Re: fSMORoleOwner in CN=Infrastructure DomainDNSZones & ForestDNSZ
- From: dimsdale_007 <dimsdale007@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 12 Jan 2009 14:59:03 -0800
That's a no brainer, DC1 which is the one throwing the error and is also the
primary DNS server. The server's local config is correct, and I don't see
any issues with the way DNS is configured either. There's no stale DNS
Servers in the configs, etc. DC2 is also a DNS server, it's doesn't throw
the error but when I have the servers settings side by side, there's really
no differences.
The company I work for right now doesn't have MS Premier support which
blows. I've also been working with our MS rep, he's told me to call in a
support incident and work with the ms techs at this point. If you have
anymore ideas shoot them my way. I'll probably call ms tomorrow and
hopefully will get some new ideas thrown into the mix.
Thanks!
"Jorge de Almeida Pinto [MVP - DS]" wrote:
it cannot find the DC and the domain.
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"dimsdale_007" <dimsdale007@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A3E3566F-F491-4EA7-BAF2-A40B3DEC5FE5@xxxxxxxxxxxxxxxx
I've went through DNS config, but see nothing set incorrectly. Is there
anything in particular you think is incorrect in DNS?
"Jorge de Almeida Pinto [MVP - DS]" wrote:
check out DNS configuration.
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"dimsdale_007" <dimsdale007@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E4C33CAD-F30B-4204-9B60-E5A4888604B2@xxxxxxxxxxxxxxxx
Yes, all dc's are current & actually show up correctly with FSMO roles.
"Jorge de Almeida Pinto [MVP - DS]" wrote:
if you do a :
NETDOM QUERY FSMO
do all the DCs listed still exist in your environment?
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services
#
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test ANY suggestion in a test environment before
implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"dimsdale_007" <dimsdale007@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:DF6CDD8B-A0DD-4CE6-BAE7-28DCFB3E66AD@xxxxxxxxxxxxxxxx
This didn't work either. The script comes back with "(20, 5)
(null):
The
specified domain either does not exist or could not be contacted."
So I ran netdom query /domain /verify and 1 of the 6 domain
controllers
which currently holds the RID & PDC roles comes up with this for
status
"ERROR! (the specified domain either does not exist or could not be
contacted.) The other 5 DC's pull back the domain status correctly.
I also tried to seize the role, and an error came back saying role
seizure
not necessary.
Any other ideas?
"Jorge de Almeida Pinto [MVP - DS]" wrote:
glad to help out
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Identity & Access - Directory
Services
#
BLOG (WEB-BASED)-->
http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers
no
rights!
* Always test ANY suggestion in a test environment before
implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"dimsdale_007" <dimsdale007@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:771E3D87-FDAD-47E8-BAA6-06499B696B88@xxxxxxxxxxxxxxxx
Just a reference in my original problem statement, ADSIEDIT gave
me
an
error
"The role owner attribute could not be read.".
I had to put in a change management ticket before I could make
the
change,
I
will try the script 1st, if that fails I'll try to seize the role
on
DC3,
if
both fail, I'll try to seize/transfer the role to DC4. If it
works
tonight,
I'll give you guys an update.
Thanks for the help from everyone BTW!!
"Jorge de Almeida Pinto [MVP - DS]" wrote:
just get the DN of the NTDS Settings object of the CURRENT INFRA
FSMO
for
the AD domain and specify that as the INFRA FSMO for both
DOmainDNSZones
and
ForestDNSZones. Use either LDP or ADsiedit
OR....
use the script specified in:
http://support.microsoft.com/kb/949257
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Identity & Access - Directory
Services
#
BLOG (WEB-BASED)-->
http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)-->
http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and
confers
no
rights!
* Always test ANY suggestion in a test environment before
implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"dimsdale_007" <dimsdale007@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:EB38DF7C-E32A-43BF-A553-9CB781A58CFD@xxxxxxxxxxxxxxxx
I've ran around and around, google'd until my eyes are
bleeding,
I
really
hope someone here can help.
Basically this forum
"http://www.mombu.com/microsoft/mom-general-discussion/t-mom-2005-alert-and-event-562604.html";
pretty much shows my issue in detail. But like the last
person
who
posted
on
the forum, I too keep getting the message "The role owner
attribute
could
not
be read." when i try to change the fSMORoleOwner attribute
using
ADSIEDIT.
In case you don't want to read the forum, basically, the
FSMORoleOwner
is
showing "CN=NTDS
Settings\0ADEL:9e2f14ec-9e95-4f07-bf7c-1a862a4ed8d6,CN=OLDSERVERNAME\0ADEL:27e107a1-3085-4e72-a7bc-80f05e4769ca,CN=Servers,CN=Default,CN=Sites,CN=Configuration,DC=Company_Name,DC=com"
I'm getting MOM alerts "The script 'AD Replication Monitoring'
encountered
a
runtime error. Failed to obtain the InfrastructureMaster using
a
well
known
GUID.
The error returned was: 'Failed to get the 'fSMORoleOwner'
attribute
from
the object
'LDAP://DomainController1.company.com/<WKGUID=2fbac1870ade11d297c400c04fd8d5cd,DC=DomainDnsZones,DC=Company_Name,DC=com>'.
The error returned was: 'There is no such object on the
server.'
(0x80072030)' (0x80072030)"
When I look in ADUC, it shows that DomainController3 is the
Infrastructure
Master, but the DomainDNSZones & ForestDNSZones are incorrect,
and
displays
the GUID of an older server. I'm assumnig someone before me
just
took
the
old Infrastructure Master offline, decommissioned it, DC3
seized
the
role,
now AD is boogered up.
Does anyone have any ideas?
- References:
- fSMORoleOwner in CN=Infrastructure DomainDNSZones & ForestDNSZones
- From: dimsdale_007
- Re: fSMORoleOwner in CN=Infrastructure DomainDNSZones & ForestDNSZones
- From: Jorge de Almeida Pinto [MVP - DS]
- Re: fSMORoleOwner in CN=Infrastructure DomainDNSZones & ForestDNSZ
- From: dimsdale_007
- Re: fSMORoleOwner in CN=Infrastructure DomainDNSZones & ForestDNSZ
- From: Jorge de Almeida Pinto [MVP - DS]
- Re: fSMORoleOwner in CN=Infrastructure DomainDNSZones & ForestDNSZ
- From: dimsdale_007
- Re: fSMORoleOwner in CN=Infrastructure DomainDNSZones & ForestDNSZ
- From: Jorge de Almeida Pinto [MVP - DS]
- Re: fSMORoleOwner in CN=Infrastructure DomainDNSZones & ForestDNSZ
- From: dimsdale_007
- Re: fSMORoleOwner in CN=Infrastructure DomainDNSZones & ForestDNSZ
- From: Jorge de Almeida Pinto [MVP - DS]
- Re: fSMORoleOwner in CN=Infrastructure DomainDNSZones & ForestDNSZ
- From: dimsdale_007
- Re: fSMORoleOwner in CN=Infrastructure DomainDNSZones & ForestDNSZ
- From: Jorge de Almeida Pinto [MVP - DS]
- fSMORoleOwner in CN=Infrastructure DomainDNSZones & ForestDNSZones
- Prev by Date: Re: Unable to Block Group Policy Inheritance
- Next by Date: Re: Demoting Domain Controller?
- Previous by thread: Re: fSMORoleOwner in CN=Infrastructure DomainDNSZones & ForestDNSZ
- Next by thread: Win2k to Win2k3 AD Upgrade
- Index(es):
Relevant Pages
|
