Re: dcpromo failed
- From: "doh" <doh@xxxxxxxxxxx>
- Date: Fri, 15 Jun 2007 11:13:00 -0400
It's a device you hook up to your ISP uplink. It basically allows for faster
throughput by caching headers, compression, etc... of most commonly used
files and service types.
This is not an advertisement, but rather a link just so you know what's out
there.
http://www.citrix.com/English/ps2/products/product.asp?contentID=33886
While turning this on, AD doesn't replicate too well.
"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:OMwNrjbrHHA.1296@xxxxxxxxxxxxxxxxxxxxxxx
What the heck is a bandwidth accelerator?
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
"doh" <doh@xxxxxxxxxxx> wrote in message news:f4n6tg$dqb$1@xxxxxxxxxxx
Issue resolved.
Turns out a bandwidth accelerator (hardware) was active during the
dcpromo process. After disabling the accelerator I attempted the dcpromo
again, this time it succeeded.
Thanks everyone, especially Paul, for the input.
"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:%235znJ6OrHHA.4100@xxxxxxxxxxxxxxxxxxxxxxx
He said he ran port query against the remote dc, unless of course he has
high ports blocked and then rpc will fail. If that is the case there is
a way to lock rpc down to specific ports and keep high ports turned off.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
"Anthony" <anthony.spam@xxxxxxxxxxxxxx> wrote in message
news:u$TtL%23GrHHA.4108@xxxxxxxxxxxxxxxxxxxxxxx
I haven't followed all this, but RPC typically fails if the MTU is not
managed correctly. You can tell this is the problem if other RPC
operations fail. Do other RPC operations succeed? You say there is a
hardware firewall between. This is the obvious cause,
Anthony
http://www.airdesk.co.uk
"doh" <doh@xxxxxxxxxxx> wrote in message news:f4kd5p$6mc$1@xxxxxxxxxxx
Stumped indeed.
I tried a little further testing. I disjoined the server from the
domain. Performed a metadata cleanup. Removed all entries and
references to all services regarding the server. Taking it from the
base level, trying to join the server to the domain. Similar errors
regarding endpoints comes up.
"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:%23sNr$TFrHHA.484@xxxxxxxxxxxxxxxxxxxxxxx
That error relates to rpc
I'm stumped
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
"doh" <doh@xxxxxxxxxxx> wrote in message news:f4jqqq$kg$1@xxxxxxxxxxx
Clutching at straws is what led me to the group!
I've confirmed that all settings are the same, along with time. The
only error messages that come up in the log are the ones that are
directly related to the dcpromo which are the same errors that are
loged in the debug\dcpromo.log. Here is another error that comes up
while trying to do the promotion.
"There are no more endpoints available from the endpoint mapper."
I've already tried everything relevant under
http://support.microsoft.com/kb/839880 and still nothing.
Any other thoughts on this one?
"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in
message news:%237ZAnWCrHHA.3924@xxxxxxxxxxxxxxxxxxxxxxx
How about time? This is a feeble thought but make sure the time on
the member server is within 5 minutes of the dc, if not this could
be the problem.
Are there any messages in the Event logs on the DC's that pertain
to this problem? How about on the member server attempting to be
promoted.
What about dns settings, are they the same as the other successful
DC's?
I am grasping at straws since the only one that is struggling is
this 64 bit machine.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
"doh" <doh@xxxxxxxxxxx> wrote in message
news:f4bt69$lji$1@xxxxxxxxxxx
LDP bind successful.
There is a hardware firewall between them, but it is completely
open/open.
The portqryui tool basically scans the ports I already scanned
with the command line version of the tool, but since I'm looking
for advice I ran it anyway. The only ports that returns as not
listening are securemsft-gc-ssl, and nameserver service (we don't
do WINS).
"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in
message news:%23Vq$oqcqHHA.4836@xxxxxxxxxxxxxxxxxxxxxxx
From the member server you could try using LDP to see if you can
attach from this box. Is there a firewall between this box and
the rest of the domain?
