trouble after DC restore

D

dude

Win2k sp4 forest with one root domain and one child domains under the root
domain. Two DCs in root domain, 6 DCs in child domain. We are going to an
offsite location to perform DR test. I'm currently doing a run onsite here
at work with test machines. I'm restoring the two DCs here at the corporate
office. Running into a problem that the RID master can't come online. One
DC holds PDC emulator, RID master, and GC roles. The 2nd DC holds the
infrastructure master role. First DC was restored and then an authoritative
restore performed on it, then 2nd DC restored. Both servers' time in sync.
The error I'm receiving is event ID 16650: The account-identifier allocator
failed to initialize properly . . . . . I have both DCs that holds all 3
FSMOs and GC up and running, however, still running into problem with RID
not being able to come online.

any ideas?

thanks in advance
 
H

Herb Martin

dude said:
Win2k sp4 forest with one root domain and one child domains under the root
domain. Two DCs in root domain, 6 DCs in child domain. We are going to an
offsite location to perform DR test. I'm currently doing a run onsite here
at work with test machines. I'm restoring the two DCs here at the corporate
office. Running into a problem that the RID master can't come online.
Click to expand...

Is there perhaps another (running) RID Master?

You must not have two of ANY such masters.
One
DC holds PDC emulator, RID master, and GC roles. The 2nd DC holds the
infrastructure master role. First DC was restored and then an authoritative
restore performed on it, then 2nd DC restored. Both servers' time in
Click to expand...
sync.

How old are the backups? If made in the last week it
probably doesn't matter.

Why was the authoritative restore used? (That is a very
specific solution.)
The error I'm receiving is event ID 16650: The account-identifier allocator
failed to initialize properly . . . . . I have both DCs that holds all 3
FSMOs and GC up and running, however, still running into problem with RID
not being able to come online.
Click to expand...

You must NOT have two ("both") DCs running the same
masters in the same domain.

If you ever have seized a role the old role holder must
be DCPromo'd to a non-DC (it can then be re-DCPromo'd
to become a new DC.)

That account identifier looks vaguely like a machine account
or some such that no longer matches the (other) DCs, and
such can easily happen in just a few days.
any ideas?

thanks in advance
Click to expand...

What does the event ID give when you search MS or look
at www.eventid.net ?

Google:

[ event ID 16650 account-identifier allocator site:microsoft.com ]

....or...

[ event ID 16650 account-identifier allocator microsoft: ]
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Quick design question 2
unable to assign gc role to any dc 9
Active Directory unable to upgrade to 2003 13
[Long] Clearing GC check box caused child domain to be deleted! 5
RID operations master failure 1
Rebuilt forest root DC, now got repl errors, SIDs? 2
AD Disaster Scenario 4
Disaster Recovery AD 2

Top