PcDr32
asked on
Problem with Active Directory
We have a 2003 Server named server and a 2012 Server named server12.
I ran through all the transfer steps to demote the 2003 server. But when i run netdom query fsmo on the new server i get "the parameter is incorrect"
When I open AD Users & Groups on new server. right click on domain and choose change controller. Server 12 isn't listed. I can manually type it then it opens.
If i open AD Domains and trust and check operational master it says the new server is the operational master.
If i open AD Admin center it says can't find any available servers
If i open AD Users & Comp - It shows ERROR under operations master.
I ran through all the transfer steps to demote the 2003 server. But when i run netdom query fsmo on the new server i get "the parameter is incorrect"
When I open AD Users & Groups on new server. right click on domain and choose change controller. Server 12 isn't listed. I can manually type it then it opens.
If i open AD Domains and trust and check operational master it says the new server is the operational master.
If i open AD Admin center it says can't find any available servers
If i open AD Users & Comp - It shows ERROR under operations master.
I would start by running dcdiag on both old and new. Did you have any problems promoting the 2012 server to a DC?
ASKER
No problems Setting it up as a DC.
Old Server DCDiag
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator>dcd iag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SE RVER
Starting test: Connectivity
......................... SERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SE RVER
Starting test: Replications
......................... SERVER passed test Replications
Starting test: NCSecDesc
......................... SERVER passed test NCSecDesc
Starting test: NetLogons
......................... SERVER passed test NetLogons
Starting test: Advertising
......................... SERVER passed test Advertising
Starting test: KnowsOfRoleHolders
[SERVER12] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
Warning: SERVER12 is the Schema Owner, but is not responding to DS RPC
Bind.
[SERVER12] LDAP search failed with error 58,
The specified server cannot perform the requested operation..
Warning: SERVER12 is the Schema Owner, but is not responding to LDAP Bi
nd.
Warning: SERVER12 is the Domain Owner, but is not responding to DS RPC
Bind.
Warning: SERVER12 is the Domain Owner, but is not responding to LDAP Bi
nd.
Warning: SERVER12 is the PDC Owner, but is not responding to DS RPC Bin
d.
Warning: SERVER12 is the PDC Owner, but is not responding to LDAP Bind.
Warning: SERVER12 is the Rid Owner, but is not responding to DS RPC Bin
d.
Warning: SERVER12 is the Rid Owner, but is not responding to LDAP Bind.
Warning: SERVER12 is the Infrastructure Update Owner, but is not respon
ding to DS RPC Bind.
Warning: SERVER12 is the Infrastructure Update Owner, but is not respon
ding to LDAP Bind.
......................... SERVER failed test KnowsOfRoleHolders
Starting test: RidManager
Dcdiag could not locate (null) in the dcdiag's cache of servers. Try
running this dcdiag test against this server, to avoid any problems
caused by replication latency.
......................... SERVER failed test RidManager
Starting test: MachineAccount
......................... SERVER passed test MachineAccount
Starting test: Services
......................... SERVER passed test Services
Starting test: ObjectsReplicated
......................... SERVER passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVER passed test frssysvol
Starting test: frsevent
......................... SERVER passed test frsevent
Starting test: kccevent
......................... SERVER passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x40000004
Time Generated: 07/26/2016 16:47:04
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/26/2016 16:47:36
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/26/2016 17:13:48
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/26/2016 17:15:56
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/26/2016 17:16:33
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/26/2016 17:20:56
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/26/2016 17:20:59
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/26/2016 17:23:37
Event String: The kerberos client received a
......................... SERVER failed test systemlog
Starting test: VerifyReferences
......................... SERVER passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : papharmacists
Starting test: CrossRefValidation
......................... papharmacists passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... papharmacists passed test CheckSDRefDom
Running enterprise tests on : papharmacists.com
Starting test: Intersite
......................... papharmacists.com passed test Intersite
Starting test: FsmoCheck
......................... papharmacists.com passed test FsmoCheck
C:\Documents and Settings\Administrator>
New Server - DC Diag
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator>dcd iag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SE RVER
Starting test: Connectivity
......................... SERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SE RVER
Starting test: Replications
......................... SERVER passed test Replications
Starting test: NCSecDesc
......................... SERVER passed test NCSecDesc
Starting test: NetLogons
......................... SERVER passed test NetLogons
Starting test: Advertising
......................... SERVER passed test Advertising
Starting test: KnowsOfRoleHolders
[SERVER12] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
Warning: SERVER12 is the Schema Owner, but is not responding to DS RPC
Bind.
