Re: adprep /forestprep failure
- From: "Jorge de Almeida Pinto [MVP - DS]" <SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx>
- Date: Mon, 6 Aug 2007 20:33:07 +0200
just to be sure....
do a metadata cleanup of the DC you removed
http://blogs.dirteam.com/blogs/jorge/archive/2005/12/03/213.aspx
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Jorge de Almeida Pinto [MVP - DS]" <SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx> wrote in message news:O0sVjOz1HHA.4880@xxxxxxxxxxxxxxxxxxxxxxx
I thought there were more DCs...
you said you had another DC... can yiou explain what you did with that DC and why. dont forget anything
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Brett Lamberty" <BrettLamberty@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:145008D9-D6DA-4943-906F-1D0BDBEDF1DD@xxxxxxxxxxxxxxxxIf I understand correctly, I don't expect to see anything for replication,
because there is currently only one DC in the domain and forest, spserver01.
spserver02 was demoted from being a DC, removed from the domain, and
disconnected, so there is no other server for spserver01 to replicate to.
The win 2003 server is not yet a DC, since I can't run adprep.
"Jorge de Almeida Pinto [MVP - DS]" wrote:
check if replication is correct and to see why two DCs have different
understanding. something is wrong with replication
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Brett Lamberty" <BrettLamberty@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1DD4D118-C434-4A74-A23C-45C7608CC3F0@xxxxxxxxxxxxxxxx
> Nothing special that I know of. When I run the Active Directory > Schema
> option in mmc on that server (spserver01), the Operations Master for > the
> Schema FSMO holder shows spserver01.season.com. When I run the AD > Domains
> and Trust and look at Operations Master for the Domain Naming FSMO it
> shows
> the same. Likewise, the same server shows up in RID, PDC and
> Infrastructure
> roles. So I don't know why the KnowsOfRoleHolders shows this server > as
> the
> Schema Owner, but it is marked deleted.
>
> I don't know if it would work to reconnect the other W2k SP 4 server,
> promote it to be a DC, transfer the Schema master role to it, and then > try
> to
> transfer it back to the original spserver01 to try to reset things.
> Hopefully, there is an easier way to clean it up without using another > DC,
> but I'll do it if that is the only way.
>
> Brett
>
> "Jorge de Almeida Pinto [MVP - DS]" wrote:
>
>> have you done something special with that SPSERVER? It looks like the >> DC
>> with the FSMO does not exist anymore
>>
>> -- >>
>> Cheers,
>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>>
>> # Jorge de Almeida Pinto # MVP Windows Server - Directory Services
>>
>> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
>> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
>> ------------------------------------------------------------------------------------------
>> * How to ask a question --> http://support.microsoft.com/?id=555375
>> ------------------------------------------------------------------------------------------
>> * This posting is provided "AS IS" with no warranties and confers no
>> rights!
>> * Always test before implementing!
>> ------------------------------------------------------------------------------------------
>> #################################################
>> #################################################
>> ------------------------------------------------------------------------------------------
>> "Brett Lamberty" <BrettLamberty@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
>> message
>> news:5ED0E026-F0FA-4584-BE4B-823CC9B93C23@xxxxxxxxxxxxxxxx
>> >I am trying to add a Windows 2003 Server R2 as a domain controller >> >to a
>> > domain (season.com) with a Windows 2000 Server SP 4 DC (Server name
>> > SPSERVER01). I have successfully added the Win 2003 server as a >> > member
>> > server in the domain, but when I try running adprep /forestprep >> > from
>> > Win
>> > 2003
>> > server CD 2 ( in \CMPNENTS\R2\ADPREP) on the Win 2000 DC, I get the
>> > error
>> > message:
>> >
>> > Adprep was unable to extend the schema.
>> > [Status/Consequence]
>> > The schema master did not complete a replication cycle after the >> > last
>> > reboot. The schema master must complete at least one replication >> > cycle
>> > before
>> > the schema can be extended.
>> > [User Action]
>> > Verify that the schema master is connected to the network and can
>> > communicate with other domain controllers. Use the Sites and >> > Services
>> > snap-in to replicate between the schema operations master and at >> > least
>> > one
>> > replication partner. After replication has succeeded, run adprep >> > again.
>> >
>> > I get this error whether I run adprep from CD 1 or CD 2.
