Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Upgrade to Windows 2003 domain error running ldifde for Mangled Attributes fix

Posted on 2008-06-16
4
Medium Priority
?
446 Views
Last Modified: 2009-07-29
We have a W2K domain, all servers on sp4 + hotfixes.  We want to add a W2003 r2 Domain Controller.  We also run Exchange 2000 so we must apply the ldifde inetorgpersonprevent.ldf prior to running the ADPreps.  When we run this ldifde script on our Schema Master (2 DC's - this one we are logged has all roles and we are logged in as administrative account) we get this error:

Add error on line 1: Busy
The server side error is "The role owner attribute could not be read."
0 entries modified successfully.
An error has occurred in the program

I have a test domain used to restore mailboxes and this upgrade worked fine on that domain.  I registered the scheme management .dll on both domains and loaded the Active Directory Schema mmc and made the scheme updatable.

Any ideas on what could cause this error are very much appreciated.  We reapplied sp4 on the Scheme master we're working with.  We tried several admin accounts.

Thanks!
Kelly
0
Comment
Question by:Dashmir
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 29

Expert Comment

by:Michael Pfister
ID: 21800907
On the Domain Controller from the command prompt run dcdiag /v and post the output.
0
 

Accepted Solution

by:
Dashmir earned 0 total points
ID: 21803752
I fixed it.  There were some bogus entries in DNS for the server which formerly served as FSMO role holder (original first AD DC).   That server was long ago retired.

Once the bogus DNS entries were removed the process worked :)

Thanks,
Kelly
0
 
LVL 29

Expert Comment

by:Michael Pfister
ID: 21804018
Oh, good you found it. dcdiag is a really helpful tool to find just such things...
0
 

Author Comment

by:Dashmir
ID: 21804331
DCDiag did not tell me this - here is the result from DCDiag.  The 2 errors were trivial.  We were here for 2 hours trying to run the ldifde fix last Saturday :(    One other article mentioned DNS may be an issue.  There was no A record for the old server, but there were still a couple of NS records for it in reverse lookup zones.  Very strange...

C:\Documents and Settings\kkatchis>dcdiag /s:dc3 /a

DC Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial non skippeable tests

   Testing server: Default-First-Site-Name\DC0
      Starting test: Connectivity
         ......................... DC0 passed test Connectivity

   Testing server: Default-First-Site-Name\DC3
      Starting test: Connectivity
         ......................... DC3 passed test Connectivity

   Testing server: Default-First-Site-Name\DC4
      Starting test: Connectivity
         ......................... DC4 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\DC0
      Starting test: Replications
         ......................... DC0 passed test Replications
      Starting test: NCSecDesc
         ......................... DC0 passed test NCSecDesc
      Starting test: NetLogons
         ......................... DC0 passed test NetLogons
      Starting test: Advertising
         ......................... DC0 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... DC0 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... DC0 passed test RidManager
      Starting test: MachineAccount
         ......................... DC0 passed test MachineAccount
      Starting test: Services
         ......................... DC0 passed test Services
      Starting test: ObjectsReplicated
         ......................... DC0 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... DC0 passed test frssysvol
      Starting test: kccevent
         ......................... DC0 passed test kccevent
      Starting test: systemlog
         ......................... DC0 passed test systemlog

   Testing server: Default-First-Site-Name\DC3
      Starting test: Replications
         ......................... DC3 passed test Replications
      Starting test: NCSecDesc
         ......................... DC3 passed test NCSecDesc
      Starting test: NetLogons
         ......................... DC3 passed test NetLogons
      Starting test: Advertising
         ......................... DC3 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... DC3 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... DC3 passed test RidManager
      Starting test: MachineAccount
         ......................... DC3 passed test MachineAccount
      Starting test: Services
         ......................... DC3 passed test Services
      Starting test: ObjectsReplicated
         ......................... DC3 passed test ObjectsReplicated
      Starting test: frssysvol
         There are errors after the SYSVOL has been shared.
         The SYSVOL can prevent the AD from starting.
         ......................... DC3 passed test frssysvol
      Starting test: kccevent
         ......................... DC3 passed test kccevent
      Starting test: systemlog
         ......................... DC3 passed test systemlog

   Testing server: Default-First-Site-Name\DC4
      Starting test: Replications
         ......................... DC4 passed test Replications
      Starting test: NCSecDesc
         ......................... DC4 passed test NCSecDesc
      Starting test: NetLogons
         ......................... DC4 passed test NetLogons
      Starting test: Advertising
         ......................... DC4 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... DC4 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... DC4 passed test RidManager
      Starting test: MachineAccount
         ......................... DC4 passed test MachineAccount
      Starting test: Services
         ......................... DC4 passed test Services
      Starting test: ObjectsReplicated
         ......................... DC4 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... DC4 passed test frssysvol
      Starting test: kccevent
         ......................... DC4 passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0xC001106A
            Time Generated: 06/16/2008   11:19:54
            Event String: An attempt to connect to the remote WINS server
         ......................... DC4 failed test systemlog

   Running enterprise tests on : prohealthcare.com
      Starting test: Intersite
         ......................... prohealthcare.com passed test Intersite
      Starting test: FsmoCheck
         ......................... prohealthcare.com passed test FsmoCheck

C:\Documents and Settings\kkatchis>


0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question