Re: dcpromo failed
- From: "Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx>
- Date: Wed, 13 Jun 2007 07:46:51 -0500
What the heck is a bandwidth accelerator?
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"doh" <doh@xxxxxxxxxxx> wrote in message news:f4n6tg$dqb$1@xxxxxxxxxxx
Issue resolved.
Turns out a bandwidth accelerator (hardware) was active during the dcpromo
process. After disabling the accelerator I attempted the dcpromo again,
this time it succeeded.
Thanks everyone, especially Paul, for the input.
"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:%235znJ6OrHHA.4100@xxxxxxxxxxxxxxxxxxxxxxx
He said he ran port query against the remote dc, unless of course he has
high ports blocked and then rpc will fail. If that is the case there is
a way to lock rpc down to specific ports and keep high ports turned off.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
"Anthony" <anthony.spam@xxxxxxxxxxxxxx> wrote in message
news:u$TtL%23GrHHA.4108@xxxxxxxxxxxxxxxxxxxxxxx
I haven't followed all this, but RPC typically fails if the MTU is not
managed correctly. You can tell this is the problem if other RPC
operations fail. Do other RPC operations succeed? You say there is a
hardware firewall between. This is the obvious cause,
Anthony
http://www.airdesk.co.uk
"doh" <doh@xxxxxxxxxxx> wrote in message news:f4kd5p$6mc$1@xxxxxxxxxxx
Stumped indeed.
I tried a little further testing. I disjoined the server from the
domain. Performed a metadata cleanup. Removed all entries and
references to all services regarding the server. Taking it from the
base level, trying to join the server to the domain. Similar errors
regarding endpoints comes up.
"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:%23sNr$TFrHHA.484@xxxxxxxxxxxxxxxxxxxxxxx
That error relates to rpc
I'm stumped
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
"doh" <doh@xxxxxxxxxxx> wrote in message news:f4jqqq$kg$1@xxxxxxxxxxx
Clutching at straws is what led me to the group!
I've confirmed that all settings are the same, along with time. The
only error messages that come up in the log are the ones that are
directly related to the dcpromo which are the same errors that are
loged in the debug\dcpromo.log. Here is another error that comes up
while trying to do the promotion.
"There are no more endpoints available from the endpoint mapper."
I've already tried everything relevant under
http://support.microsoft.com/kb/839880 and still nothing.
Any other thoughts on this one?
"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:%237ZAnWCrHHA.3924@xxxxxxxxxxxxxxxxxxxxxxx
How about time? This is a feeble thought but make sure the time on
the member server is within 5 minutes of the dc, if not this could
be the problem.
Are there any messages in the Event logs on the DC's that pertain to
this problem? How about on the member server attempting to be
promoted.
What about dns settings, are they the same as the other successful
DC's?
I am grasping at straws since the only one that is struggling is
this 64 bit machine.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
"doh" <doh@xxxxxxxxxxx> wrote in message
news:f4bt69$lji$1@xxxxxxxxxxx
LDP bind successful.
There is a hardware firewall between them, but it is completely
open/open.
The portqryui tool basically scans the ports I already scanned with
the command line version of the tool, but since I'm looking for
advice I ran it anyway. The only ports that returns as not
listening are securemsft-gc-ssl, and nameserver service (we don't
do WINS).
"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in
message news:%23Vq$oqcqHHA.4836@xxxxxxxxxxxxxxxxxxxxxxx
From the member server you could try using LDP to see if you can
attach from this box. Is there a firewall between this box and
the rest of the domain?
Also you could run protqryui and select the "Domains and Trusts"
option.
http://www.microsoft.com/downloads/details.aspx?FamilyID=8355e537-1ea6-4569-aabb-f248f4bd91d0&DisplayLang=en
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers
no rights.
"doh" <doh@xxxxxxxxxxx> wrote in message
news:f49po7$ncr$1@xxxxxxxxxxx
Ran all the diags and then some (dcidag /test:dns, portqry,
netmon, etc...). Speaking in general terms everything seems to be
ok. I would post the result, but I don't want to reveal the
infrastructure and cleaning up the file would take way too long.
To answer Cary's questions:
We do have multiple domains.
We do have multiple sites defined in AD.
A note. I was just able to add two other domain controllers in to
the same domain/site. This is the only domain controller that
fails. The only difference between the successful promotions and
the failure is the failing dcpromo box is running the 64-bit
version of Server.
Furthermore, subsequent attempts of performing a dcpromo errors
out with:
The operation failed because:
An LDAP connection could not be established with the domain
controller contosodom1.contoso.com.
"The specified server cannot perform the requested operation."
"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in
message news:uv1BYFQqHHA.3484@xxxxxxxxxxxxxxxxxxxxxxx
You could run diagnostics against the domain to see if there are
any issues with it.
If you don't have the tools installed, install them from your
server install disk.
d:\support\tools\setup.exe
Run dcdiag, netdiag and repadmin in verbose mode.
-> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log (On each dc)
-> repadmin.exe /showrepl dc* /verbose /all /intersite >
c:\repl.txt
**Note: Using the /E switch in dcdiag will run diagnostics
against ALL dc's in the forest. If you have significant numbers
of DC's this test could generate significant detail and take a
long time. You also want to take into account slow links to dc's
will also add to the testing time.
When complete search for fail, error and warning messages.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the
NewsGroup
This posting is provided "AS IS" with no warranties, and confers
no rights.
"doh" <doh@xxxxxxxxxxx> wrote in message
news:f46tm0$kvo$1@xxxxxxxxxxx
Running into wall with dcpromo.
All DCs in the forest are Server 2003 R2 32-bit
New DC to be added is Server 2003 R2 64-bit
Execute dcpromo (attempted with enterprise admin account and
domain admin account) and it goes through the entire process
including replication until:
The operation failed because:
Active Directory could not create the NTDS Settings object for
this domain controller CN=NTDS
Settings,CN=NEWDOMAINCONTROLLER,CN=Servers,CN=New-Site,CN=Sites,CN=Configuration,DC=contoso,DC=com
on the remote domain controller contosodom1.contoso.com. Ensure
the provided network credentials have sufficient permissions.
"The RPC server is unavailable."
Any clues?
.
- Follow-Ups:
- Re: dcpromo failed
- From: doh
- Re: dcpromo failed
- References:
- dcpromo failed
- From: doh
- Re: dcpromo failed
- From: Paul Bergson [MVP-DS]
- Re: dcpromo failed
- From: doh
- Re: dcpromo failed
- From: Paul Bergson [MVP-DS]
- Re: dcpromo failed
- From: doh
- Re: dcpromo failed
- From: Paul Bergson [MVP-DS]
- Re: dcpromo failed
- From: doh
- Re: dcpromo failed
- From: Paul Bergson [MVP-DS]
- Re: dcpromo failed
- From: doh
- Re: dcpromo failed
- From: Anthony
- Re: dcpromo failed
- From: Paul Bergson [MVP-DS]
- Re: dcpromo failed
- From: doh
- dcpromo failed
- Prev by Date: Re: RPC cancelled
- Next by Date: Re: Users use the wrong logon servers
- Previous by thread: Re: dcpromo failed
- Next by thread: Re: dcpromo failed
- Index(es):
Relevant Pages
|
