Active Directory
--
Questions
--
Followers
Top Experts
DNS can't contact FSMO holder when trying to Create Default Application Directory Partitions
I get this error when I try to create the application directory partitions. I was trying to create the partitions because I'm unable to convert my primary DNS zone to an Active Directory Integrated Zone.
Here is the error: The partition to replicate zone data to all DNS servers in the Active Directory domain was not created. The requested FSMO operation failed. The current FSMO holder could not be contacted.
When I tried to convert my primary zone to an AD integrated zone, I got this error:
The replication scope could not be set. For more information see "DNS zone replication in Active Directory" in Help and Support. The error was: There was a server failure.
A little background. This domain controller had to be restored from a system state backup, and is currently the only DC we have. I've seized all 5 FSMO roles onto this domain controller, but DNS still can't recognize it as the FSMO role holder. The "netdom query fsmo" command shows that my DC has all 5 FSMO roles.
I'm looking for a way to get DNS to recognize my DC as the holder of the FSMO roles. Any help, experts?
Here is the error: The partition to replicate zone data to all DNS servers in the Active Directory domain was not created. The requested FSMO operation failed. The current FSMO holder could not be contacted.
When I tried to convert my primary zone to an AD integrated zone, I got this error:
The replication scope could not be set. For more information see "DNS zone replication in Active Directory" in Help and Support. The error was: There was a server failure.
A little background. This domain controller had to be restored from a system state backup, and is currently the only DC we have. I've seized all 5 FSMO roles onto this domain controller, but DNS still can't recognize it as the FSMO role holder. The "netdom query fsmo" command shows that my DC has all 5 FSMO roles.
I'm looking for a way to get DNS to recognize my DC as the holder of the FSMO roles. Any help, experts?
Zero AI Policy
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
Check the FSMO role holders: http://support.microsoft.com/kb/234790
if one as showing an error you may need to seize it: http://www.petri.co.il/seizing_fsmo_roles.htm
have you had a failed domain controller?
if one as showing an error you may need to seize it: http://www.petri.co.il/seizing_fsmo_roles.htm
have you had a failed domain controller?
Sorry missed the last part of your post!!
Check all DNS folders to make sure there are no entries under the _msdcs folder for another server name or another IP address
Check all DNS folders to make sure there are no entries under the _msdcs folder for another server name or another IP address
Yep, I already checked all of those folders and there are no entries pointing to any other server names or IP addresses.
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
And have you checked all 5 roles?
Make sure your DC is pointing to a valid Windows DNS server with no other entries and if it is the DNS server use the full IP not the loopback address (127.0.0.1) then restart the netlogon service so it updates it's DNS records.
Are there any errors in the DNS event log?
Make sure your DC is pointing to a valid Windows DNS server with no other entries and if it is the DNS server use the full IP not the loopback address (127.0.0.1) then restart the netlogon service so it updates it's DNS records.
Are there any errors in the DNS event log?
Checked that the DC is using itself as the DNS server (using IP addy, not loopback addy). I restarted NETLOGON anyway, but still got the same error.
Yes, there are some warnings in the DNS Event Log:
Event 4150. The DNS server was unable to connect to the domain naming FSMO "". No modifications to the directory partitions are possible until the FSMO server is available for LDAP connections. The event data contains the error code.
Just now I noticed that, following the FSMO acronym in the event log contains two double quotes (""). Indicating to me it might be missing a name or something? Just a thought, not sure about that.
Yes, there are some warnings in the DNS Event Log:
Event 4150. The DNS server was unable to connect to the domain naming FSMO "". No modifications to the directory partitions are possible until the FSMO server is available for LDAP connections. The event data contains the error code.
Just now I noticed that, following the FSMO acronym in the event log contains two double quotes (""). Indicating to me it might be missing a name or something? Just a thought, not sure about that.
My DC holds all 5 roles, according to the results of: netdom query fsmo
Get a FREE t-shirt when you ask your first question.
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
Ensure that the domain naming master is running properly.
Ensure that the local DNS server can reach the the domain naming master.
Ensure that directory replication is functioning properly.
And you can try this as well:
--net stop netlogon.
--rename c:\windows\system32\config
--start the netlogon and restart the dns as well.
himvy,
The domain naming master and the DNS server are the same server. Is there a specific command or method I can use to ensure the domain naming master is running properly?
As for renaming the netlogon files.... just name them to anything else, or something specific?
The domain naming master and the DNS server are the same server. Is there a specific command or method I can use to ensure the domain naming master is running properly?
As for renaming the netlogon files.... just name them to anything else, or something specific?
---You can run dcdiag /v and pipe to to text file .
It will be the dcdiag in the verberos mode. it will show if it has passed the FSMO test or not.
--You can rename the netlogon files to anything like netlogonold.dnb and netlogonold.dns
--After you restart the netlogon service it will create new netlogon.dns and netlogon.dnb.
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
DCdiag passed all tests, including the comprehensive version of DCDIAG. Renaming the netlogon files had no effect. My DNS server does not seem to have any information on where to contact the domain naming FSMO.
I have been getting DNS Event ID 4510: The DNS server was unable to connect to the domain naming FSMO "". (Notice the empty quotes).
I have verified my FSMO roles are on this same DNS Server/DC several times, and I have no failures in dcdiag /v or dcdiag /v /c
Does anyone know where in DNS the FSMO domain naming master is set? When I've googled this error, others' posts of the same error included the intended server name in the quotes, whereas my quotes are blank.
Any help/clues would be appreciated.
I have been getting DNS Event ID 4510: The DNS server was unable to connect to the domain naming FSMO "". (Notice the empty quotes).
I have verified my FSMO roles are on this same DNS Server/DC several times, and I have no failures in dcdiag /v or dcdiag /v /c
Does anyone know where in DNS the FSMO domain naming master is set? When I've googled this error, others' posts of the same error included the intended server name in the quotes, whereas my quotes are blank.
Any help/clues would be appreciated.
Is this domain still in mixed mode?
Any Windows 2000 DCs still in use? Any DCs not removed properly?
https://www.experts-exchange.com/questions/21024459/The-DNS-server-was-unable-to-connect-to-the-domain-naming-FSMO.html
ASKER CERTIFIED SOLUTION
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
Any update?
Get a FREE t-shirt when you ask your first question.
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
Active Directory
--
Questions
--
Followers
Top Experts
Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.