Re: dcpromo failed

I haven't followed all this, but RPC typically fails if the MTU is not
managed correctly. You can tell this is the problem if other RPC operations
fail. Do other RPC operations succeed? You say there is a hardware firewall
between. This is the obvious cause,
Anthony
http://www.airdesk.co.uk


"doh" <doh@xxxxxxxxxxx> wrote in message news:f4kd5p$6mc$1@xxxxxxxxxxx
Stumped indeed.

I tried a little further testing. I disjoined the server from the domain.
Performed a metadata cleanup. Removed all entries and references to all
services regarding the server. Taking it from the base level, trying to
join the server to the domain. Similar errors regarding endpoints comes
up.


"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:%23sNr$TFrHHA.484@xxxxxxxxxxxxxxxxxxxxxxx
That error relates to rpc

I'm stumped


--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.

"doh" <doh@xxxxxxxxxxx> wrote in message news:f4jqqq$kg$1@xxxxxxxxxxx
Clutching at straws is what led me to the group!

I've confirmed that all settings are the same, along with time. The only
error messages that come up in the log are the ones that are directly
related to the dcpromo which are the same errors that are loged in the
debug\dcpromo.log. Here is another error that comes up while trying to
do the promotion.

"There are no more endpoints available from the endpoint mapper."

I've already tried everything relevant under
http://support.microsoft.com/kb/839880 and still nothing.


Any other thoughts on this one?




"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:%237ZAnWCrHHA.3924@xxxxxxxxxxxxxxxxxxxxxxx
How about time? This is a feeble thought but make sure the time on the
member server is within 5 minutes of the dc, if not this could be the
problem.

Are there any messages in the Event logs on the DC's that pertain to
this problem? How about on the member server attempting to be
promoted.

What about dns settings, are they the same as the other successful
DC's?

I am grasping at straws since the only one that is struggling is this
64 bit machine.

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.

"doh" <doh@xxxxxxxxxxx> wrote in message news:f4bt69$lji$1@xxxxxxxxxxx
LDP bind successful.

There is a hardware firewall between them, but it is completely
open/open.

The portqryui tool basically scans the ports I already scanned with
the command line version of the tool, but since I'm looking for advice
I ran it anyway. The only ports that returns as not listening are
securemsft-gc-ssl, and nameserver service (we don't do WINS).


"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:%23Vq$oqcqHHA.4836@xxxxxxxxxxxxxxxxxxxxxxx
From the member server you could try using LDP to see if you can
attach from this box. Is there a firewall between this box and the
rest of the domain?

Also you could run protqryui and select the "Domains and Trusts"
option.
http://www.microsoft.com/downloads/details.aspx?FamilyID=8355e537-1ea6-4569-aabb-f248f4bd91d0&DisplayLang=en

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.

"doh" <doh@xxxxxxxxxxx> wrote in message
news:f49po7$ncr$1@xxxxxxxxxxx
Ran all the diags and then some (dcidag /test:dns, portqry, netmon,
etc...). Speaking in general terms everything seems to be ok. I
would post the result, but I don't want to reveal the infrastructure
and cleaning up the file would take way too long.



To answer Cary's questions:



We do have multiple domains.

We do have multiple sites defined in AD.



A note. I was just able to add two other domain controllers in to
the same domain/site. This is the only domain controller that fails.
The only difference between the successful promotions and the
failure is the failing dcpromo box is running the 64-bit version of
Server.



Furthermore, subsequent attempts of performing a dcpromo errors out
with:



The operation failed because:

An LDAP connection could not be established with the domain
controller contosodom1.contoso.com.

"The specified server cannot perform the requested operation."







"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in
message news:uv1BYFQqHHA.3484@xxxxxxxxxxxxxxxxxxxxxxx
You could run diagnostics against the domain to see if there are
any issues with it.

If you don't have the tools installed, install them from your
server install disk.
d:\support\tools\setup.exe

Run dcdiag, netdiag and repadmin in verbose mode.
-> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log (On each dc)
-> repadmin.exe /showrepl dc* /verbose /all /intersite >
c:\repl.txt

**Note: Using the /E switch in dcdiag will run diagnostics against
ALL dc's in the forest. If you have significant numbers of DC's
this test could generate significant detail and take a long time.
You also want to take into account slow links to dc's will also add
to the testing time.

When complete search for fail, error and warning messages.


--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.

"doh" <doh@xxxxxxxxxxx> wrote in message
news:f46tm0$kvo$1@xxxxxxxxxxx
Running into wall with dcpromo.

All DCs in the forest are Server 2003 R2 32-bit

New DC to be added is Server 2003 R2 64-bit

Execute dcpromo (attempted with enterprise admin account and
domain admin account) and it goes through the entire process
including replication until:

The operation failed because:

Active Directory could not create the NTDS Settings object for
this domain controller CN=NTDS
Settings,CN=NEWDOMAINCONTROLLER,CN=Servers,CN=New-Site,CN=Sites,CN=Configuration,DC=contoso,DC=com
on the remote domain controller contosodom1.contoso.com. Ensure
the provided network credentials have sufficient permissions.

"The RPC server is unavailable."


Any clues?



















.

Relevant Pages
Loading