| Home | Forums | Reviews | Articles | Register |
 |
| Thread Tools | Rate Thread |
|
thecheat
Guest
Posts: n/a
|
i have 2 DCs on my network, OCP and OCP2. i have only one domain in
my forest. i want to demote the second one (OCP2), but dcpromo is not working. i get the following error: "The operation failed because: The Directory Service failed to replicate off changes made locally. ’The DSA operation is unable to proceed because of a DNS lookup failure.’" i’ve read that i could do a /forceremoval but that it is only a last resort, so i’d like to see if i can remedy this without forcing removal. in http://support.microsoft.com/kb/332199 MS states "Microsoft Windows 2000 or Microsoft Windows Server 2003 domain controllers may not gracefully demote by using the Active Directory Installation Wizard (Dcpromo.exe). CAUSE: This behavior may occur if a required dependency or operation fails. These include network connectivity, name resolution, authentication, Active Directory directory service replication, or the location of a critical object in Active Directory." i know that replication is NOT working. i made policy changes a few weeks ago, and any workstation that pulls its policies from OCP2 does not get the most recent changes. i can also tell by comparing the "registry.pol" files. on OCP, the file is 4,856 bytes and dated 3/4/05. on OCP2, the file is 4,216 and dated 2/17/05. however, when i view the group policy on both machines through an MMC, they are the same. i don’t know how to fix this. how do i get these machines in sync with each other? on a side note, i have verified that OCP is the global catalog server, domain naming master, pdc emulator, rid master and infrastructure master. i do not know how to verify if it is the schema master before i demote OCP2. how do i verify that the DC i am not trying to demote is not the schema master? thank you for any and all help. i’ve been fighting with this for weeks now. -- Posted using the http://www.windowsforumz.com interface, at author's request Articles individually checked for conformance to usenet standards Topic URL: http://www.windowsforumz.com/Active-...ict345598.html Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1083753 |
|
||
|
||||
|
|
|
| |
|
Chriss3 [MVP]
Guest
Posts: n/a
|
Hello,
This seems to be a DNS issue. Ensure all clients/servers and domain controllers within your domain has there TCP/IP DNS Servers, set to the server hosting dns for your active directory, it should be one of the domain controllers. Use nslookup to troubleshooting name resolution. e.g nslookup domainname.com, ensure a DC answers. as well try e.g ocp.domainname.com , verify you get the name resolved successfully The FSMO roles should transfer automatically during demote, this can operation may fail some times, how ever it dosen't seems to be related in your case. -- Regards Christoffer Andersson Microsoft MVP - Directory Services No email replies please - reply in the newsgroup ------------------------------------------------ http://www.chrisse.se - Active Directory Tips "thecheat" <(E-Mail Removed)> skrev i meddelandet news:(E-Mail Removed)... >i have 2 DCs on my network, OCP and OCP2. i have only one domain in > my forest. i want to demote the second one (OCP2), but dcpromo is not > working. i get the following error: "The operation failed because: > The Directory Service failed to replicate off changes made locally. > 'The DSA operation is unable to proceed because of a DNS lookup > failure.'" i've read that i could do a /forceremoval but that it is > only a last resort, so i'd like to see if i can remedy this without > forcing removal. > > in http://support.microsoft.com/kb/332199 MS states "Microsoft > Windows 2000 or Microsoft Windows Server 2003 domain controllers may > not gracefully demote by using the Active Directory Installation > Wizard (Dcpromo.exe). CAUSE: This behavior may occur if a required > dependency or operation fails. These include network connectivity, > name resolution, authentication, Active Directory directory service > replication, or the location of a critical object in Active > Directory." > > i know that replication is NOT working. i made policy changes a few > weeks ago, and any workstation that pulls its policies from OCP2 does > not get the most recent changes. i can also tell by comparing the > "registry.pol" files. on OCP, the file is 4,856 bytes and dated > 3/4/05. on OCP2, the file is 4,216 and dated 2/17/05. however, when > i view the group policy on both machines through an MMC, they are the > same. i don't know how to fix this. > > how do i get these machines in sync with each other? > > on a side note, i have verified that OCP is the global catalog server, > domain naming master, pdc emulator, rid master and infrastructure > master. i do not know how to verify if it is the schema master before > i demote OCP2. > > how do i verify that the DC i am not trying to demote is not the > schema master? > > thank you for any and all help. i've been fighting with this for > weeks now. > > -- > Posted using the http://www.windowsforumz.com interface, at author's > request > Articles individually checked for conformance to usenet standards > Topic URL: > http://www.windowsforumz.com/Active-...ict345598.html > Visit Topic URL to contact author (reg. req'd). Report abuse: > http://www.windowsforumz.com/eform.php?p=1083753 |
