troubleshooting Question

windows 2008 domain controller takes long to startup services after obtaining FSMO Roles

Avatar of apscomp
apscomp asked on
Active DirectoryWindows Server 2008
16 Comments1 Solution1676 ViewsLast Modified:
Hello everyone.
Could someone help me.

I have 2 windows 2003 servers,
DC1 (dc, has all 5 fsmo roles,dns)
DC2 (dc, also has exchange 2003 enterprise sp1).
I have two new machines as additional domain controllers
DCA,(global catalog,dns,windows 2008 r2 64bit)
DCB (global catalog,windows 2008 r2 64bit)

I promited DCA & moved all fsmo roles from DC1 TO DCA. I waited ten minutes for it to replicate, then restarted all servers.

When I start my new DCA (globalcatalog,dns,5roles) it takes 20 minutes for my active directory users/computers, active directory domains & trusts, active directory sites&services to startup. It starts up normally, comes up with these errors, then finally after 20 minutes I can access AD on this server again. It's something to do with synchronisation within itself, not sure.
I keep on getting this:

'This computer is now hosting the specified directory instance, but Active Directory Web Services could not service it. Active Directory Web Services will retry this operation periodically.'

'This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role.
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
 FSMO Role: DC=domain-test,DC=local
 User Action:
 1. Initial synchronization is the first early replications done by a system as it is starting. A failure to initially synchronize may explain why a FSMO role cannot be validated. This process is explained in KB article 305476. ''

on dcdiag I was getting:
'Directory Server Diagnosis

Performing initial setup:

   Trying to find home server...

   * Verifying that the local machine msidc, is a Directory Server.
   Home Server = DCA

   * Connecting to directory service on server DCA.

   The directory service on DCA has not finished initializing.

    In order for the directory service to consider itself synchronized, it must

   attempt an initial synchronization with at least one replica of this

   server's writeable domain.  It must also obtain Rid information from the Rid

   FSMO holder.

    The directory service has not signalled the event which lets other services

   know that it is ready to accept requests. Services such as the Key

   Distribution Center, Intersite Messaging Service, and NetLogon will not

   consider this system as an eligible domain controller.
   * Identified AD Forest. '

Like I said, I restart DCA, and have to wait 20 minutes after I logged in for me to access all AD shortcuts and DNS shortcut.

1. I tried windows firewall-manual, all windows firewall is OFF
2. dns on DCA- i put its own ip as dns entry as

Thank you.

Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 16 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 16 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros