Epurchase
asked on
Getting error while running dcpromo
I have 2 windows 2003 domain controllers and am trying to demote 1 but getting the following error when running the dcpromo
Active Directory Installation Failed
The operation failed because:
Managing the network session with the other domain failed
"The network path was not found. If this computer is connected to the network via a remote access service (RAS) connection, ensure that file and printer sharing for microsoft networks is enabled for that connection"
Active Directory Installation Failed
The operation failed because:
Managing the network session with the other domain failed
"The network path was not found. If this computer is connected to the network via a remote access service (RAS) connection, ensure that file and printer sharing for microsoft networks is enabled for that connection"
ASKER
We already had windows 2003 domain controller A and then we added one more domain controller B just for the backup.
Now i am trying to demote domain controller A and keep only B. I can ping server B from server A and vice versa.
I am getting following error when running dcpromo from server A
The operation failed because:
Managing the network session with the domain B failed.
Please let me know if you need additional information.
Now i am trying to demote domain controller A and keep only B. I can ping server B from server A and vice versa.
I am getting following error when running dcpromo from server A
The operation failed because:
Managing the network session with the domain B failed.
Please let me know if you need additional information.
The thing that is throwing me off on providing an answer is your error - "Managing the network session with the domain B failed."
It says DOMAIN B - is it really in the same domain as A? or was the error supposed to read Domain Controller B?
Before you demote A, you will want to transfer all the FSMO roles over to B and also make B a Global Catalog server.
Here are instructions:
http://support.microsoft.com/default.aspx?scid=kb;en-us;324801
This is the same for 2003:
http://support.microsoft.com/default.aspx?scid=kb;en-us;313994
It says DOMAIN B - is it really in the same domain as A? or was the error supposed to read Domain Controller B?
Before you demote A, you will want to transfer all the FSMO roles over to B and also make B a Global Catalog server.
Here are instructions:
http://support.microsoft.com/default.aspx?scid=kb;en-us;324801
This is the same for 2003:
http://support.microsoft.com/default.aspx?scid=kb;en-us;313994
ASKER
Server B is already Global catalog server and working fine with out server A. I brought down the server A and tested the server B as Global catalog now now i want to demote server A
Did you move the FSMO roles to B yet?
You should do this manually to make absolutely certain they are alive and well on the new server before demoting A.
We can get A removed even with your error, however, I want to be sure everything has transitioned to the new server first.
You should do this manually to make absolutely certain they are alive and well on the new server before demoting A.
We can get A removed even with your error, however, I want to be sure everything has transitioned to the new server first.
ASKER
I am trying to do the following step but the change button in gred out or disabled. Please suggest
In the console tree, right-click Active Directory Schema, and then click Operations Master then Click Change.
In the console tree, right-click Active Directory Schema, and then click Operations Master then Click Change.
ASKER
I have moved the FSMO roles to server B. Please let me know how i can demote the server A now?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I was able to move Schema role. I was not the part of the Shema Admin group that's why change option was not enabled.
Now i have transferred all the FSMO roles. I will wait for 2 hours and try to demote server A using DCpromo. i just tried dcpromo and it gave me the same error
Active Directory Installation Failed
The operation failed because:
Managing the network session with the other domain failed
"The network path was not found. If this computer is connected to the network via a remote access service (RAS) connection, ensure that file and printer sharing for microsoft networks is enabled for that connection"
Now i have transferred all the FSMO roles. I will wait for 2 hours and try to demote server A using DCpromo. i just tried dcpromo and it gave me the same error
Active Directory Installation Failed
The operation failed because:
Managing the network session with the other domain failed
"The network path was not found. If this computer is connected to the network via a remote access service (RAS) connection, ensure that file and printer sharing for microsoft networks is enabled for that connection"
For the pupose of this demotion, you can add 2 entries to the HOSTS file on server A:
{IP of server B} {FQDN of host B}
{IP of server B} {NetBIOS domain name}
Thses should get you by.
{IP of server B} {FQDN of host B}
{IP of server B} {NetBIOS domain name}
Thses should get you by.
ASKER
I have put the entries in HOSTS file but still getting the same error.
Can you run the following command on that server and post? The output will go into c:\dcdiag.txt
dcdiag /v > c:\dcdiag.txt
dcdiag /v > c:\dcdiag.txt
ASKER
Server A is SHS1 and Server B is SHSADS. I have run this on server A
========================== ========== ===
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine shs1, is a DC.
* Connecting to directory service on server shs1.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SH S1
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... SHS1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SH S1
Starting test: Replications
* Replications Check
* Replication Latency Check
* Replication Site Latency Check
......................... SHS1 passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
DC=ForestDnsZones,DC=SHS,D C=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=SHS,D C=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration ,DC=SHS,DC =local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=SHS,DC =local
(Configuration,Version 2)
* Security Permissions Check for
DC=SHS,DC=local
(Domain,Version 2)
......................... SHS1 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... SHS1 passed test NetLogons
Starting test: Advertising
The DC SHS1 is advertising itself as a DC and having a DS.
