Re: Transferring of FSMO Roles (Urgent!)
From: Ryan (ryanrhyme_at_excite.com)
Date: 08/03/04
- Next message: Simon: "Re: DCDIAG detects an error."
- Previous message: ITLush: "Re: Default Domain GPO"
- In reply to: Cary Shultz [A.D. MVP]: "Re: Transferring of FSMO Roles (Urgent!)"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 3 Aug 2004 16:39:52 +0800
I have 3 DC, 2 of them are GC. Indeed, I didn't check the ESM of what are
the available GCs or Domain Controllers and now it has the same state as
before any changes made to the FSMO roles.
As for the descriptions....in the first one, I try to create a new profile
for that machine (so I select the server and successfully "check" the
mailbox name. After finish setting up the new profile (which I run it from
Control Panel, Mail), I launch the outlook by selecting the new profile and
it was able to access Global Address List, but after I close the Outlook and
relaunch it, the GAL access problem happened again. So the setup meant here
is setting up new profile.
I check the GAL properties by bringing up the address book from the client
machine (of course at this time an error will pop-up saying unable to
retrieve the GAL), right click the "Gloal Address List" and select
properties. Under the "Microsoft Exchange Address Book Provider", "The
current server is" column, you should see the server's full name but what I
see is a single character (which is so happened to be the 1st character of
the server name).
I cannot do further checking since I've restored the system state to its
good state before the FSMO transition. What I can do now is to avoid the
problm from re-occuring on my next FSMO roles transfer. Here are my
concerns:
- What is the appropriate way of doing the FSMO roles transfer? Do I need
to enable other DCs as the GC before changing the FSMO role? Can I transfer
the roles without adding any other GC?
- What is the consequence of having more than 1 GC?
- Because the FSMO role transfer is pretty straight forward and do not have
progress indication. I have 3 DC in 1 domain, do I change all the roles at
once or 1 by 1? I can think of dcdiag and netdiag as the diagnostic tools
to be used before doing the changes, any other tools available?
- I always heard of bad DNS cause AD problem, how to make sure that the DNS
is running fine? I can think of doing simple query, flushdns & registerdns.
- 1 significant thing I can compare between the state of before & after FSMO
role transfer is the GPO. Maybe some input on how to safely replicate the
policy after the changes made.
Thank you.
"Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
news:eAIUCoReEHA.1656@TK2MSFTNGP09.phx.gbl...
> How many Domain Controllers do you have? How many of these Domain
> Controllers are Global Catalog Servers? Have you verified that each DC is
> indeed a Global Catalog Server?
>
> If you open up the ESM and open up the Administrative Groups | First
> Administrative Group | Servers | <servername> and right click on
> <servername> and go to the Directory Access tab what do you see?
>
> You should see at the top a Domain Controller that is the CONFIG domain
> controller. You should then see all of the Domain Controllers listed as
DC
> and then you should see each Global Catalog Server listed as GC. Do all
> three Domain Controllers show up as DC and GC?
>
> I am sorry, but you description of the steps you took are a bit confusing
to
> me. In the first one it seems like it was able to work but then if you
> close Outlook and then try to open it up again it doesn't work???? And,
> upon finishing what setup? After the installation of Outlook and the
> configuration?
>
> Where are you checking the GAL properties? Why is there only an 'E'
instead
> of the correct name?
>
> Have you installed the Support Tools on all of your Domain Controllers and
> ran dcdiag /c /v and netdiag /v? I do not believe that there should be
any
> problems with either of these two tests but let's rule it out.
>
> I would also run repadmin /showreps and repadmin /showconn just to make
sure
> that there are no replication problems ( again, there should not be any
and
> this is probably a waste of time but..... ).
>
> I would focus on the dsaccess part of this...
>
> HTH,
>
> Cary
>
>
>
> "Ryan" <ryanrhyme@excite.com> wrote in message
> news:ecv3x5QeEHA.1036@TK2MSFTNGP10.phx.gbl...
> > Thanks for the input....I have thought of relate the 30 users. In terms
> of
> > Outlook version, most of them used Outlook 2000 or 2002, but there are
> users
> > with the same version that are able to connect to the GAL It's the same
> > case for the OS versions. I have not relate the users according to
their
> > workgroup, do you think that would help?
