[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

The current operations master is offline. The role cannot be transferred (Windows 2008)

Posted on 2012-03-21
22
Medium Priority
?
4,297 Views
Last Modified: 2012-03-23
Hi,

I had a time sync issue with my primary DC. Now I have shut it down and left 1 over.
I want to transfer roles but it says it cannot because it is not online ...

operations master
Note: if I try to sync from a different dc, I get "The target principle name is incorrect", the server holds all the fsmo roles ...

Please advise.
J.
0
Comment
Question by:janhoedt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 12
  • 10
22 Comments
 
LVL 9

Expert Comment

by:Geodash
ID: 37749549
Try transferring from the command line - using ntdsutil.exe, see if you get the same error. Look at the bottom of this article

http://www.petri.co.il/transferring_fsmo_roles.htm
0
 

Author Comment

by:janhoedt
ID: 37749582
Would like to get it online instead of seizing.
When I try to sync ad I get "The target principle name is incorrect".
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37749592
Do you know what Server holds the role?

Run a

netdom -query fsmo

from command and see if that server is online. Try to ping it etc.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:janhoedt
ID: 37749602
I can logon to it and wirk without problems. Only sync does not work + not reachable when I want to transfer fe rid role.
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37749612
use repadmin to check the status of the server and its replication - check out this article

http://technet.microsoft.com/en-us/library/cc770963%28v=ws.10%29.aspx
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37749615
0
 

Author Comment

by:janhoedt
ID: 37749865
Same output: target principle name is incorrect.
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37749901
So are all of the FSMO roles on one server? Can you reboot the server to see if it clears it up? Have you looked in the event log and post any erros that are listed there?
0
 

Author Comment

by:janhoedt
ID: 37749953
http://support.microsoft.com/kb/288167

What I get:
The machine account password for the local machine could not be reset.
Logon Failure: The target account name is incorrect.
0
 

Author Comment

by:janhoedt
ID: 37749975
Ah, it did work now.
But now different message:tombstone
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37749991
ahhhh, so the DC has been offline so long it was tombstoned. That's a different story. So its a little trickier now.

http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/65414b37-d1ed-4f20-ae80-4effd9793eab/
0
 

Author Comment

by:janhoedt
ID: 37749998
If I do a  dcpromo /forceremoval won't it cause problems since not all roles are seized?
Some roles should still be transferred and are not.
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37750028
The only way I know how do recover from a Tombstoned DC is seize the roles. Do you have another DC on the network that you can do this from? If the DC needs to be back on the network, seize it to the other DC temprarily, run a dcpromo /forceremoval and then dcpromo it again to promote it back to a DC. You may have metadata to clean up though after doing the /forceremoval
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37750033
0
 

Author Comment

by:janhoedt
ID: 37750044
Ok, I only want to know: if I do a dcpromo /forceremoval, won't I loose the possibility to recover the roles?
0
 
LVL 9

Accepted Solution

by:
Geodash earned 2000 total points
ID: 37750106
Seize the FSMO roles first

Use dcpromo /forceremoval second

Directly perform metadata cleanup by removing the server completely from the network
third (if needed) using ADSIedit - only needed if the /forceremoval is not successful.

If the DC is tombstoned and it holds an FSMO role anyway, your domain has been operating without that role for this long. By Default, in 2008, a DC is not tombstoned until 180 days...yikes!
0
 

Author Comment

by:janhoedt
ID: 37754329
Seized all roles, dcpromo force remove and dcpromo again.
Everyth worked fine again so didn t do cleanup.
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37754332
Great...it is all working again now?
0
 

Author Comment

by:janhoedt
ID: 37754357
Yes. 2 things more:
-don t get it why my dc s time was suddenly total out of sync
-i ve set tombstone to 50 year, :-) yes indeed 50 year since in my lab I have machines I want to boot "one day" and keep membersh of domain
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37754379
The DC that you just promoted or the original one that has been online?

In a test environment, I do not see that being an issue. In production, I would not recommend 50 years.

Per MS
To increase tombstoneLifetime in big infrastructures, there is only one valid solution:

    make sure that garbage collection will not run instantly after you changed the attribute, then after changing the attribute force replication and make sure it’s replicated everywhere

You can read about it here -

https://msmvps.com/blogs/ulfbsimonweidner/archive/2010/02/10/adjusting-the-tombstone-lifetime.aspx
0
 

Author Comment

by:janhoedt
ID: 37754644
Is the tombstone per dc? I thought it was for the full domain(??)
Garbage collection ...? Replication is running default at regular times so I don't see why I should worry, even with tombstone of 50 years ...
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37754654
I agree. Like I said, I wouldn't worry about it being a test. You should not have any issues.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question