[SERVER12] LDAP search failed with error 58,
The specified server cannot perform the requested operation..
Warning: SERVER12 is the Schema Owner, but is not responding to LDAP Bi
nd.
Warning: SERVER12 is the Domain Owner, but is not responding to DS RPC
Bind.
Warning: SERVER12 is the Domain Owner, but is not responding to LDAP Bi
nd.
Warning: SERVER12 is the PDC Owner, but is not responding to DS RPC Bin
d.
Warning: SERVER12 is the PDC Owner, but is not responding to LDAP Bind.
Warning: SERVER12 is the Rid Owner, but is not responding to DS RPC Bin
d.
Warning: SERVER12 is the Rid Owner, but is not responding to LDAP Bind.
Warning: SERVER12 is the Infrastructure Update Owner, but is not respon
ding to DS RPC Bind.
Warning: SERVER12 is the Infrastructure Update Owner, but is not respon
ding to LDAP Bind.
......................... SERVER failed test KnowsOfRoleHolders
Starting test: RidManager
Dcdiag could not locate (null) in the dcdiag's cache of servers. Try
running this dcdiag test against this server, to avoid any problems
caused by replication latency.
......................... SERVER failed test RidManager
Starting test: MachineAccount
......................... SERVER passed test MachineAccount
Starting test: Services
......................... SERVER passed test Services
Starting test: ObjectsReplicated
......................... SERVER passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVER passed test frssysvol
Starting test: frsevent
......................... SERVER passed test frsevent
Starting test: kccevent
......................... SERVER passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x40000004
Time Generated: 07/26/2016 16:47:04
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/26/2016 16:47:36
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/26/2016 17:13:48
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/26/2016 17:15:56
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/26/2016 17:16:33
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/26/2016 17:20:56
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/26/2016 17:20:59
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/26/2016 17:23:37
Event String: The kerberos client received a
......................... SERVER failed test systemlog
Starting test: VerifyReferences
......................... SERVER passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : papharmacists
Starting test: CrossRefValidation
......................... papharmacists passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... papharmacists passed test CheckSDRefDom
Running enterprise tests on : papharmacists.com
Starting test: Intersite
......................... papharmacists.com passed test Intersite
Starting test: FsmoCheck
......................... papharmacists.com passed test FsmoCheck
C:\Documents and Settings\Administrator>
Old Server DCDiag
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator>dcd
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SE
Starting test: Connectivity
......................... SERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SE
Starting test: Replications
......................... SERVER passed test Replications
Starting test: NCSecDesc
......................... SERVER passed test NCSecDesc
Starting test: NetLogons
......................... SERVER passed test NetLogons
Starting test: Advertising
......................... SERVER passed test Advertising
Starting test: KnowsOfRoleHolders
[SERVER12] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
Warning: SERVER12 is the Schema Owner, but is not responding to DS RPC
Bind.
[SERVER12] LDAP search failed with error 58,
The specified server cannot perform the requested operation..
Warning: SERVER12 is the Schema Owner, but is not responding to LDAP Bi
nd.
Warning: SERVER12 is the Domain Owner, but is not responding to DS RPC
Bind.
Warning: SERVER12 is the Domain Owner, but is not responding to LDAP Bi
nd.
Warning: SERVER12 is the PDC Owner, but is not responding to DS RPC Bin
d.
Warning: SERVER12 is the PDC Owner, but is not responding to LDAP Bind.
Warning: SERVER12 is the Rid Owner, but is not responding to DS RPC Bin
d.
Warning: SERVER12 is the Rid Owner, but is not responding to LDAP Bind.
Warning: SERVER12 is the Infrastructure Update Owner, but is not respon
ding to DS RPC Bind.
Warning: SERVER12 is the Infrastructure Update Owner, but is not respon
ding to LDAP Bind.
......................... SERVER failed test KnowsOfRoleHolders
Starting test: RidManager
Dcdiag could not locate (null) in the dcdiag's cache of servers. Try
running this dcdiag test against this server, to avoid any problems
caused by replication latency.
