secondary domain controller error

Posted on 2013-06-09
Last Modified: 2013-06-14
dear gurus

our master server is alive and working fine but when we try another server additional domain controller so it give below message

v r using w2k8 r2

you will not be able to install a writable replica domain controller at this time because the RID master is offline

any one can guide step by step
Question by:tmsa12
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Author Comment

ID: 39232649
i try the query on master and all 5 roles and services are working

netddom query /fsmo
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 39232810
it seems the RID role holder is down or decommissioned
run dcdiag /test:fsmocheck and seize the roles which are in error
I would suggest to go through below link and seize the roles to working DC

Seize FSMO role:

After seizing roles run dcdiag /q and post any errors

Expert Comment

ID: 39232860
I think it is a DNS misconfiguration, before we proceed any further jus let us know howmany DCs are there in the domain. Is it 2 including problem DC or more?

Based on your answer we can say what needs to be done. However I would suggest you to check some settings on Main DC (Alive one). Check DNS and Time Server settings first and fix them if you see any misconfigurations. Then Rund DCDiag /v to know AD health status. If everything is fine then you can fix the problem DC.

DNS Best Practices

Authoritative Time Server

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

LVL 24

Expert Comment

by:Nagendra Pratap Singh
ID: 39233843
Logon to  and see the event logs. Maybe the server got culled sometime.

Author Comment

ID: 39234046
dear gurus

i hve run all commands you said and i attached output of the files.

can someone look into and advise if anything need to be correct it

i run all this commands on master domain controller

waiting your advise recommendation step by step

kind regards

Expert Comment

ID: 39234160
As mentioned it is a DNS misconfiguration issue. "The replication generated an error (1722)" is an indication of GUIDs are not getting resolved between DCs, I would again suggest you to check dcdiag /test:dns on all DCs and if it fails resolve it accordingly. I see replication between ATMCSRVR17, ATMCSRVR12 to ATMCSRVR10 is failing. If you run repadmin /replsum and repadmin /showreps you'll see more detailed errors.
LVL 24

Accepted Solution

Sandeshdubey earned 500 total points
ID: 39234207
From the log it is clear that there is replication issue between DC.You are getting RPC service is unavaialble,Insufficient attributes were given to create an object. This object
may not exist because it may have been deleted and already garbage collected whcih indicates presence of lingering object issue.

 "The RPC server is unavailable" relates to port being blocked or network connectivity issue or due to dns misconfig.I would suggest contact network/security team to verify whether all the related AD ports being configured and allowed on the firewall for communication. Portquery is free tool from the MS which can be downloaded and installed to verify the necessary ports are opened or not.

Best practices for DNS client settings on DC and domain members.

Also, disable local windows firewall service, by default it is enabled in vista/windows 2008 and above. Check the network connectivity and latency.
Disable Windows Firewall:

It can also be caused by antivirus software with many of them sporting a new feature called "network traffic protection," which can efffectively block necessary AD traffic

Active Directory and Active Directory Domain Services Port Requirements

Troubleshooting “RPC server is unavailable” error, reported in failing AD replication scenario.

For lingering object see this:

If you have multiple DC in the network you can demote & re-promote the DC containing lingering object.Sometimes its difficult to remove lingering object either using repadmin /removelingeringobjects or other tool & easiest way to deal with such issues is demote & re-promote the DC. If lingering objects spreads int the domain then its more difficult to tackle them. Demote & promote is the best solution.

If there are instances of faulty DC which is removed from network and instances are present in AD then you need to run metadata cleanup.

Complete Step by Step Guideline to Remove an Orphaned Domain controller (including seizing FSMOs, running a metadata cleanup, and more)

You need to first clean the erros before you proceed with adding new server to env.

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question