Re: SAM error

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

So what I did is do system state backup and then run DCPromo. If the
upgrade
goes bad {of course will disable outbound repl as well}will perform non
autho
restore from my backup. so I will have this problem if ever and need to
perform your workaround or I did something wrrong? in my
restore...........

can you give more details? trying to understand what you did here

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
-----------------------------------------------------------------------------


-----------------------------------------------------------------------------
"Orvs" <Orvs@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:EE1551C4-5807-42A2-893E-BB6B22CBA0B8@xxxxxxxxxxxxxxxx

Exactly Jorge: This is the real scenario. I have one domain with 2 DCs.
After I did
DSRM - NonAutho-restore on DC1 which is the FSMO, SAM errors and DCs not
replicating started to occur.
Guess what!
it works!!! After I tried your workaround. Thanks!!
Question now is I'm testing this as backout for my child domain prep
deployment.

So what I did is do system state backup and then run DCPromo. If the
upgrade
goes bad {of course will disable outbound repl as well}will perform non
autho
restore from my backup. so I will have this problem if ever and need to
perform your workaround or I did something wrrong? in my
restore...........

Thanks man










"Jorge de Almeida Pinto [MVP]" wrote:

ahaa... now I understand what you did (I think)

you restored the DC with the RID FSMO AND the domain the RID FSMO belongs
to
still has other DCs in the domain AND none of those DCs are up and
running
or the RID FSMO cannot replicate with one of those DCs?

if this is right....

when a DC with FSMO roles is restored it WANTS to check with other DCs
(if
more than 1 in the domain) that the DC with the FSMO really is the DC
with
the FSMO. In technical terms it is called "initial replication
requirement"
which means it WANTS to replicate first with another DC before it makes
the
DC and the FSMO role available to others.
In case of the RID FSMO it wants to check it is the RID FSMO with another
DC. Until that moment the RID FSMO is not available and it will not be
able
to allocate requests for RID pools, even for itself.
So two solutions here:
(1) make sure the RID FSMO replicates with other DCs and it will start
assigning RID pools
(2) to bypass the "initial replication requirement" go into sites and
services, delete all connection objects under the NTDS Settings object
for
the DC with the RID FSMO, right-click NTDS Settings and "Check
replication
topology". Within half an hour it will provide a RID for itself and other
DCs who request one.

for more info see: MS-KBQ305476_Initial synchronization requirements for
Windows 2000 Server and Windows Server 2003 operations master role
holders

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
-----------------------------------------------------------------------------


-----------------------------------------------------------------------------
"Orvs" <Orvs@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:545FE5DF-1390-464E-986A-C15D177C511F@xxxxxxxxxxxxxxxx
Jorge, Paul:
This test is in the lab since next week will start domain prep for all
child
domains. need to refine my document.

so what I did in the lab: I still have child domain xyz.edu.net sitting
in
my forest lab(has 2 Dcs). I'm done with forest prep /domain prep of my
forest
edu.net.

- I made a system state backup of the DC1 which is the CD FSMO holders
using
NTBACKUP
- I disable outbound replication from DC1 and FRS
- I run Domain prep. all working. perfectly!!. Howerver! since I'm
curious
and want to know what will happen:If I restore the previous database.
- I performed non autho using DSRMode-Restarted DC1.
- I managed to login and replication is fine. Except SAM error and I
notice also that I cannot create user and Group in the DC1(Like Jorge
mentioining)
Here is the suspect:
After I run dcdiag /D /C /V I found out problem in DNS:
Here is the log:
"An error that is usually temporary occured during DNS hot
lookup.Please
try
again later. Although this GUID {........}._msdcs.xyz.edu.net could
be...
Please check IP address is resolving in DNS server"

Have I done something wrong? I know that system state backup inccludes
dns
could be that part.????How can I resolve this.

thanks much





"Jorge de Almeida Pinto [MVP]" wrote:

SAM errors? Event ID 16650?

right after a restore a DC asks for a new RID pool by contacting the
RID
master. if it cannot contact the RID master it logs an error. Until it
received a new RID pool the DC will not be available (and you will not
be
able to create security principals like users, groups, computers).
Make
sure
you check
the connection to the RID master from that DC and also check the
health
of
the RID master using DCDIAG /D /C /V
To find out who the RID master is run NETDOM QUERY FSMO

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
-----------------------------------------------------------------------------


-----------------------------------------------------------------------------
"Orvs" <Orvs@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C59E0EBB-6FBB-403B-B18D-3DB68DF28CEB@xxxxxxxxxxxxxxxx
Hi:
How do you usually addressed SAM related error in the event log. I
have
performed Non Authoritave Restore of a DC and all went well, except
got
those SAM errors in the event logs. Name resolution is fine,
netbios,
DNS,
IP is reachable..

Any idea,











.

Relevant Pages

  • Re: SAM error
    ... you can restore it from a valid backup.... ... - Perform system state backup of the FSMO -IM DC ... disable outbound replication on the FSMO-IM DC ... are you saying that the IM and RID are on the same DC? ...
    (microsoft.public.windows.server.active_directory)
  • Re: SAM error
    ... you restored the DC with the RID FSMO AND the domain the RID FSMO belongs to ... In technical terms it is called "initial replication requirement" ... right after a restore a DC asks for a new RID pool by contacting the RID ...
    (microsoft.public.windows.server.active_directory)
  • Re: SAM error
    ... ever I have to restore my FSMO RID let say If I have to backout for my ... disable outbound replication on the FSMO-IM DC ... replicating to DCs then ...
    (microsoft.public.windows.server.active_directory)
  • Re: Extremely slow response
    ... decision about what you want to keep and what you want to get rid of. ... I strongly disagree. ... A restore point is normally created once a day. ... Regular defragmentation, keeping useless programs uninstalled and keeping ...
    (microsoft.public.windowsxp.general)
  • Re: Cannot create the object because directory service was unable to allocate a relative identifier
    ... Solved by creating a replication object in ADS&S to the DC holding the RID ... not facing any problem even in the new server. ... Our RID master is the main DC for this domain running on Win2K3 SP1. ...
    (microsoft.public.win2000.active_directory)