FRSDIAG errors, DCPROMO not successfull, removing old exchange 2000 domain controller
Friends,
Would try to expalin my problem in shortest way but bear with me if I am a not able to do so.
Scenario Introduction.
We had three windows 2000 server all domain controllers. Server BCSERVER1 having exchange 2000 (hosting all five FSMO roles) , server BCSERVER2 having SQL 7.0 and server BCSERVER3 with Windows 2000. (file & print server). We decided to upgrade to Windows 2003 and Exchange 2003 environment. For this two new servers were purchased and all steps forest prep, FSMO role movement (to new 2003 servers) etc were done as per Microsoft instruction without any issue. Both of these new servers, BCNEWSERVER1 (having windows 2003 and excange 2003) and BCNEWSERVER2 (having windows 2003 and SQL 2000) are up and running. Every thing is working fine without any issue as far as users are concerned (email from EXChange 2003, user authentication etc) . Domain controller BCSERVER2 and BCSERVER3 were demoted running DCPROMO without any issue). Now we wanted to demote old exchange BCSERVER1. When we tried to run DCPROMO on BCSERVER1 it stopped inbetween stating could not continue popping up lot of errors in event viewer. When we tried to dig out further found lots of errors in File Replication service of BCSERVER1 (please see below in FRSDIAG error report). So we thought that before proceeding with DCPROMO first this issue should be resolved. Please note that BCSERVER1 is still shown as domain controller in active directory. We can create users etc from the active directory snap in on BCSERVER1 and the information is replicated on other two domain cotrollers. We ran FRSDIAG on all three domain controller. Server BCNEWSERVER1 and BCNEWSERVER2 passed everything. Server BCSERVER1's output is attached for info. Would like to share another info. that might help in understanding our issue is replication monitor's output. We added all three servers in monitored servers list and found that BCSERVER1 is missing some DNS related info.
Looking on following two outputs could anybody help us in resolving the issue. We want to get rid of old exchange server ASAP but would go for forcefull demotion only as last option.
Thanks in advance.
--------------------------
FRSDiag v1.7 on 5/15/2006 3:21:13 PM
.\BCSERVER1 on 2006-05-15 at 3.21.13 PM
--------------------------
Checking for errors/warnings in FRS Event Log ....
NtFrs 5/15/2006 2:15:42 PM Warning 13508 The File Replication Service is having trouble enabling replication from BCSERVER1 to BCNEWSERVER2 for c:\winnt\sysvol\domain using the DNS name (null). FRS will keep retrying. Following are some of the reasons you would see this warning. [1] FRS can not correctly resolve the DNS name (null) from this computer. [2] FRS is not running on (null). [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers. This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
NtFrs 5/15/2006 2:15:42 PM Warning 13508 The File Replication Service is having trouble enabling replication from BCSERVER1 to BCNEWSERVER1 for c:\winnt\sysvol\domain using the DNS name (null). FRS will keep retrying. Following are some of the reasons you would see this warning. [1] FRS can not correctly resolve the DNS name (null) from this computer. [2] FRS is not running on (null). [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers. This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
NtFrs 5/15/2006 4:27:13 AM Warning 13508 The File Replication Service is having trouble enabling replication from BCSERVER1 to BCNEWSERVER2 for c:\winnt\sysvol\domain using the DNS name (null). FRS will keep retrying. Following are some of the reasons you would see this warning. [1] FRS can not correctly resolve the DNS name (null) from this computer. [2] FRS is not running on (null). [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers. This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
WARNING: Found Event ID 13508 errors without trailing 13509 ... see above for (up to) the 3 latest entries!
......... failed 1
Checking for errors in Directory Service Event Log .... passed
Checking for minimum FRS version requirement ...
ERROR: FRS Engine Minimum Requirements are SP3 binaries or later!
......... failed
Checking for errors/warnings in ntfrsutl ds ...
ERROR: This server's "Member Ref" property for the SYSVOL volume does NOT seem to be correct !!!
To fix this, use ADSIEdit and edit the "fRSMemberReference" Property of the nTFRSSubscriber object named "CN=Domain System Volume (SYSVOL share)" located under this Server's Computer Object.
This value should match the FQDN of this Server. Current Values are:
Current Value = "CN=BCSERVER1,CN=Domain System Volume (SYSVOL share),CN=File Replication Servic..."
Suggested Value = "CN=BCSERVER1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=backe
Please note there is a small chance the above Suggested Value may not be correct - See below for more info on what the Proper Value should be!
For more Info See KB Article : 312862 Recovering Missing FRS Objects and FRS Attributes in Active Directory - Search for the step about Updating the "fRSMemberReference" object (Step 8 on the "Recovering from Deleted FRS Objects" section
......... failed with 1 error(s)
Checking for Replica Set configuration triggers... passed
Checking for suspicious file Backlog size...
ERROR : File Backlog TO server "BC_EAU\BCNEWSERVER1$" is : 5917 :: Unless this is due to your schedule, this is a problem!
ERROR : File Backlog TO server "BC_EAU\BCNEWSERVER2$" is : 13118 :: Unless this is due to your schedule, this is a problem!
failed with 2 error(s) and 0 warning(s)
Checking Overall Disk Space and SYSVOL structure (note: integrity is not checked)... passed
Checking for suspicious inlog entries ... passed
Checking for suspicious outlog entries ... passed
Checking for appropriate staging area size ... passed
Checking for errors in debug logs ...
ERROR on NtFrs_0005.log : "IBCO_FETCH_RETRY" : <ChgOrdRetryWorker: 2856: 11585: S4: 15:21:34> State | Len/Ad/Er: 4/ 10ac524/ 0, 00000008 CO STATE: IBCO_FETCH_RETRY
ERROR on NtFrs_0005.log : "IBCO_FETCH_RETRY" : <ChgOrdRetryWorker: 2856: 11585: S4: 15:21:34> State | Len/Ad/Er: 4/ 10ac524/ 0, 00000008 CO STATE: IBCO_FETCH_RETRY
ERROR on NtFrs_0005.log : "IBCO_FETCH_RETRY" : <ChgOrdRetryWorker: 2856: 11585: S4: 15:21:34> State | Len/Ad/Er: 4/ 10ac524/ 0, 00000008 CO STATE: IBCO_FETCH_RETRY
Found 2659 IBCO_FETCH_RETRY error(s)! Latest ones (up to 3) listed above
......... failed with 2659 error entries
Checking NtFrs Service (and dependent services) state...passed
Checking NtFrs related Registry Keys for possible problems...passed
Checking Repadmin Showreps for errors...passed
--------------------------
Active DIrectory Replication Monitor
--------------------------
Monitored Servers
Default-first-site-name
BCSERVER1
CN=Schema,CN=Configuration
CN=Configuration,DC=backer
DC=backercop,DC=co,DC=ae
BCNEWSERVER1
DC=backercop,DC=co,DC=ae
CN=Configuration,DC=backer
CN=Schema,CN=Configuration
DC=DomainDnszones,DC=backe
DC=ForestDnszones,DC=backe
BCNEWSERVER2
DC=backercop,DC=co,DC=ae
CN=Configuration,DC=backer
CN=Schema,CN=Configuration
DC=DomainDnszones,DC=backe
DC=ForestDnszones,DC=backe
Would try to expalin my problem in shortest way but bear with me if I am a not able to do so.
