DC Directory Service error reporting
Hi experts
I'm getting these several errors on my DC event viewer and I'd like to know what are these errors and what are the effects in the future on the Server, what precautions should I consider to avoid any damage to it.
First Error
I have so much errors generated on my DC, And i'm curious what are these errors are all about and what are the affections
This is the replication status for the following directory partition on the local domain controller. Directory partition:DC=ForestDnsZone
Second Error
This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role. Operations which require contacting a FSMO operation master will fail until this condition is corrected. FSMO Role: CN=Infrastructure,DC=TNT,D
11:01:47 PM 173808600: or security authentication that are preventing successful replication. 3. In the rare event that all replication partners being down is an expected occurance, perhaps because of maintenance or a disaster recovery, you can force the role to be validated. This can be done by using NTDSUTIL.EXE to seize the role to the same server. This may be done using the steps provided in KB articles 255504 and 324801 on http://support.microsoft.com. The following operations may be impacted: Schema: You will no longer be able to modify the schema for this forest. Domain Naming: You will no longer be able to add or remove domains from this forest. PDC: You will no longer be able to perform primary domain controller operations, such as Group Policy updates and password resets for non-Active Directory accounts. RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups. Infrastructure: Cross-domain name references, such
11:02:07 PM 173808600: as universal group memberships, will not be updated properly if their target object is moved or renamed.For more information, see Help and Support Center at
Note, there are some other errors most of them I guess are close to these ones above, and all of them are generated in 7:05 am, or 7:50 pm daily.
I'm getting these several errors on my DC event viewer and I'd like to know what are these errors and what are the effects in the future on the Server, what precautions should I consider to avoid any damage to it.
First Error
I have so much errors generated on my DC, And i'm curious what are these errors are all about and what are the affections
This is the replication status for the following directory partition on the local domain controller. Directory partition:DC=ForestDnsZone
Second Error
This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role. Operations which require contacting a FSMO operation master will fail until this condition is corrected. FSMO Role: CN=Infrastructure,DC=TNT,D
11:01:47 PM 173808600: or security authentication that are preventing successful replication. 3. In the rare event that all replication partners being down is an expected occurance, perhaps because of maintenance or a disaster recovery, you can force the role to be validated. This can be done by using NTDSUTIL.EXE to seize the role to the same server. This may be done using the steps provided in KB articles 255504 and 324801 on http://support.microsoft.com. The following operations may be impacted: Schema: You will no longer be able to modify the schema for this forest. Domain Naming: You will no longer be able to add or remove domains from this forest. PDC: You will no longer be able to perform primary domain controller operations, such as Group Policy updates and password resets for non-Active Directory accounts. RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups. Infrastructure: Cross-domain name references, such
11:02:07 PM 173808600: as universal group memberships, will not be updated properly if their target object is moved or renamed.For more information, see Help and Support Center at
Note, there are some other errors most of them I guess are close to these ones above, and all of them are generated in 7:05 am, or 7:50 pm daily.
Darius Ghassem
Well you are having trouble with replication with the DCs. How long has this been going on? Run a netdiag and post results please.
ASKER
The server is windows 2003 not 2000 ? and there's no netdiag command ...?
try to set cross dns zone transfer for dns servers
ASKER
Didn't understand that, can you please tell me how to do that step by step?
Yes, there is a netdiag in 2003 there isn't one in 2008.
http://www.microsoft.com/downloads/details.aspx?FamilyID=1EA70814-7E6C-46E5-8C8C-3C439A732E9F&displaylang=en
http://www.microsoft.com/downloads/details.aspx?FamilyID=1EA70814-7E6C-46E5-8C8C-3C439A732E9F&displaylang=en
in the properties of dns server, enter the "zone transer" tab and set the others dns server ip address, do the same on the second dns server
Zone transfers have nothing to do with this, sorry.
That said you've got a DC that hasn't replicated in 2+ months. Install the Support Tools for Windows (download from Microsoft), and run a repadmin /showreps. Post the results.
Thanks,
Brian Desmond
Active Directory MVP
That said you've got a DC that hasn't replicated in 2+ months. Install the Support Tools for Windows (download from Microsoft), and run a repadmin /showreps. Post the results.
