I am trying to temporarily transfer a DC to another machine so we can
rebuild the first machine. Thanks to several folks in these newsgroups I
got the scoop on how to do this. So far, I managed to set up a second
domain controller on the network (this is a stand-alone network with about a
dozen machines in a lab). I was in the process of transferring the FSMOs to
the secondary machine when I ran into problems.

When I try to transfer the RID, PDC, Infrastructure, Schema, etc I get an
error for each which basically say:

The transfer of the operations master role cannot be performed because: The
requested FSMO operation failed. The current FSMO holder could not be
contacted.

(I say "basically the same" because in a couple cases it asks if I want to
try a forced transfer.) According to what I read, this is usually caused by
insufficient account privileges. Well, I was in the domain administrator
account which has about every permission I could find and a member of the
Domain Administrators group, schema group, etc, etc. I was also doing it
from the machine which is currently the DC.

From what I have read, this is the preferred way of performing the transfer.
There is a way to "pull" the FSMOs over to the secondary machine by logging
in to it and using command line commands. However, some of the reading
imply that doing a "pull" will render the old domain controller unable to
resume as DC. Yes, I know that ultimately I am putting a clean machine back
in, but there is some sensitivity to being able to return things to they way
they were if the rebuild does not work. (The rebuild is a hard drive swap,
so I will have the old drive with everything on it.) I am also concerned
that the "pull" approach only half works and I am stuck with the old DC
being lobotomized and the new, temporary DC with not enough smarts to do the
job.

Anyone have insight into why "The current FSMO holder could not be
contacted." and how to resolve the problem? Any other suggestions would be
greatly appreciated too!

Thanks!

Don

In news:(E-Mail Removed),
Don <(E-Mail Removed)> typed:
> I am trying to temporarily transfer a DC to another machine so we can
> rebuild the first machine. Thanks to several folks in these
> newsgroups I got the scoop on how to do this. So far, I managed to
> set up a second domain controller on the network (this is a
> stand-alone network with about a dozen machines in a lab). I was in
> the process of transferring the FSMOs to the secondary machine when I
> ran into problems.
>
> When I try to transfer the RID, PDC, Infrastructure, Schema, etc I
> get an error for each which basically say:
>
> The transfer of the operations master role cannot be performed
> because: The requested FSMO operation failed. The current FSMO
> holder could not be contacted.
>
> (I say "basically the same" because in a couple cases it asks if I
> want to try a forced transfer.) According to what I read, this is
> usually caused by insufficient account privileges. Well, I was in
> the domain administrator account which has about every permission I
> could find and a member of the Domain Administrators group, schema
> group, etc, etc. I was also doing it from the machine which is
> currently the DC.
>
> From what I have read, this is the preferred way of performing the
> transfer. There is a way to "pull" the FSMOs over to the secondary
> machine by logging in to it and using command line commands.
> However, some of the reading imply that doing a "pull" will render
> the old domain controller unable to resume as DC. Yes, I know that
> ultimately I am putting a clean machine back in, but there is some
> sensitivity to being able to return things to they way they were if
> the rebuild does not work. (The rebuild is a hard drive swap, so I
> will have the old drive with everything on it.) I am also concerned
> that the "pull" approach only half works and I am stuck with the old
> DC being lobotomized and the new, temporary DC with not enough smarts
> to do the job.
>
> Anyone have insight into why "The current FSMO holder could not be
> contacted." and how to resolve the problem? Any other suggestions
> would be greatly appreciated too!
>
> Thanks!
>
> Don

"Transferring" the FSMO roles is indeed better than "siezing" them....

1. Are you 100% sure this server is pointing at the right DNS server (your
internal DNS server, AD-integrated or no) ?
2. What happens if you use the built-in domain admin account?