Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


DC Imaged to different machine getting login errors

Posted on 2005-03-01
Medium Priority
Last Modified: 2010-05-18
I have created an image of our DC (FSMO holder and GC) and dropped the image on a clone machine outside of our production environment for Disaster Recovery purposes.  I used Symantec V2I builder.  My production environment has 3 DC - 1 2003 (above) and 2 W2K DC's.  In this DR enviroment, as of right now, I just have the one Win 2003 DC online.

On the DR DC I am getting the following error in the event log:

Event ID 16651

The request for a new account-identifier pool failed. The operation will be retried until the request succeeds. The error is %n " %1 "

On a workstation that I try to add to this DR DC I get the following error:

Windows cannot create the object because the Directory Service was unable to allocate a relative identifier.

This DC that the workstation is trying to connect to is the FSMO holder and GC.

I also verified that it is the RID Master and holds all the other roles.

I have reviewed many MS articles and came across Q305476 which indicates how to use repadmin /delete command to delete the other DC's that the DC is thinking are still on the network and trying to sync. with.  

I really don't wish to use this command because it can break AD so want to pass by everyone this issue and see what you think?

Your response is appreciated.


Question by:Dabowitt
LVL 51

Expert Comment

ID: 13432158
Temporarily install another DC into this environment.  Transfer the RID master role to this new server.  Give it overnight to settle down - transfer the role back.

DCPROMO out the temporary server.

If this server cannot see the other servers (which would be the case in a test environment) why are you hesitant to remove the replication partners from it?  It should work just fine.  Besides, you should be testing this all out for DR process anyway.



Author Comment

ID: 13432364
Not hesitant but wanting to see if the errors I'm getting are due to it not seeing the other DC's or is it another issue.  The command if done wrong can destroy AD and it takes sometime to rebuild.

Accepted Solution

SunshineVK earned 2000 total points
ID: 13507033
Kindly try this

From a command prompt or the Run text box, type repadmin /options +DISABLE_INBOUND_REPL and then press ENTER.
Verify that the option is set. You should get this message: repadmin running command /options against server localhost.

To turn off inbound replication using Active Directory Sites & Services
Open Active Directory Sites & Services
Locate the Server, you have restored. Expand the same, and select NTDS settings
Delete all the inbound replication objects in the right-hand pane
Right click on the NTDS settings, and  click on Check Replication topology

Pls let me know if the above suggestion helps.

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Loops Section Overview
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question