Problem : Event ID 13562 FRS and ADSIedit
I posted a questions about getting errors on my DC and I’m not sure how to use ADSIedit.
Here is what it’s asking:
Repairing the Null Server-Reference Attributes
You can use LDP.exe or ADSIedit.msc to repair missing Server-Reference attributes. These tools repair the attribute by resetting the value in the configuration naming context or partition to the distinguished name (DN) of the server’s NTDS Settings object. To repair null Server-Reference attributes:
((((Step 1))))
Use one of the following methods to locate the DN path of the NTDS Settings object for the computer that has the missing (null) Server-Reference attribute:
In LDP or ADSIedit, copy the DN path of the NTDS Settings object from the Configuration container in the root domain of the forest to Clipboard.
-or-
From the domain partition of Active Directory, copy the value of the Server-Reference attribute from a healthy domain controller to Clipboard. This domain controller needs to be in the same Active Directory domain and site as the broken computer, otherwise you have to edit the DN path.
Locate the member object that has the null Server-Reference attribute:
Start ADSIedit. In the Domain partition of Active Directory, locate the member object (nTFRSMember) that lacks the settings reference. The DN path is:
DN Path ObjectClass
DC=A,DC=COM Root Domain NC
CN=SYSTEM, Container
CN=File Replication Service nTFRSSettings
CN=Domain System Volume (SYSVOL share) nTFRSReplicaSet
CN=DC1 nTFRSMember
CN=DC2 nTFRSMember
Right-click the member object that has the null Server-Reference attribute, and then click Properties .
Edit the value for the Server-Reference attribute:
Configure the Attributes tab in ADSIedit:
Select which properties to view : Set this to OPTIONAL .
Select a property to view : Click the Server-Reference property.
Under Edit Attribute , paste the DN path of the NTDS Settings object from Clipboard. The DN path for an NTDS Settings should have the following format
CN=NTDS Settings, CN= Computer name ,CN= Site name , CN=Sites, CN=Configuration, DC= Root domain of forest ,DC=COM
where Computer name is the name of the domain controller with the null Server-Reference attribute and where Site name is the name of the Active Directory site where that server’s NTDS Settings object lives.
Click SET , and then confirm the value that is written to Active Directory.
Wait or force FRS to poll Active Directory:
FRS polls Active Directory at regular intervals to discover configuration changes. You can use either of the following methods to have polling occur:
Use the net stop ntfrs command to stop FRS, and then use the net start ntfrs command to restart FRS.
-or-
Use the ntfrsutl poll /now command line to force FRS to poll:
Wait until the short or long polling interval expires. This is a five minute default on domain controllers.
FRS registers the change during its next DS polling cycle. Monitor the FRS event log for replication by using the output from the ntfrsutl sets command.
I’m having troulbe with the Step #1:
In LDP or ADSIedit, copy the DN path of the NTDS Settings object from the Configuration container in the root domain of the forest to Clipboard.
How do I do this?
I also want to post the error in questions as this may help.
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13562
Date: 1/28/2004
Time: 1:35:06 PM
User: N/A
Computer: MCC-FSMO
Description:
Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller mcc-fsmo.molalla.com for FRS replica set configuration information.
The nTDSConnection object cn=mcc-fsmo,cn=ntds settings,cn=mcc-dc2,cn=servers,cn=mcc-site,cn=sites,cn=configuration,dc=molalla,dc=com is conflicting with cn=0996ee14-85ee-4f23-a0c2-8a1cd570e203,cn=ntds settings,cn=mcc-dc2,cn=servers,cn=mcc-site,cn=sites,cn=configuration,dc=molalla,dc=com. Using cn=mcc-fsmo,cn=ntds settings,cn=mcc-dc2,cn=servers,cn=mcc-site,cn=sites,cn=configuration,dc=molalla,dc=com
The nTDSConnection object cn=mcc-dc2,cn=ntds settings,cn=mcc-fsmo,cn=servers,cn=mcc-site,cn=sites,cn=configuration,dc=molalla,dc=com is conflicting with cn=0c5b118b-a491-4e11-ab94-754fd18dd16e,cn=ntds settings,cn=mcc-fsmo,cn=servers,cn=mcc-site,cn=sites,cn=configuration,dc=molalla,dc=com. Using cn=mcc-dc2,cn=ntds settings,cn=mcc-fsmo,cn=servers,cn=mcc-site,cn=sites,cn=configuration,dc=molalla,dc=com
Solution : Event ID 13562 FRS and ADSIedit
Event ID: 13562
Source NtFrs
Type Warning
Description Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller <domain controller DNS name> for FRS replica set configuration information. Could not find computer object for this computer. Will try again at next polling cycle.
Comments Anonymous (Last update 10/17/2003):
Note that if you use dfsutil ("dfsutil /clean") to fix this problem, it can damage your DFS. It removes part of your computers registry so that you cannot read DFS with Administrative Tools – Distributed File System MMC. You should update dfsutil.exe with SP2 Support Tool; just follow the link below. While you are at it, you should install the SP3 Support Tool Pack, which does not update dfsutil.exe, but updates other Support Tools.
Bjoern Wolfgardt (Last update 10/17/2003):
I had this warning too. What I did was to set the property "frsMemberReference" for the "nTFRSSubscriber-Objekt" again. It was empty in my case. The "frsMemberReference" contains the same as the "frsComputerReferenceBL" of the Domain-Controller Object that the "nTFRSSubscriber-Objekt" belongs to.
Dmitriy Zavgorodniy (Last update 8/26/2003):
In my case this message appeared on the PDC before EventID 13501: "The File Replication Service is starting". See Q312862 and Q296183 for troubleshooting information.
Tonin
If you delete a DFS root OR delete some replicas using the "users and equipment" tool in the advanced view, you must delete the replica object using the LDAP tool in the resource kit to avoid the warning. See the ldap object description and browse the AD with the LDAP browser until the refrenced object. Here you can delete the object. Stop and restart the NTFRS service and see that the warning dissapear.
Hernan924
Here is a solution that worked in my case. On the first occasion of this problem, the netdom resetpwd. (Q260575) fix worked. When it crept up again, and NETDOM did not work, I used the recommendations from a newsgrop post: LDP.EXE from the Support Tools off the W2K Server CD. I was actually able to fix this remotely from my desktop, but I’m sure it will work at the server as well. Follow the directions below. The Bind part was tricky, as my admin password did not allow me to "bind" with the server, but when I used my own account (I am a Domain Admin), I was able to successfully bind to LDAP and delete the offending metadata. The original post:
"I managed to get rid of these errors using ldp.exe from the support tools folder on the W2K Server CD. Once installed Go to Connect and type in the Server Name, then Bind and put in the Admistrator account (note: may have to try different accounts to authenticate, I did. As per MS, uncheck "connectionless"). After these I went to Browse then Delete and copied the path from the Event Log error eg. cn=a86844f0-0c1e-4091-9109-1b82d5decb5d,cn=dfs volumes,cn=ntfrs subscriptions, etc."
Adrian Grigorof
A newsgroups post suggested the following article: Q260575 – "How to Use Netdom.exe to Reset Machine Account Passwords".
Erik C. Schmidt
If the netdom fix of resetting the "secret" password does not work (MSKB Q260575) try the "dfsutil /clean:servername" command. See Q288399. This fix worked for me. Note that the warning message usually references a dfs root or share which has been deleted.
Brad Turner
This can also occur if you have moved the computer account to a new OU in the domain. Until replication catches up this error should be benign.
Links Q260575 , Q288399 , Q296183 , Q312862 , Support Tools SP2, Support Tools SP3
