Thanks for the reply. Here is the info you requested Running 3 domain
controllers in the forest, all windows 2000, fully patched, latest service
packs
Netdom query fsmo returns the following:
Schema owner server1.domain.local
PDC role server1.domain.local
RID pool manager server2.domain.local
infrastructure owner server2.domain.local
dcdiag /v is below:
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine slider, is a DC.
* Connecting to directory service on server Server1.
* Collecting site info.
* Identifying all servers.
* Found 3 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Domain\Server1
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... Server1 passed test Connectivity
Doing primary tests
Testing server: Domain\Server1
Starting test: Replications
* Replications Check
......................... Server1 passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=domain,DC=local
* Security Permissions Check for
CN=Configuration,DC=domain,DC=local
* Security Permissions Check for
DC=domain,DC=local
......................... Server1 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... Server1 passed test NetLogons
Starting test: Advertising
The DC Server1 is advertising itself as a DC and having a DS.
The DC Server1 is advertising as an LDAP server
The DC Server1 is advertising as having a writeable directory
The DC Server1 is advertising as a Key Distribution Center
The DC Server1 is advertising as a time server
The DS Server1 is advertising as a GC.
......................... Server1 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN="NTDS Settings
DEL:b33a6e03-0763-4e96-8f1c-5c21479dd950",CN=Server1,CN=Servers,CN=Domain,CN
=Sites,CN=Configuration,DC=domain,DC=local
Warning: CN="NTDS Settings
DEL:b33a6e03-0763-4e96-8f1c-5c21479dd950",CN=Server1,CN=Servers,CN=Domain,CN
=Sites,CN=Configuration,DC=Domain,DC=local is the Schema Owner, but is
deleted.
Role Domain Owner = CN="NTDS Settings
DEL:b33a6e03-0763-4e96-8f1c-5c21479dd950",CN=Server1,CN=Servers,CN=Domain,CN
=Sites,CN=Configuration,DC=Domain,DC=local
Warning: CN="NTDS Settings
DEL:b33a6e03-0763-4e96-8f1c-5c21479dd950",CN=Server1,CN=Servers,CN=Domain,CN
=Sites,CN=Configuration,DC=domain,DC=local is the Domain Owner, but is
deleted.
Role PDC Owner = CN=NTDS
Settings,CN=Server2,CN=Servers,CN=Domain,CN=Sites,CN=Configuration,DC=domain
,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=,CN=Servers,CN=domain,CN=Sites,CN=Configuration,DC=domain,DC=loc
al
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=server2,CN=Servers,CN=domain,CN=Sites,CN=Configuration,DC=domain
,DC=local
......................... Server1 failed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 6852 to 1073741823
* server2.domain.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 5852 to 6351
* rIDNextRID: 5907
* rIDPreviousAllocationPool is 5852 to 6351
......................... Server1 passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/server1.domain.local/domain.local
* SPN found :LDAP/server1.domain.local
* SPN found :LDAP/Server1
* SPN found :LDAP/server1.domain.local/domain
* SPN found
:LDAP/91f2acdb-219a-4bc9-970f-f4cf1c02ddf2._msdcs.domain.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/91f2acdb-219a-4bc9-970f-f4cf1c02ddf2/d
omain.local
* SPN found :HOST/server1.domain.local/domain.local
* SPN found :HOST/server1.domain.local
* SPN found :HOST/Server1
* SPN found :HOST/server1.domain.local/domain
* SPN found :GC/server1.domain.local/domain.local
......................... Server1 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: RPCLOCATOR
* Checking Service: w32time
* Checking Service: TrkWks
* Checking Service: TrkSvr
* Checking Service: NETLOGON
* Checking Service: Dnscache
* Checking Service: NtFrs
......................... Server1 passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
Server1 is in domain DC=Domain,DC=local
Checking for CN=Server1,OU=Domain Controllers,DC=Domain,DC=local in
domain DC=Domain,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=Server1,CN=Servers,CN=Domain,CN=Sites,CN=Configuration,DC=Domain
,DC=local in domain CN=Configuration,DC=domain,DC=local on 1 servers
Object is up-to-date on all servers.
......................... Server1 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service Event log test
The SYSVOL has been shared, and the AD is no longer
prevented from starting by the File Replication Service.
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 04/13/2004 12:15:09
Event String: The File Replication Service is having trouble
enabling replication from server2 to Server1 for
c:\winnt\sysvol\domain using the DNS name
server2.domain.local. FRS will keep retrying.
Following are some of the reasons you would see
this warning.
[1] FRS can not correctly resolve the DNS name
imaging.afflink.local from this computer.
[2] FRS is not running on imaging.afflink.local.
[3] The topology information in the Active
Directory for this replica has not yet replicated
to all the Domain Controllers.
This event log message will appear once per
connection, After the problem is fixed you will
see another event log message indicating that the
connection has been established.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 04/28/2004 00:55:13
Event String: The File Replication Service is having trouble
enabling replication from server2 to server1 for
c:\winnt\sysvol\domain using the DNS name
server2.domain.local. FRS will keep retrying.
Following are some of the reasons you would see
this warning.
[1] FRS can not correctly resolve the DNS name
server2.domain.local from this computer.
[2] FRS is not running on imaserver2.domain.local.
