DSA errors

[David]

I have a flat domain with 3 DC and they all have AD
intergraded DNS with forwarders to my ISP, and they all
are GCs.
One of my domain controllers was having hard drive
problems; I was able to transfer three FSMO roles, RID,
PDC, and infrastructure to another DC. Before I was able
to run dcpromo to make it a member server, the machine
crashed.
Rebuild the server with same name and I ran dcpromo and
made it a domain controller. The process finished okay,
however when I tried to create a new user account in the
domain I kept getting DSA errors, and unable to create new
users. I ran dcpromo again and made the box member server,
DSA errors went away no problems with creating new
accounts on other two domain controllers.
I left the box as member server removed DNS, and I tried
to use knowledge base Q216498 and went through several
articles and no luck.
When I run Metadata Cleanup now, the filed DC does not
show-up, only the two properly working DCs are listed.
When I use ntdsutil and adsiedit I do not seen any
information on the failed DC.
I was not able to find any instances of the crashed Domain
Controller as the above artical talks about.
PLEASE help if you have an idea..
Thanks...

 

[Guest]

David, if you are confident that ntdsutil and Adsiedit.msc do not show an
remnants of the DC and that is the case on both DCs you should be find to
repromote the box.
I can almost guarantee that the problem was that when you repromoted you
still had the existing computer account and DC info in AD.

 

[Guest]

Okay, now that the old box in back online as a member
server, if I dcpromo it, I still get DSA errors...What
should I do????

-----Original Message-----
David, if you are confident that ntdsutil and Adsiedit.msc do not show an
remnants of the DC and that is the case on both DCs you should be find to
repromote the box.
I can almost guarantee that the problem was that when you repromoted you
still had the existing computer account and DC info in AD.

--
James Brandt [MSFT]

I have a flat domain with 3 DC and they all have AD
intergraded DNS with forwarders to my ISP, and they all
are GCs.
One of my domain controllers was having hard drive
problems; I was able to transfer three FSMO roles, RID,
PDC, and infrastructure to another DC. Before I was able
to run dcpromo to make it a member server, the machine
crashed.
Rebuild the server with same name and I ran dcpromo and
made it a domain controller. The process finished okay,
however when I tried to create a new user account in the
domain I kept getting DSA errors, and unable to create new
users. I ran dcpromo again and made the box member server,
DSA errors went away no problems with creating new
accounts on other two domain controllers.
I left the box as member server removed DNS, and I tried
to use knowledge base Q216498 and went through several
articles and no luck.
When I run Metadata Cleanup now, the filed DC does not
show-up, only the two properly working DCs are listed.
When I use ntdsutil and adsiedit I do not seen any
information on the failed DC.
I was not able to find any instances of the crashed Domain
Controller as the above artical talks about.
PLEASE help if you have an idea..
Thanks...

.

 

[Guest]

What is the exact error that you are receiving?
What are you doing to get the error?
Does replication occur properly between the other 2 DCs?


--
James Brandt [MSFT]

Okay, now that the old box in back online as a member
server, if I dcpromo it, I still get DSA errors...What
should I do????

-----Original Message-----
David, if you are confident that ntdsutil and Adsiedit.msc do not show an
remnants of the DC and that is the case on both DCs you should be find to
repromote the box.
I can almost guarantee that the problem was that when you repromoted you
still had the existing computer account and DC info in AD.

--
James Brandt [MSFT]

I have a flat domain with 3 DC and they all have AD
intergraded DNS with forwarders to my ISP, and they all
are GCs.
One of my domain controllers was having hard drive
problems; I was able to transfer three FSMO roles, RID,
PDC, and infrastructure to another DC. Before I was able
to run dcpromo to make it a member server, the machine
crashed.
Rebuild the server with same name and I ran dcpromo and
made it a domain controller. The process finished okay,
however when I tried to create a new user account in the
domain I kept getting DSA errors, and unable to create new
users. I ran dcpromo again and made the box member server,
DSA errors went away no problems with creating new
accounts on other two domain controllers.
I left the box as member server removed DNS, and I tried
to use knowledge base Q216498 and went through several
articles and no luck.
When I run Metadata Cleanup now, the filed DC does not
show-up, only the two properly working DCs are listed.
When I use ntdsutil and adsiedit I do not seen any
information on the failed DC.
I was not able to find any instances of the crashed Domain
Controller as the above artical talks about.
PLEASE help if you have an idea..
Thanks...

.

 

[Cary Shultz [A.D. MVP]]

Just to fill in on James' post a little bit.

Please take a look at the following MSKB Article to help you troubleshoot
intrasite replication:

http://support.microsoft.com/?id=249256

There might be some useful information in this Article.

HTH,

Cary

What is the exact error that you are receiving?
What are you doing to get the error?
Does replication occur properly between the other 2 DCs?


--
James Brandt [MSFT]

Okay, now that the old box in back online as a member
server, if I dcpromo it, I still get DSA errors...What
should I do????

-----Original Message-----
David, if you are confident that ntdsutil and Adsiedit.msc do not show an
remnants of the DC and that is the case on both DCs you should be find to
repromote the box.
I can almost guarantee that the problem was that when you repromoted you
still had the existing computer account and DC info in AD.