......................... SERVER failed test RidManager
Starting test: MachineAccount
......................... SERVER passed test MachineAccount
Starting test: Services
......................... SERVER passed test Services
Starting test: ObjectsReplicated
......................... SERVER passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVER passed test frssysvol
Starting test: frsevent
......................... SERVER passed test frsevent
Starting test: kccevent
......................... SERVER passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x40000004
Time Generated: 07/26/2016 16:47:04
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/26/2016 16:47:36
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/26/2016 17:13:48
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/26/2016 17:15:56
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/26/2016 17:16:33
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/26/2016 17:20:56
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/26/2016 17:20:59
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/26/2016 17:23:37
Event String: The kerberos client received a
......................... SERVER failed test systemlog
Starting test: VerifyReferences
......................... SERVER passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : papharmacists
Starting test: CrossRefValidation
......................... papharmacists passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... papharmacists passed test CheckSDRefDom
Running enterprise tests on : papharmacists.com
Starting test: Intersite
......................... papharmacists.com passed test Intersite
Starting test: FsmoCheck
......................... papharmacists.com passed test FsmoCheck
C:\Documents and Settings\Administrator>
New Server - DC Diag
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator>dcd
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SE
Starting test: Connectivity
......................... SERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SE
Starting test: Replications
......................... SERVER passed test Replications
Starting test: NCSecDesc
......................... SERVER passed test NCSecDesc
Starting test: NetLogons
......................... SERVER passed test NetLogons
Starting test: Advertising
......................... SERVER passed test Advertising
Starting test: KnowsOfRoleHolders
[SERVER12] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
Warning: SERVER12 is the Schema Owner, but is not responding to DS RPC
Bind.
[SERVER12] LDAP search failed with error 58,
The specified server cannot perform the requested operation..
Warning: SERVER12 is the Schema Owner, but is not responding to LDAP Bi
nd.
Warning: SERVER12 is the Domain Owner, but is not responding to DS RPC
Bind.
Warning: SERVER12 is the Domain Owner, but is not responding to LDAP Bi
nd.
Warning: SERVER12 is the PDC Owner, but is not responding to DS RPC Bin
d.
Warning: SERVER12 is the PDC Owner, but is not responding to LDAP Bind.
Warning: SERVER12 is the Rid Owner, but is not responding to DS RPC Bin
d.
Warning: SERVER12 is the Rid Owner, but is not responding to LDAP Bind.
Warning: SERVER12 is the Infrastructure Update Owner, but is not respon
ding to DS RPC Bind.
Warning: SERVER12 is the Infrastructure Update Owner, but is not respon
ding to LDAP Bind.
......................... SERVER failed test KnowsOfRoleHolders
Starting test: RidManager
Dcdiag could not locate (null) in the dcdiag's cache of servers. Try
running this dcdiag test against this server, to avoid any problems
caused by replication latency.
......................... SERVER failed test RidManager
Starting test: MachineAccount
......................... SERVER passed test MachineAccount
Starting test: Services
......................... SERVER passed test Services
Starting test: ObjectsReplicated
......................... SERVER passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVER passed test frssysvol
Starting test: frsevent
......................... SERVER passed test frsevent
Starting test: kccevent
......................... SERVER passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x40000004
Time Generated: 07/26/2016 16:47:04
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/26/2016 16:47:36
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/26/2016 17:13:48
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/26/2016 17:15:56
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/26/2016 17:16:33
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/26/2016 17:20:56
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/26/2016 17:20:59
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 07/26/2016 17:23:37
Event String: The kerberos client received a
......................... SERVER failed test systemlog
Starting test: VerifyReferences
......................... SERVER passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : papharmacists
Starting test: CrossRefValidation
......................... papharmacists passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... papharmacists passed test CheckSDRefDom
Running enterprise tests on : papharmacists.com
Starting test: Intersite
......................... papharmacists.com passed test Intersite
Starting test: FsmoCheck
......................... papharmacists.com passed test FsmoCheck
C:\Documents and Settings\Administrator>
Check the following services on the 2012 Server and make sure the startup type is auto and that the service is running
Remote Procedure Call (RPC)
Kerberos Key Distribution Center (KDC)
Remote Procedure Call (RPC)
Kerberos Key Distribution Center (KDC)
ASKER
KDC is running
RPC is running
RPC Locator is not
RPC is running
RPC Locator is not
Try stopping the Windows Firewall service on both servers. Don't simply turn off the Windows Firewall. Actually stop the services. If the AV software on the servers has an internal firewall stop that too. Did you actually get as far as running dcpromo on the 2003 box?
