5

This question is related to a previous one I asked regarding backing up Domain Controllers and RODC's. Basically I am making some changes in regards to the DC's in my network. I am looking to add a writable 2008R2 DC as well as a 2008R2 RODC to my domain.

I have created a writable 2008R2 DC called "DC-04", it is set up and appears to be working fine with one exception. When I run dcdiag /v on this new domain controller, I get an error during the FRS event test. This error corresponds to Event 13508 that I am getting and it states:

"The File Replication Service is having trouble enabling Replication from DC-02 to DC-04 for c:\windows\sysvol\domain using the DNS name dc-02.domain.com. FRS will keep retrying."

Some information that may be helpful:

DC-02 is running 2003R2 x86, it also holds all 5 FSMO roles

There is another DC called DC-03 also running 2003R2 x86, no errors come up on DC-04 regarding replication from this DC

All DC's are Global Catalogs and have DNS

I can ping dc-02.domain.com from dc-04, so DNS seems ok

FRS service is running on DC-02

Any ideas or things to check would be greatly appreciated.

Thanks!

Mike
  • 155

3 Answers3

1

Try forcing a replication from the other domain controller: 

ntfrsutl forcerepl DC-04 /r "domain system volume (sysvol share)" /p DC-03.domainname.com

https://blogs.technet.com/b/justinturner/archive/2007/04/27/quick-tip-force-frs-replication.aspx

Greg Askew
  • 39,132
1

Usually these sorts of issues are related to DNS in some way. I would start by verifying the Client DNS settings on both DCs and making sure you can ping both ways between DC-02 & DC-04 (you only mentioned you can ping from DC-04 to DC-02). Then I'd try restarting both the Netlogon & FRS services on both DC-02 & DC-04, and then checking for any errors in the corresponding event logs (check the FRS event log on both DCs to see if there is any other info). Verify that restarting netlogon has re-registered the DCs SRV records in DNS (under _msdcs, _sites, _tcp, _udp, etc).

You can also check the following:

  1. Check the Server’s Computer object in Active Directory to ensure it has a child object, called NTDS-Settings.
  2. Verify that the SYSVOL share has been created and is active
  3. Use “net share” in the command prompt to see if “SYSVOL” is listed.
    • Verify the Domain Membership of the DC.
  4. Use “netdiag /test:member” and verify the test passes.
    • Verify the DC can communicate with other DCs.
  5. Use “netdiag /test:dsgetdc and verify the test passes.
    • Verify the DC can replicate with other DCs.
  6. Use “netdiag /test:replications and verify the test passes.
    • Verify the replication permissions are correct.
  7. Use “dcdiag /test:netlogons and verify the test passes.

You will know when replication is working properly when you get an Event ID 13516 Source Ntfrs in the FRS event log stating that FRS is no longer preventing DC-04 from becoming a domain controller.

HostBits
  • 11,945
0

Check that all of your domain controllers are in the domain controllers OU in Active Directory and that the security tab for each domain controller is set to inherit permissions from the parent.

longneck
  • 23,272