The DC SHS1 is advertising as an LDAP server
The DC SHS1 is advertising as having a writeable directory
The DC SHS1 is advertising as a Key Distribution Center
The DC SHS1 is advertising as a time server
......................... SHS1 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=SHSADS,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= SHS,DC=loc al
Role Domain Owner = CN=NTDS Settings,CN=SHSADS,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= SHS,DC=loc al
Role PDC Owner = CN=NTDS Settings,CN=SHS1,CN=Server s,CN=Defau lt-First-S ite-Name,C N=Sites,CN =Configura tion,DC=SH S,DC=local
Role Rid Owner = CN=NTDS Settings,CN=SHSADS,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= SHS,DC=loc al
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SHS1,CN=Server s,CN=Defau lt-First-S ite-Name,C N=Sites,CN =Configura tion,DC=SH S,DC=local
......................... SHS1 passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2103 to 1073741823
* SHSADS.SHS.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1103 to 1602
* rIDPreviousAllocationPool is 1103 to 1602
* rIDNextRID: 1297
......................... SHS1 passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/shs1.SHS.local/SHS.l ocal
* SPN found :LDAP/shs1.SHS.local
* SPN found :LDAP/SHS1
* SPN found :LDAP/shs1.SHS.local/SHS
* SPN found :LDAP/1a3d296c-7479-4462-8 50a-49bafa 911ef7._ms dcs.SHS.lo cal
* SPN found :E3514235-4B06-11D1-AB04-0 0C04FC2DCD 2/1a3d296c -7479-4462 -850a-49ba fa911ef7/S HS.local
* SPN found :HOST/shs1.SHS.local/SHS.l ocal
* SPN found :HOST/shs1.SHS.local
* SPN found :HOST/SHS1
* SPN found :HOST/shs1.SHS.local/SHS
* SPN found :GC/shs1.SHS.local/SHS.loc al
......................... SHS1 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
IsmServ Service is stopped on [SHS1]
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SHS1 failed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
SHS1 is in domain DC=SHS,DC=local
Checking for CN=SHS1,OU=Domain Controllers,DC=SHS,DC=loca l in domain DC=SHS,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=SHS1,CN=Server s,CN=Defau lt-First-S ite-Name,C N=Sites,CN =Configura tion,DC=SH S,DC=local in domain CN=Configuration,DC=SHS,DC =local on 1 servers
Object is up-to-date on all servers.
......................... SHS1 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SHS1 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 12/03/2004 22:11:50
Event String: The File Replication Service is having trouble
enabling replication from SHSADS to SHS1 for
c:\windows\sysvol\domain using the DNS name
SHSADS.SHS.local. FRS will keep retrying.
Following are some of the reasons you would see
this warning.
[1] FRS can not correctly resolve the DNS name
SHSADS.SHS.local from this computer.
[2] FRS is not running on SHSADS.SHS.local.
[3] The topology information in the Active
Directory for this replica has not yet replicated
to all the Domain Controllers.
This event log message will appear once per
connection, After the problem is fixed you will
see another event log message indicating that the
connection has been established.
......................... SHS1 failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... SHS1 passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0xC0002713
Time Generated: 12/03/2004 22:50:23
Event String: Access denied attempting to launch a DCOM Server
using DefaultLaunchPermssion. The server is:
{00020906-0000-0000-C000-0 0000000004 6}
The user is ANONYMOUS LOGON/NT AUTHORITY,
SID=S-1-5-7.
An Error Event occured. EventID: 0xC0002713
Time Generated: 12/03/2004 23:27:21
Event String: Access denied attempting to launch a DCOM Server
using DefaultLaunchPermssion. The server is:
{00020906-0000-0000-C000-0 0000000004 6}
The user is ANONYMOUS LOGON/NT AUTHORITY,
SID=S-1-5-7.
......................... SHS1 failed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=SHS1,OU=Domain Controllers,DC=SHS,DC=loca l and backlink on
CN=SHS1,CN=Servers,CN=Defa ult-First- Site-Name, CN=Sites,C N=Configur ation,DC=S HS,DC=loca l
are correct.
The system object reference (frsComputerReferenceBL)
CN=SHS1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=SHS,D C=local
and backlink on CN=SHS1,OU=Domain Controllers,DC=SHS,DC=loca l are
correct.
The system object reference (serverReferenceBL)
CN=SHS1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=SHS,D C=local
and backlink on
CN=NTDS Settings,CN=SHS1,CN=Server s,CN=Defau lt-First-S ite-Name,C N=Sites,CN =Configura tion,DC=SH S,DC=local
are correct.
