Old Schema existing from Windows 2000 DC that is no longer available
Went to a client recently to install a new Windows 2012 server to replace the old Windows 2003 domain controller that is starting to fail. Once I added the new 2012 server to the domain I started adding roles. When trying to promote it to a domain controller I get an error that it needs to communicate with the schema master. It appears that the schema was never moved over from an old Windows 2000 server to the 2003 DC and the Windows 2000 server is no longer available.
Additional, if I go in to look at DCs I show the old 2000 server and the 2003 server which shows both as DCs.
Is there a way to get past the schema error and replace the Windows 2003 server?
Thanks.
Additional, if I go in to look at DCs I show the old 2000 server and the 2003 server which shows both as DCs.
Is there a way to get past the schema error and replace the Windows 2003 server?
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You do not need to seize the Schema Master Holder as it is already on the correct server. You need to Seize the Domain Naming Role to the DC that is online. You also need to make sure that when you run the command using the "ntdsutil" that you have the correct permissions and running it in Administrator as well.
Will.
Will.
in that case, you need to do seize domain naming master from ntdsutil
ASKER
I did as you suggested Seth and I get this response.
ntdsutil: roles
fsmo maintenance: connections
Connected to mkdcfp01 using credentials of locally logged on user.
server connections: quit
fsmo maintenance: seize domain naming master
Attempting safe transfer of domain naming FSMO before seizure.
ldap_modify_sW error 0x34(52 (Unavailable).
Ldap extended error message is 000020AF: SvcErr: DSID-03210333, problem 5002 (UN
AVAILABLE), data 1722
Win32 error returned is 0x20af(The requested FSMO operation failed. The current
FSMO holder could not be contacted.)
)
Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Transfer of domain naming FSMO failed, proceeding with seizure ...
Server "mkdcfp01" knows about 5 roles
Schema - CN=NTDS Settings,CN=MKDCFP01,CN=Se
,DC=main,DC=local
Domain - CN=NTDS Settings,CN=MKDCFP01,CN=Se
,DC=main,DC=local
PDC - CN=NTDS Settings,CN=MKDCFP01,CN=Se
=main,DC=local
RID - CN=NTDS Settings,CN=MKDCFP01,CN=Se
=main,DC=local
Infrastructure - CN=NTDS Settings,CN=MKDCFP01,CN=Se
guration,DC=main,DC=local
fsmo maintenance:
But when I run the netdom query fsmo command now all the roles are showing as the 2003 server. So even though I received the above errors can I now attempt to add the 2012 server as a DC?
Thanks for your quick responses and help.
ntdsutil: roles
fsmo maintenance: connections
Connected to mkdcfp01 using credentials of locally logged on user.
server connections: quit
fsmo maintenance: seize domain naming master
Attempting safe transfer of domain naming FSMO before seizure.
ldap_modify_sW error 0x34(52 (Unavailable).
Ldap extended error message is 000020AF: SvcErr: DSID-03210333, problem 5002 (UN
AVAILABLE), data 1722
Win32 error returned is 0x20af(The requested FSMO operation failed. The current
FSMO holder could not be contacted.)
)
Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Transfer of domain naming FSMO failed, proceeding with seizure ...
Server "mkdcfp01" knows about 5 roles
Schema - CN=NTDS Settings,CN=MKDCFP01,CN=Se
,DC=main,DC=local
Domain - CN=NTDS Settings,CN=MKDCFP01,CN=Se
,DC=main,DC=local
PDC - CN=NTDS Settings,CN=MKDCFP01,CN=Se
=main,DC=local
RID - CN=NTDS Settings,CN=MKDCFP01,CN=Se
=main,DC=local
Infrastructure - CN=NTDS Settings,CN=MKDCFP01,CN=Se
guration,DC=main,DC=local
fsmo maintenance:
But when I run the netdom query fsmo command now all the roles are showing as the 2003 server. So even though I received the above errors can I now attempt to add the 2012 server as a DC?
Thanks for your quick responses and help.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have connected to the 2012 server and added the roles needed but it looks like it needs to reboot. I will finish this this evening and let you know the results tomorrow PST.
ASKER
I have tried to add the new 2012 domain controller but I needed to raise the domain functional level. I did receive an error when trying to add the 2012 DC. I will wait and try adding the 2012 server as a DC later today.
yes, i mentioned that in my first comment; it won't work if the functional level is still 2000
ASKER
I raised the domain level from 2000 to 2003 (only option) on the old domain controller. 30 minutes later I tried to add the new domain controller but I get the following error that replica failed.
