Win2K domain controller (owner) hardware failure, can't reassign roles

[mspsub]

Our Windows 2000 domain controller (the owner, domain names master, and global catalog) died suddenly (we had two DCs). The data is fine and has been restored, but we can't get the replacement server to take all of the roles of the old server. When I try to seize the domain names master role, I get an error message that only a global catalog server can do this. I have enabled the global catalog for this server, but I'm not sure what else to try.

Any suggestions?

 

[aftertaf]

DC1 died suddenly... DC2 is OK...

Which server are you trying to make naming master?
Have you started afresh with another DC, or are you trying to restore from backups a new DC1 ??

What are the commands you are using to seize the role?
How many servers do you actually have now and which ones ahave which roles?


Aftertaf (david)
MCSA 2003

 

[mspsub]

I have put bolded your questions in and follow with my answers...thanks.

EXCHSERVER died suddenly... NTERASDC is OK...

Yes

"Which server are you trying to make naming master?

A new server called MAIL

Have you started afresh with another DC, or are you trying to restore from backups a new DC1 ??

The new DC is a freshly installed server

What are the commands you are using to seize the role?

NTDSUtil|Roles|Seize domain naming master

Here is the error:

Attempting safe transfer of domain naming FSMO before seizure.
ldap_modify_sW error 0x35(53 (Unwilling To Perform).
Ldap extended error message is 0000214B: SvcErr: DSID-032107C5, problem 5003 (WILL_NOT_PERFORM), data 0

Win32 error returned is 0x214b(Only DSAs configured to be Global Catalog servers should be allowed to hold the Domain Naming Master FSMO role.)

How many servers do you actually have now and which ones ahave which roles?

I currently have two DCs

When I do a select operation target: list roles for connected server (NTERASDC) I get:

Server "nterasdc" knows about 5 roles
Schema - CN=NTDS Settings,CN=NTERASDC2,CN=Servers,CN=NOC,CN=Sites,CN=Configuration,DC=nteras,DC=com
Domain - CN="NTDS Settings
DEL:495bfaf6-9f81-45f7-8b96-98e946627c9f",CN="EXCHSERVER
DEL:d751213e-b6b4-4764-ad15-a3ca61fca5fa",CN=Servers,CN=Corporate,CN=Sites,CN=Configuration,DC=nteras,DC=com
PDC - CN=NTDS Settings,CN=NTERASDC,CN=Servers,CN=Corporate,CN=Sites,CN=Configuration,DC=nteras,DC=com
RID - CN=NTDS Settings,CN=NTERASDC,CN=Servers,CN=Corporate,CN=Sites,CN=Configuration,DC=nteras,DC=com
Infrastructure - CN=NTDS Settings,CN=MAIL,CN=Servers,CN=Corporate,CN=Sites,CN=Configuration,DC=nteras,DC=com

When I do a "select operation target" on MAIL I get:

Server "mail" knows about 5 roles
Schema - CN=NTDS Settings,CN=NTERASDC2,CN=Servers,CN=NOC,CN=Sites,CN=Configuration,DC=nteras,DC=com
Domain - CN="NTDS Settings
DEL:495bfaf6-9f81-45f7-8b96-98e946627c9f",CN="EXCHSERVER
DEL:d751213e-b6b4-4764-ad15-a3ca61fca5fa",CN=Servers,CN=Corporate,CN=Sites,CN=Configuration,DC=nteras,DC=com
PDC - CN=NTDS Settings,CN=NTERASDC,CN=Servers,CN=Corporate,CN=Sites,CN=Configuration,DC=nteras,DC=com
RID - CN=NTDS Settings,CN=NTERASDC,CN=Servers,CN=Corporate,CN=Sites,CN=Configuration,DC=nteras,DC=com
Infrastructure - CN=NTDS Settings,CN=MAIL,CN=Servers,CN=Corporate,CN=Sites,CN=Connfiguration,DC=nteras,DC=com

MAIL will not promote to glabal catalog

FYI: we do have a trusted domain (below our top domain).

 

[aftertaf]

it seems to me that you may have to do a metadata cleanup....

http://www.microsoft.com/resources/...dard/proddocs/en-us/sag_delservermetadata.asp

Aftertaf (david)
MCSA 2003

 

[mspsub]

additional info:

The trusted domain is between NTERASDC and NTERASDC2 which is a remote site that is not connected bery often and does have replication errors.

The event log on MAIL says (paraphrased):

The promotion of this server to a GC will be delayed for 30 minutes. THe reason for this is so the required partitions can be prepared. The KCC is going to run to replicate teh date before the GC can be promoted. Replication to the remote site is failing due to a schema mismatch.

What do you think?

It's been a long day..thanks for being there

 

[mspsub]

Thanks "Aftertaf (david)"

We ran that on MAIL and NTERASDC, but maybe we need NTERASDC2?

 

[aftertaf]

apparently your schema master is NTERASDC2, which is on the remote site...

Schema - CN=NTDS Settings,CN=NTERASDC2,CN=Servers,CN=NOC,CN=Sites,CN=Configuration,DC=nteras,DC=com

and replication is failing between the sites...
all these DCS are in nteras[dot]com, so it's a single domain forest.

hmmm...
looking in my books, i've found extra steps after the metadata cleanup procedure:
-removing all host records in DNS concerning the failed DC
-using adsiedit to remove refernces in Domain Name and Configuration partitions:

run ADSIEdit.msc
expand Domain\DC=nteras,DC=com\ etc... to find the object called EXCHSERVER... and delete it

do the same in Configuration\CN=Configuration\DC=nteras,DC=com\CN=Sites\CN=[name of site where exchserver was]\CN=Servers
again, find the object called EXCHSERVER... and delete it

good luck...





Aftertaf (david)
MCSA 2003

 

[mspsub]

I appreciate your replies....

Around midnight I used ADSIEdit.msc and deleted the EXCHSERVER objects as you suggested. Makes me feel good that a neophyte had been able to get this far

I just checked DCDIAG and I am seeing progess and it looks like our remote DC is syncing with our local DCs.

The errors have been changing and looks like we are almost over this hellish day.

Thanks again.

Mark

 

[aftertaf]

good luck...
what time is it where you are ??
lol
its nearly midday here

Aftertaf (david)
MCSA 2003

 

[mspsub]

It was 3am here when you sent your last message.

Mark

 

[aftertaf]

OUCH!

how's it getting on ?

Aftertaf (david)
MCSA 2003

 

[mspsub]

It took another day to move our email to a new exchange server (we upgraded in the process).

Thanks for your help. All is well now.