2 new DC not replicating. EVENT 13508 - NtFrs

All replies

• 

  

  0

  Sign in to vote

  Hi

    FRS event ID 13508 is a warning that the FRS service has been unable to complete the RPC connection to a specific replication partner. It indicates that FRS is having trouble enabling replication with that partner and will keep trying to establish the connection.

  A single FRS event ID 13508 does not mean anything is broken or not working, as long as it is followed by FRS event ID 13509, which indicates that the problem was resolved. Based on the time between FRS event IDs 13508 and 13509, you can determine if a real problem needs to be addressed.

  https://msdn.microsoft.com/en-us/library/bb727056.aspx?f=255&MSPPError=-2147217396

  ---

  This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

  Tuesday, May 9, 2017 11:23 AM
• 

  

  0

  Sign in to vote

  There is no 13509 events recorded on the new domain controllers.

  Tuesday, May 9, 2017 11:30 AM
• 

  

  0

  Sign in to vote

  https://msdn.microsoft.com/en-us/library/bb727056.aspx?f=255&MSPPError=-2147217396

  ---

  You need to check "Procedures for Troubleshooting FRS Event 13508 without Event 13509" part for troubleshooting.

  Also please run "ipconfig /all" ,"dcdiag /test:dns" from both DC then share the results on onedrive.

  https://onedrive.live.com/

  ---

  This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

  Tuesday, May 9, 2017 11:37 AM
• 

  

  0

  Sign in to vote

  I have gone through that and everything seems ok. Uploaded the results to one drive, can I send you the link somewhere? Do not want to share it with the world.

  Tuesday, May 9, 2017 11:44 AM
• 

  

  0

  Sign in to vote

  I tried to run this:

  For /f %i IN ('dsquery server -o rdn') do @echo %i && @wmic /node:"%i" /namespace:\\root\microsoftdfs path dfsrreplicatedfolderinfo WHERE replicatedfoldername='SYSVOL share' get replicationgroupname,replicatedfoldername,st
  ate

  That gave me this:

  DC01
  No Instance(s) Available.
  
  DC02
  No Instance(s) Available.
  
  DC03
  No Instance(s) Available.

  
  

  
  

  
  

  • Edited by M_Larsen Tuesday, May 9, 2017 1:24 PM

  Tuesday, May 9, 2017 1:23 PM
• 

  

  0

  Sign in to vote

  For /f %i IN ('dsquery server -o rdn') do @echo %i && @(net view \\%i | find "SYSVOL") & echo

  Gave me this:

  DC01
  SYSVOL      Disk           Logon server share
  ECHO is on.
  DC02
  ECHO is on.
  DC03
  ECHO is on.

  
  

  • Edited by M_Larsen Tuesday, May 9, 2017 1:24 PM

  Tuesday, May 9, 2017 1:23 PM
• 

  

  0

  Sign in to vote

  I tried to run this:

  For /f %i IN ('dsquery server -o rdn') do @echo %i && @wmic /node:"%i" /namespace:\\root\microsoftdfs path dfsrreplicatedfolderinfo WHERE replicatedfoldername='SYSVOL share' get replicationgroupname,replicatedfoldername,st
  ate

  That gave me this:

  DC01
  No Instance(s) Available.
  
  DC02
  No Instance(s) Available.
  
  DC03
  No Instance(s) Available.

  
  

  
  

  
  

  Seems to be dirty shutdown,check article to "reactivate the replication ";

  http://www.em-soft.si/myblog/elvis/?p=500

  ---

  This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

  Tuesday, May 9, 2017 3:48 PM
• 

  

  0

  Sign in to vote

  For /f %i IN ('dsquery server -o rdn') do @echo %i && @wmic /node:"%i" /namespace:\\root\microsoftdfs path dfsrreplicatedfolderinfo WHERE replicatedfoldername='SYSVOL share' get replicationgroupname,replicatedfoldername,st
  ate

  You are running FRS, not DFSR... Did you check the FRS eventlog on your (old) DC1?

  Tuesday, May 9, 2017 4:06 PM
• 

  

  0

  Sign in to vote

  There is no events recorded in the FRS eventlog last month.

  Wednesday, May 10, 2017 9:05 AM
• 

  

  0

  Sign in to vote

  There is no 2212 (Dirty shutdown) event logged under DFS Replication eventlog on DC01, DC02 or DC03.
  

  • Edited by M_Larsen Wednesday, May 10, 2017 9:22 AM

  Wednesday, May 10, 2017 9:21 AM
• 

  

  0

  Sign in to vote

  Troubleshooting FRS Events 13508 without FRS Event 13509

  FRS event ID 13508 is a warning that the FRS service has been unable to complete the RPC connection to a specific replication partner. It indicates that FRS is having trouble enabling replication with that partner and will keep trying to establish the connection.