Verification of replica failed. The forest functional level is Windows 2000. To install a Windows 2012 R2 domain controller the forest functional level must be Windows server 2003 or higher.
Have I not waited long enough after raising the level?
Verification of replica failed. The forest functional level is Windows 2000. To install a Windows 2012 R2 domain controller the forest functional level must be Windows server 2003 or higher.
Have I not waited long enough after raising the level?
check your replication; will posted the commands earlier
make sure you don't have errors
make sure you don't have errors
ASKER
Here is what I get.
C:\>repadmin /replsum
Replication Summary Start Time: 2015-09-29 11:43:41
Beginning data collection for replication summary, this may take awhile:
....
Source DC largest delta fails/total %% error
Destination DC largest delta fails/total %% error
Assertion
C:\>
C:\>
C:\>repadmin /showrepl
repadmin running command /showrepl against server localhost
MK\MKDCFP01
DC Options: IS_GC
Site Options: (none)
DC object GUID: eeb33739-20e2-47f6-9ad5-12
DC invocationID: 9cea8cd2-813c-46d5-a17e-5a
C:\>
C:\>
C:\>repadmin /bridgeheads
repadmin running command /bridgeheads against server localhost
Gathering topology from site MK (MKDCFP01.main.local):
Bridgeheads for site MK (MKDCFP01.main.local):
Source Site Local Bridge Trns Fail. Time # Status
=============== ============== ==== ================= === =======
=
C:\>
C:\>repadmin /replsum
Replication Summary Start Time: 2015-09-29 11:43:41
Beginning data collection for replication summary, this may take awhile:
....
Source DC largest delta fails/total %% error
Destination DC largest delta fails/total %% error
Assertion
C:\>
C:\>
C:\>repadmin /showrepl
repadmin running command /showrepl against server localhost
MK\MKDCFP01
DC Options: IS_GC
Site Options: (none)
DC object GUID: eeb33739-20e2-47f6-9ad5-12
DC invocationID: 9cea8cd2-813c-46d5-a17e-5a
C:\>
C:\>
C:\>repadmin /bridgeheads
repadmin running command /bridgeheads against server localhost
Gathering topology from site MK (MKDCFP01.main.local):
Bridgeheads for site MK (MKDCFP01.main.local):
Source Site Local Bridge Trns Fail. Time # Status
=============== ============== ==== ================= === =======
=
C:\>
ASKER
Had to call Microsoft to get this issue resolved. The seizing of the role on the 2003 server was still generating errors and not allowing the promotion of the new server.
ASKER
C:\>netdom query fsmo
Schema owner MKDCFP01.main.local (Windows 2003 Server)
Domain role owner appsrv01.main.local (Old Windows 2000 Server)
PDC role MKDCFP01.main.local
RID pool manager MKDCFP01.main.local
Infrastructure owner MKDCFP01.main.local
The command completed successfully.
I had found an article right before you sent a response about seizing the fsmo role and ran the command and received the following output so I am not sure if it was successful?
C:\>ntdsutil
ntdsutil: roles
fsmo maintenance: connections
server connections: mk_mkdcfp01
Error 80070057 parsing input - illegal syntax?
server connections: mkdcfp01
Error 80070057 parsing input - illegal syntax?
server connections:
server connections: quit
fsmo maintenance: seize schema master
Not connected to a server - use "Connections"
fsmo maintenance: connections
server connections: connect to server mkdcfp01
Binding to mkdcfp01 ...
Connected to mkdcfp01 using credentials of locally logged on user.
server connections: quit
fsmo maintenance: seize schema master
Attempting safe transfer of schema FSMO before seizure.
ldap_modify_sW error 0x34(52 (Unavailable).
Ldap extended error message is 000020AF: SvcErr: DSID-03210333, problem 5002 (UN
AVAILABLE), data 1722
Win32 error returned is 0x20af(The requested FSMO operation failed. The current
FSMO holder could not be contacted.)
)
Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Transfer of schema FSMO failed, proceeding with seizure ...
Server "mkdcfp01" knows about 5 roles
Schema - CN=NTDS Settings,CN=MKDCFP01,CN=Se
,DC=main,DC=local
Domain - CN=NTDS Settings,CN=APPSRV01,CN=Se
,DC=main,DC=local
PDC - CN=NTDS Settings,CN=MKDCFP01,CN=Se
=main,DC=local
RID - CN=NTDS Settings,CN=MKDCFP01,CN=Se
=main,DC=local
Infrastructure - CN=NTDS Settings,CN=MKDCFP01,CN=Se
guration,DC=main,DC=local
fsmo maintenance: quit
Thanks for any help.