tmorrison3
asked on
FSMO transfer and timing issue?
Reference - http://support.microsoft.com/?id=314649
I have a windows 2000 domain - 2 windows 2000 DC - various member servers (all 2000) 1 which is running Exchange 2000. One of the DC is a new server that I just promoted and will now upgrade to 2003. According to the KB I
will run Scenario 2. I just Transfered the FSMO roles from DC1 to DC2. When I run the script from the command line to add to the exchange schema I get an error that states DC1 is no longer the schema master. I am sure this is just a timing issue as I just transfered the Schema master role from DC1 to DC2 - Shouldn't this only be 15 minutes. Also when I switched roles and set the GC from DC1 to DC2 exchange said it couldn't find the GC at first - again timing issue?
When I check where the FSMO roles are (via vb script) the owner shows as DC1 - How long will it take for the transfer of roles to take? or do I have other issues?
I have a windows 2000 domain - 2 windows 2000 DC - various member servers (all 2000) 1 which is running Exchange 2000. One of the DC is a new server that I just promoted and will now upgrade to 2003. According to the KB I
will run Scenario 2. I just Transfered the FSMO roles from DC1 to DC2. When I run the script from the command line to add to the exchange schema I get an error that states DC1 is no longer the schema master. I am sure this is just a timing issue as I just transfered the Schema master role from DC1 to DC2 - Shouldn't this only be 15 minutes. Also when I switched roles and set the GC from DC1 to DC2 exchange said it couldn't find the GC at first - again timing issue?
When I check where the FSMO roles are (via vb script) the owner shows as DC1 - How long will it take for the transfer of roles to take? or do I have other issues?
ASKER
In AD sites and services DC1 - NTDS settings - Connection - From Server DC2 - replication topology OK
DC2 - NTDS settings - no connections shown
*added connection - From Server DC1 - Replication topology error - The
AD property cannot be found in the cahe
When I force replication from DC2 to DC1 - Ad had replicated the connections
When I force replication from DC1 to DC2 - The naming context is in the process of being removed or is not replicated from the specified server.
SYSVOL on DC2 domain.name is empty - nothing replicated.
DC2 is new server with clean install of W2K all service packs/securty patches - DCPROMO and transfer FSMO roles
DCDIAG /test:FSMOCheck returns DC2
Event Viewer - File Replication Service (DC2)
Warning - Event ID 13508 - FRS having trouble enabling replication from DC1 to DC2 for c:\winnt\sysvol\domain using DNS name DC1.domainname.net. FRS will keep trying
Warning - Event ID 13562 - (DC2)
Following is the summary of warnings and errors encountered
by File Replication Service while polling the Domain Controller DC2
for FRS replica set configuration information.
The nTDSConnection object cn=DC2,cn=ntds settings,cn=DC1,cn=servers
cn=default-first-site-name
dc=domain,dc=name,dc=net is conflicting with cn=aa5d511f-6647-4383-a0a2
cn=ntds settings,cn=DC1,cn=servers
dc=Domain,dc=name,dc=net. Using cn=DC2,cn=ntds settings,cn=DC1,cn=servers
cn=default-first-site-name
The nTDSConnection object cn=7e3e471f-694a-409a-b268
cn=DC2,cn=servers,cn=defau
dc=Domain,dc=Name,dc=net is conflicting with cn=DC1,cn=ntds settings,cn=DC2,cn=servers
cn=default-first-site-name
Using cn=7e3e471f-694a-409a-b268
cn=default-first-site-name
Event Viewer - System (DC2)
Warning - Event ID 8022 - The browser was unable to retrieve a list of domains from the browser master \\DC1 on the network
Event Viewer - Directory Service (DC1)
Warning - Event ID 1265 The attempt to establish a replication link with parameters
Partition: CN=Schema,CN=Configuration
Source DSA DN: CN=NTDS Settings,CN=DC2,CN=Servers
CN=Sites,CN=Configuration,
Source DSA Address: f8400239-ab3b-4f6f-b504-bd
Inter-site Transport (if any):
failed with the following status:
The DSA operation is unable to proceed because of a DNS lookup failure.
The record data is the status code. This operation will be retried.
I am looking into DNS now...........
DC2 - NTDS settings - no connections shown
*added connection - From Server DC1 - Replication topology error - The
AD property cannot be found in the cahe
When I force replication from DC2 to DC1 - Ad had replicated the connections
When I force replication from DC1 to DC2 - The naming context is in the process of being removed or is not replicated from the specified server.
SYSVOL on DC2 domain.name is empty - nothing replicated.
DC2 is new server with clean install of W2K all service packs/securty patches - DCPROMO and transfer FSMO roles
DCDIAG /test:FSMOCheck returns DC2
Event Viewer - File Replication Service (DC2)
Warning - Event ID 13508 - FRS having trouble enabling replication from DC1 to DC2 for c:\winnt\sysvol\domain using DNS name DC1.domainname.net. FRS will keep trying
Warning - Event ID 13562 - (DC2)
Following is the summary of warnings and errors encountered
by File Replication Service while polling the Domain Controller DC2
for FRS replica set configuration information.