......................... SHS1 passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : SHS
Starting test: CrossRefValidation
......................... SHS passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... SHS passed test CheckSDRefDom
Running enterprise tests on : SHS.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... SHS.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\SHSADS.SHS.local
Locator Flags: 0xe00001fc
PDC Name: \\shs1.SHS.local
Locator Flags: 0xe00003f9
Time Server Name: \\shs1.SHS.local
Locator Flags: 0xe00003f9
Preferred Time Server Name: \\shs1.SHS.local
Locator Flags: 0xe00003f9
KDC Name: \\shs1.SHS.local
Locator Flags: 0xe00003f9
......................... SHS.local passed test FsmoCheck
==========================
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine shs1, is a DC.
* Connecting to directory service on server shs1.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SH
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... SHS1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SH
Starting test: Replications
* Replications Check
* Replication Latency Check
* Replication Site Latency Check
......................... SHS1 passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
DC=ForestDnsZones,DC=SHS,D
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=SHS,D
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=SHS,DC
(Configuration,Version 2)
* Security Permissions Check for
DC=SHS,DC=local
(Domain,Version 2)
......................... SHS1 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... SHS1 passed test NetLogons
Starting test: Advertising
The DC SHS1 is advertising itself as a DC and having a DS.
The DC SHS1 is advertising as an LDAP server
The DC SHS1 is advertising as having a writeable directory
The DC SHS1 is advertising as a Key Distribution Center
The DC SHS1 is advertising as a time server
......................... SHS1 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=SHSADS,CN=Serv
Role Domain Owner = CN=NTDS Settings,CN=SHSADS,CN=Serv
Role PDC Owner = CN=NTDS Settings,CN=SHS1,CN=Server
Role Rid Owner = CN=NTDS Settings,CN=SHSADS,CN=Serv
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SHS1,CN=Server
......................... SHS1 passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2103 to 1073741823
* SHSADS.SHS.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1103 to 1602
* rIDPreviousAllocationPool is 1103 to 1602
* rIDNextRID: 1297
......................... SHS1 passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/shs1.SHS.local/SHS.l
* SPN found :LDAP/shs1.SHS.local
* SPN found :LDAP/SHS1
* SPN found :LDAP/shs1.SHS.local/SHS
* SPN found :LDAP/1a3d296c-7479-4462-8
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/shs1.SHS.local/SHS.l
* SPN found :HOST/shs1.SHS.local
* SPN found :HOST/SHS1
* SPN found :HOST/shs1.SHS.local/SHS
* SPN found :GC/shs1.SHS.local/SHS.loc
......................... SHS1 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
IsmServ Service is stopped on [SHS1]
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SHS1 failed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
SHS1 is in domain DC=SHS,DC=local
Checking for CN=SHS1,OU=Domain Controllers,DC=SHS,DC=loca
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=SHS1,CN=Server
Object is up-to-date on all servers.
......................... SHS1 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SHS1 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 12/03/2004 22:11:50
Event String: The File Replication Service is having trouble
enabling replication from SHSADS to SHS1 for
c:\windows\sysvol\domain using the DNS name
SHSADS.SHS.local. FRS will keep retrying.
Following are some of the reasons you would see
this warning.
[1] FRS can not correctly resolve the DNS name
SHSADS.SHS.local from this computer.
[2] FRS is not running on SHSADS.SHS.local.
[3] The topology information in the Active
Directory for this replica has not yet replicated
to all the Domain Controllers.
This event log message will appear once per
connection, After the problem is fixed you will
see another event log message indicating that the
connection has been established.
......................... SHS1 failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... SHS1 passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0xC0002713
Time Generated: 12/03/2004 22:50:23
Event String: Access denied attempting to launch a DCOM Server
using DefaultLaunchPermssion. The server is:
{00020906-0000-0000-C000-0
The user is ANONYMOUS LOGON/NT AUTHORITY,
SID=S-1-5-7.
An Error Event occured. EventID: 0xC0002713
Time Generated: 12/03/2004 23:27:21
Event String: Access denied attempting to launch a DCOM Server
using DefaultLaunchPermssion. The server is:
{00020906-0000-0000-C000-0
The user is ANONYMOUS LOGON/NT AUTHORITY,
SID=S-1-5-7.
......................... SHS1 failed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=SHS1,OU=Domain Controllers,DC=SHS,DC=loca
CN=SHS1,CN=Servers,CN=Defa
are correct.
The system object reference (frsComputerReferenceBL)
CN=SHS1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=SHS,D
and backlink on CN=SHS1,OU=Domain Controllers,DC=SHS,DC=loca
correct.
The system object reference (serverReferenceBL)
CN=SHS1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=SHS,D
and backlink on
CN=NTDS Settings,CN=SHS1,CN=Server
are correct.
