Home
  •  

FRS is scanning the system volume before sharing it

FRS_is_scanning_the_system_volume_before_sharing_it_5_Rule (Rule)

Knowledge Base article:

Summary

It is necessary for the File Replication service (FRS) to do an initial scan of SYSVOL before the domain controller promotion process can complete.

This informational alert can be used to determine when the SYSVOL scan process is starting.

You may safely disable this rule if you do not need it.

For more in-depth monitoring of SYSVOL and FRS, download and install the Ultrasound tool from the Microsoft Web site at http://go.microsoft.com/fwlink/?LinkId=25827. Ultrasound shows health ratings and historical information about FRS replica sets. You can use it to monitor the progress of replication and to detect problems that can cause replication to become backlogged or stop. Ultrasound also provides detailed views for troubleshooting and a framework that you can use to customize alerts and views for your organization.

Sample Event:

File Replication Service is scanning the data in the system volume. Computer %1 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL. To check for the SYSVOL share, at the command prompt, type net share. When File Replication Service completes the scanning process, the SYSVOL share will appear.The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume.

External

Element properties:

TargetMicrosoft.Windows.Server.2003.AD.EssentialService.NTFRS
CategoryEventCollection
EnabledTrue
Event_ID13566
Event SourceNtFrs
Alert GenerateTrue
Alert SeverityInformation
Alert PriorityNormal
RemotableTrue
Alert Message
FRS is scanning the system volume before sharing it
{0}
Event LogFile Replication Service
CommentMom2005ID='{4C8EEFE0-C74E-4B11-B843-8E981196F4B7}';MOM2005GroupID=

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.EventProvider Default
CollectEventData WriteAction Microsoft.SystemCenter.CollectEvent Default
CollectEventDataWarehouse WriteAction Microsoft.SystemCenter.DataWarehouse.PublishEventData Default
GenerateAlert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="FRS_is_scanning_the_system_volume_before_sharing_it_5_Rule" Comment="Mom2005ID='{4C8EEFE0-C74E-4B11-B843-8E981196F4B7}';MOM2005GroupID=" Enabled="onEssentialMonitoring" Target="AD2003Core!Microsoft.Windows.Server.2003.AD.EssentialService.NTFRS" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>File Replication Service</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>13566</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>NtFrs</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="GenerateAlert" TypeID="SystemHealth!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>0</Severity>

      <AlertOwner>$Data/PublisherName$</AlertOwner>

      <AlertMessageId>$MPElement[Name="FRS_is_scanning_the_system_volume_before_sharing_it_5_Rule.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/EventDescription$</AlertParameter1>

      </AlertParameters>

      <Suppression>

        <SuppressionValue/>

      </Suppression>

    </WriteAction>

    <WriteAction ID="CollectEventData" TypeID="SC!Microsoft.SystemCenter.CollectEvent"/>

    <WriteAction ID="CollectEventDataWarehouse" TypeID="SCDW!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>

  </WriteActions>

</Rule>