Jun 03 2022 09:49 AM - edited Jun 03 2022 09:57 AM
Jun 03 2022 09:49 AM - edited Jun 03 2022 09:57 AM
Two weeks ago our host went down for DC1. Since DC1, and DC2 are not replicating to one another. It is currently FRS. I discovered this while looking in to migrating to DFS.
I have found and went through this: 2 new DC not replicating. EVENT 13508 - NtFrs (microsoft.com), but I don't know if a D2/D4 is what I need here. I have reviewed this as well: Use BurFlags to reinitialize File Replication Service (FRS) - Windows Server | Microsoft Docs. In this it doesn't specify which DC I set the flag on. I assume PDC, but either way from the bottom of the document this isn't going to fix my root cause issue.
"If you configure an FRS member to complete an authoritative or nonauthoritative restore by using the BurFlags registry subkey, you don't resolve the issues that initially caused the replication problem."
Other articles I have reviewed:
I can ping from each device, and outputs for troubleshooting is below. I have confirmed ports for RPC are open and they can talk to one another over the network on 135. Services on both DCs are running as well.
These are ran from DC1
PS C:\Users\administrator> ntfrsutl version dc2 NtFrsApi Version Information NtFrsApi Major : 0 NtFrsApi Minor : 0 NtFrsApi Compiled on: Aug 21 2013 16:23:00 NtFrs Version Information NtFrs Major : 0 NtFrs Minor : 0 NtFrs Compiled on : Aug 21 2013 16:23:00 Latest changes: Install Override fix OS Version 6.3 (9600) - SP (0.0) SM: 0x0110 PT: 0x02 Processor: AMD64 Level: 0x0006 Revision: 0x5507 Processor num/mask: 4/0000000f
PS C:\Users\administrator> repadmin /showreps location1\DC1 DSA Options: IS_GC Site Options: (none) DSA object GUID: bd9d7382-7bd6-453e-9829-e898d8d84725 DSA invocationID: 47916ea1-707b-4c1f-902d-19e84aa68a98 ==== INBOUND NEIGHBORS ====================================== dc=mine,DC=com location2\dc2 via RPC DSA object GUID: 87eb9ba0-9358-4dd3-a30b-57f3ee78cfa2 Last attempt @ 2022-06-03 11:52:28 was successful. CN=Configuration,dc=mine,DC=com location2\dc2 via RPC DSA object GUID: 87eb9ba0-9358-4dd3-a30b-57f3ee78cfa2 Last attempt @ 2022-06-03 11:46:25 was successful. CN=Schema,CN=Configuration,dc=mine,DC=com location2\dc2 via RPC DSA object GUID: 87eb9ba0-9358-4dd3-a30b-57f3ee78cfa2 Last attempt @ 2022-06-03 11:46:25 was successful. DC=DomainDnsZones,dc=mine,DC=com location2\dc2 via RPC DSA object GUID: 87eb9ba0-9358-4dd3-a30b-57f3ee78cfa2 Last attempt @ 2022-06-03 11:46:25 was successful. DC=ForestDnsZones,dc=mine,DC=com location2\dc2 via RPC DSA object GUID: 87eb9ba0-9358-4dd3-a30b-57f3ee78cfa2 Last attempt @ 2022-06-03 11:46:25 was successful.
Side question as well, how can I initiate/force an FRS sync? The log shows the failures once daily, 25 hours apart (one hour later each day) since the host went down, so I assumed it was a scheduled task, but I couldn't find anything in taskschd or a schedule option via ntfrsutl.
Jun 03 2022 12:41 PM
Just an update.
I found that DC2 NetConnectionProfile was categorized as private and not domain. I restarted the Network Location Awareness to get it back to Domain as powershell returned an error.
PS C:\Users\administrator> Set-NetConnectionProfile -InterfaceIndex 13 -NetworkCategory Domain Set-NetConnectionProfile : Unable to set NetworkCategory to 'DomainAuthenticated'. This NetworkCategory type will be set automatically when authenticated to a domain network. At line:1 char:1 + Set-NetConnectionProfile -InterfaceIndex 13 -NetworkCategory Domain + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (MSFT_NetConnect...6D21E6075057}"):root/StandardCi...nnectionProfile) [Set-NetConnectionProfile], CimException + FullyQualifiedErrorId : MI RESULT 4,Set-NetConnectionProfile
It is yet to be seen if this fixed anything, as I am having to wait for the logs to show anything and if they follow the same pattern they have been an error or something will be there tonight at 12:37AM :D
Other than this I can't find anything wrong :(
Jun 03 2022 12:42 PM
I'd check these ports are flowing between networks.
Jun 03 2022 12:51 PM - edited Jun 03 2022 12:51 PM
As to doing the nonauthoritative restore do these steps on the receiving end. (hopefully its not tombstoned)
Jun 03 2022 01:04 PM - edited Jun 03 2022 01:07 PM
With one exception, it doesn't look to me portqry has anything that matters is filtered? Results are attached. Sorry about the docx.
One query causes it to crash each time and portqry throws an error.
portqry.exe -n dc2 -e 137 -p UDP exits with return code 0x80000003.
Is the nonauthoritative restore how I can 'force' it to sync?
Jun 06 2022 08:07 AM
Over the weekend the FRS logs in event viewer do not show any activity. I removed a file from DC1 at: \\localhost\sysvol\mine.com\test.txt
While replying to this post, yet stating the same above but replication of the removed file hadn't happened yet, the file removed from DC2 confirming that sync is now working.
The last thing I did was update the network from private to domain. I can't imagine that resolving it, but I suppose depending on the firewall rules or some other policy if it was specified to domain, not including private it is possible... Darn... Always something simple.
Jun 06 2022 08:21 AMSolution
The last thing I did was update the network from private to domain. I can't imagine that resolving it,
Yes, that would do it. The domain firewall profile would allow these ports to flow freely.