ASKER
No DCPromo .......was afraid to run it with the way things are running. Also when i shut down the 2003 server ...........AD on the 2012 server starts acting up.
Try stopping the Windows Firewall service on both servers. Don't simply turn off the Windows Firewall. Actually stop the services. If the AV software on the servers has an internal firewall stop that too
ASKER
All Firewalls Stopped. No Joy!
ASKER
This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role.
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
FSMO Role: DC=papharmacists,DC=com
User Action:
1. Initial synchronization is the first early replications done by a system as it is starting. A failure to initially synchronize may explain why a FSMO role cannot be validated. This process is explained in KB article 305476.
2. This server has one or more replication partners, and replication is failing for all of these partners. Use the command repadmin /showrepl to display the replication errors. Correct the error in question. For example there maybe problems with IP connectivity, DNS name resolution, or security authentication that are preventing successful replication.
3. In the rare event that all replication partners are expected to be offline (for example, because of maintenance or disaster recovery), you can force the role to be validated. This can be done by using NTDSUTIL.EXE to seize the role to the same server. This may be done using the steps provided in KB articles 255504 and 324801 on http://support.microsoft.com.
Found this Error in Event log
The following operations may be impacted:
Schema: You will no longer be able to modify the schema for this forest.
Domain Naming: You will no longer be able to add or remove domains from this forest.
PDC: You will no longer be able to perform primary domain controller operations, such as Group Policy updates and password resets for non-Active Directory Domain Services accounts.
RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups.
Infrastructure: Cross-domain name references, such as universal group memberships, will not be updated properly if their target object is moved or renamed.
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
FSMO Role: DC=papharmacists,DC=com
User Action:
1. Initial synchronization is the first early replications done by a system as it is starting. A failure to initially synchronize may explain why a FSMO role cannot be validated. This process is explained in KB article 305476.
2. This server has one or more replication partners, and replication is failing for all of these partners. Use the command repadmin /showrepl to display the replication errors. Correct the error in question. For example there maybe problems with IP connectivity, DNS name resolution, or security authentication that are preventing successful replication.
3. In the rare event that all replication partners are expected to be offline (for example, because of maintenance or disaster recovery), you can force the role to be validated. This can be done by using NTDSUTIL.EXE to seize the role to the same server. This may be done using the steps provided in KB articles 255504 and 324801 on http://support.microsoft.com.
Found this Error in Event log
The following operations may be impacted:
Schema: You will no longer be able to modify the schema for this forest.
Domain Naming: You will no longer be able to add or remove domains from this forest.
PDC: You will no longer be able to perform primary domain controller operations, such as Group Policy updates and password resets for non-Active Directory Domain Services accounts.
RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups.
Infrastructure: Cross-domain name references, such as universal group memberships, will not be updated properly if their target object is moved or renamed.
At this point the DNS on the 2003 Server should point to the 2012 Server. If that is the case and the firewalls are stopped then you may very well have to seize the remaining roles with ntdsutil and then forcefully remove the 2003 server with a dcpromo /force then remove the metadata:
https://social.technet.microsoft.com/Forums/en-US/3abda48f-bf9b-428f-acce-c92ffd70bd13/meta-cleanup-after-a-dcpromo-force-removal?forum=winservergen
https://social.technet.microsoft.com/Forums/en-US/3abda48f-bf9b-428f-acce-c92ffd70bd13/meta-cleanup-after-a-dcpromo-force-removal?forum=winservergen
ASKER
Got this error during transfer:
fsmo maintenance: transfer infrastructure master
ldap_modify_sW error 0xc(12 (Unavailable Critical Extension).
Ldap extended error message is 000020AE: SvcErr: DSID-032103F9, problem 5010 (UNAVAIL_EXTENSION), data 8610
Win32 error returned is 0x20ae(The role owner attribute could not be read.)
