troubleshooting Question
FSMO roles out of order after domain controller rebuild.
asked on
We had one of our Windows 2000 Advanced Server domain controllers go down along with the mirror of the drive. So I reinstalled everything from scratch and made it a DC again. We have 2 backup DCs as well. Now I am getting Event ID 16650 SAM errors every couple of minutes that says:
“The account-identifier allocator failed to initialize properly. The record data contains the NT error code that caused the failure. Windows 2000 will retry the initialization until it succeeds; until that time, account creation will be denied on this Domain Controller. Please look for other SAM event logs that may indicate the exact reason for the failure.”
I think what the problem is that this DC which was the first DC in the domain as far as I know had the FSMO roles on it. After making it a DC after the installation it has assumed the FSMO roles again and I cant transfer them to another DC. When I try it says:
“The transfer of the operations master role cannot be performed because: The requested FSMO operation failed. The current FSMO holder could not be contacted.
In the Directory Service log I get an Event ID 1586 (NTDS Replication) error that says:
The checkpoint with the PDC was unsuccessful. The checkpointing process will be retried again in four hours. A full synchronization of the security database to downlevel domain controllers may take place if this machine is promoted to be the PDC before the next successful checkpoint. The error returned was: The naming context is in the process of being removed or is not replicated from the specified server.
How do I get the FSMO roles to another DC and if I can should I demote the redone DC and then reinstall Active Directory? Then would I put the FSMO roles back on it? I cant even edit the domain group policy from any server etc.
“The account-identifier allocator failed to initialize properly. The record data contains the NT error code that caused the failure. Windows 2000 will retry the initialization until it succeeds; until that time, account creation will be denied on this Domain Controller. Please look for other SAM event logs that may indicate the exact reason for the failure.”
I think what the problem is that this DC which was the first DC in the domain as far as I know had the FSMO roles on it. After making it a DC after the installation it has assumed the FSMO roles again and I cant transfer them to another DC. When I try it says:
“The transfer of the operations master role cannot be performed because: The requested FSMO operation failed. The current FSMO holder could not be contacted.
In the Directory Service log I get an Event ID 1586 (NTDS Replication) error that says:
The checkpoint with the PDC was unsuccessful. The checkpointing process will be retried again in four hours. A full synchronization of the security database to downlevel domain controllers may take place if this machine is promoted to be the PDC before the next successful checkpoint. The error returned was: The naming context is in the process of being removed or is not replicated from the specified server.
How do I get the FSMO roles to another DC and if I can should I demote the redone DC and then reinstall Active Directory? Then would I put the FSMO roles back on it? I cant even edit the domain group policy from any server etc.
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 8 Comments.
Learn from the best
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 8 Comments.
Try for 7 days”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.