Link to home
Create AccountLog in
Avatar of zzeschul
zzeschulFlag for Australia

asked on

sbs 2003 not creating a new user

Hi when i try to create a new user in sbs 2003 it brings the following error

The wizard could not successfully configure this user account.  The following could not be completed
-A home folder could not be created for the this user
-The Exchange mailbox could not be created
-A Windows Sharepoint Service site group could not be assigned
-Quota information could not be set
Do you want to keep this user account


The username I am trying to create is weipa - the log file gives the following -
###############################
Wizard Execution:
      Entering the Account Committer...
            Creating weipa...
                  Failed Home Folder with error [0x534]
            Finished with weipa...
            Creating the mailbox tlw...
            Failed to create the Mailbox with error [0x8000ffff].
      Leaving the Account Committer...
      Entering the Template Committer...
            Could not resolve Email Alias in specified time.  User Error was [0x0].  Email Error was [0x8000500d].
            Failed to resolve email for user [LDAP://CN=weipa,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=alternatecare,DC=local] for RUP Email.
            Failed to send Remote Portal Email with error [0x8000500d].
            Failed to set the RAS information with error [0x80005008].
            Failed to set the TS information with error [0x525].
GetUserEmailAddress:Failed to get the user property for email address from the AD
Failed to query user's email address from the AD, will form the useremail manually
            Failed to add the user [tlw] to SharePoint site [http://companyweb] with error [0x81020054].
            Failed to set quota to Limit [1024 MB] and Warning [900 MB] with error [0x0].
      Leaving the Template Committer...

When i try to create the account manually in AD i get -  windows cannot verify that the user name is unique because the following error occuured while contacting the global catalog the server is not operational


Any help would be greatly appreciated :)
mmmm also - just found this in the event log
 SAM 16645 1/2/2011 4:30 AM 1
The maximum account identifier allocated to this domain controller has been assigned. The domain controller has failed to obtain a new identifier pool. A possible reason for this is that the domain controller has been unable to contact the master domain controller. Account creation on this controller will fail until a new pool has been allocated. There may be network or connectivity problems in the domain, or the master domain controller may be offline or missing from the domain. Verify that the master domain controller is running and connected to the domain.  
Avatar of KenMcF
KenMcF
Flag of United States of America image

Is the SBS server your only domain controller?

Can you post the results of the following commands

DCDiag
ipconfig /all
netdom /query fsmo
Avatar of zzeschul

ASKER

Thanks for your quick response Ken.  There is a second 2003 std server acting as a TS box on the network - it is set as a DC and there seems to have been an attempt to set it up for replication at some stage - I'm not sure why - all it has to do is act as a Term Server - over my head when it comes to things like replication :)  I have included the event logs below also - thanks again for your quick response :)

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : AC001
   Primary Dns Suffix  . . . . . . . : alternatecare.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : alternatecare.local

Ethernet adapter Server Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : HP NC105i PCIe Gigabit Server Adapter
   Physical Address. . . . . . . . . : 00-1F-29-D1-2D-79
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.12.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.12.1
   Primary WINS Server . . . . . . . : 192.168.12.1

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 PT Desktop Adapter
   Physical Address. . . . . . . . . : 00-1B-21-1D-61-E5
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.0.0.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.0.0.138
   DNS Servers . . . . . . . . . . . : 192.168.12.1
   Primary WINS Server . . . . . . . : 192.168.12.1
   NetBIOS over Tcpip. . . . . . . . : Disabled

C:\Documents and Settings\Administrator>dcdiag

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\AC001
      Starting test: Connectivity
         ......................... AC001 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\AC001
      Starting test: Replications
         [Replications Check,AC001] A recent replication attempt failed:
            From AC002 to AC001
            Naming Context: CN=Schema,CN=Configuration,DC=alternatecare,DC=local