)
Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Server "server12" knows about 5 roles
Schema - CN=NTDS Settings,CN=SERVER12,CN=Se rvers,CN=D efault-Fir st-Site-Na me,CN=Site s,CN=Confi guration,D C=papharma cists,D
C=com
Naming Master - CN=NTDS Settings,CN=SERVER12,CN=Se rvers,CN=D efault-Fir st-Site-Na me,CN=Site s,CN=Confi guration,D C=papharma
cists,DC=com
PDC - CN=NTDS Settings,CN=SERVER12,CN=Se rvers,CN=D efault-Fir st-Site-Na me,CN=Site s,CN=Confi guration,D C=papharma cists,DC=c
om
RID - CN=NTDS Settings,CN=SERVER12,CN=Se rvers,CN=D efault-Fir st-Site-Na me,CN=Site s,CN=Confi guration,D C=papharma cists,DC=c
om
Infrastructure - CN=NTDS Settings,CN=SERVER12,CN=Se rvers,CN=D efault-Fir st-Site-Na me,CN=Site s,CN=Confi guration,D C=papharm
acists,DC=com
fsmo maintenance: transfer infrastructure master
ldap_modify_sW error 0xc(12 (Unavailable Critical Extension).
Ldap extended error message is 000020AE: SvcErr: DSID-032103F9, problem 5010 (UNAVAIL_EXTENSION), data 8610
Win32 error returned is 0x20ae(The role owner attribute could not be read.)
)
Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Server "server12" knows about 5 roles
Schema - CN=NTDS Settings,CN=SERVER12,CN=Se
C=com
Naming Master - CN=NTDS Settings,CN=SERVER12,CN=Se
cists,DC=com
PDC - CN=NTDS Settings,CN=SERVER12,CN=Se
om
RID - CN=NTDS Settings,CN=SERVER12,CN=Se
om
Infrastructure - CN=NTDS Settings,CN=SERVER12,CN=Se
acists,DC=com
There is a difference between transferring and seizing. You want to run ntdsutil from the 2012 server and seize what ever roles it doesn't hold.....
ASKER
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.
C:\Users\administrator.PPA >netdom query fsmo
The specified domain either does not exist or could not be contacted.
The command failed to complete successfully.
C:\Users\administrator.PPA >dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = Server12
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SE RVER12
Starting test: Connectivity
The host a4657d35-e028-4e1c-894a-88 88c916651e ._msdcs.pa pharmacist s.com
could not be resolved to an IP address. Check the DNS server, DHCP,
server name, etc.
Got error while checking LDAP and RPC connectivity. Please check your
firewall settings.
......................... SERVER12 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SE RVER12
Skipping all tests, because server SERVER12 is not responding to
directory service requests.
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : papharmacists
Starting test: CheckSDRefDom
......................... papharmacists passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... papharmacists passed test CrossRefValidation
Running enterprise tests on : papharmacists.com
Starting test: LocatorCheck
Warning: DcGetDcName(GC_SERVER_REQU IRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERV ER_PREFERR ED) call failed, error
1355
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... papharmacists.com failed test LocatorCheck
Starting test: Intersite
......................... papharmacists.com passed test Intersite
C:\Users\administrator.PPA >ntdsutil
ntdsutil: roles
fsmo maintenance: connections
server connections: connect to server server12
Binding to server12 ...
Connected to server12 using credentials of locally logged on user.
server connections: q
fsmo maintenance: ?
? - Show this help information
Connections - Connect to a specific AD DC/LDS instance
Help - Show this help information
Quit - Return to the prior menu
Seize infrastructure master - Overwrite infrastructure role on connected serv
er
Seize naming master - Overwrite Naming Master role on connected serve
r
Seize PDC - Overwrite PDC role on connected server
Seize RID master - Overwrite RID role on connected server
Seize schema master - Overwrite schema role on connected server
Select operation target - Select sites, servers, domains, roles and
naming contexts
Transfer infrastructure master - Make connected server the infrastructure maste
r
Transfer naming master - Make connected server the naming master
Transfer PDC - Make connected server the PDC
Transfer RID master - Make connected server the RID master
Transfer schema master - Make connected server the schema master
fsmo maintenance: transfer infrastructure master
ldap_modify_sW error 0xc(12 (Unavailable Critical Extension).
Ldap extended error message is 000020AE: SvcErr: DSID-032103F9, problem 5010 (UN
AVAIL_EXTENSION), data 8610
Win32 error returned is 0x20ae(The role owner attribute could not be read.)
