of this DC from backup (using ntbackup or other backup-restore utility) and make it non-authoritative.
(3-d) Copy the data from step (3-a) above to the original location after the sysvol share is published.
[4] For other Windows servers:
(4-a) If any of the DFS alternates or other replica sets hosted by this server do not have any other replication partners then copy the data under its share or replica tree root to a safe location.
(4-b) net stop ntfrs
(4-c) rd /s /q c:\windows\ntfrs\jet
(4-d) net start ntfrs
(4-e) Copy the data from step (4-a) above to the original location after the service has initialized (5 minutes is a safe waiting time).
Note: If this error message is in the eventlog of all the members of a particular replica set then perform steps (4-a) and (4-e) above on only one of the members.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="NtFrs" />
<EventID Qualifiers="49152">13555</
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2019-01-03T15:
<EventRecordID>4473</Event
<Channel>File Replication Service</Channel>
<Computer>MB-DC2.ad.xxx.co
<Security />
</System>
<EventData>
<Data>c:\windows\ntfrs\jet
</EventData>
</Event>
I have tried step 1 with no success. For step 2, I do not know what "DFS alternates or other replica sets with replication enabled" means or if this is the next step I should try. How can I determine if either of my DC's contain DFS alternates or other replica sets?
ASKER
Thanks for the reply. I followed the article and the above error went away, but replication has not completed. My bigger problem now is when I try to open active directory users/computers or group policy I get an error pop up that says "Naming information could not be located because the specified domain either does not exist or could not be contacted". Additionally I try to log on to workstations with user credentials it says "An authentication error has occurred. The local security authority cannot be contacted". Please tell me I have not lost my active directory configuration.
How big your sysvol folder
What exact steps you followed?
Did you able to find event id 13516 under file replication service event logs?
And if service is running?
You can post output of dcdiag /v here
What exact steps you followed?
Did you able to find event id 13516 under file replication service event logs?
And if service is running?
You can post output of dcdiag /v here
ASKER
I followed the directions for non-authoritative restore. On DC2 I stopped FRS, set the burflags key to D2 and restarted FRS. FRS service is running but there was no event 13516 listed. I cannot even log on remotely now, so I will have to get the dcdiag /v results tomorrow. Thanks for you continued help.
Have you checked NTFRS logs on problematic DC for event ID 13516? if not,
Restart file replication service on other DC and check if there you can find event ID 13516 under NTFRS event logs, if you don't find that event even after restarting service, you need to attempt FRS Sysvol authoritative restore (D4) from same article on that DC and then attempt non authoritative restore (D2) on problematic DC
Setting BurFlags (D2) won't make server unstable and you should at least logon to server though restore may failed
Can you check if Sysvol folder structure is intact on problematic DC?
/SYSVOL
/SYSVOL/Domain
/SYSVOL/Domain/policies
/SYSVOL/Domain/Scripts
/SYSVOL/Staging
/SYSVOL/Staging areas
/SYSVOL/Staging Areas/domain.com
/SYSVOL/Sysvol
/SYSVOL/Sysvol/domain.com
Restart file replication service on other DC and check if there you can find event ID 13516 under NTFRS event logs, if you don't find that event even after restarting service, you need to attempt FRS Sysvol authoritative restore (D4) from same article on that DC and then attempt non authoritative restore (D2) on problematic DC
Setting BurFlags (D2) won't make server unstable and you should at least logon to server though restore may failed
Can you check if Sysvol folder structure is intact on problematic DC?
/SYSVOL
/SYSVOL/Domain
/SYSVOL/Domain/policies
/SYSVOL/Domain/Scripts
/SYSVOL/Staging
/SYSVOL/Staging areas
/SYSVOL/Staging Areas/domain.com
/SYSVOL/Sysvol
/SYSVOL/Sysvol/domain.com
ASKER
Unfortunately, I came down with a bad flu overnight and cannot get onsite. Over the phone I walked someone through attempting the authoritative restore. We stopped ntfrs on both DC’s, however, on DC1 there is no ntfrs key under hkey_local_machine\system\
To answer your other questions, there were no event id 13516 on either DC. If I remember correctly the SYSVOL structure looked like this:
/SYSVOL/Domain
/SYSVOL/Staging
/SYSVOL/Staging areas
/SYSVOL/Sysvol
With subfolders named pre-existing under both domain and sysvol
To answer your other questions, there were no event id 13516 on either DC. If I remember correctly the SYSVOL structure looked like this:
/SYSVOL/Domain
/SYSVOL/Staging
/SYSVOL/Staging areas
/SYSVOL/Sysvol
With subfolders named pre-existing under both domain and sysvol
OK
If regkey is not available, you must need to create it manually and then attempt D4 and D2 respectively
check if Sysvol structure is correct
as long as you don't get event ID 13516, your Sysvol and netlogon won't initialize and shared and until you will face issues wrt logon and GPO application on workstations
If regkey is not available, you must need to create it manually and then attempt D4 and D2 respectively
check if Sysvol structure is correct
as long as you don't get event ID 13516, your Sysvol and netlogon won't initialize and shared and until you will face issues wrt logon and GPO application on workstations
ASKER
Ok, I was able to run D4 on DC1 and D2 on DC2. After it completed there was event 13516 on DC1 but not DC2. We are able to logon from windows workstations again, and I can access active directory and group policy again. However, I am again getting errors about not being able to replicate with DC2 (sorry, I don’t have those exact event id’s at the moment). Additionally, remote desktop is not responding from outside of the office (not a router/port issue), and I am seeing various messages about rpc and group policy issues. I was able to run dcdiag and repadmin on DC1 and attached the output.
Sorry this has been slow going due to my being sick and lack of remote access. Thank you so much Mahesh for sticking with me on this, it is appreciated much more than you know…
dcdiag.txt
repadmin.txt
Sorry this has been slow going due to my being sick and lack of remote access. Thank you so much Mahesh for sticking with me on this, it is appreciated much more than you know…
dcdiag.txt
repadmin.txt
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
follow steps in blow article - Non authoritative restore (D2)
https://support.microsoft.com/en-in/help/290762/using-the-burflags-registry-key-to-reinitialize-file-replication-servi