Re: adprep /forestprep failure
- From: Brett Lamberty <BrettLamberty@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 8 Aug 2007 14:44:01 -0700
I ran ntdsutil to seize the schema master role, and then everything worked
fine: adprep /forestprep and /domainprep, etc.
Thanks.
Brett
"Jorge de Almeida Pinto [MVP - DS]" wrote:
just to be sure.....
do a metadata cleanup of the DC you removed
http://blogs.dirteam.com/blogs/jorge/archive/2005/12/03/213.aspx
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Jorge de Almeida Pinto [MVP - DS]"
<SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx> wrote in message
news:O0sVjOz1HHA.4880@xxxxxxxxxxxxxxxxxxxxxxx
I thought there were more DCs...
you said you had another DC... can yiou explain what you did with that DC
and why. dont forget anything
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Brett Lamberty" <BrettLamberty@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:145008D9-D6DA-4943-906F-1D0BDBEDF1DD@xxxxxxxxxxxxxxxx
If I understand correctly, I don't expect to see anything for
replication,
because there is currently only one DC in the domain and forest,
spserver01.
spserver02 was demoted from being a DC, removed from the domain, and
disconnected, so there is no other server for spserver01 to replicate to.
The win 2003 server is not yet a DC, since I can't run adprep.
"Jorge de Almeida Pinto [MVP - DS]" wrote:
check if replication is correct and to see why two DCs have different
understanding. something is wrong with replication
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Brett Lamberty" <BrettLamberty@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:1DD4D118-C434-4A74-A23C-45C7608CC3F0@xxxxxxxxxxxxxxxx
Nothing special that I know of. When I run the Active Directory
Schema
option in mmc on that server (spserver01), the Operations Master for
the
Schema FSMO holder shows spserver01.season.com. When I run the AD
Domains
and Trust and look at Operations Master for the Domain Naming FSMO it
shows
the same. Likewise, the same server shows up in RID, PDC and
Infrastructure
roles. So I don't know why the KnowsOfRoleHolders shows this server
as
the
Schema Owner, but it is marked deleted.
I don't know if it would work to reconnect the other W2k SP 4 server,
promote it to be a DC, transfer the Schema master role to it, and then
try
to
transfer it back to the original spserver01 to try to reset things.
Hopefully, there is an easier way to clean it up without using another
DC,
but I'll do it if that is the only way.
Brett
"Jorge de Almeida Pinto [MVP - DS]" wrote:
have you done something special with that SPSERVER? It looks like the
DC
with the FSMO does not exist anymore
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Brett Lamberty" <BrettLamberty@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:5ED0E026-F0FA-4584-BE4B-823CC9B93C23@xxxxxxxxxxxxxxxx
I am trying to add a Windows 2003 Server R2 as a domain controller
to a
domain (season.com) with a Windows 2000 Server SP 4 DC (Server name
SPSERVER01). I have successfully added the Win 2003 server as a
member
server in the domain, but when I try running adprep /forestprep
from
Win
2003
server CD 2 ( in \CMPNENTS\R2\ADPREP) on the Win 2000 DC, I get the
error
message:
Adprep was unable to extend the schema.
[Status/Consequence]
The schema master did not complete a replication cycle after the
last
reboot. The schema master must complete at least one replication
cycle
before
the schema can be extended.
[User Action]
Verify that the schema master is connected to the network and can
communicate with other domain controllers. Use the Sites and
Services
snap-in to replicate between the schema operations master and at
least
one
replication partner. After replication has succeeded, run adprep
again.
I get this error whether I run adprep from CD 1 or CD 2.
When I run REPADMIN /SHOWREPS SPSERVER01 I get this response:
Default-First-Site-Name\SPSERVER01
DSA Options : IS_GC
objectGuid : e30467f8-01f0-4585-a313-11c255cfca38
invocationID: 880c482f-02b1-4125-8dab-7980ab6d9948
==== INBOUND NEIGHBORS ======================================
==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============
When I run DCDIAG /V /C /D /E /s: SPSERVER01 > c:\dcdiag.log, I see
a
failure in the KnowsOfRoleHolders section:
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN="NTDS Settings
DEL:e0c0e37e-7c24-4de9-958f-872c0539d17d",CN=SPSERVER01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=season,DC=com
Warning: CN="NTDS Settings
DEL:e0c0e37e-7c24-4de9-958f-872c0539d17d",CN=SPSERVER01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=season,DC=com
is the Schema Owner, but is deleted.
Role Domain Owner = CN=NTDS
Settings,CN=SPSERVER01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=season,DC=com
Role PDC Owner = CN=NTDS
Settings,CN=SPSERVER01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=season,DC=com
Role Rid Owner = CN=NTDS
Settings,CN=SPSERVER01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=season,DC=com
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=SPSERVER01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=season,DC=com
......................... SPSERVER01 failed test
KnowsOfRoleHolders
The only other failure message here is in the frssysvol section:
Starting test: frssysvol
* The File Replication Service Event log test
The registry lookup failed to determine the state of
the SYSVOL. Using the systems event log instead.
Error: No record of File Replication System, SYSVOL
started.
The Active Directory may be prevented from starting.
......................... SPSERVER01 passed test frssysvol
3 days ago I saw the following error in the System log:
Source: Schannel Event ID: 36872
No suitable default server credential exists on this system. This
will
prevent server applications that expect to make use of the system
default
credentials from accepting SSL connections. An example of such an
application
is the directory server. Applications that manage their own
credentials,
such
as the internet information server, are not affected by this.
At the same time I saw this error in the Directory Service log:
Source:
NTDS LDAP Event ID: 1220
LDAP over SSL will be unavailable at this time because the server
was
unable
to obtain a certificate.
This was one day after I reapplied SP 4 to the Win 2000 DC. I have
no
idea
if these are related.
Some history that may help in the diagnosis. Before starting this
whole
process, the domain functional level was Windows 2000 mixed, even
though
we
did not have any NT servers. We raised the functional level to
Windows
2000
native. We did have another Windows 2000 Server SP 4 domain
controller
(SPSERVER02). It's hardware has been flaky, so after the initial
adprep
failure, we ran DCPROMO and it reverted to a member server with no
errors.
Then we removed it from the domain and disconnected it.
I suppose the deleted Schema Owner error is a key here, but I don't
know
how
to fix that. Any recommendations?
Thanks for any assistance.
Brett
- References:
- adprep /forestprep failure
- From: Brett Lamberty
- Re: adprep /forestprep failure
- From: Jorge de Almeida Pinto [MVP - DS]
- Re: adprep /forestprep failure
- From: Brett Lamberty
- Re: adprep /forestprep failure
- From: Jorge de Almeida Pinto [MVP - DS]
- Re: adprep /forestprep failure
- From: Brett Lamberty
- Re: adprep /forestprep failure
- From: Jorge de Almeida Pinto [MVP - DS]
- Re: adprep /forestprep failure
- From: Jorge de Almeida Pinto [MVP - DS]
- adprep /forestprep failure
- Prev by Date: Re: DC trying to replicate to recently demoted DC
- Next by Date: Re: How to configure a windows 2003 Std server to be just another serv
- Previous by thread: Re: adprep /forestprep failure
- Next by thread: adprep /forestprep failure
- Index(es):
Relevant Pages
|