>> >
>> > When I run REPADMIN /SHOWREPS SPSERVER01 I get this response:
>> >
>> > Default-First-Site-Name\SPSERVER01
>> > DSA Options : IS_GC
>> > objectGuid : e30467f8-01f0-4585-a313-11c255cfca38
>> > invocationID: 880c482f-02b1-4125-8dab-7980ab6d9948
>> >
>> > ==== INBOUND NEIGHBORS ======================================
>> >
>> > ==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============
>> >
>> > When I run DCDIAG /V /C /D /E /s: SPSERVER01 > c:\dcdiag.log, I see >> > a
>> > failure in the KnowsOfRoleHolders section:
>> >
>> > Starting test: KnowsOfRoleHolders
>> > Role Schema Owner = CN="NTDS Settings
>> > DEL:e0c0e37e-7c24-4de9-958f-872c0539d17d",CN=SPSERVER01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=season,DC=com
>> > Warning: CN="NTDS Settings
>> > DEL:e0c0e37e-7c24-4de9-958f-872c0539d17d",CN=SPSERVER01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=season,DC=com
>> > is the Schema Owner, but is deleted.
>> > Role Domain Owner = CN=NTDS
>> > Settings,CN=SPSERVER01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=season,DC=com
>> > Role PDC Owner = CN=NTDS
>> > Settings,CN=SPSERVER01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=season,DC=com
>> > Role Rid Owner = CN=NTDS
>> > Settings,CN=SPSERVER01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=season,DC=com
>> > Role Infrastructure Update Owner = CN=NTDS
>> > Settings,CN=SPSERVER01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=season,DC=com
>> > ......................... SPSERVER01 failed test
>> > KnowsOfRoleHolders
>> >
>> > The only other failure message here is in the frssysvol section:
>> >
>> > Starting test: frssysvol
>> > * The File Replication Service Event log test
>> > The registry lookup failed to determine the state of
>> > the SYSVOL. Using the systems event log instead.
>> > Error: No record of File Replication System, SYSVOL >> > started.
>> > The Active Directory may be prevented from starting.
>> > ......................... SPSERVER01 passed test frssysvol
>> >
>> > 3 days ago I saw the following error in the System log:
>> >
>> > Source: Schannel Event ID: 36872
>> > No suitable default server credential exists on this system. This >> > will
>> > prevent server applications that expect to make use of the system
>> > default
>> > credentials from accepting SSL connections. An example of such an
>> > application
>> > is the directory server. Applications that manage their own
>> > credentials,
>> > such
>> > as the internet information server, are not affected by this.
>> >
>> > At the same time I saw this error in the Directory Service log:
>> > Source:
>> > NTDS LDAP Event ID: 1220
>> > LDAP over SSL will be unavailable at this time because the server >> > was
>> > unable
>> > to obtain a certificate.
>> >
>> > This was one day after I reapplied SP 4 to the Win 2000 DC. I have >> > no
>> > idea
>> > if these are related.
>> >
>> > Some history that may help in the diagnosis. Before starting this
>> > whole
>> > process, the domain functional level was Windows 2000 mixed, even
>> > though
>> > we
>> > did not have any NT servers. We raised the functional level to >> > Windows
>> > 2000
>> > native. We did have another Windows 2000 Server SP 4 domain >> > controller
>> > (SPSERVER02). It's hardware has been flaky, so after the initial
>> > adprep
>> > failure, we ran DCPROMO and it reverted to a member server with no
>> > errors.
>> > Then we removed it from the domain and disconnected it.
>> >
>> > I suppose the deleted Schema Owner error is a key here, but I don't
>> > know
>> > how
>> > to fix that. Any recommendations?
>> >
>> > Thanks for any assistance.
>> >
>> > Brett
>> >
>>
>>
.
- Follow-Ups:
- Re: adprep /forestprep failure
- From: Brett Lamberty
- Re: adprep /forestprep failure
- References:
- adprep /forestprep failure
- From: Brett Lamberty
- Re: adprep /forestprep failure
- From: Jorge de Almeida Pinto [MVP - DS]
- Re: adprep /forestprep failure
- From: Brett Lamberty
- Re: adprep /forestprep failure
- From: Jorge de Almeida Pinto [MVP - DS]
- Re: adprep /forestprep failure
- From: Brett Lamberty
- Re: adprep /forestprep failure
- From: Jorge de Almeida Pinto [MVP - DS]
- adprep /forestprep failure
- Prev by Date: Re: active directory
- Next by Date: Re: retreive list of user who are lock out
- Previous by thread: Re: adprep /forestprep failure
- Next by thread: Re: adprep /forestprep failure
- Index(es):
Relevant Pages
|