......................... SHS1 passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : SHS
Starting test: CrossRefValidation
......................... SHS passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... SHS passed test CheckSDRefDom
Running enterprise tests on : SHS.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... SHS.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\SHSADS.SHS.local
Locator Flags: 0xe00001fc
PDC Name: \\shs1.SHS.local
Locator Flags: 0xe00003f9
Time Server Name: \\shs1.SHS.local
Locator Flags: 0xe00003f9
Preferred Time Server Name: \\shs1.SHS.local
Locator Flags: 0xe00003f9
KDC Name: \\shs1.SHS.local
Locator Flags: 0xe00003f9
......................... SHS.local passed test FsmoCheck
It looks like File Replication Service is stopped on server B.
Check both servers and start FRS on whichever server is stopped.
Check DNS for the existance of records for server B.
Make sure both server A and B have only your DNS servers in the properties of the NIC.
Advise.
Check both servers and start FRS on whichever server is stopped.
Check DNS for the existance of records for server B.
Make sure both server A and B have only your DNS servers in the properties of the NIC.
Advise.
Not all your roles have moved:
Role PDC Owner = CN=NTDS Settings,CN=SHS1,CN=Server s,CN=Defau lt-First-S ite-Name,C N=Sites,CN =Configura tion,DC=SH S,DC=local
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SHS1,CN=Server s,CN=Defau lt-First-S ite-Name,C N=Sites,CN =Configura tion,DC=SH S,DC=local
Server A still holds the PDC Emulator and Infrastructure Master.
Role PDC Owner = CN=NTDS Settings,CN=SHS1,CN=Server
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SHS1,CN=Server
Server A still holds the PDC Emulator and Infrastructure Master.
Intersite Messaging is not started on server SHS1
Checking Service: IsmServ
IsmServ Service is stopped on [SHS1]
Checking Service: IsmServ
IsmServ Service is stopped on [SHS1]
ASKER
- RFS was already started on both the servers
- Both the DNS servers have DNS entry for server B
- Both the servers have only internal DNS servers assigned. Means Server A DNS and Server B DNS
- Both the DNS servers have DNS entry for server B
- Both the servers have only internal DNS servers assigned. Means Server A DNS and Server B DNS
ASKER
i have also run the dcdiag on server B. why it's showing PDCname as shs1 as we already transferred all FSMO roles to SHSADS
========================== ========== =======
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine SHSADS, is a DC.
* Connecting to directory service on server SHSADS.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SH SADS
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... SHSADS passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SH SADS
Starting test: Replications
* Replications Check
* Replication Latency Check
* Replication Site Latency Check
......................... SHSADS passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
DC=ForestDnsZones,DC=SHS,D C=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=SHS,D C=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration ,DC=SHS,DC =local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=SHS,DC =local
(Configuration,Version 2)
* Security Permissions Check for
DC=SHS,DC=local
(Domain,Version 2)
......................... SHSADS passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... SHSADS passed test NetLogons
Starting test: Advertising
The DC SHSADS is advertising itself as a DC and having a DS.
The DC SHSADS is advertising as an LDAP server
The DC SHSADS is advertising as having a writeable directory
The DC SHSADS is advertising as a Key Distribution Center
The DC SHSADS is advertising as a time server
The DS SHSADS is advertising as a GC.
......................... SHSADS passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=SHSADS,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= SHS,DC=loc al
Role Domain Owner = CN=NTDS Settings,CN=SHSADS,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= SHS,DC=loc al
Role PDC Owner = CN=NTDS Settings,CN=SHS1,CN=Server s,CN=Defau lt-First-S ite-Name,C N=Sites,CN =Configura tion,DC=SH S,DC=local
Role Rid Owner = CN=NTDS Settings,CN=SHSADS,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= SHS,DC=loc al
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SHS1,CN=Server s,CN=Defau lt-First-S ite-Name,C N=Sites,CN =Configura tion,DC=SH S,DC=local
......................... SHSADS passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2103 to 1073741823
* SHSADS.SHS.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1603 to 2102
* rIDPreviousAllocationPool is 1603 to 2102
* rIDNextRID: 1605
......................... SHSADS passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/SHSADS.SHS.local/SHS .local
* SPN found :LDAP/SHSADS.SHS.local
* SPN found :LDAP/SHSADS
* SPN found :LDAP/SHSADS.SHS.local/SHS
* SPN found :LDAP/57c17713-2bca-4b32-9 4ca-06af8d 5b7809._ms dcs.SHS.lo cal
* SPN found :E3514235-4B06-11D1-AB04-0 0C04FC2DCD 2/57c17713 -2bca-4b32 -94ca-06af 8d5b7809/S HS.local
* SPN found :HOST/SHSADS.SHS.local/SHS .local
* SPN found :HOST/SHSADS.SHS.local
* SPN found :HOST/SHSADS
* SPN found :HOST/SHSADS.SHS.local/SHS
* SPN found :GC/SHSADS.SHS.local/SHS.l ocal
......................... SHSADS passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SHSADS passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
SHSADS is in domain DC=SHS,DC=local
Checking for CN=SHSADS,OU=Domain Controllers,DC=SHS,DC=loca l in domain DC=SHS,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=SHSADS,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= SHS,DC=loc al in domain CN=Configuration,DC=SHS,DC =local on 1 servers
Object is up-to-date on all servers.