|
||
|
|
||||
|
thecheat
Guest
Posts: n/a
|
"Chriss3 MVP" wrote:
> Hello, > This seems to be a DNS issue. > Ensure all clients/servers and domain controllers within your > domain has > there TCP/IP DNS Servers, set to the server hosting dns for > your active > directory, it should be one of the domain controllers. Use > nslookup to > troubleshooting name resolution. e.g nslookup domainname.com, > ensure a DC > answers. as well try e.g ocp.domainname.com , verify you get > the name > resolved successfully > > The FSMO roles should transfer automatically during demote, > this can > operation may fail some times, how ever it dosen't seems to be > related in > your case. > -- > Regards > Christoffer Andersson > Microsoft MVP - Directory Services > > No email replies please - reply in the newsgroup > ------------------------------------------------ > http://www.chrisse.se - Active Directory Tips > > "thecheat" <(E-Mail Removed)> skrev i > meddelandet > news:(E-Mail Removed)... > >i have 2 DCs on my network, OCP and OCP2. i have only one > domain in > > my forest. i want to demote the second one (OCP2), but > dcpromo is not > > working. i get the following error: "The operation failed > because: > > The Directory Service failed to replicate off changes made > locally. > > 'The DSA operation is unable to proceed because of a DNS > lookup > > failure.'" i've read that i could do a /forceremoval but > that it is > > only a last resort, so i'd like to see if i can remedy this > without > > forcing removal. > > > > in http://support.microsoft.com/kb/332199 MS states "Microsoft > > Windows 2000 or Microsoft Windows Server 2003 domain > controllers may > > not gracefully demote by using the Active Directory > Installation > > Wizard (Dcpromo.exe). CAUSE: This behavior may occur if a > required > > dependency or operation fails. These include network > connectivity, > > name resolution, authentication, Active Directory directory > service > > replication, or the location of a critical object in Active > > Directory." > > > > i know that replication is NOT working. i made policy > changes a few > > weeks ago, and any workstation that pulls its policies from > OCP2 does > > not get the most recent changes. i can also tell by > comparing the > > "registry.pol" files. on OCP, the file is 4,856 bytes and > dated > > 3/4/05. on OCP2, the file is 4,216 and dated 2/17/05. > however, when > > i view the group policy on both machines through an MMC, > they are the > > same. i don't know how to fix this. > > > > how do i get these machines in sync with each other? > > > > on a side note, i have verified that OCP is the global > catalog server, > > domain naming master, pdc emulator, rid master and > infrastructure > > master. i do not know how to verify if it is the schema > master before > > i demote OCP2. > > > > how do i verify that the DC i am not trying to demote is not > the > > schema master? > > > > thank you for any and all help. i've been fighting with > this for > > weeks now. > > > > -- > > Posted using the http://www.windowsforumz.com interface, at author's > > request > > Articles individually checked for conformance to usenet > standards > > Topic URL: > > http://www.windowsforumz.com/Active-...ict345598.html > > Visit Topic URL to contact author (reg. req'd). Report > abuse: > > http://www.windowsforumz.com/eform.php?p=1083753 thank you for the help. i currently have all workstations, and OCP2 (the problem DC), pointed to OCP for DNS (192.168.1.44). every computer except OCP (the DNS server) is set up as follows: preferred DNS: 192.168.1.44 (OCP) alternate DNS: 199.2.252.10 (Sprint) OCP (the DNS server) is set up as follows: preferred DNS: 199.2.252.10 (Sprint) alternate DNS: 60.something (another internet DNS address) would you say that i have these configured correctly? i also meant to say earlier that i am getting the following error in the event log on OCP Event Type: Error Event Source: NtFrs Event Category: None Event ID: 13555 Date: 1/24/2005 Time: 8:08:24 AM User: N/A Computer: OCP Description: The File Replication Service is in an error state. lastly, here is a screenshot of DNS in MMC on OCP. also, i am using forwarders on OCP. http://sadchild.cjb.net/dns.jpg |
|
||
|
|
||||
|
C Hall
Guest
Posts: n/a
|
All DCs and workstations should point to internal DNS servers only, so
