FSMO issues

[jjohnson]

We recently tried to install a new domain controller to replace our
old one. The new domain controller is running windows server 2003. I
ran dcpromo on the new controller and made it an additional domain
controller, I then made it seize all FSMO roles. The sad part is is I
ran DCPROMO to demote the old domain controller before everythign
replicated through. Therefore, because everything is out of sync we
ran directory services restore, and restored it to the pre new dc
state. However, because the exchange 2000 box is also a domain
controller the records been somewhat mangled in replication to the
point that the current FSMO role holder which is the old domain
controller does not realize it itself is the FSMO holder. I also went
in DNS and replaced all of the records that had the new DC as the FSMO
to the old one. The new domain controller is totally out of the
picture, until I get this fixed. The bottom line is this is what I get
when I run DCDIAG on my FSMO role holder.

Results:

Doing initial required tests

Testing server: KoyoCorp\KCUOBGENT01
Starting test: Connectivity
......................... KCUOBGENT01 passed test
Connectivity

Doing primary tests

Testing server: KoyoCorp\KCUOBGENT01
Starting test: Replications
......................... KCUOBGENT01 passed test
Replications
Starting test: NCSecDesc
......................... KCUOBGENT01 passed test NCSecDesc
Starting test: NetLogons
......................... KCUOBGENT01 passed test NetLogons
Starting test: Advertising
......................... KCUOBGENT01 passed test Advertising
Starting test: KnowsOfRoleHolders
Warning: CN="NTDS Settings
DEL:fbeae0d9-5525-4fdd-9212-e9636c29e338",CN="KCUOBGDC01
DEL:9a02a90f-732f-41f3-beff-
f78d84df550e",CN=Servers,CN=KoyoCorp,CN=Sites,CN=Con
figuration,DC=koyocorp,DC=com is the Schema Owner, but is deleted.
Warning: CN="NTDS Settings
DEL:fbeae0d9-5525-4fdd-9212-e9636c29e338",CN="KCUOBGDC01
DEL:9a02a90f-732f-41f3-beff-
f78d84df550e",CN=Servers,CN=KoyoCorp,CN=Sites,CN=Con
figuration,DC=koyocorp,DC=com is the Domain Owner, but is deleted.
......................... KCUOBGENT01 failed test
KnowsOfRoleHolders
Starting test: RidManager
No rids allocated -- please check eventlog.
......................... KCUOBGENT01 passed test RidManager
Starting test: MachineAccount
......................... KCUOBGENT01 passed test
MachineAccount
Starting test: Services
......................... KCUOBGENT01 passed test Services
Starting test: ObjectsReplicated
......................... KCUOBGENT01 passed test
ObjectsReplicated
Starting test: frssysvol
......................... KCUOBGENT01 passed test frssysvol
Starting test: kccevent
......................... KCUOBGENT01 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x0000410A
Time Generated: 05/28/2008 09:23:29
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000410A
Time Generated: 05/28/2008 09:54:29
(Event String could not be retrieved)
......................... KCUOBGENT01 failed test systemlog

Running enterprise tests on : koyocorp.com
Starting test: Intersite
......................... koyocorp.com passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
......................... koyocorp.com failed test FsmoCheck

Also, I seen on other threads with similar issues, I should seize the
role, however I get a error when I try to seize the role
(LsaOpenPolicy error 0x6ba(The RPC server is unavailable.)

Everything is working, as far as users logging on, and basic group
policy. However, I cannot change any group policies such as password
complexity, lockout settings, and PDC type settings because these are
specific to the FSMO holder, and it is currently only letting me
access the policies on the mail server.

Anyone know where I can start to get on the road to fixing this
problem I have gotten myself into?

Thanks in advance,

Jonathan Johnson

 

[Meinolf Weber]

Hello (e-mail address removed),

I would do it this way:

Start with a backup of all important user DATA from all machines, including
exchange databases.

If you have really seized the FSMO roles and not moved them, forget the old
DC. If you have seized FSMO roles, NEVER connect the old FSMO machine back
to the domain. Disconnect it and also the new installed DC.

You said you have a second older dc, which also is Exchange. Is it also DNS
server? What kind of zones do you have, AD integrated?
I would seize the FSMO roles to this one and make it GC.