            The replication generated an error (8614):
            Win32 Error 8614
            The failure occurred at 2011-01-03 10:53:14.
            The last success occurred at 2009-05-11 11:52:54.
            14880 failures have occurred since the last success.
         [Replications Check,AC001] A recent replication attempt failed:
            From AC002 to AC001
            Naming Context: CN=Configuration,DC=alternatecare,DC=local
            The replication generated an error (8614):
            Win32 Error 8614
            The failure occurred at 2011-01-03 10:58:45.
            The last success occurred at 2009-05-11 12:06:51.
            36351 failures have occurred since the last success.
         [Replications Check,AC001] A recent replication attempt failed:
            From AC002 to AC001
            Naming Context: DC=alternatecare,DC=local
            The replication generated an error (8614):
            Win32 Error 8614
            The failure occurred at 2011-01-03 11:19:50.
            The last success occurred at 2009-05-11 12:11:54.
            40170 failures have occurred since the last success.
         REPLICATION-RECEIVED LATENCY WARNING
         AC001:  Current time is 2011-01-03 11:23:27.
            CN=Schema,CN=Configuration,DC=alternatecare,DC=local
               Last replication recieved from AC002 at 2009-05-11 11:52:54.
               WARNING:  This latency is over the Tombstone Lifetime of 180 days
!
            CN=Configuration,DC=alternatecare,DC=local
               Last replication recieved from AC002 at 2009-05-11 12:06:50.
               WARNING:  This latency is over the Tombstone Lifetime of 180 days
!
            DC=alternatecare,DC=local
               Last replication recieved from AC002 at 2009-05-11 12:11:54.
               WARNING:  This latency is over the Tombstone Lifetime of 180 days
!
         ......................... AC001 passed test Replications
      Starting test: NCSecDesc
         ......................... AC001 passed test NCSecDesc
      Starting test: NetLogons
         ......................... AC001 passed test NetLogons
      Starting test: Advertising
         Warning: DsGetDcName returned information for \\AC002.alternatecare.loc
al, when we were trying to reach AC001.
         Server is not responding or is not considered suitable.
         Warning: AC001 is not advertising as a global catalog.
         Check that server finished GC promotion.
         Check the event log on server that enough source replicas for the GC ar
e available.
         ......................... AC001 failed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... AC001 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... AC001 passed test RidManager
      Starting test: MachineAccount
         ......................... AC001 passed test MachineAccount
      Starting test: Services
            IsmServ Service is stopped on [AC001]
         ......................... AC001 failed test Services
      Starting test: ObjectsReplicated
         ......................... AC001 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... AC001 passed test frssysvol
      Starting test: frsevent
         ......................... AC001 passed test frsevent
      Starting test: kccevent
         An Error Event occured.  EventID: 0xC0000466
            Time Generated: 01/03/2011   11:23:23
            (Event String could not be retrieved)
         ......................... AC001 failed test kccevent
      Starting test: systemlog
         ......................... AC001 passed test systemlog
      Starting test: VerifyReferences
         ......................... AC001 passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : alternatecare
      Starting test: CrossRefValidation
         ......................... alternatecare passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... alternatecare passed test CheckSDRefDom

   Running enterprise tests on : alternatecare.local
      Starting test: Intersite
         ......................... alternatecare.local passed test Intersite
      Starting test: FsmoCheck
         Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
         A Global Catalog Server could not be located - All GC's are down.
         Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
         A Primary Domain Controller could not be located.
         The server holding the PDC role is down.
         ......................... alternatecare.local failed test FsmoCheck

C:\Documents and Settings\Administrator>netdom /query fsmo
Schema owner                AC001.alternatecare.local

Domain role owner           AC001.alternatecare.local

PDC role                    AC001.alternatecare.local

RID pool manager            AC001.alternatecare.local

Infrastructure owner        AC001.alternatecare.local

The command completed successfully.


C:\Documents and Settings\Administrator>

Source Event ID Last Occurrence Total Occurrences
  Perflib 1008 1/2/2011 10:12 PM 1
The Open Procedure for service "NwlnkNb" in DLL "C:\WINDOWS\system32\perfctrs.dll" failed. Performance data for this service will not be available. The Status code returned is the first DWORD in the attached data.  
 




Source Event ID Last Occurrence Total Occurrences
  dsrestor 1005 1/2/2011 10:07 PM 1
The DSRestore Filter failed to connect to local SAM server. Error returned is <id:997>.  
 




Source Event ID Last Occurrence Total Occurrences
  MSExchangeAL 8026 1/2/2011 9:54 PM 3 *
LDAP Bind was unsuccessful on directory AC001.alternatecare.local for distinguished name ''. Directory returned error:[0x51] Server Down. For more information, click http://www.microsoft.com/contentredirect.asp.  
 