)
Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Server "server12" knows about 5 roles
Schema - CN=NTDS Settings,CN=SERVER12,CN=Se rvers,CN=D efault-Fir st-Site-Na me,CN=S
ites,CN=Configuration,DC=p apharmacis ts,DC=com
Naming Master - CN=NTDS Settings,CN=SERVER12,CN=Se rvers,CN=D efault-Fir st-Site-Na
me,CN=Sites,CN=Configurati on,DC=paph armacists, DC=com
PDC - CN=NTDS Settings,CN=SERVER12,CN=Se rvers,CN=D efault-Fir st-Site-Na me,CN=Site
s,CN=Configuration,DC=paph armacists, DC=com
RID - CN=NTDS Settings,CN=SERVER12,CN=Se rvers,CN=D efault-Fir st-Site-Na me,CN=Site
s,CN=Configuration,DC=paph armacists, DC=com
Infrastructure - CN=NTDS Settings,CN=SERVER12,CN=Se rvers,CN=D efault-Fir st-Site-N
ame,CN=Sites,CN=Configurat ion,DC=pap harmacists ,DC=com
fsmo maintenance: quit
ntdsutil: roles
fsmo maintenance: connections
Connected to server12 using credentials of locally logged on user.
server connections: connect to server server12
Disconnecting from server12...
Binding to server12 ...
Connected to server12 using credentials of locally logged on user.
server connections: q
fsmo maintenance: ?
? - Show this help information
Connections - Connect to a specific AD DC/LDS instance
Help - Show this help information
Quit - Return to the prior menu
Seize infrastructure master - Overwrite infrastructure role on connected serv
er
Seize naming master - Overwrite Naming Master role on connected serve
r
Seize PDC - Overwrite PDC role on connected server
Seize RID master - Overwrite RID role on connected server
Seize schema master - Overwrite schema role on connected server
Select operation target - Select sites, servers, domains, roles and
naming contexts
Transfer infrastructure master - Make connected server the infrastructure maste
r
Transfer naming master - Make connected server the naming master
Transfer PDC - Make connected server the PDC
Transfer RID master - Make connected server the RID master
Transfer schema master - Make connected server the schema master
fsmo maintenance: seise infrastructure master
Error parsing Input - Invalid Syntax.
fsmo maintenance: seize infrastructure master
Attempting safe transfer of infrastructure FSMO before seizure.
ldap_modify_sW error 0xc(12 (Unavailable Critical Extension).
Ldap extended error message is 000020AE: SvcErr: DSID-032103F9, problem 5010 (UN
AVAIL_EXTENSION), data 8610
Win32 error returned is 0x20ae(The role owner attribute could not be read.)
)
Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Transfer of infrastructure FSMO failed, proceeding with seizure ...
Server "server12" knows about 5 roles
Schema - CN=NTDS Settings,CN=SERVER12,CN=Se rvers,CN=D efault-Fir st-Site-Na me,CN=S
ites,CN=Configuration,DC=p apharmacis ts,DC=com
Naming Master - CN=NTDS Settings,CN=SERVER12,CN=Se rvers,CN=D efault-Fir st-Site-Na
me,CN=Sites,CN=Configurati on,DC=paph armacists, DC=com
PDC - CN=NTDS Settings,CN=SERVER12,CN=Se rvers,CN=D efault-Fir st-Site-Na me,CN=Site
s,CN=Configuration,DC=paph armacists, DC=com
RID - CN=NTDS Settings,CN=SERVER12,CN=Se rvers,CN=D efault-Fir st-Site-Na me,CN=Site
s,CN=Configuration,DC=paph armacists, DC=com
Infrastructure - CN=NTDS Settings,CN=SERVER12,CN=Se rvers,CN=D efault-Fir st-Site-N
ame,CN=Sites,CN=Configurat ion,DC=pap harmacists ,DC=com
fsmo maintenance:
(c) 2013 Microsoft Corporation. All rights reserved.
C:\Users\administrator.PPA
The specified domain either does not exist or could not be contacted.
The command failed to complete successfully.
C:\Users\administrator.PPA
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = Server12
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SE
Starting test: Connectivity
The host a4657d35-e028-4e1c-894a-88
could not be resolved to an IP address. Check the DNS server, DHCP,
server name, etc.
Got error while checking LDAP and RPC connectivity. Please check your
firewall settings.
......................... SERVER12 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SE
Skipping all tests, because server SERVER12 is not responding to
directory service requests.
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : papharmacists
Starting test: CheckSDRefDom
......................... papharmacists passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... papharmacists passed test CrossRefValidation
Running enterprise tests on : papharmacists.com
Starting test: LocatorCheck
Warning: DcGetDcName(GC_SERVER_REQU
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERV
1355
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... papharmacists.com failed test LocatorCheck
Starting test: Intersite
......................... papharmacists.com passed test Intersite
C:\Users\administrator.PPA
ntdsutil: roles
fsmo maintenance: connections
server connections: connect to server server12
Binding to server12 ...