Then make a metadata cleanup to remove all old entries from the two "broken"
DC's according to this: http://support.microsoft.com/kb/216498

The run dcdiag /v, netdiag /v and check for errors. If yes post the complete
output here and also the errors from the event viewer.

If everything is fine you can REINSTALL from scratch the 2003 machine and
add it as an additional DC to the domain, make it DNS server and Global catalog
server.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

 

[Jonathan Johnson]

Hello (e-mail address removed),

I would do it this way:

Start with a backup of all important user DATA from all machines, including
exchange databases.

If you have really seized the FSMO roles and not moved them, forget the old
DC. If you have seized FSMO roles, NEVER connect the old FSMO machine back
to the domain. Disconnect it and also the new installed DC.

You said you have a second older dc, which also is Exchange. Is it also DNS
server? What kind of zones do you have, AD integrated?
I would seize the FSMO roles to this one and make it GC.

Then make a metadata cleanup to remove all old entries from the two "broken"
DC's according to this:  http://support.microsoft.com/kb/216498

The run dcdiag /v, netdiag /v and check for errors. If yes post the complete
output here and also the errors from the event viewer.

If everything is fine you can REINSTALL from scratch the 2003 machine and
add it as an additional DC to the domain, make it DNS server and Global catalog
server.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!http://www.blakjak.demon.co.uk/mul_crss.htm










- Show quoted text -

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\Administrator>dcdiag /v

Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine kcuobgent01, is a DC.
* Connecting to directory service on server kcuobgent01.
* Collecting site info.
* Identifying all servers.
* Found 4 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial required tests

Testing server: KoyoCorp\KCUOBGENT01
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... KCUOBGENT01 passed test
Connectivity

