• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 6671
  • Last Modified:

Errors when transferring FSMO roles from 2003 DC to 2003 DC

I have set up a new 2003 server as and additional DC on our network. I would like to transfer the FSMO roles to the new server and leave the old server as a secondary DC, as it is running MS Exchange server. However, when I got to transfer all of the FSMO roles, it continually gives me an error that the current FSMO holder cannot be contacted. These are the errors that I get:

RID
The transfer of the operations master role cannot be performed because:
The requested FSMO operation failed. The current FSMO holder could not be contacted.

PDC
This computer is a non-replication partner. Transferring the PDC role to this computer may cause a full sync on all NT4BDCs. Do you want to continue with this transfer?

Infrastructure
DC1.<domainname>.com is a global catalog (GC) server. The infrastructure operations master role should not be transferred to a GC server. Please see help for more information.
Are you are certain you want to transfer the infrastructure operations master role to this GC server? <YES> <NO>

Also, when I go into the MMC and use the Active Directory Schema tool and try to switch over the domain controller, it works fine, but when i try to transfer the Operations Master, it gives me the same error that the current FSMO holder cannot be contacted.

I DO NOT want to seize the roles because if I do, I have to take the other DC off the network and that is NOT an option for me, as MS Exchange server is running on it and we have been unable to find the CD to be able to reinstall.

(Both servers are GCs, does this cause a problem and does it need to be shut off on one or both before transferring roles?)
Can someone please give me some guidance as to what may be going wrong and what I can do to correct this problem? Thanks!
0
newagetechnology
Asked:
newagetechnology
  • 6
  • 4
1 Solution
 
Netman66Commented:
This is very likely a DNS issue.  All SRV records for the DCs must be present in your DNS.  You must also ONLY point all your PCs and servers to you own DNS server - no ISP DNS addresses are to be present on any NIC settings inside your LAN.  

As long as you have one Domain in this Forest then transferring the IM role to a GC is fine.

DO NOT change the role of the Exchange server.  Once Exchange is installed on a server the role of this server cannot change or Exchange will break.  You can transfer roles, but it must remain a DC.

0
 
newagetechnologyAuthor Commented:
I copied the DNS from the old DC to the new one so they are identical. All DNS on machines are pointing to the original DC as the DNS server. The is only one Domain that we have.

The DC that is the exchange server is the old DC. I put  new DC in place and would like to transfer all roles to this server. So, are you saying that I should not transfer the FSMO roles to the new server because exchange will break? I want to just leave the old DC as the exchange server. However, i am going to leave both as domain controllers. I was just hoping to move all of the roles to the new DC.
0
 
Netman66Commented:
You can move the roles, you just can't demote the server - this is what will break Exchange.

In all honesty, the FSMO roles are really no burden to a server.  If you can't move them gracefully then they will be fine where they are.

0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

 
newagetechnologyAuthor Commented:
OK, now I see what you were saying. Yes, I knew about Exchange breaking if I demoted the server. That was one of the primay reasons that I left the old server up as a DC. I figured it wouldn't hurt anything so why demote it. Plus all the time of getting the media for Exchange, reinstalling it, and migrating the mailboxes over would be time consuming. We are going to use the old server as a Great Plains developement server as well as Exchange, but those will be th only 2 things on that server. The only reason I want to change everything over is in the event we decide to take the server down. The old DC has been a headache ever since I took this client over. For one thing, it was an UPGRADE from Server 2000 to Server 2003 and the guy that set it up did not do the proper procedures to get the domain ready for 2003 (adprep). So, when i put the new server in and ran DCPROMO to make it a domain controller, I ran into a bunch of issues not knowing that adprep had not been run. I just want to get finished with this job. The only things that I have left are to transfer the FSMO roles and make the new DC the primary DNS server.
0
 
newagetechnologyAuthor Commented:
OK, I just ran dcdiag on the old server and this is what I got. Looks like it is trying to replicate back from the new server and is failing. Any ideas on what needs to be done to fix?

