We have two 2008 R2 DCs and our second DC has been getting the 13508 for months. I have checked the logs and have found no instance of 13509.
I have recently set up a third DC (server 2012 R2) and am now getting the message on that machine as well. Except, now it's showing the message for DC1 and DC2.
The File Replication Service is having trouble enabling replication from DC2 to DC3 for c:\windows\sysvol\domain using the DNS name DC2. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name DC2 from this computer.
[2] FRS is not running on DC2.
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
I'm not exactly sure what that means, but I continued to do some diagnostics. I was able to ping the FQDN with no problem. I disabled the firewalls on all boxes and tested with no luck. There is now internal firewall blocking anything and the proper ports are open and listening.
In addition, I have noticed on the DC that is NOT receiving the 13508 error has had a couple 13562 errors-
Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller DC1 for FRS replica set configuration information.
Could not bind to a Domain Controller. Will try again at next polling cycle.
Other than that, there are no FRS errors on DC1. Here are the results of DCDiag on DC1:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DC1
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC1
Starting test: Connectivity
......................... DC1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC1
Starting test: Advertising
......................... DC1 passed test Advertising
Starting test: FrsEvent
......................... DC1 passed test FrsEvent
Starting test: DFSREvent
......................... DC1 passed test DFSREvent
Starting test: SysVolCheck
......................... DC1 passed test SysVolCheck
Starting test: KccEvent
......................... DC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... DC1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... DC1 passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=domain,DC=local
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=domain,DC=local
......................... DC1 failed test NCSecDesc
Starting test: NetLogons
......................... DC1 passed test NetLogons
Starting test: ObjectsReplicated
......................... DC1 passed test ObjectsReplicated
Starting test: Replications
......................... DC1 passed test Replications
Starting test: RidManager
......................... DC1 passed test RidManager
Starting test: Services
......................... DC1 passed test Services
Starting test: SystemLog
......................... DC1 passed test SystemLog
Starting test: VerifyReferences
......................... DC1 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : domain
Starting test: CheckSDRefDom
......................... domain passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... domain passed test CrossRefValidation
Running enterprise tests on : domain.local
Starting test: LocatorCheck
......................... domain.local passed test LocatorCheck
Starting test: Intersite
......................... domain.local passed test Intersite
Here is the result from DC2:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DC2
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC2
Starting test: Connectivity
......................... DC2 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC2
Starting test: Advertising
......................... DC2 passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... DC2 passed test FrsEvent
Starting test: DFSREvent
......................... DC2 passed test DFSREvent
Starting test: SysVolCheck
......................... DC2 passed test SysVolCheck
Starting test: KccEvent
......................... DC2 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... DC2 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... DC2 passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=domain,DC=local
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=domain,DC=local
......................... DC2 failed test NCSecDesc
Starting test: NetLogons
......................... DC2 passed test NetLogons
Starting test: ObjectsReplicated
......................... DC2 passed test ObjectsReplicated
Starting test: Replications
......................... DC2 passed test Replications
Starting test: RidManager
......................... DC2 passed test RidManager
Starting test: Services
......................... DC2 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x8000001D
Time Generated: 03/25/2015 10:53:38
Event String:
The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.
......................... DC2 passed test SystemLog
Starting test: VerifyReferences
......................... DC2 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : domain
Starting test: CheckSDRefDom
......................... domain passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... domain passed test CrossRefValidation
Running enterprise tests on : domain.local
Starting test: LocatorCheck
......................... domain.local passed test LocatorCheck
Starting test: Intersite
......................... domain.local passed test Intersite
And finally, here is the result from DC3:
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC3
Starting test: Connectivity
......................... DC3 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC3
Starting test: Advertising
Warning: DsGetDcName returned information for \\DC1.domain.local,
when we were trying to reach DC3.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... DC3 failed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... DC3 passed test FrsEvent
Starting test: DFSREvent
......................... DC3 passed test DFSREvent
Starting test: SysVolCheck
......................... DC3 passed test SysVolCheck
Starting test: KccEvent
......................... DC3 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... DC3 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... DC3 passed test MachineAccount
Starting test: NCSecDesc
......................... DC3 passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\DC3\netlogon)
[DC3] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... DC3 failed test NetLogons
Starting test: ObjectsReplicated
......................... DC3 passed test ObjectsReplicated
Starting test: Replications
......................... DC3 passed test Replications
Starting test: RidManager
......................... DC3 passed test RidManager
Starting test: Services
......................... DC3 passed test Services
Starting test: SystemLog
......................... DC3 passed test SystemLog
Starting test: VerifyReferences
......................... DC3 passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : domain
Starting test: CheckSDRefDom
......................... domain passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... domain passed test CrossRefValidation
Running enterprise tests on : domain.local
Starting test: LocatorCheck
......................... domain.local passed test LocatorCheck
Starting test: Intersite
......................... domain.local passed test Intersite
Any idea what would be causing this and what my next steps would be? Let me know if I can get you any more info.
Thanks for the help in advance!