This is long, so you may want to print it out
This is an NTFRS issue and not Group policy. NTFRS (File
Replication Service) uses secure RPC to communicate with
partners within the replica set (in this case SYSVOL).
13508 is a very generic error stating that the machine
could not complete the RPC connection to the partner.
It could be anything from connectivity to name resolution
to a firewall blocking dynamic RPC ports to a machine
being busy.
The full event appears as: The File Replication Service
is having trouble enabling replication from %1to %2 for %
3 using the DNS name %4. FRS will keep retrying.
Following are some of the reasons you would see this
warning.[1] FRS can not correctly resolve the DNS name %4
from this computer.[2] FRS is not running on %4.[3] The
topology information in the Active Directory for this
replica has not yet replicated to all the Domain
Controllers. This event log message will appear once for
each connection. After the problem is fixed you will see
another event log message that indicates that the
connection has been established (that being a 13508)
Troubleshooting FRS Events 13508 without FRS Event 13509
========================================================
Event 13508 in the FRS log is a warning that the FRS
service has been unable to complete the RPC connection to
a specific replication partner. It indicates that FRS is
having trouble enabling replication with that partner and
will keep trying to establish the connection.
A single event ID 13508 does not mean anything is broken
or not working; simply look for event ID 13509 to make
sure that the problem was resolved. Based on the time
between event IDs 13508 and 13509, you can determine if
there is a real problem that needs to be addressed.
Note
====
.. If FRS is stopped after a 13508 interval, and then
later started at a time when the communication issue has
been resolved, no 13509 is entered in the FRS event log.
Therefore, an event indicating that FRS has started,
without a 13508 message, indicates replication
connections are being made correctly
Because FRS servers gather their replication topology
information from their closest Active Directory domain
controller (itself on a domain controller that is also an
FRS member), there is also an expected case where a
replica partner in another site will not be aware of the
replica set until the topology information has been
replicated to domain controllers in that site. When the
topology information finally reaches that distant domain
controller, the FRS partner in that site will be able to
participate in the replica set and lead to FRS event ID
13509. Note that intra-site Active Directory replication
partners replicate every 5 minutes. Intersite replication
only replicates when the schedule is open (shortest delay
is 15 minutes). In addition, FRS polls the topology in
the active directory at defined intervals - 5 minutes on
domain controllers, and 1 hour on other member servers of
a replica set. These delays and schedules (and especially
in topologies with multiple hops) can delay propagation
of the FRS replication topology
Resolution
==========
1. Examine the 13508 event in the File Replication
Service event log to determine which computer that FRS
has been unable to communicate with.
2. Determine whether the remote computer is working
properly, and verify that FRS is running on it. A good
method to do this to execute the following command:
NTFRSUTL VERSION <FQDN_of_remote_DC_name> from the
computer logging the 13508 event.
3. If this fails, check network connectivity by pinging
the <FQDN_of_remote_DC_name> from the computer logging
the 13508 event. If this fails, then troubleshoot the
problem as a DNS or TCP/IP issue. If it succeeds, confirm
the FRS service is started on the remote domain
controller.
4. Determine whether FRS has ever been able to
communicate with the remote computer by looking for 13509
in the event log and reviewing recent change management
to networking, firewalls, DNS configuration, and Active
Directory infrastructure to see if there is a
correlation.
5. Determine whether there is anything between the two
computers that is capable of blocking RPC traffic, such
as a firewall or router.
6. Confirm that Active Directory replication is working.
If this doesn't do the trick I suggest you install the
latest version of the service (SP3+811370 for Win2000 or
832230 for Win2003) and call PSS for assistence.
Thahks,
Dan Boldo [MSFT]
(e-mail address removed)
This posting is provided "AS IS" with no warranties, and
confers no rights.
