Event 13567 in the FRS event log is generated on computers running Windows 2000 SP3 when unnecessary file change activity is detected. Unnecessary file change activity means that a file has been written by some user or application, but no change is actually made to the file. FRS detects that the file has not changed, and maintains a count of how often this happens. If the condition is detected more than 15 times per hour during a three-hour period, FRS logs the 13567 event. See the link to "Troubleshooting File Replication Service" for details.
As per ME315045
, FRS event id 13567 is recorded in the File replication Service event log after you install Service Pack 3. FRS was updated in SP3 to detect and suppress duplicate updates. This conserves network bandwidth. Event 13567 is logged to inform the administrator that this suppression has occurred.
for a list of antivirus, backup, and disk optimization programs that are compatible with the File Replication Service.
The hotfixes for this are included in Windows 2000 Service Pack 4.
This event may be caused by antivirus software or defrag programs marking files in the sysvol folder. I have experienced this error when using Diskeeper version 6, to stop the error add the sysvol folder to diskeepers file/folder exclusion list.
If you have a group policy applying to your DCs which sets file permissions on the sysvol folder, sysvol replication will be unpredictable and you will get this error in your logs. The group policy tries to refresh the ACLS on all the sysvol files every five minutes. The File Replication Service registers this as a change - so every DC thinks it has to replicate the full sysvol share every five minutes. See ME279156
There is a hotfix from Microsoft that is related to this issue, see ME307319
Possible an NTFS replication storm.