Source Event ID Last Occurrence Total Occurrences
  MSExchangeAL 8250 1/2/2011 9:54 PM 1
The Win32 API call 'DsGetDCNameW' returned error code [0x862] The specified component could not be found in the configuration information. The service could not be initialized. Make sure that the operating system was installed properly. For more information, click http://www.microsoft.com/contentredirect.asp.  
 



* The text shown is for the most recent occurrence of this event. For more information, see the Event log.



Critical Errors in Directory Service Log


Source Event ID Last Occurrence Total Occurrences
  NTDS General 1126 1/3/2011 10:23 AM 24 *
Active Directory was unable to establish a connection with the global catalog. Additional Data Error value: 1355 The specified domain either does not exist or could not be contacted. Internal ID: 3200cf3 User Action: Make sure a global catalog is available in the forest, and is reachable from this domain controller. You may use the nltest utility to diagnose this problem.  
 




Source Event ID Last Occurrence Total Occurrences
  NTDS Replication 2042 1/3/2011 10:13 AM 149 *
It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source. The reason that replication is not allowed to continue is that the two machine's views of deleted objects may now be different. The source machine may still have copies of objects that have been deleted (and garbage collected) on this machine. If they were allowed to replicate, the source machine might return objects which have already been deleted. Time of last successful replication: 2009-05-11 12:11:54 Invocation ID of source: 05aaf6c8-f6b8-05aa-0100-000000000000 Name of source: df2b3b56-2d60-4362-95d4-96552d07cb8a._msdcs.alternatecare.local Tombstone lifetime (days): 180 The replication operation has failed. User Action: Determine which of the two machines was disconnected from the forest and is now out of date. You have three options: 1. Demote or reinstall the machine(s) that were disconnected. 2. Use the "repadmin /removelingeringobjects" tool to remove inconsistent deleted objects and then resume replication. 3. Resume replication. Inconsistent deleted objects may be introduced. You can continue replication by using the following registry key. Once the systems replicate once, it is recommended that you remove the key to reinstate the protection. Registry Key: HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Allow Replication With Divergent and Corrupt Partner  
 




Source Event ID Last Occurrence Total Occurrences
  NTDS Replication 1864 1/2/2011 11:08 PM 6 *
This is the replication status for the following directory partition on the local domain controller. Directory partition: DC=alternatecare,DC=local The local domain controller has not recently received replication information from a number of domain controllers. The count of domain controllers is shown, divided into the following intervals. More than 24 hours: 1 More than a week: 1 More than one month: 1 More than two months: 1 More than a tombstone lifetime: 1 Tombstone lifetime (days): 180 Domain controllers that do not replicate in a timely manner may encounter errors. It may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled. To identify the domain controllers by name, install the support tools included on the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest. The command is "repadmin /showvector /latency <partition-dn>".  
 



* The text shown is for the most recent occurrence of this event. For more information, see the Event log.



Critical Errors in DNS Server Log


There were no critical events in the DNS Server Log in the last 24 hours.  
A few things stand out.

Why does the server have two NICs?
One should be disabled.

Is server AC002 still online?
Hi Ken - sbs 2003 is in a 2 nic setup config the server has one nic going to lan and one to modem - AC002 is still online and working fine as a ts box - thanks
ok, lets try to set the internet connecting NIC (10.0.0.1) so it does not register in DNS.

Follow the steps in this KB. The DNS and WINS settigns on this NIC should be left blank.

http://support.microsoft.com/kb/272294
if you are using sbs console then try adding user via active directory user and computer also try to create using another administrator
Another thing, ServerAC002 has not replicated for a long time. It is past the tombstone lifetime. So you will need to run DCPromo and demote this server. If the DCPromo does not work to demote the DC you will have to run dcpromo /forceremoval and run a metadata cleanup to remove the server from AD. Here are some links to look over.

http://support.microsoft.com/kb/238369
http://support.microsoft.com/kb/332199
http://support.microsoft.com/kb/216498/EN-US/
Hi Ken - http://support.microsoft.com/kb/272294  everything is in order as recommended in the article - will demoting the second dc have any negative impact on the sbs box, is there any reason it would have had to be a dc in the first place or can i leave it demoted?  cheers
It is not replicating now so it will not have any impact on the SBS server. But depending on the process used to demote that server may not work properly. If dcpromo /forceremoval is used it will put the server in its own workgroup. You will need to re-add it to the domain.