Doing primary tests

Testing server: KoyoCorp\KCUOBGENT01
Starting test: Replications
* Replications Check
......................... KCUOBGENT01 passed test
Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=koyocorp,DC=com
* Security Permissions Check for
CN=Configuration,DC=koyocorp,DC=com
* Security Permissions Check for
DC=koyocorp,DC=com
......................... KCUOBGENT01 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... KCUOBGENT01 passed test NetLogons
Starting test: Advertising
The DC KCUOBGENT01 is advertising itself as a DC and having a
DS.
The DC KCUOBGENT01 is advertising as an LDAP server
The DC KCUOBGENT01 is advertising as having a writeable
directory
The DC KCUOBGENT01 is advertising as a Key Distribution
Center
The DC KCUOBGENT01 is advertising as a time server
The DS KCUOBGENT01 is advertising as a GC.
......................... KCUOBGENT01 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN="NTDS Settings
DEL:fbeae0d9-5525-4fdd-9212-e9636c29e338",CN="KCUOBGDC01
DEL:9a02a90f-732f-41f3-beff-
f78d84df550e",CN=Servers,CN=KoyoCorp,CN=Sites,CN=Con
figuration,DC=koyocorp,DC=com
Warning: CN="NTDS Settings
DEL:fbeae0d9-5525-4fdd-9212-e9636c29e338",CN="KCUOBGDC01
DEL:9a02a90f-732f-41f3-beff-
f78d84df550e",CN=Servers,CN=KoyoCorp,CN=Sites,CN=Con
figuration,DC=koyocorp,DC=com is the Schema Owner, but is deleted.
Role Domain Owner = CN="NTDS Settings
DEL:fbeae0d9-5525-4fdd-9212-e9636c29e338",CN="KCUOBGDC01
DEL:9a02a90f-732f-41f3-beff-
f78d84df550e",CN=Servers,CN=KoyoCorp,CN=Sites,CN=Con
figuration,DC=koyocorp,DC=com
Warning: CN="NTDS Settings
DEL:fbeae0d9-5525-4fdd-9212-e9636c29e338",CN="KCUOBGDC01
DEL:9a02a90f-732f-41f3-beff-
f78d84df550e",CN=Servers,CN=KoyoCorp,CN=Sites,CN=Con
figuration,DC=koyocorp,DC=com is the Domain Owner, but is deleted.
Role PDC Owner = CN=NTDS
Settings,CN=KCUOBGENT01,CN=Servers,CN=KoyoCorp
,CN=Sites,CN=Configuration,DC=koyocorp,DC=com
Role Rid Owner = CN=NTDS
Settings,CN=KCUOBGENT01,CN=Servers,CN=KoyoCorp
,CN=Sites,CN=Configuration,DC=koyocorp,DC=com
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=KCUOBGENT01,CN=S
ervers,CN=KoyoCorp,CN=Sites,CN=Configuration,DC=koyocorp,DC=com
......................... KCUOBGENT01 failed test
KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 9752 to 1073741823
* kcuobgent01.koyocorp.com is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 9252 to 9751
No rids allocated -- please check eventlog.
......................... KCUOBGENT01 passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/kcuobgent01.koyocorp.com/koyocorp.com
* SPN found :LDAP/kcuobgent01.koyocorp.com
* SPN found :LDAP/KCUOBGENT01
* SPN found :LDAP/kcuobgent01.koyocorp.com/ORANGEBURG
* SPN found :LDAP/c67cd3cf-c922-4283-865f-
dc2e0fb21b69._msdcs.koyocorp.
com
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/c67cd3cf-
c922-4283-86
5f-dc2e0fb21b69/koyocorp.com
* SPN found :HOST/kcuobgent01.koyocorp.com/koyocorp.com
* SPN found :HOST/kcuobgent01.koyocorp.com
* SPN found :HOST/KCUOBGENT01
* SPN found :HOST/kcuobgent01.koyocorp.com/ORANGEBURG
* SPN found :GC/kcuobgent01.koyocorp.com/koyocorp.com
......................... KCUOBGENT01 passed test
MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: RPCLOCATOR
* Checking Service: w32time
* Checking Service: TrkWks
* Checking Service: TrkSvr
* Checking Service: NETLOGON
......................... KCUOBGENT01 passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
KCUOBGENT01 is in domain DC=koyocorp,DC=com
Checking for CN=KCUOBGENT01,OU=Domain
Controllers,DC=koyocorp,DC=com in
domain DC=koyocorp,DC=com on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings\
CNF:c67cd3cf-c922-4283-865f-
dc2e0fb21b69,CN=KCUOBGENT01,CN=Servers,CN=KoyoCorp,C
N=Sites,CN=Configuration,DC=koyocorp,DC=com in domain
CN=Configuration,DC=koyoco
rp,DC=com on 1 servers
Object is up-to-date on all servers.
......................... KCUOBGENT01 passed test
ObjectsReplicated
Starting test: frssysvol
* The File Replication Service Event log test
The SYSVOL has been shared, and the AD is no longer
prevented from starting by the File Replication Service.
......................... KCUOBGENT01 passed test frssysvol
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the
last 15 minut
es.
......................... KCUOBGENT01 passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x0000410A
Time Generated: 05/28/2008 10:56:28
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000165B
Time Generated: 05/28/2008 11:15:49
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000169E
Time Generated: 05/28/2008 11:27:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000410A
Time Generated: 05/28/2008 11:27:28
(Event String could not be retrieved)
......................... KCUOBGENT01 failed test systemlog

Running enterprise tests on : koyocorp.com
Starting test: Intersite
Skipping site KoyoCorp, this site is outside the scope
provided by the
command line arguments provided.
Skipping site Koyosc, this site is outside the scope provided
by the
command line arguments provided.
......................... koyocorp.com passed test Intersite
Starting test: FsmoCheck
GC Name: \\kcuobgent01.koyocorp.com
Locator Flags: 0xe00001fc
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Time Server Name: \\kcuobgent01.koyocorp.com
Locator Flags: 0xe00001fc
Preferred Time Server Name: \\kcuobgent01.koyocorp.com
Locator Flags: 0xe00001fc
KDC Name: \\kcuobgent01.koyocorp.com
Locator Flags: 0xe00001fc
......................... koyocorp.com failed test FsmoCheck

For some reason it is cutting off netdiag's output, is there a option
to dump it to a text file?

Thanks again in advance!

