Solved

secondary domain controller error

Posted on 2013-06-09
7
1,464 Views
Last Modified: 2013-06-14
dear gurus

our master server is alive and working fine but when we try another server additional domain controller so it give below message

v r using w2k8 r2

you will not be able to install a writable replica domain controller at this time because the RID master master0.domain.com is offline

any one can guide step by step
0
Comment
Question by:tmsa12
7 Comments
 

Author Comment

by:tmsa12
ID: 39232649
i try the query on master and all 5 roles and services are working

netddom query /fsmo
0
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 39232810
it seems the RID role holder is down or decommissioned
run dcdiag /test:fsmocheck and seize the roles which are in error
I would suggest to go through below link and seize the roles to working DC

Seize FSMO role:
http://www.petri.co.il/seizing_fsmo_roles.htm

After seizing roles run dcdiag /q and post any errors
0
 
LVL 9

Expert Comment

by:Zenvenky
ID: 39232860
I think it is a DNS misconfiguration, before we proceed any further jus let us know howmany DCs are there in the domain. Is it 2 including problem DC or more?

Based on your answer we can say what needs to be done. However I would suggest you to check some settings on Main DC (Alive one). Check DNS and Time Server settings first and fix them if you see any misconfigurations. Then Rund DCDiag /v to know AD health status. If everything is fine then you can fix the problem DC.

DNS Best Practices

Authoritative Time Server
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 23

Expert Comment

by:Nagendra Pratap Singh
ID: 39233843
Logon to master0.domain.com  and see the event logs. Maybe the server got culled sometime.
0
 

Author Comment

by:tmsa12
ID: 39234046
dear gurus

i hve run all commands you said and i attached output of the files.

can someone look into and advise if anything need to be correct it

i run all this commands on master domain controller

waiting your advise recommendation step by step

kind regards
tmsa
dcdiag-q.txt
dcdiag-test-fsmocheck.txt
DCDiag-v.txt
0
 
LVL 9

Expert Comment

by:Zenvenky
ID: 39234160
As mentioned it is a DNS misconfiguration issue. "The replication generated an error (1722)" is an indication of GUIDs are not getting resolved between DCs, I would again suggest you to check dcdiag /test:dns on all DCs and if it fails resolve it accordingly. I see replication between ATMCSRVR17, ATMCSRVR12 to ATMCSRVR10 is failing. If you run repadmin /replsum and repadmin /showreps you'll see more detailed errors.
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 500 total points
ID: 39234207
From the log it is clear that there is replication issue between DC.You are getting RPC service is unavaialble,Insufficient attributes were given to create an object. This object
may not exist because it may have been deleted and already garbage collected whcih indicates presence of lingering object issue.

 "The RPC server is unavailable" relates to port being blocked or network connectivity issue or due to dns misconfig.I would suggest contact network/security team to verify whether all the related AD ports being configured and allowed on the firewall for communication. Portquery is free tool from the MS which can be downloaded and installed to verify the necessary ports are opened or not.

Best practices for DNS client settings on DC and domain members.
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/


Also, disable local windows firewall service, by default it is enabled in vista/windows 2008 and above. Check the network connectivity and latency.
Disable Windows Firewall: http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx

It can also be caused by antivirus software with many of them sporting a new feature called "network traffic protection," which can efffectively block necessary AD traffic

Active Directory and Active Directory Domain Services Port Requirements
http://technet.microsoft.com/en-us/library/dd772723%28WS.10%29.aspx

Troubleshooting “RPC server is unavailable” error, reported in failing AD replication scenario.
http://blogs.technet.com/b/abizerh/archive/2009/06/11/troubleshooting-rpc-server-is-unavailable-error-reported-in-failing-ad-replication-scenario.aspx

For lingering object see this:http://blogs.technet.com/b/glennl/archive/2007/07/26/clean-that-active-directory-forest-of-lingering-objects.aspx.

If you have multiple DC in the network you can demote & re-promote the DC containing lingering object.Sometimes its difficult to remove lingering object either using repadmin /removelingeringobjects or other tool & easiest way to deal with such issues is demote & re-promote the DC. If lingering objects spreads int the domain then its more difficult to tackle them. Demote & promote is the best solution.

If there are instances of faulty DC which is removed from network and instances are present in AD then you need to run metadata cleanup.

Complete Step by Step Guideline to Remove an Orphaned Domain controller (including seizing FSMOs, running a metadata cleanup, and more)
http://msmvps.com/blogs/acefekay/archive/2010/10/05/complete-step-by-step-to-remove-an-orphaned-domain-controller.aspx

You need to first clean the erros before you proceed with adding new server to env.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Companies that have implemented Microsoft’s Active Directory need to ensure that the Active Directory is configured and operating properly. If there are issues found and not resolved, it eventually leads the components to fail or stop working and fi…
[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question