> >
> > I did try some diagnostic on the client machines before restore the old
> > system state. Here are what I did on the problemed machine:
> > - I've tried creating new profile for the machine and it can access the
> GAL
> > upon finishing the setup and directly access, however, after I close and
> > relaunch Outlook, the same problem occured; this machine does not have
> > problem opening the Outlook though
> > - on another machine, try rejoining the client machine to the domain:
(no
> > problem disjoin and rejoin), problem persist
> > - at the same machine, the problem that I saw is that this machine take
> > very long time to load Outlook and after few minutes of "hanging" it
will
> > prompt the server unavailable error, it gets through though when I click
> on
> > "Retry". can view the messages in the mailbox (stored in server), but
> still
> > cannot access to the GAL. When I check the GAL properties, there's no
> > correct server name stated (eg: E instead of the full server name
Exch01).
> > Another unusual thing is when I ping the domain from this machine, the
> reply
> > came back from another DC but this DC is not our PDC, is this normal
that
> > the reply will be returned from any of the DC available?
> >
> > Thank you.
> >
> > "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
> > news:OFjAbrJeEHA.236@tk2msftngp13.phx.gbl...
> > > Ryan,
> > >
> > > You might want to post this in the Exchange news group as well....
> > >
> > > What version of Outlook are you running? Is there anything in common
(
> > such
> > > as all 30 of the problem systems are running Outlook 2000 SP1 while
> > everyone
> > > else has at least Outlook 2000 SP3, for example )? What OS are the
> > clients
> > > running?
> > >
> > > Did you have everyone restart their computers ( or, at the very least,
> > exit
> > > and close Outlook and then open it again )? Did this do anything?
> > >
> > > This could be a DSAccess issue. Please look into how this process
> works.
> > >
> > > For info on the 9074 error please take a look at the following link:
> > >
> > >
> >
>
http://www.eventid.net/display.asp?eventid=9074&eventno=1107&source=MSExchangeSA&phase=1
> > >
> > > HTH,
> > >
> > > Cary
> > >
> > >
> > >
> > > "Ryan" <ryanrhyme@excite.com> wrote in message
> > > news:%23eAEI4HeEHA.212@TK2MSFTNGP12.phx.gbl...
> > > > Hi all,
> > > >
> > > > There are 3 domain controllers in my domain environment. The PDC
is
> > the
> > > > only GC available, it is also our exchange server. Before we change
> the
> > > > FSMO roles to another DC, we enable the other 2 DC as the GC. Then
we
> > > > started to change the FSMO roles. No error reported on the screen
or
> on
> > > the
> > > > event viewer. This was done during off-peak hour and we let in run
for
> 1
> > > day
> > > > (non-working day). When we were backed to office, we found that
there
> > > were
> > > > about 30 users (out of 400) uunable to access to the Global Address
> List
> > > > from Outlook Client. Some even having problem loading up the
Outlook
> > > > Client. We started to change back all the FSMO roles back to the
> > original
> > > > PDC but the problem persist
> > > >
> > > > We decided to roll back to the system state before we did the
change
> > of
> > > > FSMO roles and it has helped to solved the problem.
> > > >
> > > > Question:
> > > > 1) What are the possible causes of the problem? When we were
> > > trobleshooting
> > > > this issue, we found that the GPO is inaccessible (can't rememebr
the
> > > exact
> > > > error message, but we were unable to bring up the GPO (right-click
the
> > > > domain under "Active Directory Users & Computers", properties, Group
> > > > Policy), meaning cannot even edit the CPO). We found kccevent test
> > failed
> > > > while running DCDIAG. Event Log found 9074 event but we did not
find
> > any
> > > > problem related to the article shown.
> > > >
> > > > 2) Apparently, the problem occured after we changed the FSMO roles.
> Is
> > > > there anything we need to take care of before doing the changes, are
> > there
> > > > tools available to check the DC consistency before and after the
> > > transition?
> > > >
> > > > Due to the tight schedule, we need to run the FSMO role changes
again
> > > ASAP.
> > > > Please send in your advice for our references, thank you very much!
> > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: Simon: "Re: DCDIAG detects an error."
- Previous message: ITLush: "Re: Default Domain GPO"
- In reply to: Cary Shultz [A.D. MVP]: "Re: Transferring of FSMO Roles (Urgent!)"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