preferred set as 192.168.1.44. OCP should point to itself as well and configured to forward requests to your ISP dns server. So when clients need to resolve a name to an ip address internally, the dns server would handle that resolution. Name resolution for hosts outside (Internet), the queries would be forwarded to the ISP. It would be a good idea to have a second dns server setup for fault tolerance purposes. hth, Chris "thecheat" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)... > "Chriss3 MVP" wrote: > > Hello, > > This seems to be a DNS issue. > > Ensure all clients/servers and domain controllers within your > > domain has > > there TCP/IP DNS Servers, set to the server hosting dns for > > your active > > directory, it should be one of the domain controllers. Use > > nslookup to > > troubleshooting name resolution. e.g nslookup domainname.com, > > ensure a DC > > answers. as well try e.g ocp.domainname.com , verify you get > > the name > > resolved successfully > > > > The FSMO roles should transfer automatically during demote, > > this can > > operation may fail some times, how ever it dosen't seems to be > > related in > > your case. > > -- > > Regards > > Christoffer Andersson > > Microsoft MVP - Directory Services > > > > No email replies please - reply in the newsgroup > > ------------------------------------------------ > > http://www.chrisse.se - Active Directory Tips > > > > "thecheat" <(E-Mail Removed)> skrev i > > meddelandet > > news:(E-Mail Removed)... > > >i have 2 DCs on my network, OCP and OCP2. i have only one > > domain in > > > my forest. i want to demote the second one (OCP2), but > > dcpromo is not > > > working. i get the following error: "The operation failed > > because: > > > The Directory Service failed to replicate off changes made > > locally. > > > 'The DSA operation is unable to proceed because of a DNS > > lookup > > > failure.'" i've read that i could do a /forceremoval but > > that it is > > > only a last resort, so i'd like to see if i can remedy this > > without > > > forcing removal. > > > > > > in http://support.microsoft.com/kb/332199 MS states "Microsoft > > > Windows 2000 or Microsoft Windows Server 2003 domain > > controllers may > > > not gracefully demote by using the Active Directory > > Installation > > > Wizard (Dcpromo.exe). CAUSE: This behavior may occur if a > > required > > > dependency or operation fails. These include network > > connectivity, > > > name resolution, authentication, Active Directory directory > > service > > > replication, or the location of a critical object in Active > > > Directory." > > > > > > i know that replication is NOT working. i made policy > > changes a few > > > weeks ago, and any workstation that pulls its policies from > > OCP2 does > > > not get the most recent changes. i can also tell by > > comparing the > > > "registry.pol" files. on OCP, the file is 4,856 bytes and > > dated > > > 3/4/05. on OCP2, the file is 4,216 and dated 2/17/05. > > however, when > > > i view the group policy on both machines through an MMC, > > they are the > > > same. i don't know how to fix this. > > > > > > how do i get these machines in sync with each other? > > > > > > on a side note, i have verified that OCP is the global > > catalog server, > > > domain naming master, pdc emulator, rid master and > > infrastructure > > > master. i do not know how to verify if it is the schema > > master before > > > i demote OCP2. > > > > > > how do i verify that the DC i am not trying to demote is not > > the > > > schema master? > > > > > > thank you for any and all help. i've been fighting with > > this for > > > weeks now. > > > > > > -- > > > Posted using the http://www.windowsforumz.com interface, at author's > > > request > > > Articles individually checked for conformance to usenet > > standards > > > Topic URL: > > > http://www.windowsforumz.com/Active-...ict345598.html > > > Visit Topic URL to contact author (reg. req'd). Report > > abuse: > > > http://www.windowsforumz.com/eform.php?p=1083753 > > thank you for the help. > > i currently have all workstations, and OCP2 (the problem DC), pointed > to OCP for DNS (192.168.1.44). > > every computer except OCP (the DNS server) is set up as follows: > preferred DNS: 192.168.1.44 (OCP) > alternate DNS: 199.2.252.10 (Sprint) > > OCP (the DNS server) is set up as follows: > preferred DNS: 199.2.252.10 (Sprint) > alternate DNS: 60.something (another internet DNS address) > > would you say that i have these configured correctly? > > i also meant to say earlier that i am getting the following error in > the event log on OCP > > Event Type: Error > Event Source: NtFrs > Event Category: None > Event ID: 13555 > Date: 1/24/2005 > Time: 8:08:24 AM > User: N/A > Computer: OCP > Description: > The File Replication Service is in an error state. > > lastly, here is a screenshot of DNS in MMC on OCP. also, i am using > forwarders on OCP. > > http://sadchild.cjb.net/dns.jpg |
|
||
|
|
||||
|
thecheat
Guest
Posts: n/a
|
"C Hall" wrote:
> All DCs and workstations should point to internal DNS servers > only, so > preferred set as 192.168.1.44. OCP should point to itself as > well and > configured to forward requests to your ISP dns server. So when > clients need > to resolve a name to an ip address internally, the dns server > would handle > that resolution. Name resolution for hosts outside (Internet), > the queries > would be forwarded to the ISP. It would be a good idea to have > a second dns > server setup for fault tolerance purposes. > > hth, > Chris > > "thecheat" <(E-Mail Removed)> wrote in message > news:(E-Mail Removed)... > > "Chriss3 MVP" wrote: > > > Hello, > > > This seems to be a DNS issue. > > > Ensure all clients/servers and domain controllers > within your > > > domain has > > > there TCP/IP DNS Servers, set to the server hosting > dns for > > > your active > > > directory, it should be one of the domain > controllers. Use > > > nslookup to > > > troubleshooting name resolution. e.g nslookup > domainname.com, > > > ensure a DC > > > answers. as well try e.g ocp.domainname.com , > verify you get > > > the name > > > resolved successfully > > > > > > The FSMO roles should transfer automatically during > demote, > > > this can > > > operation may fail some times, how ever it dosen't > seems to be > > > related in > > > your case. > > > -- > > > Regards > > > Christoffer Andersson > > > Microsoft MVP - Directory Services > > > > > > No email replies please - reply in the newsgroup > > > ------------------------------------------------ > > > http://www.chrisse.se - Active Directory Tips > > > > > > "thecheat" <(E-Mail Removed)> > skrev i > > > meddelandet > > > > news:(E-Mail Removed)... > > > >i have 2 DCs on my network, OCP and OCP2. i > have only one > > > domain in > > > > my forest. i want to demote the second one > (OCP2), but > > > dcpromo is not > > > > working. i get the following error: "The > operation failed > > > because: > > > > The Directory Service failed to replicate > off changes made > > > locally. > > > > 'The DSA operation is unable to proceed > because of a DNS > > > lookup > > > > failure.'" i've read that i could do a > /forceremoval but > > > that it is > > > > only a last resort, so i'd like to see if i > can remedy this > > > without > > > > forcing removal. > > > > > > > > in http://support.microsoft.com/kb/332199 > MS states "Microsoft > > > > Windows 2000 or Microsoft Windows Server > 2003 domain > > > controllers may > > > > not gracefully demote by using the Active > Directory > > > Installation > > > > Wizard (Dcpromo.exe). CAUSE: This behavior > may occur if a > > > required > > > > dependency or operation fails. These > include network > > > connectivity, > > > > name resolution, authentication, Active > Directory directory > > > service > > > > replication, or the location of a critical > object in Active > > > > Directory." > > > > > > > > i know that replication is NOT working. i > made policy > > > changes a few > > > > weeks ago, and any workstation that pulls > its policies from > > > OCP2 does > > > > not get the most recent changes. i can > also tell by > > > comparing the > > > > "registry.pol" files. on OCP, the file is > 4,856 bytes and > > > dated > > > > 3/4/05. on OCP2, the file is 4,216 and > dated 2/17/05. > > > however, when > > > > i view the group policy on both machines > through an MMC, > > > they are the > > > > same. i don't know how to fix this. > > > > > > > > how do i get these machines in sync with > each other? > > > > > > > > on a side note, i have verified that OCP is > the global > > > catalog server, > > > > domain naming master, pdc emulator, rid > master and > > > infrastructure > > > > master. i do not know how to verify if it > is the schema > > > master before > > > > i demote OCP2. > > > > > > > > how do i verify that the DC i am not trying > to demote is not > > > the > > > > schema master? > > > > > > > > thank you for any and all help. i've been > fighting with > > > this for > > > > weeks now. > > > > > > > > -- > > > > Posted using the > http://www.windowsforumz.com interface, at author's > > > > request > > > > Articles individually checked for > conformance to usenet > > > standards > > > > Topic URL: > > > > > http://www.windowsforumz.com/Active-...ict345598.html > > > > Visit Topic URL to contact author (reg. > req'd). Report > > > abuse: > > > > > http://www.windowsforumz.com/eform.php?p=1083753 > > > > thank you for the help. > > > > i currently have all workstations, and OCP2 (the problem > DC), pointed > > to OCP for DNS (192.168.1.44). > > > > every computer except OCP (the DNS server) is set up as > follows: > > preferred DNS: 192.168.1.44 (OCP) > > alternate DNS: 199.2.252.10 (Sprint) > > > > OCP (the DNS server) is set up as follows: > > preferred DNS: 199.2.252.10 (Sprint) > > alternate DNS: 60.something (another internet DNS address) > > > > would you say that i have these configured correctly? > > > > i also meant to say earlier that i am getting the following > error in > > the event log on OCP > > > > Event Type: Error > > Event Source: NtFrs > > Event Category: None > > Event ID: 13555 > > Date: 1/24/2005 > > Time: 8:08:24 AM > > User: N/A > > Computer: OCP > > Description: > > The File Replication Service is in an error state. > > > > lastly, here is a screenshot of DNS in MMC on OCP. also, i > am using > > forwarders on OCP. > > > > http://sadchild.cjb.net/dns.jpg thank you very much. that seems to have been the problem. i set OCP’s preferred DNS to itself, and then OCP2 demoted itself without problem! /tip CHall $10 i have another question. you can see in the screenshot below that even though OCP2 is no longer in the Domain Controllers OU, it is still listed as a server in ’sites and services’. i did notice that the ’NTDS settings’ sub-......."thing" is no longer there under OCP2 anymore, just under OCP. (sub-folder? sub-item? sub-setting?) my question is should i manually delete this, will it go away on its own or should i let it stay there? http://home.comcast.net/~ingoldsby/ocp2lingers.jpg |
|
||
|
|
||||
|
C Hall
Guest
Posts: n/a
|
Glad that helped.
