Re: 2008 Domain Upgrade - Schema Mismatch
- From: "Paul Bergson" <pbbergs@xxxxxxxxxxxxx>
- Date: Mon, 5 Jan 2009 07:19:43 -0600
From both your 2008 DCand a 2003 DC run the tests below. Scour through thelistings and post any errors you can't resolve.
Run diagnostics against your Active Directory domain.
If you don't have the support tools installed, install them from your server install disk.
d:\support\tools\setup.exe
Run dcdiag, netdiag and repadmin in verbose mode.
-> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log (On each dc)
-> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt
-> dnslint /ad /s "ip address of your dc"
**Note: Using the /E switch in dcdiag will run diagnostics against ALL dc's in the forest. If you have significant numbers of DC's this test could generate significant detail and take a long time. You also want to take into account slow links to dc's will also add to the testing time.
If you download a gui script I wrote it should be simple to set and run (DCDiag and NetDiag). It also has the option to run individual tests without having to learn all the switch options. The details will be output in notepad text files that pop up automagically.
The script is located on my website at http://www.pbbergs.com/windows/downloads.htm
Just select both dcdiag and netdiag make sure verbose is set. (Leave the default settings for dcdiag as set when selected)
When complete search for fail, error and warning messages.
Description and download for dnslint
http://support.microsoft.com/kb/321045
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.
"Ben Watson" <bwatson@xxxxxxxxx> wrote in message news:7464a221-4248-4bde-928f-8b2d91dcc1dc@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
We currently run a single Windows 2003 R2 domain and forest. The
domain and forest are running in Windows 2003 DFL/FFL. We have 9 sites
and 10 domain controllers. All domain controllers are global catalog
servers and one of the domain controllers holds all the FSMO roles.
All the domain controllers are also ADI DNS servers.
As a schema admin, I ran ADPREP /FORESTPREP against the DC holding the
schema master role and it ran without issue. I then ran ADPREP /
DOMAINPREP which also ran without issue. And then I ran ADPREP /
RODCPREP and this also ran without issue. So no errors during the
schema extension process.
I then fired up a box with a fresh installation of Windows Server 2008
Standard (x64) which is also fully patched up to date. I configured
the machine with a static IP address and then joined the machine to
the domain. After the machine rebooted from being joined to the
domain I then began the DCPROMO process.
It appeared as though the 2008 machine was going to promote in just
fine, and it did end up completing the promotion process. However on
the final screen stating that the machine was now a domain controller,
it also stated that it could not complete the replication process but
would finish later from another domain controller.
Here are now the symptoms of the problem I am experiencing...
After the reboot, I then log in with my domain administrator account.
I am unable to launch any of the MMCs related to Active Directory
management on the 2008 box. It complains that I do not have
permission to launch them. I assume that this issue is related to the
fact that this machine has been unable to replicate any of the
information and as a result does not realize that I am a Domain
Administrator. That's just my guess. So I log out, and then log in
with the domain built-in Administrator account.
With the built-in Administrator account, I am able to launch all the
relevant MMCs. Sure enough, when launching ADUC, I see that none of
the domain user accounts or anything else have yet replicated over. I
launch AD Sites and Services and attempt to force in-bound replication
from one of the other healthy 2003 Domain Controllers in the site.
When I do this, I receive this error message...
The following error occurred during the attempt to synchronize naming
context appsig.com from Domain Controller 2003DC2 to Domain Controller
2008DC1: The replication operation failed because of a schema mismatch
between the servers involved.
I don't understand how there can be a schema mismatch. I just
completed the schema extension to promote in 2008 domain controllers.
It should be noted that I promoted in a new 2003 domain controller as
recently as last week and there were no issues.
I also already found this KB article and followed the instructions as
stated to search for answers to the issue.
http://support.microsoft.com/kb/838179
None of the situations seemed to apply as I found no issues related to
what was stated in the KB article. No database corruption, no
duplicate valued attributes, etc.
Any thoughts on where to go from here?
.
- References:
- 2008 Domain Upgrade - Schema Mismatch
- From: Ben Watson
- 2008 Domain Upgrade - Schema Mismatch
- Prev by Date: Re: What Happens If...
- Next by Date: Re: What Happens If...
- Previous by thread: Re: 2008 Domain Upgrade - Schema Mismatch
- Next by thread: Re: 2008 Domain Upgrade - Schema Mismatch
- Index(es):
Relevant Pages
|
Loading