Scenario Introduction.
We had three windows 2000 server all domain controllers. Server BCSERVER1 having exchange 2000 (hosting all five FSMO roles) , server BCSERVER2 having SQL 7.0 and server BCSERVER3 with Windows 2000. (file & print server). We decided to upgrade to Windows 2003 and Exchange 2003 environment. For this two new servers were purchased and all steps forest prep, FSMO role movement (to new 2003 servers) etc were done as per Microsoft instruction without any issue. Both of these new servers, BCNEWSERVER1 (having windows 2003 and excange 2003) and BCNEWSERVER2 (having windows 2003 and SQL 2000) are up and running. Every thing is working fine without any issue as far as users are concerned (email from EXChange 2003, user authentication etc) . Domain controller BCSERVER2 and BCSERVER3 were demoted running DCPROMO without any issue). Now we wanted to demote old exchange BCSERVER1. When we tried to run DCPROMO on BCSERVER1 it stopped inbetween stating could not continue popping up lot of errors in event viewer. When we tried to dig out further found lots of errors in File Replication service of BCSERVER1 (please see below in FRSDIAG error report). So we thought that before proceeding with DCPROMO first this issue should be resolved. Please note that BCSERVER1 is still shown as domain controller in active directory. We can create users etc from the active directory snap in on BCSERVER1 and the information is replicated on other two domain cotrollers. We ran FRSDIAG on all three domain controller. Server BCNEWSERVER1 and BCNEWSERVER2 passed everything. Server BCSERVER1's output is attached for info. Would like to share another info. that might help in understanding our issue is replication monitor's output. We added all three servers in monitored servers list and found that BCSERVER1 is missing some DNS related info.
Looking on following two outputs could anybody help us in resolving the issue. We want to get rid of old exchange server ASAP but would go for forcefull demotion only as last option.
Thanks in advance.
--------------------------
FRSDiag v1.7 on 5/15/2006 3:21:13 PM
.\BCSERVER1 on 2006-05-15 at 3.21.13 PM
--------------------------
Checking for errors/warnings in FRS Event Log ....
NtFrs 5/15/2006 2:15:42 PM Warning 13508 The File Replication Service is having trouble enabling replication from BCSERVER1 to BCNEWSERVER2 for c:\winnt\sysvol\domain using the DNS name (null). FRS will keep retrying. Following are some of the reasons you would see this warning. [1] FRS can not correctly resolve the DNS name (null) from this computer. [2] FRS is not running on (null). [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers. This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
NtFrs 5/15/2006 2:15:42 PM Warning 13508 The File Replication Service is having trouble enabling replication from BCSERVER1 to BCNEWSERVER1 for c:\winnt\sysvol\domain using the DNS name (null). FRS will keep retrying. Following are some of the reasons you would see this warning. [1] FRS can not correctly resolve the DNS name (null) from this computer. [2] FRS is not running on (null). [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers. This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
NtFrs 5/15/2006 4:27:13 AM Warning 13508 The File Replication Service is having trouble enabling replication from BCSERVER1 to BCNEWSERVER2 for c:\winnt\sysvol\domain using the DNS name (null). FRS will keep retrying. Following are some of the reasons you would see this warning. [1] FRS can not correctly resolve the DNS name (null) from this computer. [2] FRS is not running on (null). [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers. This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
WARNING: Found Event ID 13508 errors without trailing 13509 ... see above for (up to) the 3 latest entries!
......... failed 1
Checking for errors in Directory Service Event Log .... passed
Checking for minimum FRS version requirement ...
ERROR: FRS Engine Minimum Requirements are SP3 binaries or later!
......... failed
Checking for errors/warnings in ntfrsutl ds ...
ERROR: This server's "Member Ref" property for the SYSVOL volume does NOT seem to be correct !!!
To fix this, use ADSIEdit and edit the "fRSMemberReference" Property of the nTFRSSubscriber object named "CN=Domain System Volume (SYSVOL share)" located under this Server's Computer Object.
This value should match the FQDN of this Server. Current Values are:
Current Value = "CN=BCSERVER1,CN=Domain System Volume (SYSVOL share),CN=File Replication Servic..."
Suggested Value = "CN=BCSERVER1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=backe
Please note there is a small chance the above Suggested Value may not be correct - See below for more info on what the Proper Value should be!
For more Info See KB Article : 312862 Recovering Missing FRS Objects and FRS Attributes in Active Directory - Search for the step about Updating the "fRSMemberReference" object (Step 8 on the "Recovering from Deleted FRS Objects" section
......... failed with 1 error(s)
Checking for Replica Set configuration triggers... passed
Checking for suspicious file Backlog size...
ERROR : File Backlog TO server "BC_EAU\BCNEWSERVER1$" is : 5917 :: Unless this is due to your schedule, this is a problem!
ERROR : File Backlog TO server "BC_EAU\BCNEWSERVER2$" is : 13118 :: Unless this is due to your schedule, this is a problem!
failed with 2 error(s) and 0 warning(s)
Checking Overall Disk Space and SYSVOL structure (note: integrity is not checked)... passed
Checking for suspicious inlog entries ... passed
Checking for suspicious outlog entries ... passed
Checking for appropriate staging area size ... passed
Checking for errors in debug logs ...
