Select the product you need help with
- Internet Explorer
- Windows Phone
- More products
NTFRS Event ID 13557 Is Recorded When Duplicate NTDS Connection Objects Exist
Article ID: 251250 - View products that this article applies to.
This article was previously published under Q251250
Event error 13557 may be recorded in the File Replication service (FRS) event logs on domain controllers or member servers. In addition, files and folders on DFS and Sysvol replica members may be inconsistent. The recorded event in Event Viewer is:
This is not allowed and replication does not occur between these two computers until the duplicate connection objects are removed.
Event Type: Error
Event Source: NtFrs
Event Category: None
Event ID: 13557
Time: HH:MM:SS AM/PM
The File Replication Service has detected a duplicate connection object between this computer "Computer 1" and a computer named "Computer 2".
This was detected for the following replica set:
"DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"
It is possible that this is a transient issue caused by Active Directory replication delays associated with updating FRS configuration objects. If file replication does not take place after an appropriate waiting time (which could be several hours if cross-site Active Directory replication is required), you must manually delete the duplicate connection objects by following these steps:
Duplicate NTDS connections objects can block replication of files and folders between FRS replica members when duplicate connection objects exist.
Delete duplicate connections objects between direct replication partners that are noted in the event text.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
The File Replication service (Ntfrs.exe) uses the Active Directory replication topology, schedule, and connection objects to replicate the SYSVOL contents between domain controllers in the same domain. Connection objects may be automatically generated by the Active Directory replication topology generator (KCC), a process in Lsass.exe that runs every 15 minutes, or by the administrator using the Active Directory Sites and Services snap-in (Dssites.msc).
The KCC attempts to build a spanning tree for all naming contexts (domain, schema, and configuration). Generally, the spanning tree algorithm strives to have one intersite connection between any two pair of sites. However, the KCC or an administrators may create duplicate connection objects between a given pair of Active Directory replication partners in the same domain.
The KCC may create duplicate connection objects in the following situation: Two systems in a site, both believing that they are the site topology generator, each make a connection on behalf of a third server in the site that is the real bridgehead. When the partition clears up, a duplicate connection on that bridgehead to the same remote server may exist for a brief period until the KCC cleans up the unnecessary one.
An administrator may create duplicate connection objects when more than one administrator, typically at different Active Directory sites, adds manual connection objects. Or, seeing no KCC-generated connection, the administrators add manual connections in a remote site where a KCC-generated site has not yet been replicated.
Administrator-generated connection objects are never removed or overridden by the KCC.
The KCC manages duplicate connection objects in the following manner:
Replicated DfsFRS uses the connection objects and topology built and maintained by Distributed File System Manager (Dfsgui.msc) between Dfs root and child nodes participating in a Dfs replica set. The replication topology built by Dfs is a full mesh and is not dynamically generated. Windows 2000 does not provide a tool to modify the connection objects for Dfs replicas, so it is less susceptible to this problem. However, if duplicate connections are created programmatically, the problem could potentially be experienced in Dfs replication.