Re: adprep /forestprep failure
- From: "G Johansson" <fantomen@xxxxxxxx>
- Date: Thu, 2 Aug 2007 23:07:00 +0200
And if it's not then seize it using ntdsutil
--
G Johansson
fantomen@xxxxxxxx
"Danny Sanders" <DSanders@xxxxxxxxxxxxxxx> skrev i meddelandet
news:exbWuxT1HHA.1484@xxxxxxxxxxxxxxxxxxxxxxx
Find out if the existing Win 2000 DC is the schema master.
See:
http://support.microsoft.com/kb/255690/en-us
Some history that may help in the diagnosis. Before starting this whole
process, the domain functional level was Windows 2000 mixed, even though
we
did not have any NT servers. We raised the functional level to Windows
2000
native. We did have another Windows 2000 Server SP 4 domain controller
(SPSERVER02). It's hardware has been flaky, so after the initial adprep
failure, we ran DCPROMO and it reverted to a member server with no
errors.
Then we removed it from the domain and disconnected it.
Is it possible that this server was the schema master? If so you can
probably seize the role to the other DC.
See:
http://support.microsoft.com/kb/223787/en-us
hth
DDS
"Brett Lamberty" <BrettLamberty@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:5ED0E026-F0FA-4584-BE4B-823CC9B93C23@xxxxxxxxxxxxxxxx
I am trying to add a Windows 2003 Server R2 as a domain controller to a
domain (season.com) with a Windows 2000 Server SP 4 DC (Server name
SPSERVER01). I have successfully added the Win 2003 server as a member
server in the domain, but when I try running adprep /forestprep from Win
2003
server CD 2 ( in \CMPNENTS\R2\ADPREP) on the Win 2000 DC, I get the error
message:
Adprep was unable to extend the schema.
[Status/Consequence]
The schema master did not complete a replication cycle after the last
reboot. The schema master must complete at least one replication cycle
before
the schema can be extended.
[User Action]
Verify that the schema master is connected to the network and can
communicate with other domain controllers. Use the Sites and Services
snap-in to replicate between the schema operations master and at least
one
replication partner. After replication has succeeded, run adprep again.
I get this error whether I run adprep from CD 1 or CD 2.
When I run REPADMIN /SHOWREPS SPSERVER01 I get this response:
Default-First-Site-Name\SPSERVER01
DSA Options : IS_GC
objectGuid : e30467f8-01f0-4585-a313-11c255cfca38
invocationID: 880c482f-02b1-4125-8dab-7980ab6d9948
==== INBOUND NEIGHBORS ======================================
==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============
When I run DCDIAG /V /C /D /E /s: SPSERVER01 > c:\dcdiag.log, I see a
failure in the KnowsOfRoleHolders section:
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN="NTDS Settings
DEL:e0c0e37e-7c24-4de9-958f-872c0539d17d",CN=SPSERVER01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=season,DC=com
Warning: CN="NTDS Settings
DEL:e0c0e37e-7c24-4de9-958f-872c0539d17d",CN=SPSERVER01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=season,DC=com
is the Schema Owner, but is deleted.
Role Domain Owner = CN=NTDS
Settings,CN=SPSERVER01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=season,DC=com
Role PDC Owner = CN=NTDS
Settings,CN=SPSERVER01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=season,DC=com
Role Rid Owner = CN=NTDS
Settings,CN=SPSERVER01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=season,DC=com
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=SPSERVER01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=season,DC=com
......................... SPSERVER01 failed test
KnowsOfRoleHolders
The only other failure message here is in the frssysvol section:
Starting test: frssysvol
* The File Replication Service Event log test
The registry lookup failed to determine the state of
the SYSVOL. Using the systems event log instead.
Error: No record of File Replication System, SYSVOL started.
The Active Directory may be prevented from starting.
......................... SPSERVER01 passed test frssysvol
3 days ago I saw the following error in the System log:
Source: Schannel Event ID: 36872
No suitable default server credential exists on this system. This will
prevent server applications that expect to make use of the system default
credentials from accepting SSL connections. An example of such an
application
is the directory server. Applications that manage their own credentials,
such
as the internet information server, are not affected by this.
At the same time I saw this error in the Directory Service log: Source:
NTDS LDAP Event ID: 1220
LDAP over SSL will be unavailable at this time because the server was
unable
to obtain a certificate.
This was one day after I reapplied SP 4 to the Win 2000 DC. I have no
idea
if these are related.
Some history that may help in the diagnosis. Before starting this whole
process, the domain functional level was Windows 2000 mixed, even though
we
did not have any NT servers. We raised the functional level to Windows
2000
native. We did have another Windows 2000 Server SP 4 domain controller
(SPSERVER02). It's hardware has been flaky, so after the initial adprep
failure, we ran DCPROMO and it reverted to a member server with no
errors.
Then we removed it from the domain and disconnected it.
I suppose the deleted Schema Owner error is a key here, but I don't know
how
to fix that. Any recommendations?
Thanks for any assistance.
Brett
.
- References:
- adprep /forestprep failure
- From: Brett Lamberty
- Re: adprep /forestprep failure
- From: Danny Sanders
- adprep /forestprep failure
- Prev by Date: Re: How to: grant specific group of users to add/change registry on their local machine
- Next by Date: Re: Block logon script
- Previous by thread: Re: adprep /forestprep failure
- Next by thread: Re: adprep /forestprep failure
- Index(es):
Relevant Pages
|