Thanks,
Brian Desmond
Active Directory MVP
ASKER
Dariusq, The command doesn't work it give invalid command.
Roads_roads we only have one DNS server which is the one I have problem with ...
Bdesmond, Will do so ..
Thanks everyone.
Roads_roads we only have one DNS server which is the one I have problem with ...
Bdesmond, Will do so ..
Thanks everyone.
ASKER
So do you have a system on the LAN called BACKUP-SERVER?
Thanks,
Brian Desmond
Active Directory MVP
Thanks,
Brian Desmond
Active Directory MVP
ASKER
I did have before as a backup, but I have demoted this server .... .. though it still exists in sites & services.
So something didn't quite work out when you demoted it. This KB article http://support.microsoft.com/kb/216498 outlines how to do a metadata cleanup of the box. Do that and see where it gets you.
Thanks,
Brian Desmond
Active Directory MVP
Thanks,
Brian Desmond
Active Directory MVP
ASKER
Basically i'm not sure if i have done the demoted the server in a proper way... just for your info.. The steps i did to demote is ...
Open active directory..
Under the DC name -- > Domain Controllers --> Right clicked on the backup server and clicked on delete.
It then popped up a box saying how or why do i want to demote this server, I choose this server is no longer connected the last option..
Is that correct or there should any other commands I should apply ?
Open active directory..
Under the DC name -- > Domain Controllers --> Right clicked on the backup server and clicked on delete.
It then popped up a box saying how or why do i want to demote this server, I choose this server is no longer connected the last option..
Is that correct or there should any other commands I should apply ?
Yeah that doesn't count as demoting the server, unfortunately.
Is the server permanently offline?
Thanks,
Brian Desmond
Active Directory MVP
Is the server permanently offline?
Thanks,
Brian Desmond
Active Directory MVP
ASKER
Yes it is... How do i demote the server then please?
Thanks
Thanks
You need to run a dcpromo /forceremoval on that server, and then you need to do the metadata cleanup from a different box.
Thanks,
Brian Desmond
Active Directory MVP
Thanks,
Brian Desmond
Active Directory MVP
ASKER
Unfortunately the Backup Server is permanently down and no longer exists ... It has been moved to a different location ...
The metadata cleanup returned the following error
C:\Documents and Settings\Administrator.SER
ntdsutil: metadata cleanup
metadata cleanup: remove selected server backup-server
Binding to localhost ...Connected to localhost using credentials of locally logged on user.LDAP error 0x22(34 (Invalid DN Syntax).Ldap extended error message is 0000208F: NameErr: DSID-031001BA, problem 2006 (BAD_NAME), data 8350, best match of: 'CN=Ntds Settings,backup-server'Win
Unable to determine the domain hosted by the DC (5). Please use the connection menu to specify it.Disconnecting from localhost...
metadata cleanup:
The metadata cleanup returned the following error
C:\Documents and Settings\Administrator.SER
ntdsutil: metadata cleanup
metadata cleanup: remove selected server backup-server
Binding to localhost ...Connected to localhost using credentials of locally logged on user.LDAP error 0x22(34 (Invalid DN Syntax).Ldap extended error message is 0000208F: NameErr: DSID-031001BA, problem 2006 (BAD_NAME), data 8350, best match of: 'CN=Ntds Settings,backup-server'Win
Unable to determine the domain hosted by the DC (5). Please use the connection menu to specify it.Disconnecting from localhost...
metadata cleanup:
You need to go into the select operation target menu and specify this data. Steps 7-15 in the KB article I linked to detail this.
Thanks,
Brian Desmond
Active Directory MVP
Thanks,
Brian Desmond
Active Directory MVP
ASKER
Tried that ... when I try to list domains it gives me the following error .
Not connected to a server - use "Connections"
I then type connections and type Info but that doesn't do anything ...!
Not connected to a server - use "Connections"
I then type connections and type Info but that doesn't do anything ...!