[3] The topology information in the Active
Directory for this replica has not yet replicated
to all the Domain Controllers.
This event log message will appear once per
connection, After the problem is fixed you will
see another event log message indicating that the
connection has been established.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 04/29/2004 01:55:13
Event String: The File Replication Service is having trouble
enabling replication from server2 to server1 for
c:\winnt\sysvol\domain using the DNS name
server2.domain.local. FRS will keep retrying.
Following are some of the reasons you would see
this warning.
[1] FRS can not correctly resolve the DNS name
server2.domain.local from this computer.
[2] FRS is not running on server2.domain.local.
[3] The topology information in the Active
Directory for this replica has not yet replicated
to all the Domain Controllers.
This event log message will appear once per
connection, After the problem is fixed you will
see another event log message indicating that the
connection has been established.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 04/30/2004 01:55:14
Event String: The File Replication Service is having trouble
enabling replication from server2 to server1 for
c:\winnt\sysvol\domain using the DNS name
server2.domain.local. FRS will keep retrying.
Following are some of the reasons you would see
this warning.
[1] FRS can not correctly resolve the DNS name
server2.domain.local from this computer.
[2] FRS is not running on server2.domain.local.
[3] The topology information in the Active
Directory for this replica has not yet replicated
to all the Domain Controllers.
This event log message will appear once per
connection, After the problem is fixed you will
see another event log message indicating that the
connection has been established.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 05/01/2004 02:55:14
Event String: The File Replication Service is having trouble
enabling replication from server2 to Server1 for
c:\winnt\sysvol\domain using the DNS name
server2.domain.local. FRS will keep retrying.
Following are some of the reasons you would see
this warning.
[1] FRS can not correctly resolve the DNS name
server2.domain.local from this computer.
[2] FRS is not running on server2.domain.local.
[3] The topology information in the Active
Directory for this replica has not yet replicated
to all the Domain Controllers.
This event log message will appear once per
connection, After the problem is fixed you will
see another event log message indicating that the
connection has been established.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 05/02/2004 03:55:14
Event String: The File Replication Service is having trouble
enabling replication from server2 to Server1 for
c:\winnt\sysvol\domain using the DNS name
server2.domain.local. FRS will keep retrying.
Following are some of the reasons you would see
this warning.
[1] FRS can not correctly resolve the DNS name
server2.domain.local from this computer.
[2] FRS is not running on server2.domain.local.
[3] The topology information in the Active
Directory for this replica has not yet replicated
to all the Domain Controllers.
This event log message will appear once per
connection, After the problem is fixed you will
see another event log message indicating that the
connection has been established.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 05/03/2004 04:55:14
Event String: The File Replication Service is having trouble
enabling replication from server2 to server1 for
c:\winnt\sysvol\domain using the DNS name
server2.domain.local. FRS will keep retrying.
Following are some of the reasons you would see
this warning.
[1] FRS can not correctly resolve the DNS name
server2.domain.local from this computer.
[2] FRS is not running on server2.domain.local.
[3] The topology information in the Active
Directory for this replica has not yet replicated
to all the Domain Controllers.
This event log message will appear once per
connection, After the problem is fixed you will
see another event log message indicating that the
connection has been established.
......................... SERVER1 passed test frssysvol
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15
minutes.
......................... SERVER1 passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0xC0001F60
Time Generated: 05/03/2004 07:04:01
Event String: The browser service has failed to retrieve the
backup list too many times on transport
\Device\NetBT_Tcpip_{413C7F0A-6D84-40B1-9668-D16B6818C055}.
The backup browser is stopping.
An Error Event occured. EventID: 0x40011006
Time Generated: 05/03/2004 07:23:35
Event String: The connection was aborted by the remote WINS.
Remote WINS may not be configured to replicate
with the server.
......................... SERVER1 failed test systemlog
Running enterprise tests on : domain.local
Starting test: Intersite
Skipping site Domain, this site is outside the scope provided by
the
command line arguments provided.
......................... domain.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\server1.domain.local
Locator Flags: 0xe00001fc
PDC Name: \\server2.domain.local
Locator Flags: 0xe00001fd
Time Server Name: \\server1.domain.local
Locator Flags: 0xe00001fc
Preferred Time Server Name: \\server1.domain.local
Locator Flags: 0xe00001fc
KDC Name: \\server1.domain.local
Locator Flags: 0xe00001fc
......................... domain.local passed test FsmoCheck
Eric Fleischman said:
Hum
8235 = ERROR_DS_REFERRAL
If you run netdom query fsmo, how does that look? Can you show us that
output?
Also, dcdiag /v? Just search and replace "sensitive" terms in there if you
want (like your domain name).
Also, how many DCs do you have in this forest? And what OS and service pack
are you running?
~Eric
--
Eric Fleischman [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
Micah said:
This post is related to my other post regarding extending the directory
for
SMS 2003
Regardless of what I do to get this to work it just doesn't happen. I can
connect to the schema master and make changes myself but the utility
fails.
Additionally when I try to transfer the operations master to another
server
I get the following error
I ran into this one trying to prep the 2000 domain for the upgrade to 2003
"The requested FSMO operation failed. The current FSMO holder could not
be
contacted. The transfer of the current Operations Master could not be
performed.
Any help would be great!
