DCPROMO issue with a Windows 2003 Server
So I have a physical Windows 2003 AD server (SERVERA) that I would like to virtualize. It currently holds all the FSMO rules. Here is what I did:
Transferred all the FSMO rules to a 2008 DC (VM - SERVERB), all were successful.. I then rebooted this 2003 AD server.. Then, I tried running DCPROMO on it so I could then P2V it..
Well, when running DCPROMO I got this error:
I'm not sure what the deal is being that all FSMO rules said they transferred. I used this link for transferring the roles: http://support.microsoft.com/kb/324801
At this point I'm scared to even do anything.
Help please. Thanks
The following is being logged in SERVERA's eventvwr:
Transferred all the FSMO rules to a 2008 DC (VM - SERVERB), all were successful.. I then rebooted this 2003 AD server.. Then, I tried running DCPROMO on it so I could then P2V it..
Well, when running DCPROMO I got this error:
The operation failed because:
Active Directory could not transfer the remaining data in directory partition DC=ForestDnsZones,DC=DOMAIN,DC=com to domain controller \\SERVERC.DOMAIN.com.
"The directory service was unable to transfer ownership of one or more floating single-master operation roles to other servers.I'm not sure what the deal is being that all FSMO rules said they transferred. I used this link for transferring the roles: http://support.microsoft.com/kb/324801
At this point I'm scared to even do anything.
Help please. Thanks
The following is being logged in SERVERA's eventvwr:
Event Type: Error
Event Source: NTDS Replication
Event Category: Replication
Event ID: 2022
Date: 10/26/2012
Time: 8:52:38 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: SERVERA
Description:
The operations master roles held by the local domain controller could not transfer to the following remote domain controller.
Remote domain controller:
\
The local domain controller cannot complete demotion.
User Action
Investigate why the remote domain controller might be unable to accept the operations master roles, or manually transfer all the roles that are held by the local domain controller to the remote domain controller. Then, try to demote this domain controller again.
Additional Data
Error value:
5005 The directory service was unable to transfer ownership of one or more floating single-master operation roles to other servers.
Extended error value:
0
Internal ID :
52497866
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.Event Type: Warning
Event Source: NTDS Replication
Event Category: Internal Configuration
Event ID: 1837
Date: 10/26/2012
Time: 8:52:38 PM
User: DOMAIN\SERVERC$
Computer: SERVERA
Description:
An attempt to transfer the operations master role represented by the following object failed.
Object:
CN=Infrastructure,DC=ForestDnsZones,DC=DOMAIN,DC=com
Current operations master role:
CN=NTDS Settings,CN=SERVERA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=DOMAIN,DC=com
Proposed operations master role:
CN=NTDS Settings,CN=SERVERC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=DOMAIN,DC=com
Additional Data
Error value:
3
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.Event Type: Error
Event Source: NTDS Replication
Event Category: Replication
Event ID: 2022
Date: 10/26/2012
Time: 8:52:38 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: SERVERA
Description:
The operations master roles held by the local domain controller could not transfer to the following remote domain controller.
Remote domain controller:
\
The local domain controller cannot complete demotion.
User Action
Investigate why the remote domain controller might be unable to accept the operations master roles, or manually transfer all the roles that are held by the local domain controller to the remote domain controller. Then, try to demote this domain controller again.
Additional Data
Error value:
5005 The directory service was unable to transfer ownership of one or more floating single-master operation roles to other servers.
Extended error value:
0
Internal ID :
52497866
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.Event Type: Warning
Event Source: NTDS Replication
Event Category: Internal Configuration
Event ID: 1837
Date: 10/26/2012
Time: 8:52:38 PM
User: DOMAIN\SERVERB$
Computer: SERVERA
Description:
An attempt to transfer the operations master role represented by the following object failed.
Object:
CN=Infrastructure,DC=ForestDnsZones,DC=DOMAIN,DC=com
Current operations master role:
CN=NTDS Settings,CN=SERVERA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=DOMAIN,DC=com
Proposed operations master role:
CN=NTDS Settings,CN=SERVERB,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=DOMAIN,DC=com
Additional Data
Error value:
3
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
BTW ,other than MS support , If you're 100% sure the roles are on the new box then DCPROMO /Forceremove on the old box with the NIC unplugged.
On your new server run NTDSUTIL and run a metadata cleanup.
On your new server run NTDSUTIL and run a metadata cleanup.
the first thing, is it your test or production environment?
if test then we can work out and discuss with different reuqire steps, but if it is production then every one will suggest, you that firstly log a call with Microsoft support on urgent note.
but by the way
on personal notice, my team had done several and have yet to have a problem in test...that isn't to say there could be, but that could be for any kind of P2V conversion and not isolated to DCs. As far as AD schema corruption, no...doing a P2V of a DC has no bearing or affect on AD. Once the DC is converted, disconnect the network adapter in the VM settings, power it on, modify the IP as needed, turn off the physical DC, then shut down the VM and connect the network adapter and power it on.
> run a metadatacleanup of the other domain controller to remove from active directory
> follow this MS link http://support.microsoft.com/kb/216498 ;http://support.microsoft.com/kb/255504
> did you make it online ?if yes then its possible that you will face lots of issue and error because of the sync between the DC
>make sure when you are doing the P2V, there's no AD replication of any sort happening, otherwise when you boot up the new VM DC, it might have inconsistant data and that will cause big problem.
You can actually set replication schedule/intervals in group policy, to ignore this issue
Comp Config -> Adm Templates -> System -> Group Policy, then Group Policy Refresh Interval for Computers.
> Pleas go thru this Vm KB link
http://www.vmware.com/resources/techresources/10029
and last not the leats the EE question before you
https://www.experts-exchange.com/questions/23126531/How-to-virtualize-domain-controller-into-VMware.html
Please share the out put, wht ever you get
if test then we can work out and discuss with different reuqire steps, but if it is production then every one will suggest, you that firstly log a call with Microsoft support on urgent note.
but by the way
on personal notice, my team had done several and have yet to have a problem in test...that isn't to say there could be, but that could be for any kind of P2V conversion and not isolated to DCs. As far as AD schema corruption, no...doing a P2V of a DC has no bearing or affect on AD. Once the DC is converted, disconnect the network adapter in the VM settings, power it on, modify the IP as needed, turn off the physical DC, then shut down the VM and connect the network adapter and power it on.
> run a metadatacleanup of the other domain controller to remove from active directory
> follow this MS link http://support.microsoft.com/kb/216498 ;http://support.microsoft.com/kb/255504
> did you make it online ?if yes then its possible that you will face lots of issue and error because of the sync between the DC
>make sure when you are doing the P2V, there's no AD replication of any sort happening, otherwise when you boot up the new VM DC, it might have inconsistant data and that will cause big problem.
You can actually set replication schedule/intervals in group policy, to ignore this issue
Comp Config -> Adm Templates -> System -> Group Policy, then Group Policy Refresh Interval for Computers.
> Pleas go thru this Vm KB link
http://www.vmware.com/resources/techresources/10029
and last not the leats the EE question before you
https://www.experts-exchange.com/questions/23126531/How-to-virtualize-domain-controller-into-VMware.html
Please share the out put, wht ever you get
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Because it worked.
MS support has really skilled directory service support professionals who really helped me a couple of times.