......................... SHSADS passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SHSADS passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... SHSADS passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... SHSADS passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x00000457
Time Generated: 12/04/2004 00:30:10
Event String: Driver HP LaserJet 4200 PCL 6 required for
printer !!isservices!HP LaserJet 4200 PCL 6 is
unknown. Contact the administrator to install the
driver before you log in again.
......................... SHSADS failed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=SHSADS,OU=Domain Controllers,DC=SHS,DC=loca l and backlink on
CN=SHSADS,CN=Servers,CN=De fault-Firs t-Site-Nam e,CN=Sites ,CN=Config uration,DC =SHS,DC=lo cal
are correct.
The system object reference (frsComputerReferenceBL)
CN=SHSADS,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=SHS,D C=local
and backlink on CN=SHSADS,OU=Domain Controllers,DC=SHS,DC=loca l are
correct.
The system object reference (serverReferenceBL)
CN=SHSADS,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=SHS,D C=local
and backlink on
CN=NTDS Settings,CN=SHSADS,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= SHS,DC=loc al
are correct.
......................... SHSADS passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : SHS
Starting test: CrossRefValidation
......................... SHS passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... SHS passed test CheckSDRefDom
Running enterprise tests on : SHS.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... SHS.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\SHSADS.SHS.local
Locator Flags: 0xe00001fc
PDC Name: \\shs1.SHS.local
Locator Flags: 0xe00003f9
Time Server Name: \\SHSADS.SHS.local
Locator Flags: 0xe00001fc
Preferred Time Server Name: \\shs1.SHS.local
Locator Flags: 0xe00003f9
KDC Name: \\SHSADS.SHS.local
Locator Flags: 0xe00001fc
......................... SHS.local passed test FsmoCheck
==========================
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine SHSADS, is a DC.
* Connecting to directory service on server SHSADS.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SH
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... SHSADS passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SH
Starting test: Replications
* Replications Check
* Replication Latency Check
* Replication Site Latency Check
......................... SHSADS passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
DC=ForestDnsZones,DC=SHS,D
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=SHS,D
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=SHS,DC
(Configuration,Version 2)
* Security Permissions Check for
DC=SHS,DC=local
(Domain,Version 2)
......................... SHSADS passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... SHSADS passed test NetLogons
Starting test: Advertising
The DC SHSADS is advertising itself as a DC and having a DS.
The DC SHSADS is advertising as an LDAP server
The DC SHSADS is advertising as having a writeable directory
The DC SHSADS is advertising as a Key Distribution Center
The DC SHSADS is advertising as a time server
The DS SHSADS is advertising as a GC.
......................... SHSADS passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=SHSADS,CN=Serv
Role Domain Owner = CN=NTDS Settings,CN=SHSADS,CN=Serv
Role PDC Owner = CN=NTDS Settings,CN=SHS1,CN=Server
Role Rid Owner = CN=NTDS Settings,CN=SHSADS,CN=Serv
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SHS1,CN=Server
......................... SHSADS passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2103 to 1073741823
* SHSADS.SHS.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1603 to 2102
* rIDPreviousAllocationPool is 1603 to 2102
* rIDNextRID: 1605
......................... SHSADS passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/SHSADS.SHS.local/SHS
* SPN found :LDAP/SHSADS.SHS.local
* SPN found :LDAP/SHSADS
* SPN found :LDAP/SHSADS.SHS.local/SHS
* SPN found :LDAP/57c17713-2bca-4b32-9
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/SHSADS.SHS.local/SHS
* SPN found :HOST/SHSADS.SHS.local
* SPN found :HOST/SHSADS
* SPN found :HOST/SHSADS.SHS.local/SHS
* SPN found :GC/SHSADS.SHS.local/SHS.l
......................... SHSADS passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SHSADS passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
SHSADS is in domain DC=SHS,DC=local
Checking for CN=SHSADS,OU=Domain Controllers,DC=SHS,DC=loca
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=SHSADS,CN=Serv
Object is up-to-date on all servers.
