DCPROMO FAILS, Numerous Event Log Errors

[Guest]

A newly added W2K server (a DC) appears to have partially failed when joining
the domain. The server has numerous errors in the event logs and does not
appear under DOMAIN CONTROLLERS in the AD. I tried running DCPROMO thinking I
would demote then rejoin the domain but DCPROMO fails. It would appear that
the server thinks it's a DC but AD does not recognize the server as a DC.

Any suggested solutions greatly appreciated. Thanks.
-----------------------------------------------------------------
EVENT LOG ERRORS:

APPLICATION: Windows cannot determine the user or computer name. Return
value (1326).

DIRECTORY SERVICES: Error 6(6) has occurred (Internal ID 3210760).

SYSTEM: The account-identifier allocator failed to initialize properly. The
record data contains the NT error code that caused the failure. Windows 2000
will retry the initialization until it succeeds; until that time, account
creation will be denied on this Domain Controller. Please look for other SAM
event logs that may indicate the exact reason for the failure.

AND

The redirector was unable to initialize security context or query context
attributes.

--------------------------------------------------------------------

 

[Jorge de Almeida Pinto]

It looks like that DC is trying to request a RID pool from the RID FSMO
master. Is the RID FSMO Master available to be able to distribute a new RID
pool to that DC?

To see which DCs host which FSMOs execute:
NETDOM QUERY FSMO

 

[Guest]

Yes, I see a positive response.

It looks like that DC is trying to request a RID pool from the RID FSMO
master. Is the RID FSMO Master available to be able to distribute a new RID
pool to that DC?

To see which DCs host which FSMOs execute:
NETDOM QUERY FSMO

 

[Jorge de Almeida Pinto]

I don't understand what you mean with: "Yes, I see a positive response"
Can you explain more?

 

[Paul Bergson]

Run diagnostics against your Active Directory domain.

If you don't have the tools installed, install them from your server install
disk.
d:\support\tools\setup.exe

Run dcdiag and netdiag in verbose mode.

If you download a gui script I wrote it should be simple to set and run. It
also has the option to run individual tests without having to learn all the
switch options.

The script is at http://pbbergs.dynu.com/windows/windows.htm, download it
and save it to c:\program files\support tools\

Just select both dcdiag and netdiag make sure verbose is set. (Leave the
default settings for dcdiag as set when selected)

When complete search for fail, error and warning messages.


--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Guest]

Here are the "failed" parts of the report from diagnostics;

It first fails on Global results, domain membership test. "Warning: This
system volume has not been completely replicated to the local machine. This
machine is not working properly as a DC". Next, it fails on the trust
relationship and kerboros test.

It appears that when first joining the domain as a DC something failed. I
tried to dcpromo so I could try to join again...but as previously stated I
can't demote as the server never fully joined.

Thoughts, appreciated.

 

[Paul Bergson]

try dcpromo /forceremoval

Then follow instructions on the link below then repromote
http://support.microsoft.com/?id=216498

This should take care of it.

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Guest]

Is FRS working on the good dc that you have available. Because it says during
dcpromo of the new DC...system volume has not replicated...I have a hunch
that FRS is in an error state on the good DC. Look at the FRS logs and check
that. If you have any, resolve the FRS issues first and then try a dcpromo up
of a new dc. For now, I believe you can promote down the new DC using dcpromo
/forceremoval or by flipping the LanmanNT to ServerNT and performing a
thorough metadata cleanup.

Shaibal,
Senior Support Engineer,
Microsoft Directory Services technical support group.

 

[Paul Bergson]

I don't see where in this thread the working dc is complaining about
replication. How did you determine this?

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.