FSMO (Domain Naming and Schema owner)

[Guest]

I have one domain that consists of two DC's (Server1, Server2) the server1
has the FSMO roles of PDC,RID,Infrastructure. Server2 has the FSMO role of
Schema and Domain Naming and also configured as the GC for the domain.
Everyting was working fine until we decided to upgrade our Exchange server
2000 (Different server from DC's) to Exchange 2003 and Windows 2003 on a new
server. The miscrorsoft recomendations is to run adprep /forestprep, adprep
/domainprep from the windows 2003 cd on our windows 2000 server that holds
our Schema (Server2) and then setup /forestprep and setup /domainprep from
the Exchange CD. When we try the first step (adprep /forestprep) we get an
error: Failed to transfer the schema FSMO role: 52 (Unavailable). I used the
dcdiag tool to check the 5 roles and I get these results:

DC Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial non skippeable tests

Testing server: Default-First-Site-Name\server2
Starting test: Connectivity
......................... server2 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\server2
Starting test: Replications
......................... server2 passed test Replications
Starting test: NCSecDesc
......................... server2 passed test NCSecDesc
Starting test: NetLogons
......................... server2 passed test NetLogons
Starting test: Advertising
......................... server2 passed test Advertising
Starting test: KnowsOfRoleHolders
Warning: CN="NTDS Settings
DEL:d5137273-c5be-4a1eb9e1959ee1839cb9",CN=server2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mdxware,DC=com
is the Schema Owner, but is deleted.
Warning: CN="NTDS Settings
DEL:d5137273-c5be-4a1eb9e1959ee1839cb9",CN=server2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mdxware,DC=com
is the Domain Owner, but is deleted.
......................... server2 failed test KnowsOfRoleHolders
Starting test: RidManager
......................... server2 passed test RidManager
Starting test: MachineAccount
......................... server2 passed test MachineAccount
Starting test: Services
......................... server2 passed test Services
Starting test: ObjectsReplicated
......................... server2 passed test ObjectsReplicated
Starting test: frssysvol
......................... server2 passed test frssysvol
Starting test: kccevent
......................... server2 passed test kccevent
Starting test: systemlog
......................... server2 passed test systemlog

Running enterprise tests on : mdxware.com
Starting test: Intersite
......................... mdxware.com passed test Intersite
Starting test: FsmoCheck
......................... mdxware.com passed test FsmoCheck




I also checked the FSMO roles using the ntdutil.exe

Server "server2" knows about 5 roles
Schema - CN="NTDS Settings
DEL:d5137273-c5be-4a1e-b9e1-959ee1839cb9",CN=server2,CN=Servers,CN=Default-Fir
st-Site-Name,CN=Sites,CN=Configuration,DC=mdxware,DC=com
Domain - CN="NTDS Settings
DEL:d5137273-c5be-4a1e-b9e1-959ee1839cb9",CN=server2,CN=Servers,CN=Default-Fir
st-Site-Name,CN=Sites,CN=Configuration,DC=mdxware,DC=com
PDC - CN=NTDS Settings,CN=server1,CN=Servers,CN=Default-First-Site-Name,CN=Sit
es,CN=Configuration,DC=mdxware,DC=com
RID - CN=NTDS Settings,CN=server1,CN=Servers,CN=Default-First-Site-Name,CN=Sit
es,CN=Configuration,DC=mdxware,DC=com
Infrastructure - CN=NTDS Settings,CN=server1,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=mdxware,DC=com



How can I solve this problem without removing the server2 from the Domain.
server2 is also responsible for the Terminal services Licensing (120 users).
I already tried to tranfer the roles by using the Gui and also the ntdutil
tool with no luck it says that it can't contact the schema master.

Any help will be most appreciated.

 

[Ace Fekay [MVP]]

In

I have one domain that consists of two DC's (Server1, Server2) the
server1
has the FSMO roles of PDC,RID,Infrastructure. Server2 has the FSMO
role of Schema and Domain Naming and also configured as the GC for
the domain. Everyting was working fine until we decided to upgrade
our Exchange server 2000 (Different server from DC's) to Exchange
2003 and Windows 2003 on a new server. The miscrorsoft
recomendations is to run adprep /forestprep, adprep /domainprep from
the windows 2003 cd on our windows 2000 server that holds our Schema
(Server2) and then setup /forestprep and setup /domainprep from the
Exchange CD. When we try the first step (adprep /forestprep) we get
an error: Failed to transfer the schema FSMO role: 52 (Unavailable).
I used the dcdiag tool to check the 5 roles and I get these results:

DC Diagnosis

How can I solve this problem without removing the server2 from the
Domain. server2 is also responsible for the Terminal services
Licensing (120 users). I already tried to tranfer the roles by using
the Gui and also the ntdutil tool with no luck it says that it can't
contact the schema master.

Any help will be most appreciated.

See if these links help out in understanding what caused this and fix it:

Initial synchronization requirements for Windows 2000 Server and Windows
Server 2003 operations master role holders:
http://support.microsoft.com/default.aspx?scid=kb;en-us;305476

MSFN -> Failed to transfer the schema FSMO role ?
http://www.msfn.org/board/index.php?act=ST&f=35&t=21540

A tale of a forest and some missing mangled objects:
http://h0bbel.p0ggel.org/item/a-tale-of-a-forest-and-some-missing-mangled-objects/

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

If this post is viewed at a non-Microsoft community website, and you were to
respond to it through that community's website, I may not see your reply
unless that website posts replies back to the original Microsoft forum.
Therefore, please direct all replies ONLY to the Microsoft public newsgroup
this thread originated in so all can benefit or ensure the web community
posts it back to the original forum.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Microsot Certified Trainer
Infinite Diversities in Infinite Combinations.
=================================

 

[Guest]

Thanks Ace,

I tried to seize the roles of server2 to itself and at the begining there
was errors but now the ntdsutil shows no errors and my schema and domain name
is now assigned to the server without the DEL: error. So I will be trying to
run the adprep /forestprep to add my first 2003 server to the domain. I'll
post back to this forum once I get this to work.

