?
Solved

Errors when transferring FSMO roles from 2003 DC to 2003 DC

Posted on 2006-04-10
10
Medium Priority
?
6,509 Views
Last Modified: 2008-08-22
I have set up a new 2003 server as and additional DC on our network. I would like to transfer the FSMO roles to the new server and leave the old server as a secondary DC, as it is running MS Exchange server. However, when I got to transfer all of the FSMO roles, it continually gives me an error that the current FSMO holder cannot be contacted. These are the errors that I get:

RID
The transfer of the operations master role cannot be performed because:
The requested FSMO operation failed. The current FSMO holder could not be contacted.

PDC
This computer is a non-replication partner. Transferring the PDC role to this computer may cause a full sync on all NT4BDCs. Do you want to continue with this transfer?

Infrastructure
DC1.<domainname>.com is a global catalog (GC) server. The infrastructure operations master role should not be transferred to a GC server. Please see help for more information.
Are you are certain you want to transfer the infrastructure operations master role to this GC server? <YES> <NO>

Also, when I go into the MMC and use the Active Directory Schema tool and try to switch over the domain controller, it works fine, but when i try to transfer the Operations Master, it gives me the same error that the current FSMO holder cannot be contacted.

I DO NOT want to seize the roles because if I do, I have to take the other DC off the network and that is NOT an option for me, as MS Exchange server is running on it and we have been unable to find the CD to be able to reinstall.

(Both servers are GCs, does this cause a problem and does it need to be shut off on one or both before transferring roles?)
Can someone please give me some guidance as to what may be going wrong and what I can do to correct this problem? Thanks!
0
Comment
Question by:newagetechnology
  • 6
  • 4
10 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 16418124
This is very likely a DNS issue.  All SRV records for the DCs must be present in your DNS.  You must also ONLY point all your PCs and servers to you own DNS server - no ISP DNS addresses are to be present on any NIC settings inside your LAN.  

As long as you have one Domain in this Forest then transferring the IM role to a GC is fine.

DO NOT change the role of the Exchange server.  Once Exchange is installed on a server the role of this server cannot change or Exchange will break.  You can transfer roles, but it must remain a DC.

0
 

Author Comment

by:newagetechnology
ID: 16418417
I copied the DNS from the old DC to the new one so they are identical. All DNS on machines are pointing to the original DC as the DNS server. The is only one Domain that we have.

The DC that is the exchange server is the old DC. I put  new DC in place and would like to transfer all roles to this server. So, are you saying that I should not transfer the FSMO roles to the new server because exchange will break? I want to just leave the old DC as the exchange server. However, i am going to leave both as domain controllers. I was just hoping to move all of the roles to the new DC.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 16418581
You can move the roles, you just can't demote the server - this is what will break Exchange.

In all honesty, the FSMO roles are really no burden to a server.  If you can't move them gracefully then they will be fine where they are.

0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:newagetechnology
ID: 16418747
OK, now I see what you were saying. Yes, I knew about Exchange breaking if I demoted the server. That was one of the primay reasons that I left the old server up as a DC. I figured it wouldn't hurt anything so why demote it. Plus all the time of getting the media for Exchange, reinstalling it, and migrating the mailboxes over would be time consuming. We are going to use the old server as a Great Plains developement server as well as Exchange, but those will be th only 2 things on that server. The only reason I want to change everything over is in the event we decide to take the server down. The old DC has been a headache ever since I took this client over. For one thing, it was an UPGRADE from Server 2000 to Server 2003 and the guy that set it up did not do the proper procedures to get the domain ready for 2003 (adprep). So, when i put the new server in and ran DCPROMO to make it a domain controller, I ran into a bunch of issues not knowing that adprep had not been run. I just want to get finished with this job. The only things that I have left are to transfer the FSMO roles and make the new DC the primary DNS server.
0
 

Author Comment

by:newagetechnology
ID: 16418956
OK, I just ran dcdiag on the old server and this is what I got. Looks like it is trying to replicate back from the new server and is failing. Any ideas on what needs to be done to fix?