Jonathan

 

[Meinolf Weber]

Hello Jonathan,

I don't meant to post the netdiag output now. I was talking about ALL steps
before are done and then hopefully you get the DC/Exchange box up and running.
If you have errors after this steps then post the output here. Now you must
have ofcourse errors.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Hello (e-mail address removed),

I would do it this way:

Start with a backup of all important user DATA from all machines,
including exchange databases.

If you have really seized the FSMO roles and not moved them, forget
the old DC. If you have seized FSMO roles, NEVER connect the old FSMO
machine back to the domain. Disconnect it and also the new installed
DC.

You said you have a second older dc, which also is Exchange. Is it
also DNS
server? What kind of zones do you have, AD integrated?
I would seize the FSMO roles to this one and make it GC.
Then make a metadata cleanup to remove all old entries from the two
"broken" DC's according to this:
http://support.microsoft.com/kb/216498

The run dcdiag /v, netdiag /v and check for errors. If yes post the
complete output here and also the errors from the event viewer.

If everything is fine you can REINSTALL from scratch the 2003 machine
and
add it as an additional DC to the domain, make it DNS server and
Global catalog
server.
Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!http://www.blakjak.demon.co.uk/mul_crss.htm
- Show quoted text -

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:\Documents and Settings\Administrator>dcdiag /v

Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine kcuobgent01, is a DC.
* Connecting to directory service on server kcuobgent01.
* Collecting site info.
* Identifying all servers.
* Found 4 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests

Testing server: KoyoCorp\KCUOBGENT01
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... KCUOBGENT01 passed test
Connectivity
Doing primary tests