--
James Brandt [MSFT]


I have a flat domain with 3 DC and they all have AD
intergraded DNS with forwarders to my ISP, and they all
are GCs.
One of my domain controllers was having hard drive
problems; I was able to transfer three FSMO roles, RID,
PDC, and infrastructure to another DC. Before I was able
to run dcpromo to make it a member server, the machine
crashed.
Rebuild the server with same name and I ran dcpromo and
made it a domain controller. The process finished okay,
however when I tried to create a new user account in the
domain I kept getting DSA errors, and unable to create new
users. I ran dcpromo again and made the box member server,
DSA errors went away no problems with creating new
accounts on other two domain controllers.
I left the box as member server removed DNS, and I tried
to use knowledge base Q216498 and went through several
articles and no luck.
When I run Metadata Cleanup now, the filed DC does not
show-up, only the two properly working DCs are listed.
When I use ntdsutil and adsiedit I do not seen any
information on the failed DC.
I was not able to find any instances of the crashed Domain
Controller as the above artical talks about.
PLEASE help if you have an idea..
Thanks...



.

 

[Guest]

Thanks Cary, maybe I misread the issue but I was under the impression the
DSA error occured during the creation of the user.
David the exact error and when you are seeing that will be extremly helpful.

--
James Brandt [MSFT]

Just to fill in on James' post a little bit.

Please take a look at the following MSKB Article to help you troubleshoot
intrasite replication:

http://support.microsoft.com/?id=249256

There might be some useful information in this Article.

HTH,

Cary

What is the exact error that you are receiving?
What are you doing to get the error?
Does replication occur properly between the other 2 DCs?


--
James Brandt [MSFT]

Okay, now that the old box in back online as a member
server, if I dcpromo it, I still get DSA errors...What
should I do????
-----Original Message-----
David, if you are confident that ntdsutil and
Adsiedit.msc do not show an
remnants of the DC and that is the case on both DCs you
should be find to
repromote the box.
I can almost guarantee that the problem was that when you
repromoted you
still had the existing computer account and DC info in AD.

--
James Brandt [MSFT]


message
I have a flat domain with 3 DC and they all have AD
intergraded DNS with forwarders to my ISP, and they all
are GCs.
One of my domain controllers was having hard drive
problems; I was able to transfer three FSMO roles, RID,
PDC, and infrastructure to another DC. Before I was able
to run dcpromo to make it a member server, the machine
crashed.
Rebuild the server with same name and I ran dcpromo and
made it a domain controller. The process finished okay,
however when I tried to create a new user account in the
domain I kept getting DSA errors, and unable to create
new
users. I ran dcpromo again and made the box member
server,
DSA errors went away no problems with creating new
accounts on other two domain controllers.
I left the box as member server removed DNS, and I tried
to use knowledge base Q216498 and went through several
articles and no luck.
When I run Metadata Cleanup now, the filed DC does not
show-up, only the two properly working DCs are listed.
When I use ntdsutil and adsiedit I do not seen any
information on the failed DC.
I was not able to find any instances of the crashed
Domain
Controller as the above artical talks about.
PLEASE help if you have an idea..
Thanks...



.

 

[Cary Shultz [A.D. MVP]]

James,

I think that you are correct. I was simply supplying a link for him to be
able to troubleshoot the intrasite replication so that he could answer your
question about the replication between the other two DCs.

Should have been more clear originally.....

Thank you for catching this and questioning it so I could clarify.

Cary

Thanks Cary, maybe I misread the issue but I was under the impression the
DSA error occured during the creation of the user.
David the exact error and when you are seeing that will be extremly helpful.

--
James Brandt [MSFT]

Just to fill in on James' post a little bit.

Please take a look at the following MSKB Article to help you troubleshoot
intrasite replication:

http://support.microsoft.com/?id=249256

There might be some useful information in this Article.

HTH,

Cary

What is the exact error that you are receiving?
What are you doing to get the error?
Does replication occur properly between the other 2 DCs?


--
James Brandt [MSFT]


Okay, now that the old box in back online as a member
server, if I dcpromo it, I still get DSA errors...What
should I do????
-----Original Message-----
David, if you are confident that ntdsutil and
Adsiedit.msc do not show an
remnants of the DC and that is the case on both DCs you
should be find to
repromote the box.
I can almost guarantee that the problem was that when you
repromoted you
still had the existing computer account and DC info in AD.

--
James Brandt [MSFT]


message
I have a flat domain with 3 DC and they all have AD
intergraded DNS with forwarders to my ISP, and they all
are GCs.
One of my domain controllers was having hard drive
problems; I was able to transfer three FSMO roles, RID,
PDC, and infrastructure to another DC. Before I was able
to run dcpromo to make it a member server, the machine
crashed.
Rebuild the server with same name and I ran dcpromo and
made it a domain controller. The process finished okay,
however when I tried to create a new user account in the
domain I kept getting DSA errors, and unable to create
new
users. I ran dcpromo again and made the box member
server,
DSA errors went away no problems with creating new
accounts on other two domain controllers.
I left the box as member server removed DNS, and I tried
to use knowledge base Q216498 and went through several
articles and no luck.
When I run Metadata Cleanup now, the filed DC does not
show-up, only the two properly working DCs are listed.
When I use ntdsutil and adsiedit I do not seen any
information on the failed DC.
I was not able to find any instances of the crashed
Domain
Controller as the above artical talks about.
PLEASE help if you have an idea..
Thanks...



.