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>dcdiag

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\FS1
      Starting test: Connectivity
         ......................... FS1 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\FS1
      Starting test: Replications
         [Replications Check,FS1] A recent replication attempt failed:
            From DC1 to FS1
            Naming Context: DC=ForestDnsZones,DC=hartytractor,DC=com
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2006-04-06 02:55:39.
            The last success occurred at 2006-04-03 17:00:19.
            2 failures have occurred since the last success.
            [DC1] DsBindWithSpnEx() failed with error 1722,
            The RPC server is unavailable..
            The source remains down. Please check the machine.
         [Replications Check,FS1] A recent replication attempt failed:
            From DC1 to FS1
            Naming Context: DC=DomainDnsZones,DC=hartytractor,DC=com
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2006-04-09 19:55:20.
            The last success occurred at 2006-04-03 17:00:22.
            25 failures have occurred since the last success.
            The source remains down. Please check the machine.
         [Replications Check,FS1] A recent replication attempt failed:
            From DC1 to FS1
            Naming Context: CN=Schema,CN=Configuration,DC=hartytractor,DC=com
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2006-04-10 11:49:49.
            The last success occurred at 2006-04-03 16:54:52.
            163 failures have occurred since the last success.
            The source remains down. Please check the machine.
         [Replications Check,FS1] A recent replication attempt failed:
            From DC1 to FS1
            Naming Context: CN=Configuration,DC=hartytractor,DC=com
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2006-04-10 11:55:00.
            The last success occurred at 2006-04-03 16:54:52.
            362 failures have occurred since the last success.
            The source remains down. Please check the machine.
         [Replications Check,FS1] A recent replication attempt failed:
            From DC1 to FS1
            Naming Context: DC=hartytractor,DC=com
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2006-04-10 12:27:59.
            The last success occurred at 2006-04-03 16:59:41.
            269 failures have occurred since the last success.
            The source remains down. Please check the machine.
         REPLICATION-RECEIVED LATENCY WARNING
         FS1:  Current time is 2006-04-10 12:28:38.
            DC=ForestDnsZones,DC=hartytractor,DC=com
               Last replication recieved from DC1 at 2006-04-03 17:00:19.
            DC=DomainDnsZones,DC=hartytractor,DC=com
               Last replication recieved from DC1 at 2006-04-03 17:00:22.
            CN=Schema,CN=Configuration,DC=hartytractor,DC=com
               Last replication recieved from DC1 at 2006-04-03 16:54:51.
            CN=Configuration,DC=hartytractor,DC=com
               Last replication recieved from DC1 at 2006-04-03 16:54:51.
            DC=hartytractor,DC=com
               Last replication recieved from DC1 at 2006-04-03 16:59:41.
         ......................... FS1 passed test Replications
      Starting test: NCSecDesc
         ......................... FS1 passed test NCSecDesc
      Starting test: NetLogons
         ......................... FS1 passed test NetLogons
      Starting test: Advertising
         ......................... FS1 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... FS1 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... FS1 passed test RidManager
      Starting test: MachineAccount
         ......................... FS1 passed test MachineAccount
      Starting test: Services
         ......................... FS1 passed test Services
      Starting test: ObjectsReplicated
         ......................... FS1 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... FS1 passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... FS1 failed test frsevent
      Starting test: kccevent
         ......................... FS1 passed test kccevent
      Starting test: systemlog
         ......................... FS1 passed test systemlog
      Starting test: VerifyReferences
         ......................... FS1 passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : hartytractor
      Starting test: CrossRefValidation
         ......................... hartytractor passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... hartytractor passed test CheckSDRefDom

   Running enterprise tests on : hartytractor.com
      Starting test: Intersite
         ......................... hartytractor.com passed test Intersite
      Starting test: FsmoCheck
         ......................... hartytractor.com passed test FsmoCheck

C:\Documents and Settings\Administrator>
0
 

Author Comment

by:newagetechnology
ID: 16419204
The DNS is a direct copy of the one on FS1. This just started giving us problems the middle of last week. I'm not sure what the issue is and why it just started.
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 2000 total points
ID: 16421112
This is DNS-related.  How did you "copy" DNS?

The correct method was to make the original DNS server zones Active Directory Integrated, then simply install DNS on the new server once it was DCPROMO'd and restart the Netlogon service.  All Zones and their contents would have replicated from the original server with no need to create anything on the new DNS server manually.

If you did not do it this way, then make sure DNS is still on the original DC, make the zones AD Integrated, point the new DC to the old DNS server only.  Remove DNS from the new server and reboot it.  Reinstall DNS and restart the Netlogon service on it.  Wait for the zones to replicate.

0
 

Author Comment

by:newagetechnology
ID: 16421253
That is actually what I did. I mad it AD and then allowed transfers on the old DC. It then replicated the entire DNS to the new DC as a secondary DNS server.
0
 

Author Comment

by:newagetechnology
ID: 16421292
I actually figure out the problem. It ended up being an issue with the Windows firewall blocking the AD and File replication server. Once I did what Microsoft said for the firewall, it now replicated fine and allowed me to transfer the FSMO roles to the new server.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 16421358
Yes, that would do it....

You didn't mention it was SP1 - but I should have asked if you had the Firewall on anyway.

At least everything at the core of AD was working perfectly - just not communicating correctly with the other DC.

Good work.
NM
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question