ERROR on NtFrs_0005.log : "IBCO_FETCH_RETRY" : <ChgOrdRetryWorker: 2856: 11585: S4: 15:21:34> State | Len/Ad/Er: 4/ 10ac524/ 0, 00000008 CO STATE: IBCO_FETCH_RETRY
ERROR on NtFrs_0005.log : "IBCO_FETCH_RETRY" : <ChgOrdRetryWorker: 2856: 11585: S4: 15:21:34> State | Len/Ad/Er: 4/ 10ac524/ 0, 00000008 CO STATE: IBCO_FETCH_RETRY
ERROR on NtFrs_0005.log : "IBCO_FETCH_RETRY" : <ChgOrdRetryWorker: 2856: 11585: S4: 15:21:34> State | Len/Ad/Er: 4/ 10ac524/ 0, 00000008 CO STATE: IBCO_FETCH_RETRY
Found 2659 IBCO_FETCH_RETRY error(s)! Latest ones (up to 3) listed above
......... failed with 2659 error entries
Checking NtFrs Service (and dependent services) state...passed
Checking NtFrs related Registry Keys for possible problems...passed
Checking Repadmin Showreps for errors...passed
--------------------------
Active DIrectory Replication Monitor
--------------------------
Monitored Servers
Default-first-site-name
BCSERVER1
CN=Schema,CN=Configuration
CN=Configuration,DC=backer
DC=backercop,DC=co,DC=ae
BCNEWSERVER1
DC=backercop,DC=co,DC=ae
CN=Configuration,DC=backer
CN=Schema,CN=Configuration
DC=DomainDnszones,DC=backe
DC=ForestDnszones,DC=backe
BCNEWSERVER2
DC=backercop,DC=co,DC=ae
CN=Configuration,DC=backer
CN=Schema,CN=Configuration
DC=DomainDnszones,DC=backe
DC=ForestDnszones,DC=backe
demote that is.. (typo)
ASKER
Hi Dutchclan,
Firstly, we are not trying to promote a machine rather it is the case otherwise. We have DNS configured on all three domain controllers. BCSERVER1, BCNEWSERVER1 and BCNEWSERVER2
typing just nslookup returns
PDC emulator domain controller name and address which is bcnewserver2
Regards
ASKER
sorry I missed your second comment
regards.
regards.
Can you check if the FRS service is running on all the machines needed (DC`s / Exchange) ?
Are you getting JRNL_WRAP_ERRORS from the ntfrs when commensing the demote?
if so :
Is the FRS service set to atuomaticly handle JRNL errors ?
1.Stop the FRS service
2. Start Registry Editor (Regedt32.exe).
3. Locate and click the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\
4.and then add the following registry value:
Value name: Enable Journal Wrap Automatic Restore
Data type: REG_DWORD
Radix: Hexadecimal
Value data: 1 (Default 0)
5. Quit Registry Editor.
6. Start the FRS Service
Are you getting JRNL_WRAP_ERRORS from the ntfrs when commensing the demote?
if so :
Is the FRS service set to atuomaticly handle JRNL errors ?
1.Stop the FRS service
2. Start Registry Editor (Regedt32.exe).
3. Locate and click the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\
4.and then add the following registry value:
Value name: Enable Journal Wrap Automatic Restore
Data type: REG_DWORD
Radix: Hexadecimal
Value data: 1 (Default 0)
5. Quit Registry Editor.
6. Start the FRS Service
btw have you removed any of the "old" machines before the demote? This because its almost like a security update roleback meaning :
Installing :
Install Update1, Install Update2, Install Update3.
Deleting:
Delete Update3, Delete Update2, Delete Update1 etc.
Removing in the wrong order might cause inconsitancies in the child objects of the domain. Where records still point to Domain controllers that might have been deleted / Removed might also cause a number of errors...
Installing :
Install Update1, Install Update2, Install Update3.
Deleting:
Delete Update3, Delete Update2, Delete Update1 etc.
Removing in the wrong order might cause inconsitancies in the child objects of the domain. Where records still point to Domain controllers that might have been deleted / Removed might also cause a number of errors...
This might also be helpfull in your quest : http://support.microsoft.com/default.aspx?scid=kb;en-us;315457
Well am off for a while now, Good luck :D
Well am off for a while now, Good luck :D
I've heard that you cannot change the role of a server while exchange is installed on it. This means promoting or demoting. Try uninstalling exchange from the server and then demoting it. I've never run into this personally, but I've read it on a few websites.
ASKER
Thanks for trying to help.
FRS service is running on all domain controllers & there are no errors, warning on other two domain controllers.
There are no JRNL_WRAP_ERRORS.
Two old domain controllers were demoted gracefully running DCPROMO with out any error. They are still thers in the active directory as member servers and active directory domain controller container shows only three domain controller now.
Any idea why bcserve1 is not showing following two lines in replication monitor, has it anything to do with our issue.
DC=DomainDnszones,DC=backe
DC=ForestDnszones,DC=backe
I am pasting selected directory sercices events from the bcserver1 this might help you in understanding our issue.
Event Type: Information
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1404
Date: 4/6/2006
Time: 8:09:56 PM
User: N/A
Computer: BCSERVER1
Description:
The local Directory Service has assumed the responsibility of generating and maintaining inter-site replication topologies for its site.
Event Type: Information
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1104
Date: 2/13/2006
Time: 3:54:46 PM
User: N/A
Computer: BCSERVER1
Description:
The consistency checker has terminated change notifications for the following:
Partition: CN=Schema,CN=Configuration
Destination DSA DN (if available): CN="NTDS Settings
DEL:4c5426e2-4924-4fc5-af6
Destination DSA Address: 4c5426e2-4924-4fc5-af65-ad
Event Type: Information
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1104
Date: 2/13/2006
Time: 3:54:46 PM
User: N/A
Computer: BCSERVER1
Description:
The consistency checker has terminated change notifications for the following:
Partition: CN=Configuration,DC=backer
Destination DSA DN (if available): CN="NTDS Settings
DEL:4c5426e2-4924-4fc5-af6
Destination DSA Address: 4c5426e2-4924-4fc5-af65-ad
Event Type: Information
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1104
Date: 2/13/2006
Time: 3:54:46 PM
User: N/A
Computer: BCSERVER1
Description:
The consistency checker has terminated change notifications for the following:
Partition: DC=backercop,DC=co,DC=ae
Destination DSA DN (if available): CN="NTDS Settings
DEL:4c5426e2-4924-4fc5-af6
Destination DSA Address: 4c5426e2-4924-4fc5-af65-ad
Event Type: Information
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1264
Date: 2/13/2006
Time: 3:54:46 PM
User: N/A
Computer: BCSERVER1
Description:
A replication link for the partition CN=Schema,CN=Configuration
Event Type: Information
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1264
Date: 2/13/2006
Time: 3:54:45 PM
User: N/A
Computer: BCSERVER1
Description:
A replication link for the partition CN=Configuration,DC=backer
Event Type: Information
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1264
Date: 2/13/2006
Time: 3:54:45 PM
User: N/A
Computer: BCSERVER1
Description:
A replication link for the partition DC=backercop,DC=co,DC=ae from server CN=NTDS Settings,CN=BCNEWSERVER2,C
Event Type: Information
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1123