Testing server: KoyoCorp\KCUOBGENT01
Starting test: Replications
* Replications Check
......................... KCUOBGENT01 passed test
Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=koyocorp,DC=com
* Security Permissions Check for
CN=Configuration,DC=koyocorp,DC=com
* Security Permissions Check for
DC=koyocorp,DC=com
......................... KCUOBGENT01 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... KCUOBGENT01 passed test NetLogons
Starting test: Advertising
The DC KCUOBGENT01 is advertising itself as a DC and having a
DS.
The DC KCUOBGENT01 is advertising as an LDAP server
The DC KCUOBGENT01 is advertising as having a writeable
directory
The DC KCUOBGENT01 is advertising as a Key Distribution
Center
The DC KCUOBGENT01 is advertising as a time server
The DS KCUOBGENT01 is advertising as a GC.
......................... KCUOBGENT01 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN="NTDS Settings
DEL:fbeae0d9-5525-4fdd-9212-e9636c29e338",CN="KCUOBGDC01
DEL:9a02a90f-732f-41f3-beff-
f78d84df550e",CN=Servers,CN=KoyoCorp,CN=Sites,CN=Con
figuration,DC=koyocorp,DC=com
Warning: CN="NTDS Settings
DEL:fbeae0d9-5525-4fdd-9212-e9636c29e338",CN="KCUOBGDC01
DEL:9a02a90f-732f-41f3-beff-
f78d84df550e",CN=Servers,CN=KoyoCorp,CN=Sites,CN=Con
figuration,DC=koyocorp,DC=com is the Schema Owner, but is deleted.
Role Domain Owner = CN="NTDS Settings
DEL:fbeae0d9-5525-4fdd-9212-e9636c29e338",CN="KCUOBGDC01
DEL:9a02a90f-732f-41f3-beff-
f78d84df550e",CN=Servers,CN=KoyoCorp,CN=Sites,CN=Con
figuration,DC=koyocorp,DC=com
Warning: CN="NTDS Settings
DEL:fbeae0d9-5525-4fdd-9212-e9636c29e338",CN="KCUOBGDC01
DEL:9a02a90f-732f-41f3-beff-
f78d84df550e",CN=Servers,CN=KoyoCorp,CN=Sites,CN=Con
figuration,DC=koyocorp,DC=com is the Domain Owner, but is deleted.
Role PDC Owner = CN=NTDS
Settings,CN=KCUOBGENT01,CN=Servers,CN=KoyoCorp
,CN=Sites,CN=Configuration,DC=koyocorp,DC=com
Role Rid Owner = CN=NTDS
Settings,CN=KCUOBGENT01,CN=Servers,CN=KoyoCorp
,CN=Sites,CN=Configuration,DC=koyocorp,DC=com
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=KCUOBGENT01,CN=S
ervers,CN=KoyoCorp,CN=Sites,CN=Configuration,DC=koyocorp,DC=com
......................... KCUOBGENT01 failed test
KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 9752 to 1073741823
* kcuobgent01.koyocorp.com is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 9252 to 9751
No rids allocated -- please check eventlog.
......................... KCUOBGENT01 passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/kcuobgent01.koyocorp.com/koyocorp.com
* SPN found :LDAP/kcuobgent01.koyocorp.com
* SPN found :LDAP/KCUOBGENT01
* SPN found :LDAP/kcuobgent01.koyocorp.com/ORANGEBURG
* SPN found :LDAP/c67cd3cf-c922-4283-865f-
dc2e0fb21b69._msdcs.koyocorp.
com
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/c67cd3cf-
c922-4283-86
5f-dc2e0fb21b69/koyocorp.com
* SPN found :HOST/kcuobgent01.koyocorp.com/koyocorp.com
* SPN found :HOST/kcuobgent01.koyocorp.com
* SPN found :HOST/KCUOBGENT01
* SPN found :HOST/kcuobgent01.koyocorp.com/ORANGEBURG
* SPN found :GC/kcuobgent01.koyocorp.com/koyocorp.com
......................... KCUOBGENT01 passed test
MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: RPCLOCATOR
* Checking Service: w32time
* Checking Service: TrkWks
* Checking Service: TrkSvr
* Checking Service: NETLOGON
......................... KCUOBGENT01 passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
KCUOBGENT01 is in domain DC=koyocorp,DC=com
Checking for CN=KCUOBGENT01,OU=Domain
Controllers,DC=koyocorp,DC=com in
domain DC=koyocorp,DC=com on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings\
CNF:c67cd3cf-c922-4283-865f-
dc2e0fb21b69,CN=KCUOBGENT01,CN=Servers,CN=KoyoCorp,C
N=Sites,CN=Configuration,DC=koyocorp,DC=com in domain
CN=Configuration,DC=koyoco
rp,DC=com on 1 servers
Object is up-to-date on all servers.
......................... KCUOBGENT01 passed test
ObjectsReplicated
Starting test: frssysvol
* The File Replication Service Event log test
The SYSVOL has been shared, and the AD is no longer
prevented from starting by the File Replication Service.
......................... KCUOBGENT01 passed test frssysvol
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the
last 15 minut
es.
......................... KCUOBGENT01 passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x0000410A
Time Generated: 05/28/2008 10:56:28
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000165B
Time Generated: 05/28/2008 11:15:49
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000169E
Time Generated: 05/28/2008 11:27:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000410A
Time Generated: 05/28/2008 11:27:28
(Event String could not be retrieved)
......................... KCUOBGENT01 failed test systemlog
Running enterprise tests on : koyocorp.com
Starting test: Intersite
Skipping site KoyoCorp, this site is outside the scope
provided by the
command line arguments provided.
Skipping site Koyosc, this site is outside the scope provided
by the
command line arguments provided.
......................... koyocorp.com passed test Intersite
Starting test: FsmoCheck
GC Name: \\kcuobgent01.koyocorp.com
Locator Flags: 0xe00001fc
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Time Server Name: \\kcuobgent01.koyocorp.com
Locator Flags: 0xe00001fc
Preferred Time Server Name: \\kcuobgent01.koyocorp.com
Locator Flags: 0xe00001fc
KDC Name: \\kcuobgent01.koyocorp.com
Locator Flags: 0xe00001fc
......................... koyocorp.com failed test FsmoCheck
For some reason it is cutting off netdiag's output, is there a option
to dump it to a text file?

Thanks again in advance!

