Windows Server Summit 2024
Mar 26 2024 08:00 AM - Mar 28 2024 04:30 PM (PDT)
Microsoft Tech Community
LIVE
SOLVED

FRS not replicating Event 13508, NtFrs

Brass Contributor

Two weeks ago our host went down for DC1.  Since DC1, and DC2 are not replicating to one another.  It is currently FRS.  I discovered this while looking in to migrating to DFS.

 

I have found and went through this: 2 new DC not replicating. EVENT 13508 - NtFrs (microsoft.com), but I don't know if a D2/D4 is what I need here.  I have reviewed this as well: Use BurFlags to reinitialize File Replication Service (FRS) - Windows Server | Microsoft Docs.  In this it doesn't specify which DC I set the flag on.  I assume PDC, but either way from the bottom of the document this isn't going to fix my root cause issue.

 

"If you configure an FRS member to complete an authoritative or nonauthoritative restore by using the BurFlags registry subkey, you don't resolve the issues that initially caused the replication problem."

 

Other articles I have reviewed:

Troubleshooting File Replication Service | Microsoft Docs

Troubleshooting Active Directory Replication Problems | Microsoft Docs

 

I can ping from each device, and outputs for troubleshooting is below.  I have confirmed ports for RPC are open and they can talk to one another over the network on 135.  Services on both DCs are running as well.

 

These are ran from DC1

 

PS C:\Users\administrator> ntfrsutl version dc2
NtFrsApi Version Information
   NtFrsApi Major      : 0
   NtFrsApi Minor      : 0
   NtFrsApi Compiled on: Aug 21 2013 16:23:00
NtFrs Version Information
   NtFrs Major        : 0
   NtFrs Minor        : 0
   NtFrs Compiled on  : Aug 21 2013 16:23:00
   Latest changes:
   Install Override fix
OS Version 6.3 (9600) -
SP (0.0) SM: 0x0110  PT: 0x02
Processor:  AMD64 Level: 0x0006  Revision: 0x5507  Processor num/mask: 4/0000000f

 

 

 

 

PS C:\Users\administrator> repadmin /showreps
location1\DC1

DSA Options: IS_GC 

Site Options: (none)

DSA object GUID: bd9d7382-7bd6-453e-9829-e898d8d84725

DSA invocationID: 47916ea1-707b-4c1f-902d-19e84aa68a98



==== INBOUND NEIGHBORS ======================================



dc=mine,DC=com

    location2\dc2 via RPC

        DSA object GUID: 87eb9ba0-9358-4dd3-a30b-57f3ee78cfa2

        Last attempt @ 2022-06-03 11:52:28 was successful.



CN=Configuration,dc=mine,DC=com

    location2\dc2 via RPC

        DSA object GUID: 87eb9ba0-9358-4dd3-a30b-57f3ee78cfa2

        Last attempt @ 2022-06-03 11:46:25 was successful.



CN=Schema,CN=Configuration,dc=mine,DC=com

    location2\dc2 via RPC

        DSA object GUID: 87eb9ba0-9358-4dd3-a30b-57f3ee78cfa2

        Last attempt @ 2022-06-03 11:46:25 was successful.



DC=DomainDnsZones,dc=mine,DC=com

    location2\dc2 via RPC

        DSA object GUID: 87eb9ba0-9358-4dd3-a30b-57f3ee78cfa2

        Last attempt @ 2022-06-03 11:46:25 was successful.



DC=ForestDnsZones,dc=mine,DC=com

    location2\dc2 via RPC

        DSA object GUID: 87eb9ba0-9358-4dd3-a30b-57f3ee78cfa2

        Last attempt @ 2022-06-03 11:46:25 was successful.

 

 

Side question as well, how can I initiate/force an FRS sync?  The log shows the failures once daily, 25 hours apart (one hour later each day) since the host went down, so I assumed it was a scheduled task, but I couldn't find anything in taskschd or a schedule option via ntfrsutl.

 

 

Thanks!

12 Replies

Just an update.

 

I found that DC2 NetConnectionProfile was categorized as private and not domain.  I restarted the Network Location Awareness to get it back to Domain as powershell returned an error.

 

PS C:\Users\administrator> Set-NetConnectionProfile -InterfaceIndex 13 -NetworkCategory Domain
Set-NetConnectionProfile : Unable to set NetworkCategory to 'DomainAuthenticated'.  This NetworkCategory type will be set automatically when authenticated to a domain network.
At line:1 char:1
+ Set-NetConnectionProfile -InterfaceIndex 13 -NetworkCategory Domain
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (MSFT_NetConnect...6D21E6075057}"):root/StandardCi...nnectionProfile) [Set-NetConnectionProfile], CimException
    + FullyQualifiedErrorId : MI RESULT 4,Set-NetConnectionProfile

 

It is yet to be seen if this fixed anything, as I am having to wait for the logs to show anything and if they follow the same pattern they have been an error or something will be there tonight at 12:37AM :D

 

Other than this I can't find anything wrong :(

@Dave Patrick 

 

Thanks for the reply.  I will give these a look.  I used AngryPort scanner from DC to DC and it responds to both, but these may illuminate something I am missing.

Sounds good, let us know.

 

 

As to doing the nonauthoritative restore do these steps on the receiving end. (hopefully its not tombstoned)

Use BurFlags to reinitialize File Replication Service (FRS) - Windows Server | Microsoft Docs

 

 

@Dave Patrick 

 

With one exception, it doesn't look to me portqry has anything that matters is filtered?  Results are attached.  Sorry about the docx.

 

One query causes it to crash each time and portqry throws an error.

 

 

 

portqry.exe -n dc2 -e 137 -p UDP exits with return code 0x80000003.

 

 

 

portqry-error.png

 

 

Is the nonauthoritative restore how I can 'force' it to sync?

Be sure to confirm all of the mentioned ports are flowing.

 

 

 

 

Any progress or updates? Please don't forget to close up thread by marking helpful replies.

 

 

@Dave Patrick 

 

Over the weekend the FRS logs in event viewer do not show any activity. I removed a file from DC1 at: \\localhost\sysvol\mine.com\test.txt

 

While replying to this post, yet stating the same above but replication of the removed file hadn't happened yet, the file removed from DC2 confirming that sync is now working.

 

The last thing I did was update the network from private to domain.  I can't imagine that resolving it, but I suppose depending on the firewall rules or some other policy if it was specified to domain, not including private it is possible...  Darn... Always something simple.

best response confirmed by Leavii (Brass Contributor)
Solution

 

The last thing I did was update the network from private to domain.  I can't imagine that resolving it, 


Yes, that would do it. The domain firewall profile would allow these ports to flow freely.

Configure firewall for AD domain and trusts - Windows Server | Microsoft Docs

 

 

@Dave Patrick 

 

Appreciate the responses and resources!

You're quite welcome.

 

 

1 best response

Accepted Solutions
best response confirmed by Leavii (Brass Contributor)
Solution

 

The last thing I did was update the network from private to domain.  I can't imagine that resolving it, 


Yes, that would do it. The domain firewall profile would allow these ports to flow freely.

Configure firewall for AD domain and trusts - Windows Server | Microsoft Docs

 

 

View solution in original post