Cannot create child domain

[Guest]

While attempting to set up a child domain in s test lab, dcpromo is failing
with the error: "Owner role attribute cannot be read." This error occurs
during the replication of the Configuration container. The Directory
Services event log displays an error with event ID 1168 and source NTDS
General. The error code is 1073741823. I have attempted to perform this
operation from two different servers, first using the same child domain name,
and then using a new domain name, so the problem does not appear to be on the
new server, nor with the chosen domain name.

Any ideas? I really don't want to rebuild the entire forest.

 

[Ace Fekay [MVP]]

In

While attempting to set up a child domain in s test lab, dcpromo is
failing with the error: "Owner role attribute cannot be read." This
error occurs during the replication of the Configuration container.
The Directory Services event log displays an error with event ID 1168
and source NTDS General. The error code is 1073741823. I have
attempted to perform this operation from two different servers, first
using the same child domain name, and then using a new domain name,
so the problem does not appear to be on the new server, nor with the
chosen domain name.

Any ideas? I really don't want to rebuild the entire forest.

Haven't seen this one yet, but see if this helps out:

826927 - You receive the Replication operation encountered a database error
error message when you use dcpromo:
http://support.microsoft.com/?id=826927

You can also see more info on this here:
http://www.eventid.net/display.asp?eventid=1168&eventno=536&source=NTDS General&phase=1

Hope that helps!


--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[Guest]

Thanks, Ace, but I can see that this hotfix is not going to work for me. It
requires SP4, which we have not approved for our production environment due
to issues with in-house apps. I need the test lab to mirror our production
environment as closely as possible so I can test the migration to W2K3.

 

[Ace Fekay [MVP]]

In

Thanks, Ace, but I can see that this hotfix is not going to work for
me. It requires SP4, which we have not approved for our production
environment due to issues with in-house apps. I need the test lab to
mirror our production environment as closely as possible so I can
test the migration to W2K3.

Hmm, sad to hear that. Like I said, I haven't seen this problem before and
not sure of another workaround other than what the article states.

What exact problems are you getting with the app? Curious, what app is it?

If you go to W2k3, many of the hotfixes and they way SP4 works is in W2k3.


--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[Ace Fekay [MVP]]

In

We currently have a number of issues with Win2K3 and W2KSP4. We are
an online stock brokerage. Our internal stock trading platform has a
number of incompatibilities with SP4, with which I am not totally
familiar. The problem with moving to W2K3 is that the stock trading
app relies on MSMQ2, but is so far incompatible with MSMQ3 - our
developers are working to correct that now. It also works with .Net
Framework 1.0, but not yet with .Net Framework 1.1. Once these
issues are cleared up, we want to move to W2K3. The snag there is
that our root domain has a single-label DNS name, which is not
supported by W2K3. The idea is to first promote the DCs to W2K3,
then run the Domain Rename tool to add a .local to the root domain.
We have already added the UpdateTopLevelDomainZones registry value to
all the DCs in the forest to enable the upgrade to W2K3, and we have
one functioning W2K3 DC (out of 12). It is in preparation for this
operation that I am attempting to build a test lab that, as much as
possible, mirrors our production environment. Funny thing is - in
the test lab, I can create child domains of the root domain, but not
of existing child domains. Also, AD Sites and Services does not show
NTDS connections for all domain controllers, but only for a few. I
had the domain structure built at one time, but after we decided to
rebuild 2 DC2 on a blade server, things started going wrong.

Hi David, and thanks for getting back to me with an update. Well, it seems
you have multiple issues going on, and I guess the first on the front burner
is the app. As for the single label name, I have one word for that: "OUCH!".
THat is causing you most of the problems. Now I can only suggest, to
eliminate possible DNS lookup failures, is to point DNS from all machines to
the servers in the forest root. Then I would try to add a child domain under
that. But as you already saw, it can be very problematic. GPOs and DFS also
fails with single label names and there's really no way to force them to
work.

When you use the rename tool, there are considerations if you have Exchange
2003 installed, which you'll need to upgrade that and install SP1 on it
before you can rename it. Here's more info on the:

Windows Server 2003 Active Directory Domain Rename Tools
http://www.microsoft.com/windowsserver2003/downloads/domainrename.mspx

Good luck with everything!


--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.