Re: dcpromo failed
- From: "doh" <doh@xxxxxxxxxxx>
- Date: Mon, 11 Jun 2007 11:47:38 -0400
Clutching at straws is what led me to the group!
I've confirmed that all settings are the same, along with time. The only
error messages that come up in the log are the ones that are directly
related to the dcpromo which are the same errors that are loged in the
debug\dcpromo.log. Here is another error that comes up while trying to do
the promotion.
"There are no more endpoints available from the endpoint mapper."
I've already tried everything relevant under
http://support.microsoft.com/kb/839880 and still nothing.
Any other thoughts on this one?
"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:%237ZAnWCrHHA.3924@xxxxxxxxxxxxxxxxxxxxxxx
How about time? This is a feeble thought but make sure the time on the
member server is within 5 minutes of the dc, if not this could be the
problem.
Are there any messages in the Event logs on the DC's that pertain to this
problem? How about on the member server attempting to be promoted.
What about dns settings, are they the same as the other successful DC's?
I am grasping at straws since the only one that is struggling is this 64
bit machine.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
"doh" <doh@xxxxxxxxxxx> wrote in message news:f4bt69$lji$1@xxxxxxxxxxx
LDP bind successful.
There is a hardware firewall between them, but it is completely
open/open.
The portqryui tool basically scans the ports I already scanned with the
command line version of the tool, but since I'm looking for advice I ran
it anyway. The only ports that returns as not listening are
securemsft-gc-ssl, and nameserver service (we don't do WINS).
"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:%23Vq$oqcqHHA.4836@xxxxxxxxxxxxxxxxxxxxxxx
From the member server you could try using LDP to see if you can attach
from this box. Is there a firewall between this box and the rest of the
domain?
Also you could run protqryui and select the "Domains and Trusts" option.
http://www.microsoft.com/downloads/details.aspx?FamilyID=8355e537-1ea6-4569-aabb-f248f4bd91d0&DisplayLang=en
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
"doh" <doh@xxxxxxxxxxx> wrote in message news:f49po7$ncr$1@xxxxxxxxxxx
Ran all the diags and then some (dcidag /test:dns, portqry, netmon,
etc...). Speaking in general terms everything seems to be ok. I would
post the result, but I don't want to reveal the infrastructure and
cleaning up the file would take way too long.
To answer Cary's questions:
We do have multiple domains.
We do have multiple sites defined in AD.
A note. I was just able to add two other domain controllers in to the
same domain/site. This is the only domain controller that fails. The
only difference between the successful promotions and the failure is
the failing dcpromo box is running the 64-bit version of Server.
Furthermore, subsequent attempts of performing a dcpromo errors out
with:
The operation failed because:
An LDAP connection could not be established with the domain controller
contosodom1.contoso.com.
"The specified server cannot perform the requested operation."
"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:uv1BYFQqHHA.3484@xxxxxxxxxxxxxxxxxxxxxxx
You could run diagnostics against the domain to see if there are any
issues with it.
If you don't have the tools installed, install them from your server
install disk.
d:\support\tools\setup.exe
Run dcdiag, netdiag and repadmin in verbose mode.
-> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log (On each dc)
-> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt
**Note: Using the /E switch in dcdiag will run diagnostics against ALL
dc's in the forest. If you have significant numbers of DC's this test
could generate significant detail and take a long time. You also want
to take into account slow links to dc's will also add to the testing
time.
When complete search for fail, error and warning messages.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
"doh" <doh@xxxxxxxxxxx> wrote in message news:f46tm0$kvo$1@xxxxxxxxxxx
Running into wall with dcpromo.
All DCs in the forest are Server 2003 R2 32-bit
New DC to be added is Server 2003 R2 64-bit
Execute dcpromo (attempted with enterprise admin account and domain
admin account) and it goes through the entire process including
replication until:
The operation failed because:
Active Directory could not create the NTDS Settings object for this
domain controller CN=NTDS
Settings,CN=NEWDOMAINCONTROLLER,CN=Servers,CN=New-Site,CN=Sites,CN=Configuration,DC=contoso,DC=com
on the remote domain controller contosodom1.contoso.com. Ensure the
provided network credentials have sufficient permissions.
"The RPC server is unavailable."
Any clues?
.
- Follow-Ups:
- Re: dcpromo failed
- From: Paul Bergson [MVP-DS]
- Re: dcpromo failed
- References:
- dcpromo failed
- From: doh
- Re: dcpromo failed
- From: Paul Bergson [MVP-DS]
- Re: dcpromo failed
- From: doh
- Re: dcpromo failed
- From: Paul Bergson [MVP-DS]
- Re: dcpromo failed
- From: doh
- Re: dcpromo failed
- From: Paul Bergson [MVP-DS]
- dcpromo failed
- Prev by Date: Re: workgroup vs domain
- Next by Date: Re: The source server is currently rejecting replication requests.
- Previous by thread: Re: dcpromo failed
- Next by thread: Re: dcpromo failed
- Index(es):
Relevant Pages
|
Loading