Date: 2/13/2006
Time: 3:54:45 PM
User: N/A
Computer: BCSERVER1
Description:
The consistency checker deleted connection object CN=3796c1e9-ce4e-4943-84be
Event Type: Information
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1272
Date: 1/31/2006
Time: 8:36:20 AM
User: N/A
Computer: BCSERVER1
Description:
No nTDSConnection object exists for inbound replication from server CN="NTDS Settings
DEL:17986fe3-b0f0-483e-b34
Event Type: Information
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1272
Date: 1/31/2006
Time: 8:36:20 AM
User: N/A
Computer: BCSERVER1
Description:
No nTDSConnection object exists for inbound replication from server CN="NTDS Settings
DEL:17986fe3-b0f0-483e-b34
Event Type: Information
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1272
Date: 1/31/2006
Time: 8:36:20 AM
User: N/A
Computer: BCSERVER1
Description:
No nTDSConnection object exists for inbound replication from server CN="NTDS Settings
DEL:17986fe3-b0f0-483e-b34
Event Type: Information
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1272
Date: 1/20/2006
Time: 10:55:51 AM
User: N/A
Computer: BCSERVER1
Description:
No nTDSConnection object exists for inbound replication from server CN=NTDS Settings,CN=BCNEWSERVER2,C
Event Type: Information
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1272
Date: 1/20/2006
Time: 10:55:50 AM
User: N/A
Computer: BCSERVER1
Description:
No nTDSConnection object exists for inbound replication from server CN=NTDS Settings,CN=BCNEWSERVER2,C
Event Type: Information
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1272
Date: 1/20/2006
Time: 10:55:50 AM
User: N/A
Computer: BCSERVER1
Description:
No nTDSConnection object exists for inbound replication from server CN=NTDS Settings,CN=BCNEWSERVER2,C
Event Type: Information
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1264
Date: 1/20/2006
Time: 10:10:49 AM
User: N/A
Computer: BCSERVER1
Description:
A replication link for the partition CN=Schema,CN=Configuration
Event Type: Information
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1264
Date: 1/20/2006
Time: 10:10:47 AM
User: N/A
Computer: BCSERVER1
Description:
A replication link for the partition CN=Configuration,DC=backer
Event Type: Information
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1264
Date: 1/20/2006
Time: 10:10:47 AM
User: N/A
Computer: BCSERVER1
Description:
A replication link for the partition DC=backercop,DC=co,DC=ae from server CN=NTDS Settings,CN=BCNEWSERVER2,C
Event Type: Information
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1308
Date: 1/20/2006
Time: 10:10:46 AM
User: N/A
Computer: BCSERVER1
Description:
The Directory Service consistency checker has noticed that 19 successive replication attempts with CN=NTDS Settings,CN=BCSERVER2,CN=S
Event Type: Information
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1308
Date: 1/20/2006
Time: 10:10:46 AM
User: N/A
Computer: BCSERVER1
Description:
The Directory Service consistency checker has noticed that 19 successive replication attempts with CN=NTDS Settings,CN=BCNEWSERVER1,C
Event Type: Warning
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1265
Date: 1/20/2006
Time: 9:51:06 AM
User: N/A
Computer: BCSERVER1
Description:
The attempt to establish a replication link with parameters
Partition: CN=Schema,CN=Configuration
Source DSA DN: CN=NTDS Settings,CN=BCNEWSERVER2,C
Source DSA Address: 1b6d13fb-d180-4ce5-8539-9c
Inter-site Transport (if any):
failed with the following status:
The DSA operation is unable to proceed because of a DNS lookup failure.
The record data is the status code. This operation will be retried.
Data:
0000: 4c 21 00 00 L!..
Event Type: Warning
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1265
Date: 1/20/2006
Time: 9:21:06 AM
User: N/A
Computer: BCSERVER1
Description:
The attempt to establish a replication link with parameters
Partition: CN=Configuration,DC=backer
Source DSA DN: CN=NTDS Settings,CN=BCNEWSERVER2,C
Source DSA Address: 1b6d13fb-d180-4ce5-8539-9c
Inter-site Transport (if any):
failed with the following status:
The DSA operation is unable to proceed because of a DNS lookup failure.
The record data is the status code. This operation will be retried.
Data:
0000: 4c 21 00 00 L!.. Event Type: Warning
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1265
Date: 1/20/2006
Time: 6:21:03 AM
User: N/A
Computer: BCSERVER1
Description:
The attempt to establish a replication link with parameters
Partition: CN=Configuration,DC=backer
Source DSA DN: CN=NTDS Settings,CN=BCNEWSERVER2,C
Source DSA Address: 1b6d13fb-d180-4ce5-8539-9c
Inter-site Transport (if any):
failed with the following status:
The DSA operation is unable to proceed because of a DNS lookup failure.
The record data is the status code. This operation will be retried.
Data:
0000: 4c 21 00 00 L!..
Event Type: Information
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1307
Date: 1/19/2006
Time: 9:35:53 PM
User: N/A
Computer: BCSERVER1
Description:
The Directory Service consistency checker has noticed that 8 attempts to establish a replication link with CN=NTDS Settings,CN=BCNEWSERVER2,C
Event Type: Information
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1308
Date: 1/19/2006
Time: 7:35:28 PM
User: N/A
Computer: BCSERVER1
Description:
The Directory Service consistency checker has noticed that 2 successive replication attempts with CN=NTDS Settings,CN=BCSERVER2,CN=S
Event Type: Information
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1308
Date: 1/19/2006
Time: 7:35:28 PM
User: N/A
Computer: BCSERVER1
Description:
The Directory Service consistency checker has noticed that 2 successive replication attempts with CN=NTDS Settings,CN=BCNEWSERVER1,C
Event Type: Information
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1404
Date: 1/19/2006
Time: 5:50:27 PM
User: N/A
Computer: BCSERVER1
Description:
The local Directory Service has assumed the responsibility of generating and maintaining inter-site replication topologies for its site.
Microsoft article -- I would apply only as the last option
Jar3817, thanks for tip
Regards.
Oke for my clarification.
You started in this situation :
BCSERVER1 (DC)
FSMO - Schemamaster, DN master, IF Master, RID Master, PDC Emulator
Exchange First Information Store
Global Catalog
DNS ?
WINS ?
BCSERVER2 (DC)
msSQL Server
DNS ?
WINS ?
BCSERVER3 (DC)
File & Printer Server
DNS ?
WINS ?
I take they where configured as a Single Master moddel. Where BCSERVER1 was / is holding the PDC Emulator Role.
Two new domain controllers where installed with windows 2K3 / Exchange 2K3?
Then the servers BCSERVER2, BCSERVER3 where demoted and added as member in the new domain?
Leaving this image
BCNEWSERVER1 (DC)
FSMO ??
Exchange ??
Global Catalog ??
DNS ?
WINS ?
Same Domain name????
BCNEWSERVER1 (DC)
FSMO ??
Exchange ??
Global Catalog ??
DNS ?
WINS ?
Same Domain name????
BCSERVER1 (DC)
<< Member DC or still master in the new domain or a trust and FSMO roles??
FSMO - Schemamaster, DN master, IF Master, RID Master, PDC Emulator
Exchange First Information Store
Global Catalog
DNS ?
WINS ?