......................... SHSADS passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SHSADS passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... SHSADS passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... SHSADS passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x00000457
Time Generated: 12/04/2004 00:30:10
Event String: Driver HP LaserJet 4200 PCL 6 required for
printer !!isservices!HP LaserJet 4200 PCL 6 is
unknown. Contact the administrator to install the
driver before you log in again.
......................... SHSADS failed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=SHSADS,OU=Domain Controllers,DC=SHS,DC=loca
CN=SHSADS,CN=Servers,CN=De
are correct.
The system object reference (frsComputerReferenceBL)
CN=SHSADS,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=SHS,D
and backlink on CN=SHSADS,OU=Domain Controllers,DC=SHS,DC=loca
correct.
The system object reference (serverReferenceBL)
CN=SHSADS,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=SHS,D
and backlink on
CN=NTDS Settings,CN=SHSADS,CN=Serv
are correct.
......................... SHSADS passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : SHS
Starting test: CrossRefValidation
......................... SHS passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... SHS passed test CheckSDRefDom
Running enterprise tests on : SHS.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... SHS.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\SHSADS.SHS.local
Locator Flags: 0xe00001fc
PDC Name: \\shs1.SHS.local
Locator Flags: 0xe00003f9
Time Server Name: \\SHSADS.SHS.local
Locator Flags: 0xe00001fc
Preferred Time Server Name: \\shs1.SHS.local
Locator Flags: 0xe00003f9
KDC Name: \\SHSADS.SHS.local
Locator Flags: 0xe00001fc
......................... SHS.local passed test FsmoCheck
According to both DCs, the PDC and Infrastructure Masters are still on server A.
Log in as Enterprise Admin and try to move them again. I think that article I posted has the steps for these two roles.
Advise.
Log in as Enterprise Admin and try to move them again. I think that article I posted has the steps for these two roles.
Advise.
ASKER
I am trying to transfer the Infrastructure role to SHSADS but getting following popup
SHSADS.SHS.LOCAL is a Global Catalog server. The Infrastructure operation master role should not be transferred to a GC server. Please see help for more information.
Are you centain you want to transfer the infrastructure operations master role to this GC server?
I have YES, NO and help buttons.
When i tried to do the same thing from SHS1 and get the following error
The following domain controller could not be contacted: SHSADS.SHS.Local.
The RPC server is unavailable
SHSADS.SHS.LOCAL is a Global Catalog server. The Infrastructure operation master role should not be transferred to a GC server. Please see help for more information.
Are you centain you want to transfer the infrastructure operations master role to this GC server?
I have YES, NO and help buttons.
When i tried to do the same thing from SHS1 and get the following error
The following domain controller could not be contacted: SHSADS.SHS.Local.
The RPC server is unavailable
Choose Yes. You have a single domain and 1 DC so it's fine.
Make sure the time zone, time and daylight savings option is set properly on both DCs - the two servers must have the same time.
Run this:
netdiag /v > c:\netdiag.txt
Post the results.
Make sure the time zone, time and daylight savings option is set properly on both DCs - the two servers must have the same time.
Run this:
netdiag /v > c:\netdiag.txt
Post the results.
ASKER
I am still unable to demote SHS1 and getting the same error. I have run dcdiag.exe on shs1.
========================== =========
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine shs1, is a DC.
* Connecting to directory service on server shs1.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SH S1
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... SHS1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SH S1
Starting test: Replications
* Replications Check
* Replication Latency Check
* Replication Site Latency Check
......................... SHS1 passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
DC=ForestDnsZones,DC=SHS,D C=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=SHS,D C=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration ,DC=SHS,DC =local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=SHS,DC =local
(Configuration,Version 2)
* Security Permissions Check for
DC=SHS,DC=local
(Domain,Version 2)
......................... SHS1 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... SHS1 passed test NetLogons
Starting test: Advertising
The DC SHS1 is advertising itself as a DC and having a DS.