It is always a good idea to have more than one DC for redundancy. But in your case I would not recommend having a DC also be a terminal server. If you have another server I would use that as a second DC.
Thanks Ken,
I just tried to run the set up server computers wizard to make sure i could put the ts server back after i demote it and got "You must be a member of the Small Business Server Administrators or Power Users group to create computer accounts - contact your administrator

I am definately logged on as the administrator - the plot thickens
hi
i suggested you login with another admin and then you might be able to create new user maybe this user account has issues
I just went to administrator security group to double check that i am a member and get - a global catalog cannot be located to retrieve the icons from the member list. some icons may not be shown
ok, so the server was able to demote without any problems then?

Did you configure the NIC on the SBS server so it does not register DNS?

If you did run this command

netdiag /fix

Then run DCDiag again and post results.
The SBS server should be a GC. But just verify. You can open Active Directory Sites and Services under the NTDS settings there is a GC check box. Here is a link with the steps to verify.  The box should be checked.

http://support.microsoft.com/kb/313994
When I try to demote the ts box I get - a domain controller could not be contactedfor the domain alternatecare.local that contained an account for this computer.  Make the computer a member of a workgroup then rejoin the domain before retrying the promotion
"The specified domain either does not exist or could not be contacted"

NIC on DNS server was not set to register in DNS - everything was already setup as recommnded in this article http://support.microsoft.com/kb/272294 

thanks


        NetBT name test. . . . . . : Skipped
            NetBT is disabled on this interface. [Test skipped]

        WINS service test. . . . . : Skipped
            NetBT is disable on this interface. [Test skipped].

    Adapter : IPX Internal Interface

        Netcard queries test . . . : Passed

        Ipx configration
            Network Number . . . . : 00000000
            Node . . . . . . . . . : 000000000001
            Frame type . . . . . . : Ethernet II



    Adapter : IpxLoopbackAdapter

        Netcard queries test . . . : Passed

        Ipx configration
            Network Number . . . . : 1234cdef
            Node . . . . . . . . . : 000000000002
            Frame type . . . . . . : 802.2



    Adapter : NDISWANIPX

        Netcard queries test . . . : Passed

        Ipx configration
            Network Number . . . . : 00000000
            Node . . . . . . . . . : 0aa820524153
            Frame type . . . . . . : Ethernet II




Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{11E12910-47F3-48F6-B31C-B78BB6EC95A8}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
    [FIX] re-register DC DNS entry '_kerberos._tcp.dc._msdcs.DomainDnsZones.alte
rnatecare.local.' on DNS server '192.168.12.1' succeed.
    [FIX] re-register DC DNS entry '_kerberos._tcp.Default-First-Site-Name._site
s.dc._msdcs.DomainDnsZones.alternatecare.local.' on DNS server '192.168.12.1' su
cceed.
    [FIX] re-register DC DNS entry '_kerberos._tcp.DomainDnsZones.alternatecare.
local.' on DNS server '192.168.12.1' succeed.
    [FIX] re-register DC DNS entry '_kerberos._tcp.Default-First-Site-Name._site
s.DomainDnsZones.alternatecare.local.' on DNS server '192.168.12.1' succeed.
    [FIX] re-register DC DNS entry '_kerberos._udp.DomainDnsZones.alternatecare.
local.' on DNS server '192.168.12.1' succeed.
    [FIX] re-register DC DNS entry '_kpasswd._tcp.DomainDnsZones.alternatecare.l
ocal.' on DNS server '192.168.12.1' succeed.
    [FIX] re-register DC DNS entry '_kpasswd._udp.DomainDnsZones.alternatecare.l
ocal.' on DNS server '192.168.12.1' succeed.
    [FIX] re-register DC DNS entry '_kerberos._tcp.dc._msdcs.ForestDnsZones.alte
rnatecare.local.' on DNS server '192.168.12.1' succeed.
    [FIX] re-register DC DNS entry '_kerberos._tcp.Default-First-Site-Name._site
s.dc._msdcs.ForestDnsZones.alternatecare.local.' on DNS server '192.168.12.1' su
cceed.
    [FIX] re-register DC DNS entry '_kerberos._tcp.ForestDnsZones.alternatecare.
local.' on DNS server '192.168.12.1' succeed.
    [FIX] re-register DC DNS entry '_kerberos._tcp.Default-First-Site-Name._site
s.ForestDnsZones.alternatecare.local.' on DNS server '192.168.12.1' succeed.
    [FIX] re-register DC DNS entry '_kerberos._udp.ForestDnsZones.alternatecare.
local.' on DNS server '192.168.12.1' succeed.
    [FIX] re-register DC DNS entry '_kpasswd._tcp.ForestDnsZones.alternatecare.l
ocal.' on DNS server '192.168.12.1' succeed.
    [FIX] re-register DC DNS entry '_kpasswd._udp.ForestDnsZones.alternatecare.l
ocal.' on DNS server '192.168.12.1' succeed.
    FIX PASS - netdiag re-registered missing DNS entries for this DC successfull
y on DNS server '192.168.12.1'.
    [FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{11E12910-47F3-48F6-B31C-B78BB6EC95A8}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{11E12910-47F3-48F6-B31C-B78BB6EC95A8}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed


Netware configuration
    You are not logged in to your preferred server .
    Netware User Name. . . . . . . :
    Netware Server Name. . . . . . :
    Netware Tree Name. . . . . . . :
    Netware Workstation Context. . :

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

C:\Documents and Settings\Administrator>dcdiag

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\AC001
      Starting test: Connectivity
         ......................... AC001 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\AC001
      Starting test: Replications
         [Replications Check,AC001] A recent replication attempt failed:
            From AC002 to AC001
            Naming Context: CN=Schema,CN=Configuration,DC=alternatecare,DC=local

            The replication generated an error (8614):
            Win32 Error 8614
            The failure occurred at 2011-01-03 12:53:14.
            The last success occurred at 2009-05-11 11:52:54.
            14882 failures have occurred since the last success.
         [Replications Check,AC001] A recent replication attempt failed:
            From AC002 to AC001
            Naming Context: CN=Configuration,DC=alternatecare,DC=local
            The replication generated an error (8614):
            Win32 Error 8614
            The failure occurred at 2011-01-03 13:13:45.
            The last success occurred at 2009-05-11 12:06:51.
            36356 failures have occurred since the last success.
         [Replications Check,AC001] A recent replication attempt failed:
            From AC002 to AC001
            Naming Context: DC=alternatecare,DC=local
            The replication generated an error (8614):
            Win32 Error 8614
            The failure occurred at 2011-01-03 13:12:51.
            The last success occurred at 2009-05-11 12:11:54.
            40174 failures have occurred since the last success.
         REPLICATION-RECEIVED LATENCY WARNING
         AC001:  Current time is 2011-01-03 13:19:49.
            CN=Schema,CN=Configuration,DC=alternatecare,DC=local
               Last replication recieved from AC002 at 2009-05-11 11:52:54.
               WARNING:  This latency is over the Tombstone Lifetime of 180 days
!
            CN=Configuration,DC=alternatecare,DC=local
               Last replication recieved from AC002 at 2009-05-11 12:06:50.
               WARNING:  This latency is over the Tombstone Lifetime of 180 days
!
            DC=alternatecare,DC=local
               Last replication recieved from AC002 at 2009-05-11 12:11:54.
               WARNING:  This latency is over the Tombstone Lifetime of 180 days
!
         ......................... AC001 passed test Replications
      Starting test: NCSecDesc
         ......................... AC001 passed test NCSecDesc
      Starting test: NetLogons
         ......................... AC001 passed test NetLogons
      Starting test: Advertising
         Warning: DsGetDcName returned information for \\AC002.alternatecare.loc
al, when we were trying to reach AC001.
         Server is not responding or is not considered suitable.
         Warning: AC001 is not advertising as a global catalog.
         Check that server finished GC promotion.
         Check the event log on server that enough source replicas for the GC ar
e available.
         ......................... AC001 failed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... AC001 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... AC001 passed test RidManager
      Starting test: MachineAccount
         ......................... AC001 passed test MachineAccount
      Starting test: Services
            IsmServ Service is stopped on [AC001]
         ......................... AC001 failed test Services
      Starting test: ObjectsReplicated
         ......................... AC001 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... AC001 passed test frssysvol
      Starting test: frsevent
         ......................... AC001 passed test frsevent
      Starting test: kccevent
         An Error Event occured.  EventID: 0xC00007FA
            Time Generated: 01/03/2011   13:12:51
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC00007FA
            Time Generated: 01/03/2011   13:13:45
            (Event String could not be retrieved)
         ......................... AC001 failed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x00004105
            Time Generated: 01/03/2011   13:01:35
            Event String: The maximum account identifier allocated to this
         ......................... AC001 failed test systemlog
      Starting test: VerifyReferences
         ......................... AC001 passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : alternatecare
      Starting test: CrossRefValidation
         ......................... alternatecare passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... alternatecare passed test CheckSDRefDom