BCSERVER2
msSQL Server
BCSERVER3
File & Printer Server
And now you are trying to demote the final BCSERVER1 so it too can become member server of the new domain? Now let us first clarify you infrastructure cause im losing track here :) And dont see where you like to go with all this wich is rather important to find a cause you are experiancing these errors.. And if one loses track draw it out like above. If im not correct pease name the servers and their respective roles / relations in the domain. And please do so with "old" situation and "current" situation. When we mirror these two will give us more insites than any event will ;)
-Regards Chris Gralike,
Thx for your patience :)
You started in this situation :
BCSERVER1 (DC)
FSMO - Schemamaster, DN master, IF Master, RID Master, PDC Emulator
Exchange First Information Store
Global Catalog
DNS ?
WINS ?
BCSERVER2 (DC)
msSQL Server
DNS ?
WINS ?
BCSERVER3 (DC)
File & Printer Server
DNS ?
WINS ?
I take they where configured as a Single Master moddel. Where BCSERVER1 was / is holding the PDC Emulator Role.
Two new domain controllers where installed with windows 2K3 / Exchange 2K3?
Then the servers BCSERVER2, BCSERVER3 where demoted and added as member in the new domain?
Leaving this image
BCNEWSERVER1 (DC)
FSMO ??
Exchange ??
Global Catalog ??
DNS ?
WINS ?
Same Domain name????
BCNEWSERVER1 (DC)
FSMO ??
Exchange ??
Global Catalog ??
DNS ?
WINS ?
Same Domain name????
BCSERVER1 (DC)
<< Member DC or still master in the new domain or a trust and FSMO roles??
FSMO - Schemamaster, DN master, IF Master, RID Master, PDC Emulator
Exchange First Information Store
Global Catalog
DNS ?
WINS ?
BCSERVER2
msSQL Server
BCSERVER3
File & Printer Server
And now you are trying to demote the final BCSERVER1 so it too can become member server of the new domain? Now let us first clarify you infrastructure cause im losing track here :) And dont see where you like to go with all this wich is rather important to find a cause you are experiancing these errors.. And if one loses track draw it out like above. If im not correct pease name the servers and their respective roles / relations in the domain. And please do so with "old" situation and "current" situation. When we mirror these two will give us more insites than any event will ;)
-Regards Chris Gralike,
Thx for your patience :)
ASKER
Dear Chris,
It goes like this.
You have understood our old setup correctly. The only thing I would like to add in old setup is that DNS and WINS were configured on all three DCs. It was (and still is) single master model. BCSERVER1 WAS holding PDC Emulator role.
A new server BCNEWSERVER1 (windows 2003) was installed and JOINED to the EXISTING (windows 2000) DOMAIN. Domain was prepared for windows 2003 domain controller. (adprep /forestprep, adprep /domainprep). Dcpromo was executed on BCNEWSERVER1. Exchange 2003 setup /forestprep and /domainprep was executed. Exchange was installed selecting existing forest option and in the exiting exchange administrative group, organization. All mailboxes were moved to the new exchange server. (All email/ exchange related activities are now done by BCNEWSERVER1, shutting down exchange services on BCSERVER1 does not have any impact for users)
Server BCNEWSERVER2 was installed. Joined to existing domain. SQL server 2000 installed and server promoted to domain controller.
Schema Master, DN and GC roles were moved to BCNEWSERVER1, in addition it is also DNS and WINS server
PDC emulator, RID master and IF master roles were moved to BCNEWSERVER2 , in addition it is also DNS and DHCP server
BCSERVER1 does not hold any FSMO role in new setup. It is still DC in the same domain, running exchange 2000 and DNS.
BCSERVER2 and BCSERVER3 were demoted. DNS, WINS was removed. They are present in the domain as the member server. Still having SQL 7.0 and File and Print running on them respectively
As a final configuration we would like to remove all three old servers from our domain.
Have are Exchange running on BCNEWSERVER1
Have database running on BCNEWSERVER2
Would install another server BCNEWSERVER3 as File and Print Server
Once the problem we are facing now is resolved, we would proceed like this.
1) Uninstall exchange from BCSERVER1 (as somebody suggested it should be uninstalled before demoting)
2) Demote BCSERVER1 as member server
3) Remove the BCSERVER1 from the AD (by taking out of domain)
3) Move Database applications to BCNEWSERVER2 and remove BCSERVER2
4) Install BCNEWSERVER3, make it File and Print and move data.
5) Remove BCSERVER3
Hope I answered all your questions
Regards
It goes like this.
You have understood our old setup correctly. The only thing I would like to add in old setup is that DNS and WINS were configured on all three DCs. It was (and still is) single master model. BCSERVER1 WAS holding PDC Emulator role.
A new server BCNEWSERVER1 (windows 2003) was installed and JOINED to the EXISTING (windows 2000) DOMAIN. Domain was prepared for windows 2003 domain controller. (adprep /forestprep, adprep /domainprep). Dcpromo was executed on BCNEWSERVER1. Exchange 2003 setup /forestprep and /domainprep was executed. Exchange was installed selecting existing forest option and in the exiting exchange administrative group, organization. All mailboxes were moved to the new exchange server. (All email/ exchange related activities are now done by BCNEWSERVER1, shutting down exchange services on BCSERVER1 does not have any impact for users)
Server BCNEWSERVER2 was installed. Joined to existing domain. SQL server 2000 installed and server promoted to domain controller.
Schema Master, DN and GC roles were moved to BCNEWSERVER1, in addition it is also DNS and WINS server
PDC emulator, RID master and IF master roles were moved to BCNEWSERVER2 , in addition it is also DNS and DHCP server
BCSERVER1 does not hold any FSMO role in new setup. It is still DC in the same domain, running exchange 2000 and DNS.
BCSERVER2 and BCSERVER3 were demoted. DNS, WINS was removed. They are present in the domain as the member server. Still having SQL 7.0 and File and Print running on them respectively
As a final configuration we would like to remove all three old servers from our domain.
Have are Exchange running on BCNEWSERVER1
Have database running on BCNEWSERVER2
Would install another server BCNEWSERVER3 as File and Print Server
Once the problem we are facing now is resolved, we would proceed like this.
1) Uninstall exchange from BCSERVER1 (as somebody suggested it should be uninstalled before demoting)
2) Demote BCSERVER1 as member server
3) Remove the BCSERVER1 from the AD (by taking out of domain)
3) Move Database applications to BCNEWSERVER2 and remove BCSERVER2
4) Install BCNEWSERVER3, make it File and Print and move data.
5) Remove BCSERVER3
Hope I answered all your questions
Regards
ASKER
Hi chris,
I have found another thing, I do not know has it got any relation with our issue.