  A single FRS event ID 13508 does not mean anything is broken or not working, as long as it is followed by FRS event ID 13509, which indicates that the problem was resolved. Based on the time between FRS event IDs 13508 and 13509, you can determine if a real problem needs to be addressed.

  Note: If FRS is stopped after an event ID 13508 is logged and then later started at a time when the communication issue has been resolved, event ID 13509 will not appear in the event log. In this case, look for an event indicating that FRS has started, and ensure it is not followed by another event 13508.

  Because FRS servers gather replication topology information from the closest domain controller, a replica partner in another site will not be aware of the replica set until the topology information has been replicated to domain controllers in that site. When the topology information finally reaches that distant domain controller, the FRS partner in that site will be able to participate in the replica set and FRS event ID 13509 will be logged. Intrasite Active Directory replication partners replicate every five minutes. Intersite replication only replicates when the schedule is open (the shortest delay is 15 minutes). In addition, FRS polls the topology at defined intervals: five minutes on domain controllers, and one hour on other member servers of a replica set. These delays and schedules can delay propagation of the FRS replication topology, especially in topologies with multiple hops.

  Procedures for Troubleshooting FRS Event 13508 without Event 13509

  1. Examine the FRS event ID 13508 to determine the machine that FRS has been unable to communicate with.

  2. Determine whether the remote machine is working properly, and verify that FRS is running on it. Type the following command at a command prompt on the computer that logged the FRS event ID 13508 and press ENTER:

     ntfrsutl version <FQDN of remote domain controller> 
     

     If this fails, check network connectivity by using the Ping command to ping the fully qualified domain name (FQDN) of the remote domain controller from the computer that logged the FRS event ID 13508. If this fails, then troubleshoot as a DNS or TCP/IP issue. If it succeeds, confirm that the FRS service is started on the remote domain controller.

  3. Determine whether FRS has ever been able to communicate with the remote computer by looking for FRS event ID 13509 in the event log and see if the FRS problem correlates to recent change management to networking, firewalls, DNS configuration, or Active Directory infrastructure.

  4. Determine whether anything between the two machines is capable of blocking RPC traffic, such as a firewall or router.

  5. Confirm that Active Directory replication is working. For more information about troubleshooting Active Directory replication, see Troubleshooting Active Directory Replication Problems in this guide.

  ---

  Regards,
  Sandeep Poonia
  Please verify the answer if it helps you.

  Wednesday, May 10, 2017 9:59 AM
• 

  

  0

  Sign in to vote

  I will try to do a Authoritative FRS restore with D4 on DC01 and D2 on DC02 and DC03.
  
  Ref: https://support.microsoft.com/en-us/help/290762/using-the-burflags-registry-key-to-reinitialize-file-replication-service

  Friday, May 12, 2017 8:19 AM
• 

  

  0

  Sign in to vote

  I went through the complete thread on this and it is confusing.

  Can you confirm if it is using FRS or DFSR? 

  If it is using FRS, no use of running DFS commands. 

  If it is using DFSR, then you need to change the instructions to do a non-auth restore.

  But performing non-auth restore directly is not the correct troubleshooting. 

  How many DCs do you have in this domain? Do you have any working domain controller in the same site where the problem DC is located?

  Can you check if the SYSVOL replications working on the partner DC (You can get the partner DC name from the 13508 event)

  Do you have SYSVOL/NETLOGON folder large in size  or how big it is?

  Friday, May 12, 2017 10:17 AM
• 

  

  0

  Sign in to vote

  Hi,

  Just checking in to see if the information provided was helpful. And if the replies as above are helpful, we would appreciate you to mark them as answers, please let us know if you would like further assistance.

  Best Regards,

  Wendy

  ---

  Please remember to mark the replies as answers if they help.
  If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com. 

  Monday, May 15, 2017 11:43 AM
• 

  

  1

  Sign in to vote

  Doing a D4 + D2 BurFlag on the domain controllers fixed the replication issue. Everything now seems to work as it should. Thank you all for the help you have provided.

  • Proposed as answer by Wendy Jiang Wednesday, May 24, 2017 4:26 AM
  • Marked as answer by Hamid Sadeghpour SalehMVP Sunday, January 19, 2020 11:18 AM

  Tuesday, May 23, 2017 12:41 PM
• 

  

  0

  Sign in to vote

  Hi,
  Thank you for the update and share, could you please help to mark it as answer? It will be greatly helpful to others who have the same question. 
  Sincerely, 
  Wendy Jiang

  ---

  Please remember to mark the replies as answers if they help.
  If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com. 

  Wednesday, May 24, 2017 4:27 AM
• 

  

  0

  Sign in to vote

  Doing a D4 + D2 BurFlag on the domain controllers fixed the replication issue. Everything now seems to work as it should. Thank you all for the help you have provided.

  Please help in understanding the term D4+D2 BurFlag?

  Many thanks,

  Arun

  <style><br _moz_dirty="" /></style>

  Saturday, December 14, 2019 12:42 PM