Solved

secondary domain controller error

Posted on 2013-06-09
7
1,415 Views
Last Modified: 2013-06-14
dear gurus

our master server is alive and working fine but when we try another server additional domain controller so it give below message

v r using w2k8 r2

you will not be able to install a writable replica domain controller at this time because the RID master master0.domain.com is offline

any one can guide step by step
0
Comment
Question by:tmsa12
7 Comments
 

Author Comment

by:tmsa12
ID: 39232649
i try the query on master and all 5 roles and services are working

netddom query /fsmo
0
 
LVL 18

Expert Comment

by:sarang_tinguria
ID: 39232810
it seems the RID role holder is down or decommissioned
run dcdiag /test:fsmocheck and seize the roles which are in error
I would suggest to go through below link and seize the roles to working DC

Seize FSMO role:
http://www.petri.co.il/seizing_fsmo_roles.htm

After seizing roles run dcdiag /q and post any errors
0
 
LVL 9

Expert Comment

by:Zenvenky
ID: 39232860
I think it is a DNS misconfiguration, before we proceed any further jus let us know howmany DCs are there in the domain. Is it 2 including problem DC or more?

Based on your answer we can say what needs to be done. However I would suggest you to check some settings on Main DC (Alive one). Check DNS and Time Server settings first and fix them if you see any misconfigurations. Then Rund DCDiag /v to know AD health status. If everything is fine then you can fix the problem DC.

DNS Best Practices

Authoritative Time Server
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 23

Expert Comment

by:Nagendra Pratap Singh
ID: 39233843
Logon to master0.domain.com  and see the event logs. Maybe the server got culled sometime.
0
 

Author Comment

by:tmsa12
ID: 39234046
dear gurus

i hve run all commands you said and i attached output of the files.

can someone look into and advise if anything need to be correct it

i run all this commands on master domain controller

waiting your advise recommendation step by step

kind regards
tmsa
dcdiag-q.txt
dcdiag-test-fsmocheck.txt
DCDiag-v.txt
0
 
LVL 9

Expert Comment

by:Zenvenky
ID: 39234160
As mentioned it is a DNS misconfiguration issue. "The replication generated an error (1722)" is an indication of GUIDs are not getting resolved between DCs, I would again suggest you to check dcdiag /test:dns on all DCs and if it fails resolve it accordingly. I see replication between ATMCSRVR17, ATMCSRVR12 to ATMCSRVR10 is failing. If you run repadmin /replsum and repadmin /showreps you'll see more detailed errors.
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 500 total points
ID: 39234207
From the log it is clear that there is replication issue between DC.You are getting RPC service is unavaialble,Insufficient attributes were given to create an object. This object
may not exist because it may have been deleted and already garbage collected whcih indicates presence of lingering object issue.

 "The RPC server is unavailable" relates to port being blocked or network connectivity issue or due to dns misconfig.I would suggest contact network/security team to verify whether all the related AD ports being configured and allowed on the firewall for communication. Portquery is free tool from the MS which can be downloaded and installed to verify the necessary ports are opened or not.

Best practices for DNS client settings on DC and domain members.
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/


Also, disable local windows firewall service, by default it is enabled in vista/windows 2008 and above. Check the network connectivity and latency.
Disable Windows Firewall: http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx

It can also be caused by antivirus software with many of them sporting a new feature called "network traffic protection," which can efffectively block necessary AD traffic

Active Directory and Active Directory Domain Services Port Requirements
http://technet.microsoft.com/en-us/library/dd772723%28WS.10%29.aspx

Troubleshooting “RPC server is unavailable” error, reported in failing AD replication scenario.
http://blogs.technet.com/b/abizerh/archive/2009/06/11/troubleshooting-rpc-server-is-unavailable-error-reported-in-failing-ad-replication-scenario.aspx

For lingering object see this:http://blogs.technet.com/b/glennl/archive/2007/07/26/clean-that-active-directory-forest-of-lingering-objects.aspx.

If you have multiple DC in the network you can demote & re-promote the DC containing lingering object.Sometimes its difficult to remove lingering object either using repadmin /removelingeringobjects or other tool & easiest way to deal with such issues is demote & re-promote the DC. If lingering objects spreads int the domain then its more difficult to tackle them. Demote & promote is the best solution.

If there are instances of faulty DC which is removed from network and instances are present in AD then you need to run metadata cleanup.

Complete Step by Step Guideline to Remove an Orphaned Domain controller (including seizing FSMOs, running a metadata cleanup, and more)
http://msmvps.com/blogs/acefekay/archive/2010/10/05/complete-step-by-step-to-remove-an-orphaned-domain-controller.aspx

You need to first clean the erros before you proceed with adding new server to env.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

This is my first article in EE and english is not my mother tongue so any comments you have or any corrections you would like to make, please feel free to speak up :) For those of you working with AD, you already are very familiar with the classi…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now