No announcement yet.

unable to seize domain naming master

  • Filter
  • Time
  • Show
Clear All
new posts

  • unable to seize domain naming master

    Hi. The hard drive on my Windows 2000 Advanced Server primary domain controller crashed. It held all the roles including global catalog. I am having to seize all the roles and transfer them to our backup domain controller. All the roles except the domain naming master were able to be seized. When I try to seize the Domain naming master I get this error:

    fsmo maintenance: seize domain naming master
    Attempting safe transfer of domain naming FSMO before seizure.
    ldap_modify_sW error 0x35(53 (Unwilling To Perform).
    Ldap extended error message is 0000214B: SvcErr: DSID-03210834, problem 5003 (WI
    LL_NOT_PERFORM), data 0

    Win32 error returned is 0x214b(Only DSAs configured to be Global Catalog servers
    should be allowed to hold the Domain Naming Master FSMO role.)
    Depending on the error code this may indicate a connection,
    ldap, or role transfer error.
    Role seizure is forbidden in this case

    I am doing this with a domain admin account so its not a permissions issue. The Global catalog checkbox is checked in sites and services. When I run DCDIAG it tells me that the Global catalog has not finished promoting and cannot advertise. I also get an error about the rpc server being unavailable. I assumed the RPC error was just due to the fact that the main PDC was down. Does anybody have any idea why this is happening. I have never had this happen before. When I run DCDIAG it fails on:

    failed test Advertising
    failed test KnowsOfRoleHolders
    failed test kccevent
    failed test systemlog
    failed test FsmoCheck

    Please help. Thanks.

  • #2
    Re: unable to seize domain naming master

    I don't know how to fix your problem (although DNS and Replication are always good starting points for AD problems) but you MUST understand Windows 2000 domains better; there is NO "PDC" and "BDC" in Windows 2000 and above; there are only Domain controllers. All hold a writeable copy of the database, and replication is a TWO WAY effort between DCs.

    This fundamental change to the way you think about AD domains should assist when diagnosing problems.

    For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

    Anything you say will be misquoted and used against you