Announcement

Collapse
No announcement yet.

unable to seize domain naming master

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • unable to seize domain naming master

    Hi. The hard drive on my Windows 2000 Advanced Server primary domain controller crashed. It held all the roles including global catalog. I am having to seize all the roles and transfer them to our backup domain controller. All the roles except the domain naming master were able to be seized. When I try to seize the Domain naming master I get this error:

    fsmo maintenance: seize domain naming master
    Attempting safe transfer of domain naming FSMO before seizure.
    ldap_modify_sW error 0x35(53 (Unwilling To Perform).
    Ldap extended error message is 0000214B: SvcErr: DSID-03210834, problem 5003 (WI
    LL_NOT_PERFORM), data 0

    Win32 error returned is 0x214b(Only DSAs configured to be Global Catalog servers
    should be allowed to hold the Domain Naming Master FSMO role.)
    )
    Depending on the error code this may indicate a connection,
    ldap, or role transfer error.
    Role seizure is forbidden in this case



    I am doing this with a domain admin account so its not a permissions issue. The Global catalog checkbox is checked in sites and services. When I run DCDIAG it tells me that the Global catalog has not finished promoting and cannot advertise. I also get an error about the rpc server being unavailable. I assumed the RPC error was just due to the fact that the main PDC was down. Does anybody have any idea why this is happening. I have never had this happen before. When I run DCDIAG it fails on:

    failed test Advertising
    failed test KnowsOfRoleHolders
    failed test kccevent
    failed test systemlog
    failed test FsmoCheck

    Please help. Thanks.

  • #2
    Re: unable to seize domain naming master

    I don't know how to fix your problem (although DNS and Replication are always good starting points for AD problems) but you MUST understand Windows 2000 domains better; there is NO "PDC" and "BDC" in Windows 2000 and above; there are only Domain controllers. All hold a writeable copy of the database, and replication is a TWO WAY effort between DCs.

    This fundamental change to the way you think about AD domains should assist when diagnosing problems.


    Tom
    For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

    Anything you say will be misquoted and used against you

    Comment

    Working...
    X