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>dcdiag

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\FS1
      Starting test: Connectivity
         ......................... FS1 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\FS1
      Starting test: Replications
         [Replications Check,FS1] A recent replication attempt failed:
            From DC1 to FS1
            Naming Context: DC=ForestDnsZones,DC=hartytractor,DC=com
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2006-04-06 02:55:39.
            The last success occurred at 2006-04-03 17:00:19.
            2 failures have occurred since the last success.
            [DC1] DsBindWithSpnEx() failed with error 1722,
            The RPC server is unavailable..
            The source remains down. Please check the machine.
         [Replications Check,FS1] A recent replication attempt failed:
            From DC1 to FS1
            Naming Context: DC=DomainDnsZones,DC=hartytractor,DC=com
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2006-04-09 19:55:20.
            The last success occurred at 2006-04-03 17:00:22.
            25 failures have occurred since the last success.
            The source remains down. Please check the machine.
         [Replications Check,FS1] A recent replication attempt failed:
            From DC1 to FS1
            Naming Context: CN=Schema,CN=Configuration,DC=hartytractor,DC=com
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2006-04-10 11:49:49.
            The last success occurred at 2006-04-03 16:54:52.
            163 failures have occurred since the last success.
            The source remains down. Please check the machine.
         [Replications Check,FS1] A recent replication attempt failed:
            From DC1 to FS1
            Naming Context: CN=Configuration,DC=hartytractor,DC=com
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2006-04-10 11:55:00.
            The last success occurred at 2006-04-03 16:54:52.
            362 failures have occurred since the last success.
            The source remains down. Please check the machine.
         [Replications Check,FS1] A recent replication attempt failed:
            From DC1 to FS1
            Naming Context: DC=hartytractor,DC=com
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2006-04-10 12:27:59.
            The last success occurred at 2006-04-03 16:59:41.
            269 failures have occurred since the last success.
            The source remains down. Please check the machine.
         REPLICATION-RECEIVED LATENCY WARNING
         FS1:  Current time is 2006-04-10 12:28:38.
            DC=ForestDnsZones,DC=hartytractor,DC=com
               Last replication recieved from DC1 at 2006-04-03 17:00:19.
            DC=DomainDnsZones,DC=hartytractor,DC=com
               Last replication recieved from DC1 at 2006-04-03 17:00:22.
            CN=Schema,CN=Configuration,DC=hartytractor,DC=com
               Last replication recieved from DC1 at 2006-04-03 16:54:51.
            CN=Configuration,DC=hartytractor,DC=com
               Last replication recieved from DC1 at 2006-04-03 16:54:51.
            DC=hartytractor,DC=com
               Last replication recieved from DC1 at 2006-04-03 16:59:41.
         ......................... FS1 passed test Replications
      Starting test: NCSecDesc
         ......................... FS1 passed test NCSecDesc
      Starting test: NetLogons
         ......................... FS1 passed test NetLogons
      Starting test: Advertising
         ......................... FS1 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... FS1 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... FS1 passed test RidManager
      Starting test: MachineAccount
         ......................... FS1 passed test MachineAccount
      Starting test: Services
         ......................... FS1 passed test Services
      Starting test: ObjectsReplicated
         ......................... FS1 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... FS1 passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... FS1 failed test frsevent
      Starting test: kccevent
         ......................... FS1 passed test kccevent
      Starting test: systemlog
         ......................... FS1 passed test systemlog
      Starting test: VerifyReferences
         ......................... FS1 passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : hartytractor
      Starting test: CrossRefValidation
         ......................... hartytractor passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... hartytractor passed test CheckSDRefDom

   Running enterprise tests on : hartytractor.com
      Starting test: Intersite
         ......................... hartytractor.com passed test Intersite
      Starting test: FsmoCheck
         ......................... hartytractor.com passed test FsmoCheck

C:\Documents and Settings\Administrator>
0
 
newagetechnologyAuthor Commented:
The DNS is a direct copy of the one on FS1. This just started giving us problems the middle of last week. I'm not sure what the issue is and why it just started.
0
 
Netman66Commented:
This is DNS-related.  How did you "copy" DNS?

The correct method was to make the original DNS server zones Active Directory Integrated, then simply install DNS on the new server once it was DCPROMO'd and restart the Netlogon service.  All Zones and their contents would have replicated from the original server with no need to create anything on the new DNS server manually.

If you did not do it this way, then make sure DNS is still on the original DC, make the zones AD Integrated, point the new DC to the old DNS server only.  Remove DNS from the new server and reboot it.  Reinstall DNS and restart the Netlogon service on it.  Wait for the zones to replicate.

0
 
newagetechnologyAuthor Commented:
That is actually what I did. I mad it AD and then allowed transfers on the old DC. It then replicated the entire DNS to the new DC as a secondary DNS server.
0
 
newagetechnologyAuthor Commented:
I actually figure out the problem. It ended up being an issue with the Windows firewall blocking the AD and File replication server. Once I did what Microsoft said for the firewall, it now replicated fine and allowed me to transfer the FSMO roles to the new server.
0
 
Netman66Commented:
Yes, that would do it....

You didn't mention it was SP1 - but I should have asked if you had the Firewall on anyway.

At least everything at the core of AD was working perfectly - just not communicating correctly with the other DC.

Good work.
NM
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now