File Replication Service is not replicating the SYSVOL

J

Joep Verhaeg

Hello,

Since a couple of day's the File Replication Service is not replicating the
SYSVOL anymore with Event ID: 13508 on one domain controller, the other only
logs the message "The File Replication Service is no longer preventing the
computer server2 from becoming a domain controller...", the following
actions I performed to try to fix it:

1. Verified name resolution, DNS is working fine on both DC's (using AD
integrated DNS).
2. Verified the creation of SRV records for both DC's and this is also fine.
3. Restarted the NtFrs service on both DC's.
4. Verified the security (rights) on the SYSVOL folders (and subfolders) on
both DC's, this is correct.
5. Reset the machine account following KB260575 for the DC which can not be
connected to.
6. Netdiag reports everything is ok.
7. Replmon reports that AD replication is working fine.
8. Sonar reports LongJoinC for SERVER1 as "1" and for SERVER2 as "0", I
don't know is this is normal or just my problem...
9. The system time is in sync on both DC's.
10. The SYSVOL share is available on both DC's (verified with the "net
share" command).
11. There is enough harddisk space to replicate on both DC's.

A snapshot from the logfiles created by the NtFrs service:

--
Server1 NtFrs_0005.log:
<FrsDsFindComputer: 4220: 8717: S2: 10:21:30> :DS: Computer
FQDN is cn=server1,ou=domain controllers,dc=domain,dc=nl
<FrsDsFindComputer: 4220: 8723: S2: 10:21:30> :DS: Computer's
dns name is server1.domain.nl
<FrsDsFindComputer: 4220: 8737: S2: 10:21:30> :DS: Settings
reference is cn=ntds
settings,cn=server1,cn=servers,cn=city,cn=sites,cn=configuration,dc=domain,d
c=nl
<SndCsMain: 4096: 868: S0: 10:21:30> :SR: Cmd
00237ca8, CxtG 1c42b4c7, WS ERROR_ACCESS_DENIED, To server2.domain.nl Len:
(380) [SndFail - rpc call]
<SndCsMain: 4096: 895: S0: 10:21:30> :SR: Cmd
00237ca8, CxtG 1c42b4c7, WS ERROR_ACCESS_DENIED, To server2.domain.nl Len:
(380) [SndFail - Send Penalty]
<MainServiceHandler: 4016: 2053: S0: 10:21:32> :S: Received
control code 4 from Service Controller
<MainServiceHandler: 4016: 2053: S0: 10:22:07> :S: Received
control code 4 from Service Controller
--

--
Server2 NtFrs_0005.log:
<FrsHashCalcString: 1676: 4777: S0: 10:20:28> Name =
S-1-5-21-1202660629-1078145449-1060284298-1003
<SERVER_FrsRpcSendCommPkt: 1676: 436: S0: 10:20:28> ++ ERROR -
Invalid Partner: AuthClient:domain\server1$,
AuthSid:S-1-5-21-1202660629-1078145449-1060284298-1003
<FrsHashCalcString: 1676: 4777: S0: 10:21:30> Name =
S-1-5-21-1202660629-1078145449-1060284298-1003
<SERVER_FrsRpcSendCommPkt: 1676: 436: S0: 10:21:30> ++ ERROR -
Invalid Partner: AuthClient:domain\server1$,
AuthSid:S-1-5-21-1202660629-1078145449-1060284298-1003
--

Can someone help me with this problem?

Thanks in advance,

Joep Verhaeg.
 
J

Joep Verhaeg

I got it working, the one tool I didn't used before was the "File
Replication Service Diagnostics Tool" and this reported some problems with a
Null Server-Reference in the AD Schema.

With ADSI edit I worked thought the steps provided in KB312862
(http://support.microsoft.com/default.aspx?scid=kb;en-us;312862&Product=win2
000) and restarted the NtFrs service and it started replicating right away.

Kind regards,

Joep Verhaeg

Joep Verhaeg said:
Hello,

Since a couple of day's the File Replication Service is not replicating the
SYSVOL anymore with Event ID: 13508 on one domain controller, the other only
logs the message "The File Replication Service is no longer preventing the
computer server2 from becoming a domain controller...", the following
actions I performed to try to fix it:

1. Verified name resolution, DNS is working fine on both DC's (using AD
integrated DNS).
2. Verified the creation of SRV records for both DC's and this is also fine.
3. Restarted the NtFrs service on both DC's.
4. Verified the security (rights) on the SYSVOL folders (and subfolders) on
both DC's, this is correct.
5. Reset the machine account following KB260575 for the DC which can not be
connected to.
6. Netdiag reports everything is ok.
7. Replmon reports that AD replication is working fine.
8. Sonar reports LongJoinC for SERVER1 as "1" and for SERVER2 as "0", I
don't know is this is normal or just my problem...
9. The system time is in sync on both DC's.
10. The SYSVOL share is available on both DC's (verified with the "net
share" command).
11. There is enough harddisk space to replicate on both DC's.

A snapshot from the logfiles created by the NtFrs service:

--
Server1 NtFrs_0005.log:
<FrsDsFindComputer: 4220: 8717: S2: 10:21:30> :DS: Computer
FQDN is cn=server1,ou=domain controllers,dc=domain,dc=nl
<FrsDsFindComputer: 4220: 8723: S2: 10:21:30> :DS: Computer's
dns name is server1.domain.nl
<FrsDsFindComputer: 4220: 8737: S2: 10:21:30> :DS: Settings
reference is cn=ntds
settings,cn=server1,cn=servers,cn=city,cn=sites,cn=configuration,dc=domain,d
c=nl
<SndCsMain: 4096: 868: S0: 10:21:30> :SR: Cmd
00237ca8, CxtG 1c42b4c7, WS ERROR_ACCESS_DENIED, To server2.domain.nl Len:
(380) [SndFail - rpc call]
<SndCsMain: 4096: 895: S0: 10:21:30> :SR: Cmd
00237ca8, CxtG 1c42b4c7, WS ERROR_ACCESS_DENIED, To server2.domain.nl Len:
(380) [SndFail - Send Penalty]
<MainServiceHandler: 4016: 2053: S0: 10:21:32> :S: Received
control code 4 from Service Controller
<MainServiceHandler: 4016: 2053: S0: 10:22:07> :S: Received
control code 4 from Service Controller
--

--
Server2 NtFrs_0005.log:
<FrsHashCalcString: 1676: 4777: S0: 10:20:28> Name =
S-1-5-21-1202660629-1078145449-1060284298-1003
<SERVER_FrsRpcSendCommPkt: 1676: 436: S0: 10:20:28> ++ ERROR -
Invalid Partner: AuthClient:domain\server1$,
AuthSid:S-1-5-21-1202660629-1078145449-1060284298-1003
<FrsHashCalcString: 1676: 4777: S0: 10:21:30> Name =
S-1-5-21-1202660629-1078145449-1060284298-1003
<SERVER_FrsRpcSendCommPkt: 1676: 436: S0: 10:21:30> ++ ERROR -
Invalid Partner: AuthClient:domain\server1$,
AuthSid:S-1-5-21-1202660629-1078145449-1060284298-1003
--

Can someone help me with this problem?

Thanks in advance,

Joep Verhaeg.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads


Top