Again thanks for those links.

 

[Ace Fekay [MVP]]

In

Thanks Ace,

I tried to seize the roles of server2 to itself and at the begining
there was errors but now the ntdsutil shows no errors and my schema
and domain name is now assigned to the server without the DEL: error.
So I will be trying to run the adprep /forestprep to add my first
2003 server to the domain. I'll post back to this forum once I get
this to work.

Again thanks for those links.

You are welcome Carlos. I'm glad they were helpful. Looking forward to your
results.

Ace

 

[Jorge_de_Almeida_Pinto]

I have one domain that consists of two DC's (Server1, Server2)
the server1
has the FSMO roles of PDC,RID,Infrastructure. Server2 has the
FSMO role of
Schema and Domain Naming and also configured as the GC for the
domain.
Everyting was working fine until we decided to upgrade our
Exchange server
2000 (Different server from DC's) to Exchange 2003 and Windows
2003 on a new
server. The miscrorsoft recomendations is to run adprep
/forestprep, adprep
/domainprep from the windows 2003 cd on our windows 2000
server that holds
our Schema (Server2) and then setup /forestprep and setup
/domainprep from
the Exchange CD. When we try the first step (adprep
/forestprep) we get an
error: Failed to transfer the schema FSMO role: 52
(Unavailable). I used the
dcdiag tool to check the 5 roles and I get these results:

DC Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial non skippeable tests

Testing server: Default-First-Site-Nameserver2
Starting test: Connectivity
......................... server2 passed test
Connectivity

Doing primary tests

Testing server: Default-First-Site-Nameserver2
Starting test: Replications
......................... server2 passed test
Replications
Starting test: NCSecDesc
......................... server2 passed test
NCSecDesc
Starting test: NetLogons
......................... server2 passed test
NetLogons
Starting test: Advertising
......................... server2 passed test
Advertising
Starting test: KnowsOfRoleHolders
Warning: CN="NTDS Settings
DEL:d5137273-c5be-4a1eb9e1959ee1839cb9",CN=server2,CN=Servers,
CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mdxwar
e,DC=com

is the Schema Owner, but is deleted.
Warning: CN="NTDS Settings
DEL:d5137273-c5be-4a1eb9e1959ee1839cb9",CN=server2,CN=Servers,
CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mdxwar
e,DC=com

is the Domain Owner, but is deleted.
......................... server2 failed test
KnowsOfRoleHolders
Starting test: RidManager
......................... server2 passed test
RidManager
Starting test: MachineAccount
......................... server2 passed test
MachineAccount
Starting test: Services
......................... server2 passed test
Services
Starting test: ObjectsReplicated
......................... server2 passed test
ObjectsReplicated
Starting test: frssysvol
......................... server2 passed test
frssysvol
Starting test: kccevent
......................... server2 passed test
kccevent
Starting test: systemlog
......................... server2 passed test
systemlog

Running enterprise tests on : mdxware.com
Starting test: Intersite
......................... mdxware.com passed test
Intersite
Starting test: FsmoCheck
......................... mdxware.com passed test
FsmoCheck




I also checked the FSMO roles using the ntdutil.exe

Server "server2" knows about 5 roles
Schema - CN="NTDS Settings
DEL:d5137273-c5be-4a1e-b9e1-959ee1839cb9",CN=server2,CN=Server
s,CN=Default-Fir
st-Site-Name,CN=Sites,CN=Configuration,DC=mdxware,DC=com
Domain - CN="NTDS Settings
DEL:d5137273-c5be-4a1e-b9e1-959ee1839cb9",CN=server2,CN=Server
s,CN=Default-Fir
st-Site-Name,CN=Sites,CN=Configuration,DC=mdxware,DC=com
PDC - CN=NTDS
Settings,CN=server1,CN=Servers,CN=Default-First-Site-Name,CN=S
it
es,CN=Configuration,DC=mdxware,DC=com
RID - CN=NTDS
Settings,CN=server1,CN=Servers,CN=Default-First-Site-Name,CN=S
it
es,CN=Configuration,DC=mdxware,DC=com
Infrastructure - CN=NTDS
Settings,CN=server1,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=mdxware,DC=com



How can I solve this problem without removing the server2 from
the Domain.
server2 is also responsible for the Terminal services
Licensing (120 users).
I already tried to tranfer the roles by using the Gui and also
the ntdutil
tool with no luck it says that it can't contact the schema
master.

Any help will be most appreciated.

Is it true if I say:
* Server2 was holding some FSMO roles in the past
* It crashed
* You cleaned the metadata
* Reinstalled a new DC with the same name (server2)

But did not seize the FSMO roles to another DC before/after cleaning
the metadata of the crashed DC?

If that is true you need to seize the schema master.

See:
http://www.petri.co.il/transferring_fsmo_roles.htm
http://www.petri.co.il/seizing_fsmo_roles.htm
http://support.microsoft.com/default.aspx?scid=kb;en-us;255690
http://support.microsoft.com/kb/255504