Re: 2008 Domain Upgrade - Schema Mismatch
- From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
- Date: Tue, 6 Jan 2009 10:15:02 -0000
hum....
the KB838179 should help you track the problem assuming that you follow all steps listed. Additionally I also fund this link: http://technet.microsoft.com/en-us/library/cc756588.aspx that describes the necessary steps to deactivate "isDefunct" the conflict attribute.
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Ben Watson" <bwatson@xxxxxxxxx> wrote in message news:2c14ec19-18eb-4047-a400-454fabbede99@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Jan 5, 3:01 pm, "Jorge Silva" <jorgesilva...@xxxxxxxxxxx> wrote:
Ok,
When you ping f1f7936b-044e-4347-b287-73a4062975e8._msdcs.appsig.com, what
name returns? Is that address available for an existing DC?
Is that your first 2008 DC or a new one? If a new one, is that DC a RODC?
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights."Ben Watson" <bwat...@xxxxxxxxx> wrote in message
news:5f4ec284-54d0-4d2b-9c32-9bde3f3d092b@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Jan 5, 10:51 am, "Jorge Silva" <jorgesilva...@xxxxxxxxxxx> wrote:
> What messages do you have in dcpromo log
> --
> I hope that the information above helps you.
> Have a Nice day.
> Jorge Silva
> MCSE, MVP Directory Services
> Please no e-mails, any questions should be posted in the NewsGroup
> This posting is provided "AS IS" with no warranties, and confers no
> rights."Ben Watson" <bwat...@xxxxxxxxx> wrote in message
>news:07398257-e04f-4163-b01e-355320041a86@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> On Jan 5, 8:35 am, "Jorge Silva" <jorgesilva...@xxxxxxxxxxx> wrote:
> > Hi
> > Did you follow all steps in the KB?
> > --
> > I hope that the information above helps you.
> > Have a Nice day.
> > Jorge Silva
> > MCSE, MVP Directory Services
> > Please no e-mails, any questions should be posted in the NewsGroup
> > This posting is provided "AS IS" with no warranties, and confers no
> > rights."Ben Watson" <bwat...@xxxxxxxxx> wrote in message
> >news:7464a221-4248-4bde-928f-8b2d91dcc1dc@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> > > We currently run a single Windows 2003 R2 domain and forest. The
> > > domain and forest are running in Windows 2003 DFL/FFL. We have 9 > > > sites
> > > and 10 domain controllers. All domain controllers are global catalog
> > > servers and one of the domain controllers holds all the FSMO roles.
> > > All the domain controllers are also ADI DNS servers.
> > > As a schema admin, I ran ADPREP /FORESTPREP against the DC holding > > > the
> > > schema master role and it ran without issue. I then ran ADPREP /
> > > DOMAINPREP which also ran without issue. And then I ran ADPREP /
> > > RODCPREP and this also ran without issue. So no errors during the
> > > schema extension process.
> > > I then fired up a box with a fresh installation of Windows Server > > > 2008
> > > Standard (x64) which is also fully patched up to date. I configured
> > > the machine with a static IP address and then joined the machine to
> > > the domain. After the machine rebooted from being joined to the
> > > domain I then began the DCPROMO process.
> > > It appeared as though the 2008 machine was going to promote in just
> > > fine, and it did end up completing the promotion process. However on
> > > the final screen stating that the machine was now a domain > > > controller,
> > > it also stated that it could not complete the replication process > > > but
> > > would finish later from another domain controller.
> > > Here are now the symptoms of the problem I am experiencing...
> > > After the reboot, I then log in with my domain administrator > > > account.
> > > I am unable to launch any of the MMCs related to Active Directory
> > > management on the 2008 box. It complains that I do not have
> > > permission to launch them. I assume that this issue is related to > > > the
> > > fact that this machine has been unable to replicate any of the
> > > information and as a result does not realize that I am a Domain
> > > Administrator. That's just my guess. So I log out, and then log in
> > > with the domain built-in Administrator account.
> > > With the built-in Administrator account, I am able to launch all the
> > > relevant MMCs. Sure enough, when launching ADUC, I see that none of
> > > the domain user accounts or anything else have yet replicated over. > > > I
> > > launch AD Sites and Services and attempt to force in-bound > > > replication
> > > from one of the other healthy 2003 Domain Controllers in the site.
> > > When I do this, I receive this error message...
> > > The following error occurred during the attempt to synchronize > > > naming
> > > context appsig.com from Domain Controller 2003DC2 to Domain > > > Controller
> > > 2008DC1: The replication operation failed because of a schema > > > mismatch
> > > between the servers involved.
> > > I don't understand how there can be a schema mismatch. I just
> > > completed the schema extension to promote in 2008 domain > > > controllers.