Are you following the steps in the KB article?
metadata cleanup
connections
connect to server DcThatStillWorks
quit
select op target
list domains
select domain K
list sites
select site K
list servers in site
select server K
quit
remove selected server
Thanks,
Brian Desmond
Active Directory MVP
metadata cleanup
connections
connect to server DcThatStillWorks
quit
select op target
list domains
select domain K
list sites
select site K
list servers in site
select server K
quit
remove selected server
Thanks,
Brian Desmond
Active Directory MVP
ASKER
Here's what I did according to the article... and to your comment.
Connections
server connections: connect to server server
Binding to server ...
Connected to server using credentials of locally logged on user.
server connections: quit
select operation target: list domains
Found 1 domain(s)
0 - DC=TNT,DC=local
select operation target: select domain 0
No current site
Domain - DC=TNT,DC=local
No current server
No current Naming Context
select operation target: list sites
Found 1 site(s)
0 - CN=Default-First-Site,CN=S
However when I tried to to select site name by type the following command
select site 0 and select TNT but non works it gives me the following error
Error 80070057 parsing input - illegal syntax?
Not sure if i have done it correct or not and same thing when I type select Domain 0 or TNT.
Connections
server connections: connect to server server
Binding to server ...
Connected to server using credentials of locally logged on user.
server connections: quit
select operation target: list domains
Found 1 domain(s)
0 - DC=TNT,DC=local
select operation target: select domain 0
No current site
Domain - DC=TNT,DC=local
No current server
No current Naming Context
select operation target: list sites
Found 1 site(s)
0 - CN=Default-First-Site,CN=S
However when I tried to to select site name by type the following command
select site 0 and select TNT but non works it gives me the following error
Error 80070057 parsing input - illegal syntax?
Not sure if i have done it correct or not and same thing when I type select Domain 0 or TNT.
You shouldn't be specifying any names.
select site 0
list servers in site
select server 0 <put the right number>
If it is still failing please paste in ALL the input/output.
Thanks,
Brian Desmond
Active Directory MVP
select site 0
list servers in site
select server 0 <put the right number>
If it is still failing please paste in ALL the input/output.
Thanks,
Brian Desmond
Active Directory MVP
ASKER
I think there's something wrong... it's not working.
Here's what i've tried.
select operation target: select site 0
Site - CN=Default-First-Site,CN=S
Domain - DC=TNT,DC=local
No current server
No current Naming Context
select operation target: list server in site
Found 2 server(s)
0 - CN=SERVER,CN=Servers,CN=De
DC=local
1 - CN=BACKUP-SERVER,CN=Server
DC=TNT,DC=local
select operation target: select site 1
Selection out of range
select operation target: select 0
Error 80070057 parsing input - illegal syntax?
select operation target: select site 0
Site - CN=Default-First-Site,CN=S
Domain - DC=TNT,DC=local
No current server
No current Naming Context
select operation target: select site 0
Site - CN=Default-First-Site,CN=S
Domain - DC=TNT,DC=local
No current server
No current Naming Context
select operation target: select site 1
Selection out of range
select operation target: select server 0
Site - CN=Default-First-Site,CN=S
Domain - DC=TNT,DC=local
Server - CN=SERVER,CN=Servers,CN=De
=TNT,DC=local
DSA object - CN=NTDS Settings,CN=SERVER,CN=Serv
,CN=Sites,CN=Configuration
DNS host name - server.TNT.local
Computer object - CN=SERVER,OU=Domain Controllers,DC=TNT,DC=loca
No current Naming Context
select operation target: select server 1
Site - CN=Default-First-Site,CN=S
Domain - DC=TNT,DC=local
Server - CN=BACKUP-SERVER,CN=Server
tion,DC=TNT,DC=local
DSA object - CN=NTDS Settings,CN=BACKUP-SERVER,
st-Site,CN=Sites,CN=Config
DNS host name - backup-server.TNT.local
No current Naming Context
Here's what i've tried.
select operation target: select site 0
Site - CN=Default-First-Site,CN=S
Domain - DC=TNT,DC=local
No current server
No current Naming Context
select operation target: list server in site
Found 2 server(s)
0 - CN=SERVER,CN=Servers,CN=De
DC=local
1 - CN=BACKUP-SERVER,CN=Server
DC=TNT,DC=local
select operation target: select site 1
Selection out of range
select operation target: select 0
Error 80070057 parsing input - illegal syntax?