The DNS servrs on all three domain controllers are showing only two host names as BCNEWSERVER1
BCNEWSERVER2
under
Forward lookup zone and
DomainDNSZone
Is it a issue? Do you think it should also show BCSERVER1 under the same
I am confused as it might have something to do with DNS as few errors are saying DNS lookup faliare???????
Regards
>The DNS servrs on all three domain controllers ....
dont quite understand what your meaning?
The "domainDNSZone that is" the scema on our domain looks like :
DNS
- Server
- EVT viewer
- Cashed Lookups
- Forward Lookup zones
- Reverse Lookup Zones (in-addr-arpa)
- Server
- EVT viewer
- Cashed Lookups
- Forward Lookup zones
- Reverse Lookup Zones (in-addr-arpa)
- Server
- EVT viewer
- Cashed Lookups
- Forward Lookup zones
- Reverse Lookup Zones (in-addr-arpa)
etc.
What im more concerned about is the this :
Start >Administrative tools > Sites and Services.
In the Default-First-Site, Are all servers configured with NTDS (replication) and do look at the "from - to" construction in the domain. Make sure that the "old" DC on wich the 2K3 machines where extended is not still leading in the domain. They should all replicate to / from the last least significant. of all to the DC holding the PDC emulator.
server: NBCServer1 < NBCServer2 < BCServer1 (to)
server: NBCServer1 > NBCServer2 > BCServer1 (from)
or
server NBCServer1 > NBCServer2 (to)
server NBCServer1 > BCServer1 (to)
etc.
Also dubblecheck if all the "FSMO" roles are indeed moved. and if the new machines are also GC.
(Just in case)
Do check the versions on the DNS servers and their compatability. Dont think this is a problem but might be (W2K) vs (W2K3). also guess you run native 2K domain?
-Regards Chris
dont quite understand what your meaning?
The "domainDNSZone that is" the scema on our domain looks like :
DNS
- Server
- EVT viewer
- Cashed Lookups
- Forward Lookup zones
- Reverse Lookup Zones (in-addr-arpa)
- Server
- EVT viewer
- Cashed Lookups
- Forward Lookup zones
- Reverse Lookup Zones (in-addr-arpa)
- Server
- EVT viewer
- Cashed Lookups
- Forward Lookup zones
- Reverse Lookup Zones (in-addr-arpa)
etc.
What im more concerned about is the this :
Start >Administrative tools > Sites and Services.
In the Default-First-Site, Are all servers configured with NTDS (replication) and do look at the "from - to" construction in the domain. Make sure that the "old" DC on wich the 2K3 machines where extended is not still leading in the domain. They should all replicate to / from the last least significant. of all to the DC holding the PDC emulator.
server: NBCServer1 < NBCServer2 < BCServer1 (to)
server: NBCServer1 > NBCServer2 > BCServer1 (from)
or
server NBCServer1 > NBCServer2 (to)
server NBCServer1 > BCServer1 (to)
etc.
Also dubblecheck if all the "FSMO" roles are indeed moved. and if the new machines are also GC.
(Just in case)
Do check the versions on the DNS servers and their compatability. Dont think this is a problem but might be (W2K) vs (W2K3). also guess you run native 2K domain?
-Regards Chris
ps on some of the "messages" you get.
The DSA operation is unable to proceed because of a DNS lookup failure.
Symptoms: 1. When trying to DCPROMO, ,you receive: "The operation failed because: The directory service failed to replicate off changes made locally. The DSA operation is unable to proceed because of a DNS lookup failure."
2. The Event Viewer may list Event ID: 1265 - The DSA operation is unable to proceed because of a DNS lookup failure.
3. DCDiag test display this message: "The DSA operation is unable to proceed because of a DNS lookup failure".
Causes:
1. Incorrect TCP/IP configuration.
2. Incorrect DNS configuration
3. Bad information in DNS Manager.
Got it of some site i seem to be part of :S (didnt even knew that)
But analysing :)
BCSERVER1.backercop.co.ae
to :
BCNEWSERVER2.backercop.co.
using AD pointer / attributes :
Backercop.co.ae > Configuration > Sites > Default-First-Site-Name > Servers > BCNEWSERVER2 > NTDS Settings.
Wich either suggest that the "dns" zone isnt correct or the configuration aint adding up (above text) or it has something to do with the NTDS settings (previous post)...
Plz Look into that ;)
Regards, Chris
The DSA operation is unable to proceed because of a DNS lookup failure.
Symptoms: 1. When trying to DCPROMO, ,you receive: "The operation failed because: The directory service failed to replicate off changes made locally. The DSA operation is unable to proceed because of a DNS lookup failure."
2. The Event Viewer may list Event ID: 1265 - The DSA operation is unable to proceed because of a DNS lookup failure.
3. DCDiag test display this message: "The DSA operation is unable to proceed because of a DNS lookup failure".
Causes:
1. Incorrect TCP/IP configuration.
2. Incorrect DNS configuration
3. Bad information in DNS Manager.
Got it of some site i seem to be part of :S (didnt even knew that)
But analysing :)
BCSERVER1.backercop.co.ae
to :
BCNEWSERVER2.backercop.co.
using AD pointer / attributes :
Backercop.co.ae > Configuration > Sites > Default-First-Site-Name > Servers > BCNEWSERVER2 > NTDS Settings.
Wich either suggest that the "dns" zone isnt correct or the configuration aint adding up (above text) or it has something to do with the NTDS settings (previous post)...
Plz Look into that ;)
Regards, Chris
ASKER
Dear Chris,
When I said DNS on all three domain controller What I meant was that DNS is installed on three computers for fault tolerance. (It looks like I need lot of reading on DNS concepts) and when I mentioned DomainDnsZone I was quoting from a DNS server's MMC console under Forward lookup zone > backercop.co.ae > DomainDnsZone or ForestDnsZone.
When you mentioned "domainDNSZone that is the scema on our domain looks like" --- could you please guide where could I get this info. I mean to say which console and under what setting.
Default-first-site-name shows me five names (bcserver1, bcserver2, bcserver3, bcnewserver1 & bcnewserver2) under servers but only BCserver1, bcnewserver1 and bcnewserver2 have NTDS settings. (which are also domain cotrollers in our case) And if you click NTDS settings of any domain controller, each shows two connections from balance two domain controllers with names as 'automatically generated'. Also if you select properties of NTDS setting and then click connection (for any domain controller).
Under replicate from and replicate to it shows names of other two domain controllers. For example if you check for bcnewserver1
Replicate from
Name Site
bcnewserver2 default-first-site-name
bcserver1 default-first-site-name
Replicate To
Name Site
bcnewserver2 default-first-site-name
bcserver1 default-first-site-name
And same is the case for other two.
FSMO roles.. have rechecked and all are moved.
Also could you please explain what you mean by "using AD pointer / attributes :" ????
Backercop.co.ae ..........?????
