Could someone help me.
I have 2 windows 2003 servers,
DC1 (dc, has all 5 fsmo roles,dns)
DC2 (dc, also has exchange 2003 enterprise sp1).
I have two new machines as additional domain controllers
DCA,(global catalog,dns,windows 2008 r2 64bit)
DCB (global catalog,windows 2008 r2 64bit)
I promited DCA & moved all fsmo roles from DC1 TO DCA. I waited ten minutes for it to replicate, then restarted all servers.
When I start my new DCA (globalcatalog,dns,5roles) it takes 20 minutes for my active directory users/computers, active directory domains & trusts, active directory sites&services to startup. It starts up normally, comes up with these errors, then finally after 20 minutes I can access AD on this server again. It's something to do with synchronisation within itself, not sure.
I keep on getting this:
'This computer is now hosting the specified directory instance, but Active Directory Web Services could not service it. Active Directory Web Services will retry this operation periodically.'
'This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role.
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
FSMO Role: DC=domain-test,DC=local
1. Initial synchronization is the first early replications done by a system as it is starting. A failure to initially synchronize may explain why a FSMO role cannot be validated. This process is explained in KB article 305476. ''
on dcdiag I was getting:
'Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine msidc, is a Directory Server.
Home Server = DCA
* Connecting to directory service on server DCA.
The directory service on DCA has not finished initializing.
In order for the directory service to consider itself synchronized, it must
attempt an initial synchronization with at least one replica of this
server's writeable domain. It must also obtain Rid information from the Rid
The directory service has not signalled the event which lets other services
know that it is ready to accept requests. Services such as the Key
Distribution Center, Intersite Messaging Service, and NetLogon will not
consider this system as an eligible domain controller.
* Identified AD Forest. '
Like I said, I restart DCA, and have to wait 20 minutes after I logged in for me to access all AD shortcuts and DNS shortcut.
1. I tried windows firewall-manual, all windows firewall is OFF
2. dns on DCA- i put its own ip as dns entry as 10.0.0.100