Jonathan

 

[Jonathan Johnson]

Hello Jonathan,

I don't meant to post the netdiag output now. I was talking about ALL steps
before are done and then hopefully you get the DC/Exchange box up and running.
If you have errors after this steps then post the output here. Now you must
have ofcourse errors.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!http://www.blakjak.demon.co.uk/mul_crss.htm

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:\Documents and Settings\Administrator>dcdiag /v

Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine kcuobgent01, is a DC.
* Connecting to directory service on server kcuobgent01.
* Collecting site info.
* Identifying all servers.
* Found 4 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests

Testing server: KoyoCorp\KCUOBGENT01
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... KCUOBGENT01 passed test
Connectivity
Doing primary tests

Testing server: KoyoCorp\KCUOBGENT01
Starting test: Replications
* Replications Check
......................... KCUOBGENT01 passed test
Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=koyocorp,DC=com
* Security Permissions Check for
CN=Configuration,DC=koyocorp,DC=com
* Security Permissions Check for
DC=koyocorp,DC=com
......................... KCUOBGENT01 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... KCUOBGENT01 passed test NetLogons
Starting test: Advertising
The DC KCUOBGENT01 is advertising itself as a DC and having a
DS.
The DC KCUOBGENT01 is advertising as an LDAP server
The DC KCUOBGENT01 is advertising as having a writeable
directory
The DC KCUOBGENT01 is advertising as a Key Distribution
Center
The DC KCUOBGENT01 is advertising as a time server
The DS KCUOBGENT01 is advertising as a GC.
......................... KCUOBGENT01 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN="NTDS Settings
DEL:fbeae0d9-5525-4fdd-9212-e9636c29e338",CN="KCUOBGDC01
DEL:9a02a90f-732f-41f3-beff-
f78d84df550e",CN=Servers,CN=KoyoCorp,CN=Sites,CN=Con
figuration,DC=koyocorp,DC=com
Warning: CN="NTDS Settings
DEL:fbeae0d9-5525-4fdd-9212-e9636c29e338",CN="KCUOBGDC01
DEL:9a02a90f-732f-41f3-beff-
f78d84df550e",CN=Servers,CN=KoyoCorp,CN=Sites,CN=Con
figuration,DC=koyocorp,DC=com is the Schema Owner, but is deleted.
Role Domain Owner = CN="NTDS Settings
DEL:fbeae0d9-5525-4fdd-9212-e9636c29e338",CN="KCUOBGDC01
DEL:9a02a90f-732f-41f3-beff-
f78d84df550e",CN=Servers,CN=KoyoCorp,CN=Sites,CN=Con
figuration,DC=koyocorp,DC=com
Warning: CN="NTDS Settings
DEL:fbeae0d9-5525-4fdd-9212-e9636c29e338",CN="KCUOBGDC01
DEL:9a02a90f-732f-41f3-beff-
f78d84df550e",CN=Servers,CN=KoyoCorp,CN=Sites,CN=Con
figuration,DC=koyocorp,DC=com is the Domain Owner, but is deleted.
Role PDC Owner = CN=NTDS
Settings,CN=KCUOBGENT01,CN=Servers,CN=KoyoCorp
,CN=Sites,CN=Configuration,DC=koyocorp,DC=com
Role Rid Owner = CN=NTDS
Settings,CN=KCUOBGENT01,CN=Servers,CN=KoyoCorp
,CN=Sites,CN=Configuration,DC=koyocorp,DC=com
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=KCUOBGENT01,CN=S
ervers,CN=KoyoCorp,CN=Sites,CN=Configuration,DC=koyocorp,DC=com
......................... KCUOBGENT01 failed test
KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 9752 to 1073741823
* kcuobgent01.koyocorp.com is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 9252 to 9751
No rids allocated -- please check eventlog.
......................... KCUOBGENT01 passed test RidManager
Starting test: MachineAccount
*

...

read more »- Hide quoted text -

- Show quoted text -

Both boxes are up and running. The exchange box is only a domain
controller because it has to be. However, the main domain controller
is the original domain controller that was running before the new one.
The new domain controller has been formatted, and put aside until I
get this situation repaired. DNS is not running on the mail server.
The only DNS server is the domain controller. However, I have tried to
seize the PDC role as well as the other roles that show that the
server is not, and I get errors such as, "LsaOpenPolicy error
0x6ba(The RPC server is unavailable.)". I have not run Metadata
Cleanup yet, but at the end of the day today, I will run it as well as
backup of the exchange server and the domain controller.

Thanks again,
Jonathan