Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


secondary domain controller error

Posted on 2013-06-09
Medium Priority
Last Modified: 2013-06-14
dear gurus

our master server is alive and working fine but when we try another server additional domain controller so it give below message

v r using w2k8 r2

you will not be able to install a writable replica domain controller at this time because the RID master is offline

any one can guide step by step
Question by:tmsa12
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Author Comment

ID: 39232649
i try the query on master and all 5 roles and services are working

netddom query /fsmo
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 39232810
it seems the RID role holder is down or decommissioned
run dcdiag /test:fsmocheck and seize the roles which are in error
I would suggest to go through below link and seize the roles to working DC

Seize FSMO role:

After seizing roles run dcdiag /q and post any errors
LVL 10

Expert Comment

ID: 39232860
I think it is a DNS misconfiguration, before we proceed any further jus let us know howmany DCs are there in the domain. Is it 2 including problem DC or more?

Based on your answer we can say what needs to be done. However I would suggest you to check some settings on Main DC (Alive one). Check DNS and Time Server settings first and fix them if you see any misconfigurations. Then Rund DCDiag /v to know AD health status. If everything is fine then you can fix the problem DC.

DNS Best Practices

Authoritative Time Server
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

LVL 24

Expert Comment

by:Nagendra Pratap Singh
ID: 39233843
Logon to  and see the event logs. Maybe the server got culled sometime.

Author Comment

ID: 39234046
dear gurus

i hve run all commands you said and i attached output of the files.

can someone look into and advise if anything need to be correct it

i run all this commands on master domain controller

waiting your advise recommendation step by step

kind regards
LVL 10

Expert Comment

ID: 39234160
As mentioned it is a DNS misconfiguration issue. "The replication generated an error (1722)" is an indication of GUIDs are not getting resolved between DCs, I would again suggest you to check dcdiag /test:dns on all DCs and if it fails resolve it accordingly. I see replication between ATMCSRVR17, ATMCSRVR12 to ATMCSRVR10 is failing. If you run repadmin /replsum and repadmin /showreps you'll see more detailed errors.
LVL 24

Accepted Solution

Sandeshdubey earned 2000 total points
ID: 39234207
From the log it is clear that there is replication issue between DC.You are getting RPC service is unavaialble,Insufficient attributes were given to create an object. This object
may not exist because it may have been deleted and already garbage collected whcih indicates presence of lingering object issue.

 "The RPC server is unavailable" relates to port being blocked or network connectivity issue or due to dns misconfig.I would suggest contact network/security team to verify whether all the related AD ports being configured and allowed on the firewall for communication. Portquery is free tool from the MS which can be downloaded and installed to verify the necessary ports are opened or not.

Best practices for DNS client settings on DC and domain members.

Also, disable local windows firewall service, by default it is enabled in vista/windows 2008 and above. Check the network connectivity and latency.
Disable Windows Firewall:

It can also be caused by antivirus software with many of them sporting a new feature called "network traffic protection," which can efffectively block necessary AD traffic

Active Directory and Active Directory Domain Services Port Requirements

Troubleshooting “RPC server is unavailable” error, reported in failing AD replication scenario.

For lingering object see this:

If you have multiple DC in the network you can demote & re-promote the DC containing lingering object.Sometimes its difficult to remove lingering object either using repadmin /removelingeringobjects or other tool & easiest way to deal with such issues is demote & re-promote the DC. If lingering objects spreads int the domain then its more difficult to tackle them. Demote & promote is the best solution.

If there are instances of faulty DC which is removed from network and instances are present in AD then you need to run metadata cleanup.

Complete Step by Step Guideline to Remove an Orphaned Domain controller (including seizing FSMOs, running a metadata cleanup, and more)

You need to first clean the erros before you proceed with adding new server to env.

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question