Appreciate your patience in helping me
Regards
When I said DNS on all three domain controller What I meant was that DNS is installed on three computers for fault tolerance. (It looks like I need lot of reading on DNS concepts) and when I mentioned DomainDnsZone I was quoting from a DNS server's MMC console under Forward lookup zone > backercop.co.ae > DomainDnsZone or ForestDnsZone.
When you mentioned "domainDNSZone that is the scema on our domain looks like" --- could you please guide where could I get this info. I mean to say which console and under what setting.
Default-first-site-name shows me five names (bcserver1, bcserver2, bcserver3, bcnewserver1 & bcnewserver2) under servers but only BCserver1, bcnewserver1 and bcnewserver2 have NTDS settings. (which are also domain cotrollers in our case) And if you click NTDS settings of any domain controller, each shows two connections from balance two domain controllers with names as 'automatically generated'. Also if you select properties of NTDS setting and then click connection (for any domain controller).
Under replicate from and replicate to it shows names of other two domain controllers. For example if you check for bcnewserver1
Replicate from
Name Site
bcnewserver2 default-first-site-name
bcserver1 default-first-site-name
Replicate To
Name Site
bcnewserver2 default-first-site-name
bcserver1 default-first-site-name
And same is the case for other two.
FSMO roles.. have rechecked and all are moved.
Also could you please explain what you mean by "using AD pointer / attributes :" ????
Backercop.co.ae ..........?????
Appreciate your patience in helping me
Regards
Uhm how do i explain proper. For its quite a theory (the AD book is just as thick as the 2k3 lol).
AD intro.
AD is actually MS`s awnser to the novel X500 Directory. This is a database of sort holding a hynarchic design and is fully Ldap enabled. This directory / database hold all, and i mean all the data needed by the domain to find any object or property of anything it needs. Using the MMC you only see parts of the AD with the attributes of those object configured in the forms they present for alteration. For instance you have an user (object) in your AD. when it comes to a user there are loads of properties (attributes) you can configure / log. Example. FirstName, LastName, FullName, DisplayName, Password, Password Type, Last Logged in, Last Logged Out, Account availablitity time, Path to Mailbox, Company name, Office, Department, Phonenumbers, Street-Addres-City info, Etc etc etc.
Impact on Domain.
Almost all the domain services rely on the AD to find the needed information about that domain to "serve" it. Same goes with the "NTDS" Service. Apparently there is an entry in the AD that tells it should replicate with the "BCNEWSERVER2.backercop.co
Start>Execute>CMD.exe
nslookup BCNEWSERVER2.backercop.co.
And it should be resolved. Later i guessed that this domain was to be demoted anyway and to succesfully uninstall exchange (wich requires the installer to remove the exchange server from the AD as Default-first-site member) you thus need the NTDS service to be workin properly to update the AD change to the leading DC. I also thought to trick this to working you might also add all the FQDN names to your local host file (thus NTDS might be able to resolve the DNS name (not tried before though) ). You can alter likt :
Start>Execute>CMD.exe[ente
Cd %WINDIR%\system32\drivers\
edit hosts
add > BCNEWSERVER2.backercop.co.
etc.
Next see if the NTDS service is able to replicate to the leading AD (PDC Emu).
If so you can again try te uninstall exchange, then try the demote...
On the DNS part, its quite extensive to explain actually. Prop the BCNEWSERVER2.backercop.co.
DNS MMC shows somewhat the same "dns zones" like defined at us. We added a zone for the old HPUX machines and the application servers running on it because its nearly impossible to alter their hostnames, and the Application Server uses the FQDN in its config..
I also use the DNS MMC. Only our sceme is replicated domain wide, wich doesnt seem to be the case on your end because the NTDS isnt functioning properly. Also try adding the new servers manually to the old DC as an anchor record (A).
Hope this functions...
Regards, and time well spend for that matter.. was getting rusty ;-) so thx for that...
AD intro.
AD is actually MS`s awnser to the novel X500 Directory. This is a database of sort holding a hynarchic design and is fully Ldap enabled. This directory / database hold all, and i mean all the data needed by the domain to find any object or property of anything it needs. Using the MMC you only see parts of the AD with the attributes of those object configured in the forms they present for alteration. For instance you have an user (object) in your AD. when it comes to a user there are loads of properties (attributes) you can configure / log. Example. FirstName, LastName, FullName, DisplayName, Password, Password Type, Last Logged in, Last Logged Out, Account availablitity time, Path to Mailbox, Company name, Office, Department, Phonenumbers, Street-Addres-City info, Etc etc etc.
Impact on Domain.
Almost all the domain services rely on the AD to find the needed information about that domain to "serve" it. Same goes with the "NTDS" Service. Apparently there is an entry in the AD that tells it should replicate with the "BCNEWSERVER2.backercop.co
Start>Execute>CMD.exe
nslookup BCNEWSERVER2.backercop.co.
And it should be resolved. Later i guessed that this domain was to be demoted anyway and to succesfully uninstall exchange (wich requires the installer to remove the exchange server from the AD as Default-first-site member) you thus need the NTDS service to be workin properly to update the AD change to the leading DC. I also thought to trick this to working you might also add all the FQDN names to your local host file (thus NTDS might be able to resolve the DNS name (not tried before though) ). You can alter likt :
Start>Execute>CMD.exe[ente
Cd %WINDIR%\system32\drivers\
edit hosts
add > BCNEWSERVER2.backercop.co.
etc.
Next see if the NTDS service is able to replicate to the leading AD (PDC Emu).
If so you can again try te uninstall exchange, then try the demote...
On the DNS part, its quite extensive to explain actually. Prop the BCNEWSERVER2.backercop.co.
DNS MMC shows somewhat the same "dns zones" like defined at us. We added a zone for the old HPUX machines and the application servers running on it because its nearly impossible to alter their hostnames, and the Application Server uses the FQDN in its config..
I also use the DNS MMC. Only our sceme is replicated domain wide, wich doesnt seem to be the case on your end because the NTDS isnt functioning properly. Also try adding the new servers manually to the old DC as an anchor record (A).
Hope this functions...
Regards, and time well spend for that matter.. was getting rusty ;-) so thx for that...
ASKER
Hi chris,
Could not write, was stuck in something. From your comments it looked to me that you got frustrated from few of my last mail's questions.
I could accept that I am not an expert but not as novice as you guessed in your mail.
Just for your info. I know active directory, NTDS setting etc etc, have worked on novell NDS (even now we have one novell 4.1 server running). I am managing a network of 120+ computers in mix windows and novell environment, along with SQL sever, excchange server. Know to use windows administraiotn tools "AD U and C" etc, ADSIedit tool. (but have not changed anything in my live environment)
The reason I am confused is that the things you mentioned are all there but still it was not replicating. Like
I am able to do nslookup to any server from any server and name is always resolved.