The DC SHS1 is advertising as an LDAP server
The DC SHS1 is advertising as having a writeable directory
The DC SHS1 is advertising as a Key Distribution Center
The DC SHS1 is advertising as a time server
......................... SHS1 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=SHSADS,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= SHS,DC=loc al
Role Domain Owner = CN=NTDS Settings,CN=SHSADS,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= SHS,DC=loc al
Role PDC Owner = CN=NTDS Settings,CN=SHSADS,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= SHS,DC=loc al
Role Rid Owner = CN=NTDS Settings,CN=SHSADS,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= SHS,DC=loc al
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SHSADS,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= SHS,DC=loc al
......................... SHS1 passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2103 to 1073741823
* SHSADS.SHS.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1103 to 1602
* rIDPreviousAllocationPool is 1103 to 1602
* rIDNextRID: 1297
......................... SHS1 passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/shs1.SHS.local/SHS.l ocal
* SPN found :LDAP/shs1.SHS.local
* SPN found :LDAP/SHS1
* SPN found :LDAP/shs1.SHS.local/SHS
* SPN found :LDAP/1a3d296c-7479-4462-8 50a-49bafa 911ef7._ms dcs.SHS.lo cal
* SPN found :E3514235-4B06-11D1-AB04-0 0C04FC2DCD 2/1a3d296c -7479-4462 -850a-49ba fa911ef7/S HS.local
* SPN found :HOST/shs1.SHS.local/SHS.l ocal
* SPN found :HOST/shs1.SHS.local
* SPN found :HOST/SHS1
* SPN found :HOST/shs1.SHS.local/SHS
* SPN found :GC/shs1.SHS.local/SHS.loc al
......................... SHS1 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
IsmServ Service is stopped on [SHS1]
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SHS1 failed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
SHS1 is in domain DC=SHS,DC=local
Checking for CN=SHS1,OU=Domain Controllers,DC=SHS,DC=loca l in domain DC=SHS,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=SHS1,CN=Server s,CN=Defau lt-First-S ite-Name,C N=Sites,CN =Configura tion,DC=SH S,DC=local in domain CN=Configuration,DC=SHS,DC =local on 1 servers
Object is up-to-date on all servers.
......................... SHS1 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SHS1 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... SHS1 passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... SHS1 passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0xC0002713
Time Generated: 12/04/2004 11:17:35
Event String: Access denied attempting to launch a DCOM Server
using DefaultLaunchPermssion. The server is:
{00020906-0000-0000-C000-0 0000000004 6}
The user is ANONYMOUS LOGON/NT AUTHORITY,
SID=S-1-5-7.
......................... SHS1 failed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=SHS1,OU=Domain Controllers,DC=SHS,DC=loca l and backlink on
CN=SHS1,CN=Servers,CN=Defa ult-First- Site-Name, CN=Sites,C N=Configur ation,DC=S HS,DC=loca l
are correct.
The system object reference (frsComputerReferenceBL)
CN=SHS1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=SHS,D C=local
and backlink on CN=SHS1,OU=Domain Controllers,DC=SHS,DC=loca l are
correct.
The system object reference (serverReferenceBL)
CN=SHS1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=SHS,D C=local
and backlink on
CN=NTDS Settings,CN=SHS1,CN=Server s,CN=Defau lt-First-S ite-Name,C N=Sites,CN =Configura tion,DC=SH S,DC=local
are correct.
......................... SHS1 passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : SHS
Starting test: CrossRefValidation
......................... SHS passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... SHS passed test CheckSDRefDom
Running enterprise tests on : SHS.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... SHS.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\SHSADS.SHS.local
Locator Flags: 0xe00001fd
PDC Name: \\SHSADS.SHS.local
Locator Flags: 0xe00001fd
Time Server Name: \\shs1.SHS.local
Locator Flags: 0xe00003f8
Preferred Time Server Name: \\shs1.SHS.local
Locator Flags: 0xe00003f8
KDC Name: \\shs1.SHS.local
Locator Flags: 0xe00003f8
......................... SHS.local passed test FsmoCheck
==========================
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine shs1, is a DC.
* Connecting to directory service on server shs1.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SH
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... SHS1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SH
Starting test: Replications
* Replications Check
* Replication Latency Check
* Replication Site Latency Check
......................... SHS1 passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
DC=ForestDnsZones,DC=SHS,D
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=SHS,D
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=SHS,DC
(Configuration,Version 2)
* Security Permissions Check for
DC=SHS,DC=local
(Domain,Version 2)
......................... SHS1 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... SHS1 passed test NetLogons
Starting test: Advertising
The DC SHS1 is advertising itself as a DC and having a DS.
The DC SHS1 is advertising as an LDAP server
The DC SHS1 is advertising as having a writeable directory
The DC SHS1 is advertising as a Key Distribution Center
The DC SHS1 is advertising as a time server
......................... SHS1 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=SHSADS,CN=Serv
Role Domain Owner = CN=NTDS Settings,CN=SHSADS,CN=Serv
Role PDC Owner = CN=NTDS Settings,CN=SHSADS,CN=Serv
Role Rid Owner = CN=NTDS Settings,CN=SHSADS,CN=Serv
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SHSADS,CN=Serv
......................... SHS1 passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2103 to 1073741823
* SHSADS.SHS.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1103 to 1602
* rIDPreviousAllocationPool is 1103 to 1602
* rIDNextRID: 1297
......................... SHS1 passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/shs1.SHS.local/SHS.l
* SPN found :LDAP/shs1.SHS.local
* SPN found :LDAP/SHS1
* SPN found :LDAP/shs1.SHS.local/SHS
* SPN found :LDAP/1a3d296c-7479-4462-8
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/shs1.SHS.local/SHS.l
* SPN found :HOST/shs1.SHS.local
* SPN found :HOST/SHS1
* SPN found :HOST/shs1.SHS.local/SHS
* SPN found :GC/shs1.SHS.local/SHS.loc
......................... SHS1 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
IsmServ Service is stopped on [SHS1]
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SHS1 failed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
SHS1 is in domain DC=SHS,DC=local
Checking for CN=SHS1,OU=Domain Controllers,DC=SHS,DC=loca
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=SHS1,CN=Server
Object is up-to-date on all servers.