Good luck, Chris "thecheat" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)... > "C Hall" wrote: > > All DCs and workstations should point to internal DNS servers > > only, so > > preferred set as 192.168.1.44. OCP should point to itself as > > well and > > configured to forward requests to your ISP dns server. So when > > clients need > > to resolve a name to an ip address internally, the dns server > > would handle > > that resolution. Name resolution for hosts outside (Internet), > > the queries > > would be forwarded to the ISP. It would be a good idea to have > > a second dns > > server setup for fault tolerance purposes. > > > > hth, > > Chris > > > > "thecheat" <(E-Mail Removed)> wrote in message > > news:(E-Mail Removed)... > > > "Chriss3 MVP" wrote: > > > > Hello, > > > > This seems to be a DNS issue. > > > > Ensure all clients/servers and domain controllers > > within your > > > > domain has > > > > there TCP/IP DNS Servers, set to the server hosting > > dns for > > > > your active > > > > directory, it should be one of the domain > > controllers. Use > > > > nslookup to > > > > troubleshooting name resolution. e.g nslookup > > domainname.com, > > > > ensure a DC > > > > answers. as well try e.g ocp.domainname.com , > > verify you get > > > > the name > > > > resolved successfully > > > > > > > > The FSMO roles should transfer automatically during > > demote, > > > > this can > > > > operation may fail some times, how ever it dosen't > > seems to be > > > > related in > > > > your case. > > > > -- > > > > Regards > > > > Christoffer Andersson > > > > Microsoft MVP - Directory Services > > > > > > > > No email replies please - reply in the newsgroup > > > > ------------------------------------------------ > > > > http://www.chrisse.se - Active Directory Tips > > > > > > > > "thecheat" <(E-Mail Removed)> > > skrev i > > > > meddelandet > > > > > > news:(E-Mail Removed)... > > > > >i have 2 DCs on my network, OCP and OCP2. i > > have only one > > > > domain in > > > > > my forest. i want to demote the second one > > (OCP2), but > > > > dcpromo is not > > > > > working. i get the following error: "The > > operation failed > > > > because: > > > > > The Directory Service failed to replicate > > off changes made > > > > locally. > > > > > 'The DSA operation is unable to proceed > > because of a DNS > > > > lookup > > > > > failure.'" i've read that i could do a > > /forceremoval but > > > > that it is > > > > > only a last resort, so i'd like to see if i > > can remedy this > > > > without > > > > > forcing removal. > > > > > > > > > > in http://support.microsoft.com/kb/332199 > > MS states "Microsoft > > > > > Windows 2000 or Microsoft Windows Server > > 2003 domain > > > > controllers may > > > > > not gracefully demote by using the Active > > Directory > > > > Installation > > > > > Wizard (Dcpromo.exe). CAUSE: This behavior > > may occur if a > > > > required > > > > > dependency or operation fails. These > > include network > > > > connectivity, > > > > > name resolution, authentication, Active > > Directory directory > > > > service > > > > > replication, or the location of a critical > > object in Active > > > > > Directory." > > > > > > > > > > i know that replication is NOT working. i > > made policy > > > > changes a few > > > > > weeks ago, and any workstation that pulls > > its policies from > > > > OCP2 does > > > > > not get the most recent changes. i can > > also tell by > > > > comparing the > > > > > "registry.pol" files. on OCP, the file is > > 4,856 bytes and > > > > dated > > > > > 3/4/05. on OCP2, the file is 4,216 and > > dated 2/17/05. > > > > however, when > > > > > i view the group policy on both machines > > through an MMC, > > > > they are the > > > > > same. i don't know how to fix this. > > > > > > > > > > how do i get these machines in sync with > > each other? > > > > > > > > > > on a side note, i have verified that OCP is > > the global > > > > catalog server, > > > > > domain naming master, pdc emulator, rid > > master and > > > > infrastructure > > > > > master. i do not know how to verify if it > > is the schema > > > > master before > > > > > i demote OCP2. > > > > > > > > > > how do i verify that the DC i am not trying > > to demote is not > > > > the > > > > > schema master? > > > > > > > > > > thank you for any and all help. i've been > > fighting with > > > > this for > > > > > weeks now. > > > > > > > > > > -- > > > > > Posted using the > > http://www.windowsforumz.com interface, at author's > > > > > request > > > > > Articles individually checked for > > conformance to usenet > > > > standards > > > > > Topic