Promote to GC problem

[Guest]

I may have accidently promoted a DC to host a GC for an empty domain with no
domain controllers. There are repeated messages in the event log for this DC
stating how promotion to a GC has been delayed or that it cannot not occur
because of precondition not being met.

I want to cancel this request or do something to eliminate all these
messages in the event log. They've been piling up for weeks now. Any ideas?

Here is one such event, names of innocent marked by X:

Event Type: Information
Event Source: NTDS Replication
Event Category: Replication
Event ID: 1559
Date: 3/18/2005
Time: 2:50:35 PM
User: Everyone
Computer: DVADER
Description:
A request has been made to promote this DSA to a Global Catalog (GC). A
precondition to becoming a GC is that this server host a read-only copy of
all partitions in the enterprise. This server should hold a copy of
partition DC=XXXX,DC=com but it does not. This system will not be promoted to
a GC until this condition is met.

This may be because the KCC has not run, or that it is unable to add a
replica of the partition because all of its sources are down. Please check
the event log for KCC errors.

The KCC will retry adding the replica.

 

[Herb Martin]

I may have accidently promoted a DC to host a GC for an empty domain with no
domain controllers.

There is no such thing.

If you did a DCPromo into a new domain, then
this would in fact be the first DC for that domain
(i.e., it did not exist before the promotion).

If you intended to add the DC to an existing domain,
just DCPromo it again (to non-DC first), then again
into the correct domain.

As to GC -- only a DC can become a GC and so you would
have to have at least one DC to make a GC anyway --
and if this is the only DC in the domain it really must
be the GC also.

There are repeated messages in the event log for this DC
stating how promotion to a GC has been delayed or that it cannot not occur
because of precondition not being met.

I want to cancel this request or do something to eliminate all these
messages in the event log. They've been piling up for weeks now. Any

ideas?

Start by running DCDiag (probably /fix is a good idea too)
and double checking your DNS which is usually at the heart
of most replication problems (this is one of those) and most
authentication problems (which might be involved too.)

Here is one such event, names of innocent marked by X:

Event Type: Information
Event Source: NTDS Replication
Event Category: Replication
Event ID: 1559
Date: 3/18/2005
Time: 2:50:35 PM
User: Everyone
Computer: DVADER
Description:
A request has been made to promote this DSA to a Global Catalog (GC). A
precondition to becoming a GC is that this server host a read-only copy of
all partitions in the enterprise. This server should hold a copy of
partition DC=XXXX,DC=com but it does not. This system will not be promoted to
a GC until this condition is met.

My guess is that you did the DCPromo into the exiting
domain and perhaps deferred the replication (this is a
choice during promotion to DC) -- then you tried to make
it a GC before that replication occurred.

Likely the REAL problem is that you aren't really replicating
(much of anything) proprerly so again, check DNS and use
DCDiag (see below....)


DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /serverC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]

 

[Guest]

I do not know what I did, and you are probably right. The fact remains
however that I have repeated messages in the event log saying that promoting
this DC to a GC has been delayed, with the additional message regarding a
domain that is in the tree but has no DCs and, as far as I know, does not
really exist.

In one of these AD dialogs is a checkbox that says "this DC hosts the Global
Catalog"--or something like that. I think it got checked for this DC. AD is
trying to do it but cannot. The question is--can I stop the request?

Or--can I fulfill the condition that the event message I pasted in this
issue is asking? What does the message mean?

Many questions.

I may have accidently promoted a DC to host a GC for an empty domain with no
domain controllers.

There is no such thing.

If you did a DCPromo into a new domain, then
this would in fact be the first DC for that domain
(i.e., it did not exist before the promotion).

If you intended to add the DC to an existing domain,
just DCPromo it again (to non-DC first), then again
into the correct domain.

As to GC -- only a DC can become a GC and so you would
have to have at least one DC to make a GC anyway --
and if this is the only DC in the domain it really must
be the GC also.

There are repeated messages in the event log for this DC
stating how promotion to a GC has been delayed or that it cannot not occur
because of precondition not being met.

I want to cancel this request or do something to eliminate all these
messages in the event log. They've been piling up for weeks now. Any

ideas?

Start by running DCDiag (probably /fix is a good idea too)
and double checking your DNS which is usually at the heart
of most replication problems (this is one of those) and most
authentication problems (which might be involved too.)

Here is one such event, names of innocent marked by X:

Event Type: Information
Event Source: NTDS Replication
Event Category: Replication
Event ID: 1559
Date: 3/18/2005
Time: 2:50:35 PM
User: Everyone
Computer: DVADER
Description:
A request has been made to promote this DSA to a Global Catalog (GC). A
precondition to becoming a GC is that this server host a read-only copy of
all partitions in the enterprise. This server should hold a copy of
partition DC=XXXX,DC=com but it does not. This system will not be promoted to
a GC until this condition is met.

My guess is that you did the DCPromo into the exiting
domain and perhaps deferred the replication (this is a
choice during promotion to DC) -- then you tried to make
it a GC before that replication occurred.

Likely the REAL problem is that you aren't really replicating
(much of anything) proprerly so again, check DNS and use
DCDiag (see below....)


DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /serverC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]

 

[Herb Martin]

I do not know what I did, and you are probably right. The fact remains
however that I have repeated messages in the event log saying that promoting
this DC to a GC has been delayed, with the additional message regarding a
domain that is in the tree but has no DCs and, as far as I know, does not
really exist.

In one of these AD dialogs is a checkbox that says "this DC hosts the Global
Catalog"--or something like that. I think it got checked for this DC. AD is
trying to do it but cannot. The question is--can I stop the request?

Or--can I fulfill the condition that the event message I pasted in this
issue is asking? What does the message mean?

What I suggested was that you treat is as a failure to
replicated.

Investigate your DNS, etc. as indicated in my prior
post.

If that doesn't resolve the issue (make double sure
you fixed DNS) then (as long as you have another
fully functioning DC for this domain) DCPromo
the DC twice -- once to non-DC, again back to a
DC.

Note: if there is a replication problem, you may need
the /forceremoval switch when you run DCPromo
(from a command line or Start->Run).

DCPromo /forceremoval requires a later service pack
on Win2000 DCs.