select operation target: select site 0
Site - CN=Default-First-Site,CN=S
Domain - DC=TNT,DC=local
No current server
No current Naming Context
select operation target: select site 0
Site - CN=Default-First-Site,CN=S
Domain - DC=TNT,DC=local
No current server
No current Naming Context
select operation target: select site 1
Selection out of range
select operation target: select server 0
Site - CN=Default-First-Site,CN=S
Domain - DC=TNT,DC=local
Server - CN=SERVER,CN=Servers,CN=De
=TNT,DC=local
DSA object - CN=NTDS Settings,CN=SERVER,CN=Serv
,CN=Sites,CN=Configuration
DNS host name - server.TNT.local
Computer object - CN=SERVER,OU=Domain Controllers,DC=TNT,DC=loca
No current Naming Context
select operation target: select server 1
Site - CN=Default-First-Site,CN=S
Domain - DC=TNT,DC=local
Server - CN=BACKUP-SERVER,CN=Server
tion,DC=TNT,DC=local
DSA object - CN=NTDS Settings,CN=BACKUP-SERVER,
st-Site,CN=Sites,CN=Config
DNS host name - backup-server.TNT.local
No current Naming Context
When you get this:
select operation target: list server in site
Found 2 server(s)
0 - CN=SERVER,CN=Servers,CN=De
DC=local
1 - CN=BACKUP-SERVER,CN=Server
DC=TNT,DC=local
You need to do "select server 1" followed by "quit".
I see all the way at the bottom taht you have done this correctly.
Thanks,
Brian Desmond
Active Directory MVP
select operation target: list server in site
Found 2 server(s)
0 - CN=SERVER,CN=Servers,CN=De
DC=local
1 - CN=BACKUP-SERVER,CN=Server
DC=TNT,DC=local
You need to do "select server 1" followed by "quit".
I see all the way at the bottom taht you have done this correctly.
Thanks,
Brian Desmond
Active Directory MVP
ASKER
Here's an update,, It gives this msg when I type remove selected server as you can see below.
No current domain - use "Select operation target"
select operation target: list server in site
Found 2 server(s)
0 - CN=SERVER,CN=Servers,CN=De
DC=local
1 - CN=BACKUP-SERVER,CN=Server
DC=TNT,DC=local
select operation target: select server 1
Site - CN=Default-First-Site,CN=S
No current domain
Server - CN=BACKUP-SERVER,CN=Server
tion,DC=TNT,DC=local
DSA object - CN=NTDS Settings,CN=BACKUP-SERVER,
st-Site,CN=Sites,CN=Config
DNS host name - backup-server.TNT.local
No current Naming Context
select operation target: quit
metadata cleanup: remove selected server
No current domain - use "Select operation target"
metadata cleanup:
No current domain - use "Select operation target"
select operation target: list server in site
Found 2 server(s)
0 - CN=SERVER,CN=Servers,CN=De
DC=local
1 - CN=BACKUP-SERVER,CN=Server
DC=TNT,DC=local
select operation target: select server 1
Site - CN=Default-First-Site,CN=S
No current domain
Server - CN=BACKUP-SERVER,CN=Server
tion,DC=TNT,DC=local
DSA object - CN=NTDS Settings,CN=BACKUP-SERVER,
st-Site,CN=Sites,CN=Config
DNS host name - backup-server.TNT.local
No current Naming Context
select operation target: quit
metadata cleanup: remove selected server
No current domain - use "Select operation target"
metadata cleanup:
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Wow, finally it worked...
Thanks so much.... I will check the event viewer in the few coming days and will let u know then.
screenshot.jpg
Thanks so much.... I will check the event viewer in the few coming days and will let u know then.
screenshot.jpg
ASKER
I think there's no more errors generated anymore... the problems seems to be all generated from the Backup server which was not demoted correctly from the main server...
Thanks so much for this great information & knowledge...!
Thanks so much for this great information & knowledge...!