URL: > > > > > > > http://www.windowsforumz.com/Active-...ict345598.html > > > > > Visit Topic URL to contact author (reg. > > req'd). Report > > > > abuse: > > > > > > > http://www.windowsforumz.com/eform.php?p=1083753 > > > > > > thank you for the help. > > > > > > i currently have all workstations, and OCP2 (the problem > > DC), pointed > > > to OCP for DNS (192.168.1.44). > > > > > > every computer except OCP (the DNS server) is set up as > > follows: > > > preferred DNS: 192.168.1.44 (OCP) > > > alternate DNS: 199.2.252.10 (Sprint) > > > > > > OCP (the DNS server) is set up as follows: > > > preferred DNS: 199.2.252.10 (Sprint) > > > alternate DNS: 60.something (another internet DNS address) > > > > > > would you say that i have these configured correctly? > > > > > > i also meant to say earlier that i am getting the following > > error in > > > the event log on OCP > > > > > > Event Type: Error > > > Event Source: NtFrs > > > Event Category: None > > > Event ID: 13555 > > > Date: 1/24/2005 > > > Time: 8:08:24 AM > > > User: N/A > > > Computer: OCP > > > Description: > > > The File Replication Service is in an error state. > > > > > > lastly, here is a screenshot of DNS in MMC on OCP. also, i > > am using > > > forwarders on OCP. > > > > > > http://sadchild.cjb.net/dns.jpg > > thank you very much. that seems to have been the problem. i set > OCP's preferred DNS to itself, and then OCP2 demoted itself without > problem! > > /tip CHall $10 > > i have another question. > > you can see in the screenshot below that even though OCP2 is no longer > in the Domain Controllers OU, it is still listed as a server in 'sites > and services'. i did notice that the 'NTDS settings' > sub-......."thing" is no longer there under OCP2 anymore, just under > OCP. (sub-folder? sub-item? sub-setting?) > > my question is should i manually delete this, will it go away on its > own or should i let it stay there? > > http://home.comcast.net/~ingoldsby/ocp2lingers.jpg |
|
||
|
|
||||
|
thecheat
Guest
Posts: n/a
|
"C Hall" wrote:
> Glad that helped. > Good luck, > Chris > > "thecheat" <(E-Mail Removed)> wrote in message > news:(E-Mail Removed)... > > "C Hall" wrote: > > > All DCs and workstations should point to internal > DNS servers > > > only, so > > > preferred set as 192.168.1.44. OCP should point to > itself as > > > well and > > > configured to forward requests to your ISP dns > server. So when > > > clients need > > > to resolve a name to an ip address internally, the > dns server > > > would handle > > > that resolution. Name resolution for hosts outside > (Internet), > > > the queries > > > would be forwarded to the ISP. It would be a good > idea to have > > > a second dns > > > server setup for fault tolerance purposes. > > > > > > hth, > > > Chris > > > > > > "thecheat" <(E-Mail Removed)> > wrote in message > > > > news:(E-Mail Removed)... > > > > "Chriss3 MVP" wrote: > > > > > Hello, > > > > > This seems to be a DNS issue. > > > > > Ensure all clients/servers and > domain controllers > > > within your > > > > > domain has > > > > > there TCP/IP DNS Servers, set to > the server hosting > > > dns for > > > > > your active > > > > > directory, it should be one of the > domain > > > controllers. Use > > > > > nslookup to > > > > > troubleshooting name resolution. > e.g nslookup > > > domainname.com, > > > > > ensure a DC > > > > > answers. as well try e.g > ocp.domainname.com , > > > verify you get > > > > > the name > > > > > resolved successfully > > > > > > > > > > The FSMO roles should transfer > automatically during > > > demote, > > > > > this can > > > > > operation may fail some times, how > ever it dosen't > > > seems to be > > > > > related in > > > > > your case. > > > > > -- > > > > > Regards > > > > > Christoffer Andersson > > > > > Microsoft MVP - Directory Services > > > > > > > > > > No email replies please - reply in > the newsgroup > > > > > > ------------------------------------------------ > > > > > http://www.chrisse.se - Active > Directory Tips > > > > > > > > > > "thecheat" > <(E-Mail Removed)> > > > skrev i > > > > > meddelandet > > > > > > > > > news:(E-Mail Removed)... > > > > > >i have 2 DCs on my > network, OCP and OCP2. i > > > have only one > > > > > domain in > > > > > > my forest. i want to > demote the second one > > > (OCP2), but > > > > > dcpromo is not > > > > > > working. i get the > following error: "The > > > operation failed > > > > > because: > > > > > > The Directory Service > failed to replicate > > > off changes made > > > > > locally. > > > > > > 'The DSA operation is > unable to proceed > > > because of a DNS > > > > > lookup > > > > > > failure.'" i've read > that i could do a > > > /forceremoval but > > > > > that it is > > > > > > only a last resort, so > i'd like to see if i > > > can remedy this > > > > > without > > > > > > forcing removal. > > > > > > > > > > > > in > http://support.microsoft.com/kb/332199 > > > MS states "Microsoft > > > > > > Windows 2000 or > Microsoft Windows Server > > > 2003 domain > > > > > controllers may > > > > > > not gracefully demote > by using the Active > > > Directory > > > > > Installation > > > > > > Wizard (Dcpromo.exe). > CAUSE: This behavior > > > may occur if a > > > > > required > > > > > > dependency or operation > fails. These > > > include network > > > > > connectivity, > > > > > > name resolution, > authentication, Active > > > Directory directory > > > > > service > > > > > > replication, or the > location of a critical > > > object in Active > > > > > > Directory." > > > > > > > > > > > > i know that replication > is NOT working. i > > > made policy > > > > > changes a few > > > > > > weeks ago, and any > workstation that pulls > > > its policies from > > > > > OCP2 does > > > > > > not get the most recent > changes. i can > > > also tell by > > > > > comparing the > > > > > > "registry.pol" files. > on OCP, the file is > > > 4,856 bytes and > > > > > dated > > > > > > 3/4/05. on OCP2, the > file is 4,216 and > > > dated 2/17/05. > > > > > however, when > > > > > > i view the group policy > on both machines > > > through an MMC, > > > > > they are the > > > > > > same. i don't know how > to fix this. > > > > > > > > > > > > how do i get these > machines in sync with > > > each other? > > > > > > > > > > > > on a side note, i have > verified that OCP is > > > the global > > > > > catalog server, > > > > > > domain naming master, > pdc emulator, rid > > > master and > > > > > infrastructure > > > > > > master. i do not know > how to verify if it > > > is the schema > > > > > master before > > > > > > i demote OCP2. > > > > > > > > > > > > how do i verify that > the DC i am not trying > > > to demote is not > > > > > the > > > > > > schema master? > > > > > > > > > > > > thank you for any and > all help. i've been > > > fighting with > > > > > this for > > > > > > weeks now. > > > > > > > > > > > > -- > > > > > > Posted using the > > > http://www.windowsforumz.com interface, at author's > > > > > > request > > > > > > Articles individually > checked for > > > conformance to usenet > > > > > standards > > > > > > Topic URL: > > > > > > > > > > http://www.windowsforumz.com/Active-...ict345598.html > > > > > > Visit Topic URL to > contact author (reg. > > > req'd). Report > > > > > abuse: > > > > > > > > > http://www.windowsforumz.com/eform.php?p=1083753 > > > > > > > > thank you for the help. > > > > > > > > i currently have all workstations, and OCP2 > (the problem > > > DC), pointed > > > > to OCP for DNS (192.168.1.44). > > > > > > > > every computer except OCP (the DNS server) > is set up as > > > follows: > > > > preferred DNS: 192.168.1.44 (OCP) > > > > alternate DNS: 199.2.252.10 (Sprint) > > > > > > > > OCP (the DNS server) is set up as follows: > > > > preferred DNS: 199.2.252.10 (Sprint) > > > > alternate DNS: 60.something (another > internet DNS address) > > > > > > > > would you say that i have these configured > correctly? > > > > > > > > i also meant to say earlier that i am > getting the following > > > error in > > > > the event log on OCP > > > > > > > > Event Type: Error > > > > Event Source: NtFrs > > > > Event Category: None > > > > Event ID: 13555 > > > > Date: 1/24/2005 > > > > Time: 8:08:24 AM > > > > User: N/A > > > > Computer: OCP > > > > Description: > > > > The File Replication Service is in an error > state. > > > > > > > > lastly, here is a screenshot of DNS in MMC > on OCP. also, i > > > am using > > > > forwarders on OCP. > > > > > > > > http://sadchild.cjb.net/dns.jpg > > > > thank you very much. that seems to have been the problem. > i set > > OCP's preferred DNS to itself, and then OCP2 demoted itself > without > > problem! > > > > /tip CHall $10 > > > > i have another question. > > > > you can see in the screenshot below that even though OCP2 is > no longer > > in the Domain Controllers OU, it is still listed as a server > in 'sites > > and services'. i did notice that the 'NTDS settings' > > sub-......."thing" is no longer there under OCP2 anymore, > just under > > OCP. (sub-folder? sub-item? sub-setting?) > > > > my question is should i manually delete this, will it go > away on its > > own or should i let it stay there? > > > > http://home.comcast.net/~ingoldsby/ocp2lingers.jpg does