NTDS settings are correct and I think I mentioned in my last mail also. (so I do not feel like adding as it is already there)
Replmon tool in windows support tools does not show any replication error for any server
I checked RPC connectivity (mentioned by some site) that is also working
Although I am not expert in DNS but there is no DNS error in event viewers of servers and to my lnowledge they are also working fine.
I would like to ask one question here do you know what is the purpose/ advantage of "creating default application directory partition" option in DNS console. Is it good to have it?
The way I installed DNS servers was that I configured server as per default setting (where ever possible) and DNS zones as primary Acitve directory integrated.
The new servers are already there in old DC as record A (so there is no need to add as you mentioned in your mail)
Dear Chris I have written all this not to boast about myself rather to reduce your frustration if there was any from my questions.
But it does not mean I am going to leave you here. I have something for you to think?
After my last mail I noticed some 13509 event in my bcserver1 (that says enable replication after repeated tries) and this was related to both new servers. So I thought the problem is resovled now. (although i did not do anything). So I uninstalled exchange server from the bcserver1. It finished uninstall process and cbserver1 is automatically removed from default-first-site. Once this thing was finished I tried again DCPROMO to remove acitve directory form bcserver1. It could not finished that with a new error now and this is
"The operation failed because:
An ldap read of operational attributes form server bcnewserver1.backercop.co.
An error occured while installing the directory service. For information, see the evnt log."
But event log does not mention any error. BCNEWSERVER1 is our domain naming master.
Do you have any idea what it could be now.
Actually I have started thinking now that if I could not resolve it I would force demotion & do meta data cleanup. The only fear I have is if that meta data cleanup got stuck in between than what I would do as those (bcnewserver1 and bcnewserver2) are my production servers now.
Any suggestion??????
Regards,
Could not write, was stuck in something. From your comments it looked to me that you got frustrated from few of my last mail's questions.
I could accept that I am not an expert but not as novice as you guessed in your mail.
Just for your info. I know active directory, NTDS setting etc etc, have worked on novell NDS (even now we have one novell 4.1 server running). I am managing a network of 120+ computers in mix windows and novell environment, along with SQL sever, excchange server. Know to use windows administraiotn tools "AD U and C" etc, ADSIedit tool. (but have not changed anything in my live environment)
The reason I am confused is that the things you mentioned are all there but still it was not replicating. Like
I am able to do nslookup to any server from any server and name is always resolved.
NTDS settings are correct and I think I mentioned in my last mail also. (so I do not feel like adding as it is already there)
Replmon tool in windows support tools does not show any replication error for any server
I checked RPC connectivity (mentioned by some site) that is also working
Although I am not expert in DNS but there is no DNS error in event viewers of servers and to my lnowledge they are also working fine.
I would like to ask one question here do you know what is the purpose/ advantage of "creating default application directory partition" option in DNS console. Is it good to have it?
The way I installed DNS servers was that I configured server as per default setting (where ever possible) and DNS zones as primary Acitve directory integrated.
The new servers are already there in old DC as record A (so there is no need to add as you mentioned in your mail)
Dear Chris I have written all this not to boast about myself rather to reduce your frustration if there was any from my questions.
But it does not mean I am going to leave you here. I have something for you to think?
After my last mail I noticed some 13509 event in my bcserver1 (that says enable replication after repeated tries) and this was related to both new servers. So I thought the problem is resovled now. (although i did not do anything). So I uninstalled exchange server from the bcserver1. It finished uninstall process and cbserver1 is automatically removed from default-first-site. Once this thing was finished I tried again DCPROMO to remove acitve directory form bcserver1. It could not finished that with a new error now and this is
"The operation failed because:
An ldap read of operational attributes form server bcnewserver1.backercop.co.
An error occured while installing the directory service. For information, see the evnt log."
But event log does not mention any error. BCNEWSERVER1 is our domain naming master.
Do you have any idea what it could be now.
Actually I have started thinking now that if I could not resolve it I would force demotion & do meta data cleanup. The only fear I have is if that meta data cleanup got stuck in between than what I would do as those (bcnewserver1 and bcnewserver2) are my production servers now.
Any suggestion??????
Regards,
First, Im not realy frustrated on anything :) And also didnt guess you as a novice.. But as i look at my own knowledge, one cant know everything ;-)
On the application directories i think this article will explain allot more then i could write out here. http://www.windowsnetworking.com/articles_tutorials/Managing-Application-Directory-Partitions.html
And on the "advantage" part it heavly depends on the "application" as you might figure while reading that arti.
On your account, i will post this error on the Microsoft Partner site, for it looks like a permissions issue, where i just dont think that "perseption" is right, will come back to you when we receive an awnser ;)
On the application directories i think this article will explain allot more then i could write out here. http://www.windowsnetworking.com/articles_tutorials/Managing-Application-Directory-Partitions.html
And on the "advantage" part it heavly depends on the "application" as you might figure while reading that arti.
On your account, i will post this error on the Microsoft Partner site, for it looks like a permissions issue, where i just dont think that "perseption" is right, will come back to you when we receive an awnser ;)
You gotta love partner support :S
An LDAP read of operational attributes failed.
-The domain naming master for the forest is offline or cannot be contacted.
-Make the current domain naming master accessible. If necessary, see "Seizing Operations Master Roles" in this guide.
Wich the obviously fetched right off this page :
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/maintain/opsguide/part1/adogd13.mspx#EVG
Still suggesting DNS Problems :S
regards,
An LDAP read of operational attributes failed.
-The domain naming master for the forest is offline or cannot be contacted.
-Make the current domain naming master accessible. If necessary, see "Seizing Operations Master Roles" in this guide.
Wich the obviously fetched right off this page :
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/maintain/opsguide/part1/adogd13.mspx#EVG
Still suggesting DNS Problems :S
regards,
Ps on the fsmo seizure (nasty and forced :S ) http://technet2.microsoft.com/WindowsServer/en/Library/bde352aa-101a-4da1-872a-de18b2bb87fb1033.mspx?mfr=true
<< As the article they pinpoint to
<< As the article they pinpoint to
>> Scrape this "Still suggesting DNS Problems :S"
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Ntfrs = New Technology File Replication Services. And is responsible to "replicate" all file based policies and scripts using the "SYSVOL" share. Using a timestamp as que. Time should be sinked domain wide...
DC1 = 10.252.252.10 (example)
DC2 = 10.252.252.11 (promoting to..)
Cmd >nslookup DC1.company.local
Server : DC1.company.local << The current active dns server
Address : 10.252.252.10
Name : DC1.company.local << The awnser on the lookup
Address : 10.252.252.10
The authorised awnser should be from the "local domain" Name server.. And must be configured on the machine you are trying to promo..
Can you check that ?