none
NTFRS Problem

    Question

  • I'm having some ntfrs replication problems between DC's in a child domain. There are 3 DC's, and two are having problems, logging the following error in the event log;

    Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller server1.mydomain.co.uk for FRS replica set configuration information.
    The nTFRSSubscriber object cn=domain system volume (sysvol share),cn=ntfrs subscriptions,cn=server1,ou=domain controllers,dc=mydomain,dc=co,dc=uk has a invalid value for the attribute frsMemberReference.

    I've established this problem has been there for a couple of months, but the File Replication Service has been running, just not working! I've dug deep on this one, and I think I just need one more pointer to resolve this.

    If I run 'ntfrsutl sets server1', I get told there are no replica sets. On the third (working) DC, I get all the replica sets listed. If I look at ADSIEdit for the CN=File Replication Service,CN=System,DC=mydomain,DC=co,DC=uk container, and inspect the server objects within, I can see that the following entries are present and correct;

    frsComputerReference
    serverReference

    What's missing on the problem DC's is the following;

    fRSMemberReferenceBL

    Here's an example of the output from a DC that isn't working;

    Dn: CN=SERVER1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mydomain,DC=co,DC=uk
    cn: SERVER1;
    distinguishedName: CN=SERVER1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mydomain,DC=co,DC=uk;
    dSCorePropagationData (5): 29/10/2012 16:15:05 GMT Standard Time; 26/10/2012 14:16:03 GMT Standard Time; 26/10/2012 14:16:03 GMT Standard Time; 26/10/2012 12:05:41 GMT Standard Time; 0x1 = ( NEW_SD ), 0x1 = ( NEW_SD ), 0x1 = ( NEW_SD ), 0x1 = ( NEW_SD );
    frsComputerReference: CN=SERVER1,OU=Domain Controllers,DC=mydomain,DC=co,DC=uk;
    instanceType: 0x4 = ( WRITE );
    name: SERVER1;
    objectCategory: CN=NTFRS-Member,CN=Schema,CN=Configuration,DC=mydomain,DC=co,DC=uk;
    objectClass (2): top; nTFRSMember;
    objectGUID: fba46480-bea2-4a1f-9a00-a6f0c510a0f3;
    serverReference: CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=COMM,CN=Sites,CN=Configuration,DC=mydomain,DC=co,DC=uk;
    showInAdvancedViewOnly: TRUE;
    uSNChanged: 30477517;
    uSNCreated: 16402;
    whenChanged: 21/11/2012 16:54:26 GMT Standard Time;
    whenCreated: 08/10/2003 19:36:41 GMT Standard Time;

    But, fRSMemberReferenceBL is a system value that cannot be modified in either ADSIEdit or LDP, and I need to get this value back in. I've followed KB312862 to try and resolve this, but it doesn't seem to actually put this key back in, unless I'm doing something wrong, or need to do something else.

    At the moment, because of this, we're not getting any GP replication, and we're in the middle of a Lync deployment!

    Thursday, November 22, 2012 11:19 AM

Answers

  • Thank you. That fRSMemberReference is the forward attribute than fRSMemberReferenceBL is derived from (yes, it's a back-linked system value, and cannot be modified). The problem for me was that the serverReference attribute was missing, which for me, caused the break in FRS.

    In the end I had to;

    net stop ntfrs

    re-instate the serverReference attribue

    re-instate the fRSMemberReference attribue

    Backup the SYSVOL\domain folder

    Rename the c:\windows\ntfrs\jet folder

    Set the Burflags value to d2 for a non-authoritative restore

    Restart ntfrs and monitor the FRS event log. Eventually, everything got back into sync

    • Marked as answer by tman24 Thursday, November 29, 2012 10:42 AM
    Thursday, November 29, 2012 10:42 AM

All replies

  • I could really do with some advice on this, as I have to get it resolved. If it's a reg change with service restart, I've no problem at all doing that. Thanks.
    Thursday, November 22, 2012 5:21 PM
  • Hi,

    I would like suggest you check your event logs, and according to the event ID to troubleshoot this issue:

    http://technet.microsoft.com/en-us/library/bb727056.aspx

    In addition, please tell us all of your DCs OS, and please also run dcdiag and repadmin command to determine where the error occur when replicate.