anybody have any insight to my question right above my screenshot in my last post? "should i manually delete this, will it go away on its own or should i let it stay there?" also, someone else on a different forum asked the following question in the same thread i posted my original question: Is my problem the same??? Hi, I have a windows 2000 server which is a DC. I have set up an additional PC with Windows 2000 server. I have ran DCPROMO and made it an additional DC. I have also made it an additional global catalog. When I turn off the original DC server however and leave the additional DC pc on and try to access users and computers on the PC I get the following error message: Naming information cannot be located because: The specified domain either does not exist or could not be contacted. What can I do to allow me to access AD when the original DC is switched off Is this the same problem? Should I point the DNS on the additional server to point to itself? this is where that question was posted if anybody has an answer for this other person: http://www.techsupportforum.com/showthread.php?t=44342 |
|
||
|
|
||||
|
C Hall
Guest
Posts: n/a
|
See this article:
http://support.microsoft.com/Default.aspx?kbid=216364 > > > http://home.comcast.net/~ingoldsby/ocp2lingers.jpg > > does anybody have any insight to my question right above my screenshot > in my last post? "should i manually delete this, will it go away on > its own or should i let it stay there?" > > also, someone else on a different forum asked the following question > in the same thread i posted my original question: > > Is my problem the same??? It's a bit confusing to bring in another post....are you needing just the question above answered or do you have other issues? If you have a seperate issue than the one above, you would probably be best served to start a new thread. > Hi, > I have a windows 2000 server which is a DC. I have set up an > additional PC with Windows 2000 server. I have ran DCPROMO and made it > an additional DC. I have also made it an additional global catalog. > When I turn off the original DC server however and leave the > additional DC pc on and try to access users and computers on the PC I > get the following error message: > Naming information cannot be located because: The specified domain > either does not exist or could not be contacted. > What can I do to allow me to access AD when the original DC is > switched off > Is this the same problem? Should I point the DNS on the additional > server to point to itself? > > this is where that question was posted if anybody has an answer for > this other person: > http://www.techsupportforum.com/showthread.php?t=44342 |
|
||
|
|
||||
|
thecheat
Guest
Posts: n/a
|
"C Hall" wrote:
>See this article: >http://support.microsoft.com/Default.aspx?kbid=216364 > thank you, that cleared it all up for me. -- Posted using the http://www.windowsforumz.com interface, at author's request Articles individually checked for conformance to usenet standards Topic URL: http://www.windowsforumz.com/Active-...ict345598.html Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1091706 |
|
||
|
|
||||
|
C Hall
Guest
Posts: n/a
|
Glad that helped.
"thecheat" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)... > "C Hall" wrote: > >See this article: > >http://support.microsoft.com/Default.aspx?kbid=216364 > > > > thank you, that cleared it all up for me. > > -- > Posted using the http://www.windowsforumz.com interface, at author's request > Articles individually checked for conformance to usenet standards > Topic URL: http://www.windowsforumz.com/Active-...ict345598.html > Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1091706 |
|
||
|
|
||||
|
|
|
| |
|
| Thread Tools | |
| Rate This Thread | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Problem with SYSVOL replication after DCPROMO | Stefan 'Birdie' Vogel | Microsoft Windows 2000 Active Directory | 1 | 14th Jul 2006 08:58 AM |
| Dcpromo succeeds but replication fails | Tim Howell | Microsoft Windows 2000 Active Directory | 0 | 23rd Feb 2006 07:51 PM |
| dcpromo failed because file replication service won't start. | bonsett@gmail.com | Microsoft Windows 2000 Active Directory | 1 | 19th May 2005 05:44 AM |
| dcpromo: File replication service: Access is denied. | =?Utf-8?B?dGVzdA==?= | Microsoft Windows 2000 Advanced Server | 0 | 19th Apr 2005 04:52 AM |
| Replication- and dcpromo-problem after DC Disaster | Andreas Kirchner | Microsoft Windows 2000 Active Directory | 2 | 15th Dec 2003 01:21 AM |
Powered by vBulletin®. Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2010, Crawlability, Inc. |
