Wild problems in AD with Domain. 3

[AV1611]

I had a AD Server. I moved all the FSMO rolls I believe to another server called Lytec from RLDATASTORE. Now I am getting some weird messages about RLDATASTORE. It was taken off line and formatted. It is back on but as a regular Server.

The event log has problems such as listed below. Please take the time to look and see if anyone can help me. Desperate....

Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 9/6/2003
Time: 1:18:32 AM
User: N/A
Computer: LYTEC
Description:
The File Replication Service is having trouble enabling replication from RLDATASTORE to LYTEC for c:\winnt\sysvol\domain using the DNS name rldatastore.raddiag.com. FRS will keep retrying.
Following are some of the reasons you would see this warning.

[1] FRS can not correctly resolve the DNS name rldatastore.raddiag.com from this computer.
[2] FRS is not running on rldatastore.raddiag.com.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.

This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13562
Date: 9/2/2003
Time: 9:14:58 PM
User: N/A
Computer: LYTEC
Description:
Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller lytec.raddiag.com for FRS replica set configuration information.

Could not find computer object for this computer. Will try again at next polling cycle.


Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13562
Date: 9/2/2003
Time: 9:02:27 PM
User: N/A
Computer: LYTEC
Description:
Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller lytec.raddiag.com for FRS replica set configuration information.

Could not find computer object for this computer. Will try again at next polling cycle.


Event Type: Information
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1308
Date: 9/6/2003
Time: 1:20:49 AM
User: N/A
Computer: LYTEC
Description:
The Directory Service consistency checker has noticed that 86 successive replication attempts with CN=NTDS Settings,CN=RLDATASTORE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=raddiag,DC=com have failed over a period of 4693 minutes. The connection object for this server will be kept in place, and new temporary connections will established to ensure that replication continues. The Directory Service will continue to retry replication with CN=NTDS Settings,CN=RLDATASTORE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=raddiag,DC=com; once successful the temporary connection will be removed.

 

[svsawkar]

Well we know what's going on with the thing, as per the errors

You said some of the things are not present- did you wack what was present?

You need to follow the rest of the article:

Now that the NTDS setting object has been deleted we can now delete the following objects:
Use ADSIEdit to delete the computer account in the OU=Domain Controllers,DC=domain...

Note: The FRS subscriber object is deleted when the computer object is deleted, since it is a child of the computer account.
Use ADSIEdit to delete the FRS member object in CN=Domain System Volume (SYSVOL share),CN=file replication service,CN=system....
In the DNS console, use the DNS MMC to delete the cname (also known as the Alias) record in the _msdcs container.
In the DNS console, use the DNS MMC to delete the A (also known as the Host) record in DNS.
If the deleted computer was the last domain controller in a child domain and the child domain was also deleted, use ADSIEdit to delete the trustDomain object for the child in CN=System, DC=domain, DC=domain, Domain NC.


/Siddharth

 

[AV1611]

Well to recap shortly.... I finished the NTDS just fine. But when I run the ADSIEdit, I can't find anything on the Rldatastore.

Now the problem also comes if I go to delete Rldatastore from DNS, I have the computer back on the Network. It was previously on as a DC with AD. But after it got formatted I put it back on the Network as just a Member Server. But it has the same name and IP. So doesn't the DNS see the New Server and not the old? And would it cause problems by deleting the New out of DNS and the Domain??

Thanks a lot, AV

 

[svsawkar]

You could always wack Rldatastore out of dns, and then go to the new RLdatasore and do a 'ipconfig /flushdns' and 'ipconfig /registerdns'. This will put back in place whatever is neccesary.

I think you need to look harder for the Rldatastore. The only way you can be getting those KCC errors is if it's in the config container. Do the LDAP paths in the instructions make sense?

/Siddharth

 

[AV1611]

They kind of make sense. I tried to follow them all out through the ADSIEdit but can't find Rldatastore listed anywhere in them. I will go back and search again.

Thanks so much for all the help...

AV

 

[svsawkar]

CN=Domain System Volume (SYSVOL share),CN=file replication service,CN=system....


To do the above instructions, you need to work backwards. First find the NC=yourdomainname, then open up System, then File Rep SErvice, THEN open up SYSVOL.

/Siddharth

 

[AV1611]

Thanks... I finally found that last one. There was one, or atleast that is all I can find, is one more record. I deleted it. I will be rebooting later tonight when everybody is off. I hope this kills all the errors. I get the error message about "Can't find Global Catalog" a whole lot.

I'll keep you posted. Thanks again for all the help. I've learned a lot.

AV

 

[svsawkar]

Make your DC a GC- go into AD Sites and Services, expand the site with your server, expand on your server and right click on the NTDS Connection Object. Click the Global Catalog check box.

/Siddharth

 

[AV1611]

Thanks a million. That got rid of the Global error.

As a matter of fact I don't have any errors in the Event Viewer. I believe for now my problems seem to be clearing up.

Thanks a lot guys for the help.

AV

 

[AV1611]

Do I need LMHOSTS turned on in the WINS tab??

AV

 

[svsawkar]

If you are using LMHOSTS file lookups, then yes.

/Siddharth

 

[TPrchal]

I am trying to get rid of an entry of an old DC. IT shows up in sites and services and as a selection in the METADATA Cleanup util (NTDSUTIL) Ive tried 4 times to remove it with NTDS UTIL and keep getting the error 'DSRemoveDSServerW error 0x20e3 (The DSA object couldnot be found)'

I cannot remove it from the SitesandServices same message of dSA object...used ADSIEdit and removed all references as stated in the MS KB article mentioned earlier in the thread. I cant get rid of that entry. What else is there?

thanks

 

[jasonb88]

I had some problems adding another dc. The last problem I had gave me some trouble... Here is what I found

I was getting:
Scecli 1001
userenv 1000

Solution:
Some how after enabling the syvol share on the new dc, ntfs remamed my sysvol shares under my sysvol/domain folder to some number followed by policies and another folder with some numbers and scripts.. After copying the folders and renaming them to policies and scripts.. The scecli event telling me that the policy had been envorced appeared in the application log.. I thought this might help some of you....

 

[svsawkar]

Ya'll would be better off moving these new topics to a new thread if you want some fresh responses

/Siddharth