    Regards,

    Yan Li

    If you have any feedback on our support, please click here .


    Cataleya Li
    TechNet Community Support

    Friday, November 23, 2012 9:01 AM
    Moderator
  • Thank you. The exact event ID is 13562, which isn't actually listed in the troubleshooting document! The DC's with the problem are 2008R2 SP1, the working DC is 2008 (a VM actually). We've had this setup for the last 2 years, and it's been working fine.
    Friday, November 23, 2012 9:44 AM
  • I've established that doing a non-authoritive FRS restore (setting burflags to D2) has not resolved the problem.

    Just so you're aware, these are all on live, valid DC's. None have been removed or demoted from A/D. They're not stale records that need cleaning up. If anyone can point me in the right direction to resolve this, then that would be an enormous help.

    Friday, November 23, 2012 4:41 PM
  • Hi,

    Please go through the below link:

    Recovering missing FRS objects and FRS attributes in Active Directory

    http://support.microsoft.com/kb/312862

    In addition, the please also follow the below two similar threads to troubleshoot this issue:

    http://social.technet.microsoft.com/Forums/en/winserverfiles/thread/c1f5fa2c-b749-4464-9a17-884dcdbfd01f

    http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/99de54ef-6de6-4b70-bf90-180d6e183bf7

    Hope this helps.

    Regards,

    Yan Li

    If you have any feedback on our support, please click here .


    Cataleya Li
    TechNet Community Support

    Monday, November 26, 2012 2:42 AM
    Moderator
  • Thanks. Are you suggesting I need to do an authoritative SYSVOL restore to get full NTFRS functionality back online? Will this definately work? From my investigations, all I need to be able to do is the the fRSMemberReferenceBL value back into A/D. Everything else looks fine. The DC's are replicating A/D fine, it's just the SYSVOL replication that's broken.

    To clarify, there has been no DR issue and no DC restore/removal. I don't know why this has happened, but I don't want to risk the integrity of the A/D setup if I don't need to.

    As I said, one of the DC's is working fine, and shows the correct replica sets, but the two others just show nothing, and these are the ones with the missing fRSMemberReferenceBL setting.

    Once we remove our last reliance on the current 2003 domain functional level, I'll be raising the forest functional level to 2008, so will probably switch to DFSR, but that won't help me right now.



    • Edited by tman24 Monday, November 26, 2012 12:20 PM
    Monday, November 26, 2012 9:41 AM
  • I've tried an NTFRS restore by setting the D4 burflags value on the working DC, then setting the D2 value on one of the DC's with a problem. I then rebooted the problem DC, and although SYSVOL and NETLOGON came up fine, FRS is still not replicating, and the fSRMemberReferenceBL value is STILL missing.

    So, the problem is that if fRSMemberReferenceBL is derived from fRSComputerReference (which is valid and correct), why isn't fRSMemberReferenceBL being generated correctly, even after a reboot?

    It's really surprising that this problem seems so difficult to resolve!


    • Edited by tman24 Monday, November 26, 2012 11:02 AM
    Monday, November 26, 2012 11:01 AM
  • Hi,

    BL means back link, cannot be modified. Please check the following place:


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Tuesday, November 27, 2012 10:31 AM
  • Thank you. That fRSMemberReference is the forward attribute than fRSMemberReferenceBL is derived from (yes, it's a back-linked system value, and cannot be modified). The problem for me was that the serverReference attribute was missing, which for me, caused the break in FRS.

    In the end I had to;

    net stop ntfrs

    re-instate the serverReference attribue

    re-instate the fRSMemberReference attribue

    Backup the SYSVOL\domain folder

    Rename the c:\windows\ntfrs\jet folder

    Set the Burflags value to d2 for a non-authoritative restore

    Restart ntfrs and monitor the FRS event log. Eventually, everything got back into sync

    • Marked as answer by tman24 Thursday, November 29, 2012 10:42 AM
    Thursday, November 29, 2012 10:42 AM