......................... SHS1 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SHS1 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... SHS1 passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... SHS1 passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0xC0002713
Time Generated: 12/04/2004 11:17:35
Event String: Access denied attempting to launch a DCOM Server
using DefaultLaunchPermssion. The server is:
{00020906-0000-0000-C000-0
The user is ANONYMOUS LOGON/NT AUTHORITY,
SID=S-1-5-7.
......................... SHS1 failed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=SHS1,OU=Domain Controllers,DC=SHS,DC=loca
CN=SHS1,CN=Servers,CN=Defa
are correct.
The system object reference (frsComputerReferenceBL)
CN=SHS1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=SHS,D
and backlink on CN=SHS1,OU=Domain Controllers,DC=SHS,DC=loca
correct.
The system object reference (serverReferenceBL)
CN=SHS1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=SHS,D
and backlink on
CN=NTDS Settings,CN=SHS1,CN=Server
are correct.
......................... SHS1 passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : SHS
Starting test: CrossRefValidation
......................... SHS passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... SHS passed test CheckSDRefDom
Running enterprise tests on : SHS.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... SHS.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\SHSADS.SHS.local
Locator Flags: 0xe00001fd
PDC Name: \\SHSADS.SHS.local
Locator Flags: 0xe00001fd
Time Server Name: \\shs1.SHS.local
Locator Flags: 0xe00003f8
Preferred Time Server Name: \\shs1.SHS.local
Locator Flags: 0xe00003f8
KDC Name: \\shs1.SHS.local
Locator Flags: 0xe00003f8
......................... SHS.local passed test FsmoCheck
Run DCPROMO /forceremoval
Follow this article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;332199
After you are done, follow this one:
http://support.microsoft.com/default.aspx?scid=kb;en-us;216498
Follow this article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;332199
After you are done, follow this one:
http://support.microsoft.com/default.aspx?scid=kb;en-us;216498
ASKER
After demoting SHS1. I am getting following error when running windows update and also i am not able to login on domain. I have joined the domain though. I am getting this error when trying to login on domain. I can login with local administrator.
The system cannot log you on due to the following error:
The RPC server is unavailable.
Please try again or consult your administrator
Windows update error
========================== ========== =======
The Windows Update software did not update successfully. Below are some suggestions to help you proceed:
You may have clicked No when prompted to accept the Trust Certificate. To allow the Windows Update site software to install, click Yes when presented with the Security Warning dialog box.
Your Internet Explorer security settings may be set too high. To install the updated software and access Windows Update, Internet Explorer security must be set to medium or lower, and active scripting and the download and initialization of ActiveX controls must be enabled.
Note These are the default settings for Internet Explorer. For more information about Internet Explorer security and instructions on how to change your security settings, read Microsoft Knowledge Base (KB) Article Q174360.
Were these suggestions helpful? Send us your feedback.
The system cannot log you on due to the following error:
The RPC server is unavailable.
Please try again or consult your administrator
Windows update error
==========================
The Windows Update software did not update successfully. Below are some suggestions to help you proceed:
You may have clicked No when prompted to accept the Trust Certificate. To allow the Windows Update site software to install, click Yes when presented with the Security Warning dialog box.
Your Internet Explorer security settings may be set too high. To install the updated software and access Windows Update, Internet Explorer security must be set to medium or lower, and active scripting and the download and initialization of ActiveX controls must be enabled.
Note These are the default settings for Internet Explorer. For more information about Internet Explorer security and instructions on how to change your security settings, read Microsoft Knowledge Base (KB) Article Q174360.
Were these suggestions helpful? Send us your feedback.
I can see the netlogon, print$ and sysvol shares but I cannot access them.
When I try to uninstall AD, I get the operation failed because: Managing the network session failed. The network path was not found. Ensure that file and printer sharing for Microsoft Networks is enabled for that connection.
When I try to uninstall AD, I get the operation failed because: Managing the network session failed. The network path was not found. Ensure that file and printer sharing for Microsoft Networks is enabled for that connection.
Is this a child DC to the first one? Is this a peer in the same domain? Is this a separate domain tree?
Are they on the same subnet?
Please be as detailed as you can - these errors can happen for a variety of reasons. The clearer your picture, the faster we can get you the answer.
NM