> > > It should be noted that I promoted in a new 2003 domain controller > > > as
> > > recently as last week and there were no issues.
> > > I also already found this KB article and followed the instructions > > > as
> > > stated to search for answers to the issue.
> > >http://support.microsoft.com/kb/838179
> > > None of the situations seemed to apply as I found no issues related > > > to
> > > what was stated in the KB article. No database corruption, no
> > > duplicate valued attributes, etc.
> > > Any thoughts on where to go from here?
> Hi Jorge (and all),
> Unfortunately the KB article did not point to anything related to my
> issue.
> I am getting an EventID:1203 – Source: NTDS Replication from the new
> 2008 DC and it keeps halting replication at a particular user
> account. The user account was fortunately a long disabled user so I
> deleted the user account, tried to force replication again, and then
> it halted at another user account. I did this three times and it kept
> halting on a different user account.
> How do I found out what particular attribute that replication is
> having a problem with? Here is the event log error.
> The directory service could not replicate the following object from
> the source directory service at the following network address because
> of an Active Directory Domain Services schema mismatch.
> Object:
> CN=useraccount,OU=UserAccounts,DC=appsig,DC=com
> Network address:
> f1f7936b-044e-4347-b287-73a4062975e8._msdcs.appsig.com
> Active Directory Domain Services will attempt to synchronize the
> schema before attempting to synchronize the following directory
> partition.
> Directory partition:
> DC=appsig,DC=com
> Any thoughts on how to find out what particular attribute that Active
> Directory is unhappy about?
Here are the more notable entries from the dcpromo.log file...
01/03/2009 18:47:30 [INFO] Replicating
CN=Schema,CN=Configuration,DC=appsig,DC=com: received 2674 out of
approximately 2674 objects
01/03/2009 18:47:30 [INFO] Replicated the schema container.
01/03/2009 18:47:31 [INFO] Replicating the configuration directory
partition
01/03/2009 18:47:38 [INFO] Replicating data
CN=Configuration,DC=appsig,DC=com: Received 4957 out of approximately
8006 objects and 195 out of approximately 195 distinguished name (DN)
values...
01/03/2009 18:47:38 [INFO] Replicated the configuration container.
01/03/2009 18:47:38 [INFO] Replicating critical domain information...
01/03/2009 18:47:39 [INFO] Replicating data DC=appsig,DC=com: Received
104 out of approximately 1353 objects and 14 out of approximately 7512
distinguished name (DN) values...
01/03/2009 18:47:39 [INFO] Replicated the critical objects in the
domain container.
01/03/2009 18:48:02 [INFO] Replicating non critical information
01/03/2009 18:48:02 [INFO] Replicating the domain directory
partition...
01/03/2009 18:48:15 [INFO] Replicating data DC=appsig,DC=com: Received
19130 out of approximately 19130 objects and 14 out of approximately
7512 distinguished name (DN) values...
01/03/2009 18:48:16 [INFO] EVENTLOG (Warning): NTDS Replication /
Replication : 1203
The directory service could not replicate the following object from
the source directory service at the following network address because
of an Active Directory Domain Services schema mismatch.
Object:
CN=useraccount,OU=UserAccounts,DC=appsig,DC=com
Network address:
f1f7936b-044e-4347-b287-73a4062975e8._msdcs.appsig.com
Active Directory Domain Services will attempt to synchronize the
schema before attempting to synchronize the following directory
partition.
Directory partition:
DC=appsig,DC=com
01/03/2009 18:48:16 [WARNING] Non critical replication returned 8418
01/03/2009 18:48:17 [INFO] The attempted domain controller operation
has completed
Hi Jorge,
Yes, that specific entry points to an available 2003 DC in our
environment within the same site. And it is pingable.
This is definitely our first 2008 DC and not a RODC.
~Ben
.
- References:
- 2008 Domain Upgrade - Schema Mismatch
- From: Ben Watson
- Re: 2008 Domain Upgrade - Schema Mismatch
- From: Jorge Silva
- Re: 2008 Domain Upgrade - Schema Mismatch
- From: Ben Watson
- Re: 2008 Domain Upgrade - Schema Mismatch
- From: Jorge Silva
- Re: 2008 Domain Upgrade - Schema Mismatch
- From: Ben Watson
- Re: 2008 Domain Upgrade - Schema Mismatch
- From: Jorge Silva
- Re: 2008 Domain Upgrade - Schema Mismatch
- From: Ben Watson
- 2008 Domain Upgrade - Schema Mismatch
- Prev by Date: Re: how to modify "msds-revealedUsers" Active Directory attribute in
- Next by Date: Re: Win2k to Win2k3 AD Upgrade
- Previous by thread: Re: 2008 Domain Upgrade - Schema Mismatch
- Next by thread: Moncler down jacket
- Index(es):
Relevant Pages
|