Also you could run protqryui and select the "Domains and Trusts"
option.
http://www.microsoft.com/downloads/details.aspx?FamilyID=8355e537-1ea6-4569-aabb-f248f4bd91d0&DisplayLang=en
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the
NewsGroup
This posting is provided "AS IS" with no warranties, and confers
no rights.
"doh" <doh@xxxxxxxxxxx> wrote in message
news:f49po7$ncr$1@xxxxxxxxxxx
Ran all the diags and then some (dcidag /test:dns, portqry,
netmon, etc...). Speaking in general terms everything seems to
be ok. I would post the result, but I don't want to reveal the
infrastructure and cleaning up the file would take way too long.
To answer Cary's questions:
We do have multiple domains.
We do have multiple sites defined in AD.
A note. I was just able to add two other domain controllers in
to the same domain/site. This is the only domain controller that
fails. The only difference between the successful promotions and
the failure is the failing dcpromo box is running the 64-bit
version of Server.
Furthermore, subsequent attempts of performing a dcpromo errors
out with:
The operation failed because:
An LDAP connection could not be established with the domain
controller contosodom1.contoso.com.
"The specified server cannot perform the requested operation."
"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in
message news:uv1BYFQqHHA.3484@xxxxxxxxxxxxxxxxxxxxxxx
You could run diagnostics against the domain to see if there
are any issues with it.
If you don't have the tools installed, install them from your
server install disk.
d:\support\tools\setup.exe
Run dcdiag, netdiag and repadmin in verbose mode.
-> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log (On each dc)
-> repadmin.exe /showrepl dc* /verbose /all /intersite >
c:\repl.txt
**Note: Using the /E switch in dcdiag will run diagnostics
against ALL dc's in the forest. If you have significant
numbers of DC's this test could generate significant detail and
take a long time. You also want to take into account slow links
to dc's will also add to the testing time.
When complete search for fail, error and warning messages.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the
NewsGroup
This posting is provided "AS IS" with no warranties, and
confers no rights.
"doh" <doh@xxxxxxxxxxx> wrote in message
news:f46tm0$kvo$1@xxxxxxxxxxx
Running into wall with dcpromo.
All DCs in the forest are Server 2003 R2 32-bit
New DC to be added is Server 2003 R2 64-bit
Execute dcpromo (attempted with enterprise admin account and
domain admin account) and it goes through the entire process
including replication until:
The operation failed because:
Active Directory could not create the NTDS Settings object for
this domain controller CN=NTDS
Settings,CN=NEWDOMAINCONTROLLER,CN=Servers,CN=New-Site,CN=Sites,CN=Configuration,DC=contoso,DC=com
on the remote domain controller contosodom1.contoso.com.
Ensure the provided network credentials have sufficient
permissions.
"The RPC server is unavailable."
Any clues?
.
- References:
- dcpromo failed
- From: doh
- Re: dcpromo failed
- From: Paul Bergson [MVP-DS]
- Re: dcpromo failed
- From: doh
- Re: dcpromo failed
- From: Paul Bergson [MVP-DS]
- Re: dcpromo failed
- From: doh
- Re: dcpromo failed
- From: Paul Bergson [MVP-DS]
- Re: dcpromo failed
- From: doh
- Re: dcpromo failed
- From: Paul Bergson [MVP-DS]
- Re: dcpromo failed
- From: doh
- Re: dcpromo failed
- From: Anthony
- Re: dcpromo failed
- From: Paul Bergson [MVP-DS]
- Re: dcpromo failed
- From: doh
- Re: dcpromo failed
- From: Paul Bergson [MVP-DS]
- dcpromo failed
- Prev by Date: Disjoint Active Directoy Namespace onon-MS DNS Server - Expierienc
- Next by Date: DFS
- Previous by thread: Re: dcpromo failed
- Next by thread: Re: dcpromo failed
- Index(es):
Relevant Pages
|
Loading