   Running enterprise tests on : alternatecare.local
      Starting test: Intersite
         ......................... alternatecare.local passed test Intersite
      Starting test: FsmoCheck
         Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
         A Global Catalog Server could not be located - All GC's are down.
         Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
         A Primary Domain Controller could not be located.
         The server holding the PDC role is down.
         ......................... alternatecare.local failed test FsmoCheck

C:\Documents and Settings\Administrator>
ASKER CERTIFIED SOLUTION
Avatar of KenMcF
KenMcF
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
checked gc in ntds settings - it is ticked for the sbs server
Hi Ken, had a look at http://support.microsoft.com/kb/216498 - "In Windows Server 2008, and Windows Server 2008 R2, the administrator can remove the metadata for a server object by removing the server object in the Active Directory Users and Computers snap-in."
does this mean I can just delete AC002 from ad on AC001 and it will clean it up?  thanks again

If the NTDS Settings object is removed incorrectly (for example, if the NTDS Settings object is removed incorrectly from a demotion attempt), the administrator can manually remove the metadata for a server object.
In Windows Server 2008, and Windows Server 2008 R2, the administrator can remove the metadata for a server object by removing the server object in the Active Directory Users and Computers snap-in.

 In Windows Server 2003 and Windows 2000 Server, the administrator can use the Ntdsutil.exe utility to manually remove the NTDS Settings object. The following steps list the procedure for removing the NTDS Settings object in Active Directory for a particular domain controller. At each Ntdsutil menu, the administrator can type help for more information about the available options.
If you had 2008 you could remove the metadata just by deleting the DC object in ADUC. But since you have 2003 you will need to use ntdsutil on AC001 to remove AC002.
thanks Ken, i think I might attempt this a little later in the week when things are quieter in case it all goes pear shaped :)  Thanks for all your help, I'll keep you posted - thanks again
Hi - I followed steps here  - KenMcF:ok, on AC002 you will need to run dcpromo /forceremoval
By doing this it will take the server out of the domain and put it in its own workgroup.
Then you will need to do a metadatacleanup of that server in AD.  - and dcpromo / force removal worked on ac002 ts box and it is now on a work group.  When I attempt a meta data cleanup on ac001, I get no current site and cannot delete ac002. - see below.  Any suggestions would be greatly appreciated - cheers

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>ntdsutil
ntdsutil: metadata cleanup
metadata cleanup: connections
server connections: connect to server ac001
Binding to ac001 ...
Connected to ac001 using credentials of locally logged on user.
server connections: quit
metadata cleanup: select operation target
select operation target: list domains
Found 1 domain(s)
0 - DC=alternatecare,DC=local
select operation target: select domain 0
No current site
Domain - DC=alternatecare,DC=local
No current server
No current Naming Context
select operation target: list servers in site
No active site list
select operation target: select domain 0
No current site
Domain - DC=alternatecare,DC=local
No current server
No current Naming Context
select operation target:
Make sure you are doing steps 10 and 11 in this link, it looks like you did not selcect a site.

http://support.microsoft.com/kb/216498
Thanks for all your help Ken - I have it all up and running now, much appreciated
Ken was very quick to respond and his solution was spot on - thanks :)
Glad everything is working for you now.