Connected to server12 using credentials of locally logged on user.
server connections: q
fsmo maintenance: ?
? - Show this help information
Connections - Connect to a specific AD DC/LDS instance
Help - Show this help information
Quit - Return to the prior menu
Seize infrastructure master - Overwrite infrastructure role on connected serv
er
Seize naming master - Overwrite Naming Master role on connected serve
r
Seize PDC - Overwrite PDC role on connected server
Seize RID master - Overwrite RID role on connected server
Seize schema master - Overwrite schema role on connected server
Select operation target - Select sites, servers, domains, roles and
naming contexts
Transfer infrastructure master - Make connected server the infrastructure maste
r
Transfer naming master - Make connected server the naming master
Transfer PDC - Make connected server the PDC
Transfer RID master - Make connected server the RID master
Transfer schema master - Make connected server the schema master
fsmo maintenance: transfer infrastructure master
ldap_modify_sW error 0xc(12 (Unavailable Critical Extension).
Ldap extended error message is 000020AE: SvcErr: DSID-032103F9, problem 5010 (UN
AVAIL_EXTENSION), data 8610
Win32 error returned is 0x20ae(The role owner attribute could not be read.)
)
Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Server "server12" knows about 5 roles
Schema - CN=NTDS Settings,CN=SERVER12,CN=Se
ites,CN=Configuration,DC=p
Naming Master - CN=NTDS Settings,CN=SERVER12,CN=Se
me,CN=Sites,CN=Configurati
PDC - CN=NTDS Settings,CN=SERVER12,CN=Se
s,CN=Configuration,DC=paph
RID - CN=NTDS Settings,CN=SERVER12,CN=Se
s,CN=Configuration,DC=paph
Infrastructure - CN=NTDS Settings,CN=SERVER12,CN=Se
ame,CN=Sites,CN=Configurat
fsmo maintenance: quit
ntdsutil: roles
fsmo maintenance: connections
Connected to server12 using credentials of locally logged on user.
server connections: connect to server server12
Disconnecting from server12...
Binding to server12 ...
Connected to server12 using credentials of locally logged on user.
server connections: q
fsmo maintenance: ?
? - Show this help information
Connections - Connect to a specific AD DC/LDS instance
Help - Show this help information
Quit - Return to the prior menu
Seize infrastructure master - Overwrite infrastructure role on connected serv
er
Seize naming master - Overwrite Naming Master role on connected serve
r
Seize PDC - Overwrite PDC role on connected server
Seize RID master - Overwrite RID role on connected server
Seize schema master - Overwrite schema role on connected server
Select operation target - Select sites, servers, domains, roles and
naming contexts
Transfer infrastructure master - Make connected server the infrastructure maste
r
Transfer naming master - Make connected server the naming master
Transfer PDC - Make connected server the PDC
Transfer RID master - Make connected server the RID master
Transfer schema master - Make connected server the schema master
fsmo maintenance: seise infrastructure master
Error parsing Input - Invalid Syntax.
fsmo maintenance: seize infrastructure master
Attempting safe transfer of infrastructure FSMO before seizure.
ldap_modify_sW error 0xc(12 (Unavailable Critical Extension).
Ldap extended error message is 000020AE: SvcErr: DSID-032103F9, problem 5010 (UN
AVAIL_EXTENSION), data 8610
Win32 error returned is 0x20ae(The role owner attribute could not be read.)
)
Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Transfer of infrastructure FSMO failed, proceeding with seizure ...
Server "server12" knows about 5 roles
Schema - CN=NTDS Settings,CN=SERVER12,CN=Se
ites,CN=Configuration,DC=p
Naming Master - CN=NTDS Settings,CN=SERVER12,CN=Se
me,CN=Sites,CN=Configurati
PDC - CN=NTDS Settings,CN=SERVER12,CN=Se
s,CN=Configuration,DC=paph
RID - CN=NTDS Settings,CN=SERVER12,CN=Se
s,CN=Configuration,DC=paph
Infrastructure - CN=NTDS Settings,CN=SERVER12,CN=Se
ame,CN=Sites,CN=Configurat
fsmo maintenance:
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK. Thanks.
ASKER
The Replication service never finalized....therefore the new DC could never complete the DC process. Even though it said it had. Thanks of all you help.