hindsight
asked on
Seizing FSMO Role - RID ERROR
I have tried using both ntdsutil.exe and the GUI in Active Directory Users and Computers. ADUC Operations Masters states the "current FSMO holder can't be contacted". Ntdsutil.exe;
C:\WINDOWS>ntdsutil
ntdsutil: roles
fsmo maintenance: connections
server connections: connect to "server"
Error 80070057 parsing input - illegal syntax?
Need help seizing the RID role or some kind of suggestion.
Thanks.
C:\WINDOWS>ntdsutil
ntdsutil: roles
fsmo maintenance: connections
server connections: connect to "server"
Error 80070057 parsing input - illegal syntax?
Need help seizing the RID role or some kind of suggestion.
Thanks.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
server connections: connect to server 2kserver.domain.local
Binding to 2kserver.domain.local ...
DsBindW error 0x6ba(The RPC server is unavailable.)
server connections:
Binding to 2kserver.domain.local ...
DsBindW error 0x6ba(The RPC server is unavailable.)
server connections:
Have you checked out the KB on that error?
http://support.microsoft.com/?id=288167
It has step by step directions to fix it. Looks to be a communication issues between DCs
- Chris
http://support.microsoft.com/?id=288167
It has step by step directions to fix it. Looks to be a communication issues between DCs
- Chris
I just checked out the dcdiag log... are you trying to connect to a server that is down? I aske because the last replication with the server was 5 months ago.
ASKER
The orig server is up and running, I can ping it and browse to it without issue. Second target server has been shutdown for about 5 months. This server has only been turned on do to the orig server crashing.
I am assuming you are logging into and Connecting to the newly brought up (Target) DC, is this correct? To transfer the role, you should connect to the target DC.
In "users and computers" are both DC's listed in the Domain Controller OU?
ASKER
server connections: connect to server TARGETDC
Binding to TARGETDC ...
Connected to TARGETDC using credentials of locally logged on user.
server connections: q
fsmo maintenance: seize rid master
Attempting safe transfer of RID FSMO before seizure.
ldap_modify_sW error 0x34(52 (Unavailable).
Ldap extended error message is 000020AF: SvcErr: DSID-0321092B, problem 5002 (UN
AVAILABLE), data 8614
Win32 error returned is 0x20af(The requested FSMO operation failed. The current
FSMO holder could not be contacted.)
)
Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Transfer of RID FSMO failed, proceeding with seizure ...
Searching for highest rid pool in domain
Server "TARGETDC" knows about 5 roles
Schema - CN=NTDS Settings,CN=OLDDC,CN=Serve rs,CN=Defa ult-First- Site-Name, CN=S
ites,CN=Configuration,DC=D OMAIN
Domain - CN=NTDS Settings,CN=OLDDC,CN=Serve rs,CN=Defa ult-First- Site-Name, CN=S
ites,CN=Configuration,DC=D OMAIN
PDC - CN=NTDS Settings,CN=TARGETDC,CN=Se rvers,CN=D efault-Fir st-Site-Na me,CN=S
ites,CN=Configuration,DC=D OMAIN
RID - CN=NTDS Settings,CN=TARGETDC,CN=Se rvers,CN=D efault-Fir st-Site-Na me,CN=S
ites,CN=Configuration,DC=D OMAIN
Infrastructure - CN=NTDS Settings,CN=TARGETDC,CN=Se rvers,CN=D efault-Fir st-Sit
e-Name,CN=Sites,CN=Configu ration,DC= DOMAIN
fsmo maintenance:
Binding to TARGETDC ...
Connected to TARGETDC using credentials of locally logged on user.
server connections: q
fsmo maintenance: seize rid master
Attempting safe transfer of RID FSMO before seizure.
ldap_modify_sW error 0x34(52 (Unavailable).
Ldap extended error message is 000020AF: SvcErr: DSID-0321092B, problem 5002 (UN
AVAILABLE), data 8614
Win32 error returned is 0x20af(The requested FSMO operation failed. The current
FSMO holder could not be contacted.)
)
Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Transfer of RID FSMO failed, proceeding with seizure ...
Searching for highest rid pool in domain
Server "TARGETDC" knows about 5 roles
Schema - CN=NTDS Settings,CN=OLDDC,CN=Serve
ites,CN=Configuration,DC=D
Domain - CN=NTDS Settings,CN=OLDDC,CN=Serve
ites,CN=Configuration,DC=D
PDC - CN=NTDS Settings,CN=TARGETDC,CN=Se
ites,CN=Configuration,DC=D
RID - CN=NTDS Settings,CN=TARGETDC,CN=Se
ites,CN=Configuration,DC=D
Infrastructure - CN=NTDS Settings,CN=TARGETDC,CN=Se
e-Name,CN=Sites,CN=Configu
fsmo maintenance:
ASKER
It looked like it failed but after change ADUC it now is showing the correct target DC. Also, from that output has it for sure taken all five roles it needs?
Schema and Domain Naming Master roles are still held by the olddc.
The give away is CN=OLDDC
You will have to seize those as well.
Otherwise, it looks good. When you Seize a role, it tries to transfer first - which is what failed in the code:
Attempting safe transfer of RID FSMO before seizure.
<SNIP>
Transfer of RID FSMO failed, proceeding with seizure ...
The give away is CN=OLDDC
You will have to seize those as well.
Otherwise, it looks good. When you Seize a role, it tries to transfer first - which is what failed in the code:
Attempting safe transfer of RID FSMO before seizure.
<SNIP>
Transfer of RID FSMO failed, proceeding with seizure ...
RID - CN=NTDS Settings,CN=TARGETDC,CN=Se rvers,CN=D efault-Fir st-Site-Na me,CN=S
ites,CN=Configuration,DC=D OMAIN
Shows it succeeded. CN=TargetDC is the DC that currently holds the role.
ites,CN=Configuration,DC=D
Shows it succeeded. CN=TargetDC is the DC that currently holds the role.
ASKER
It always helps when you read what people are telling you, both ts4673 and -Chris_Ryan-: got me going down the right path. I also used the information at the below site. Thanks you guys for your help, I will split the points.
http://www.petri.co.il/seizing_fsmo_roles.htm
Josh
http://www.petri.co.il/seizing_fsmo_roles.htm
Josh
Cool. Glad you got it working!
- Chris
- Chris
ASKER
C:\WINDOWS>ntdsutil
ntdsutil: roles
fsmo maintenance: connections
server connections: connect to server 2kserver
Binding to 2kserver ...
DsBindW error 0x80090322(The target principal name is incorrect.)
server connections:
dcdiag.txt