The nTDSConnection object cn=DC2,cn=ntds settings,cn=DC1,cn=servers
cn=default-first-site-name
dc=domain,dc=name,dc=net is conflicting with cn=aa5d511f-6647-4383-a0a2
cn=ntds settings,cn=DC1,cn=servers
dc=Domain,dc=name,dc=net. Using cn=DC2,cn=ntds settings,cn=DC1,cn=servers
cn=default-first-site-name
The nTDSConnection object cn=7e3e471f-694a-409a-b268
cn=DC2,cn=servers,cn=defau
dc=Domain,dc=Name,dc=net is conflicting with cn=DC1,cn=ntds settings,cn=DC2,cn=servers
cn=default-first-site-name
Using cn=7e3e471f-694a-409a-b268
cn=default-first-site-name
Event Viewer - System (DC2)
Warning - Event ID 8022 - The browser was unable to retrieve a list of domains from the browser master \\DC1 on the network
Event Viewer - Directory Service (DC1)
Warning - Event ID 1265 The attempt to establish a replication link with parameters
Partition: CN=Schema,CN=Configuration
Source DSA DN: CN=NTDS Settings,CN=DC2,CN=Servers
CN=Sites,CN=Configuration,
Source DSA Address: f8400239-ab3b-4f6f-b504-bd
Inter-site Transport (if any):
failed with the following status:
The DSA operation is unable to proceed because of a DNS lookup failure.
The record data is the status code. This operation will be retried.
I am looking into DNS now...........
Ok, need more info...
DC2 - how long was it on the LAN as a DC before you transferred the roles?
Before you go any further, let's do this..
1) Remove that NTDS link you created - it's missing because of replication and now the new one you created is conflicting with the real one on the other server's copy of AD.
2) We're going to make DC1's copy of SYSVOL authoritative so that SYSVOL on DC2 gets built correctly and starts to advertise. This article will walk you through how to make DC1 authoritative and DC2 subordinate for the sake of FRS to begin working. Read this carefully - ask if you're not sure how to proceed. Most of all, be patient after you make this adjustment so that replication can begin and stabilize.
http://support.microsoft.com/default.aspx?scid=kb;en-us;315457
Go slow and make sure it's DC1 we need to D4.
Advise.
DC2 - how long was it on the LAN as a DC before you transferred the roles?
Before you go any further, let's do this..
1) Remove that NTDS link you created - it's missing because of replication and now the new one you created is conflicting with the real one on the other server's copy of AD.
2) We're going to make DC1's copy of SYSVOL authoritative so that SYSVOL on DC2 gets built correctly and starts to advertise. This article will walk you through how to make DC1 authoritative and DC2 subordinate for the sake of FRS to begin working. Read this carefully - ask if you're not sure how to proceed. Most of all, be patient after you make this adjustment so that replication can begin and stabilize.
http://support.microsoft.com/default.aspx?scid=kb;en-us;315457
Go slow and make sure it's DC1 we need to D4.
Advise.
ASKER
DC2 was on the LAN for a couple of days the DCPROMO was run and left on a couple of days then I transfered the FSMO roles - DNS seemed to be ok.
1) I manually removed the NTDS link that I created and the other one by mistake
2) the ntfrsutil ds |findstr /i "root stage" does not return anything on either DC - just goes back to C:\prompt
Where should I go from here?
1) I manually removed the NTDS link that I created and the other one by mistake
2) the ntfrsutil ds |findstr /i "root stage" does not return anything on either DC - just goes back to C:\prompt
Where should I go from here?
ASKER
Also - when I am running ntfrsutil from an XP machine -
ntfrsutl sets [DC1] - it returns these errors
ERROR - Cannot bind w/authentication to computer, [DC1]; 000006ba (1722)
ERROR - Cannot bind w/o authentication to computer, [DC1]; 000006ba (1722)
ERROR - Cannot RPC to computer, [DC1]; 000006ba (1722)
I have admin rights on the account running the command
ntfrsutl sets [DC1] - it returns these errors
ERROR - Cannot bind w/authentication to computer, [DC1]; 000006ba (1722)
ERROR - Cannot bind w/o authentication to computer, [DC1]; 000006ba (1722)
ERROR - Cannot RPC to computer, [DC1]; 000006ba (1722)
I have admin rights on the account running the command
ASKER
I stuck with my DNS hunch......
Basically DNS was configured correctly at MMC of both computers...but the TCP/IP settings on DC1 was not pointing at itself - ISP - Another swan song for the old Admin - Changed that to point to itself and snap.
1) Replication of Sysvol
2) DNS working
3)Site replication
4)Transfered FSMO roles
Basically DNS was configured correctly at MMC of both computers...but the TCP/IP settings on DC1 was not pointing at itself - ISP - Another swan song for the old Admin - Changed that to point to itself and snap.
1) Replication of Sysvol
2) DNS working
3)Site replication
4)Transfered FSMO roles
Very good!
Yes, DNS must point to itself first and let forwarding do the rest - since it was pointed at the ISP it wasn't registering.
Good work.
Yes, DNS must point to itself first and let forwarding do the rest - since it was pointed at the ISP it wasn't registering.
Good work.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
In AD site and services you can expand each server, then select NTDS Settings on the right. On the left you should see you replication partner - right -click him and select Replicate now. Do this for each server and partner.
Give it 15 minutes or so again.
Run DCDIAG /test:FSMOCheck