Announcement

Collapse
No announcement yet.

Schema Role does not exist

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Schema Role does not exist

    Hey All

    I'm getting the following warning message in the Directory Service event log.


    Code:
    - Server and Domain names removed -
    
    Ownership of the following FSMO role is set to a server which is deleted or does not exist. 
     
    Operations which require contacting a FSMO operation master will fail until this condition is corrected. 
     
    FSMO Role: CN=Schema,CN=Configuration,DC=-DOMAIN-,DC=com 
    FSMO Server DN: CN=NTDS Settings\0ADEL:27fb3db0-81e8-4e5a-be82-796cc24f6ec1,CN=-Server-,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=-DOMAIN-,DC=com
    The server in question holds all my FSMO roles, and it appears that only the schema role is affected.

    Has anyone seen this before, and know how to fix it? This is my companies primary file server, I don't really want to seize the role, and be forced to format it.

    Thanks

  • #2
    Re: Schema Role does not exist

    Is this your only domain controller?

    Comment


    • #3
      Re: Schema Role does not exist

      Does the computer object for that DC exist?

      Comment


      • #4
        Re: Schema Role does not exist

        We have two domain controllers.


        There is a computer account for this DC

        Comment


        • #5
          Re: Schema Role does not exist

          Isn't the original first DC in the site deleted?
          If I see this error I would think of it that the shema owner was removed without proper demoting it.

          Have you cleaned the metadata?
          http://www.petri.com/delete_failed_dcs_from_ad.htm

          You could seize the schema role see:
          http://www.petri.com/transferring_fsmo_roles.htm
          http://www.petri.com/seizing_fsmo_roles.htm
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment


          • #6
            Re: Schema Role does not exist

            You can use the NTDSUTIL.EXE to force a fsmo role to another domain controller.
            See articles on MS Knowledge base on how to use it.

            Comment


            • #7
              Re: Schema Role does not exist

              I already posted it how to do it. It's called seizing
              Marcel
              Technical Consultant
              Netherlands
              http://www.phetios.com
              http://blog.nessus.nl

              MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
              "No matter how secure, there is always the human factor."

              "Enjoy life today, tomorrow may never come."
              "If you're going through hell, keep going. ~Winston Churchill"

              Comment


              • #8
                Re: Schema Role does not exist

                Won't I format the DC in question after I seize it's schema role? Everything I've read from Microsoft tells me that.

                Comment


                • #9
                  Re: Schema Role does not exist

                  what do you mean?
                  Marcel
                  Technical Consultant
                  Netherlands
                  http://www.phetios.com
                  http://blog.nessus.nl

                  MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                  "No matter how secure, there is always the human factor."

                  "Enjoy life today, tomorrow may never come."
                  "If you're going through hell, keep going. ~Winston Churchill"

                  Comment


                  • #10
                    Re: Schema Role does not exist

                    Sorry. I wrote that message very quickly and it makes no sense.

                    Everything I've read tells me that once I seize the schema role from the problem DC I'll have to format the server in order to make it a DC again. I don't really want to do this, especially since everything else on the DC is working correctly.

                    It's also possible that I'm mis-understanding what I'm reading.

                    Comment


                    • #11
                      Re: Schema Role does not exist

                      But isn't the old beeing removed from the domain?
                      Can you check with ntdsutil or with dcdiag /test:Knowsofroleholders /v if it has the schema role?
                      Last edited by Dumber; 10th September 2008, 16:49.
                      Marcel
                      Technical Consultant
                      Netherlands
                      http://www.phetios.com
                      http://blog.nessus.nl

                      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                      "No matter how secure, there is always the human factor."

                      "Enjoy life today, tomorrow may never come."
                      "If you're going through hell, keep going. ~Winston Churchill"

                      Comment


                      • #12
                        Re: Schema Role does not exist

                        No, I would perfer to keep the server a domain controller.

                        I ran dcdiag and was shown a warning that the DC is the Schema owner, but it was deleted. I also received this warning for Domain owner.

                        Comment


                        • #13
                          Re: Schema Role does not exist

                          well, shouldn't you post the output of the commands?
                          Marcel
                          Technical Consultant
                          Netherlands
                          http://www.phetios.com
                          http://blog.nessus.nl

                          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                          "No matter how secure, there is always the human factor."

                          "Enjoy life today, tomorrow may never come."
                          "If you're going through hell, keep going. ~Winston Churchill"

                          Comment


                          • #14
                            Re: Schema Role does not exist

                            Sure thing..


                            Domain Controller Diagnosis

                            Performing initial setup:
                            * Verifying that the local machine pathfile, is a DC.
                            * Connecting to directory service on server pathfile.
                            * Collecting site info.
                            * Identifying all servers.
                            * Identifying all NC cross-refs.
                            * Found 2 DC(s). Testing 1 of them.
                            Done gathering initial info.

                            Doing initial required tests

                            Testing server: Default-First-Site-Name\PATHFILE
                            Starting test: Connectivity
                            * Active Directory LDAP Services Check
                            * Active Directory RPC Services Check
                            ......................... PATHFILE passed test Connectivity

                            Doing primary tests

                            Testing server: Default-First-Site-Name\PATHFILE
                            Test omitted by user request: Replications
                            Test omitted by user request: Topology
                            Test omitted by user request: CutoffServers
                            Test omitted by user request: NCSecDesc
                            Test omitted by user request: NetLogons
                            Test omitted by user request: Advertising
                            Starting test: KnowsOfRoleHolders
                            Role Schema Owner = CN=NTDS Settings\0ADEL:27fb3db0-81e8-4e5a-be82-796cc24f6ec1,CN=PATHFILE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=PATHIXASP,DC=com
                            Warning: CN=NTDS Settings\0ADEL:27fb3db0-81e8-4e5a-be82-796cc24f6ec1,CN=PATHFILE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=PATHIXASP,DC=com is the Schema Owner, but is deleted.
                            Role Domain Owner = CN=NTDS Settings\0ADEL:27fb3db0-81e8-4e5a-be82-796cc24f6ec1,CN=PATHFILE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=PATHIXASP,DC=com
                            Warning: CN=NTDS Settings\0ADEL:27fb3db0-81e8-4e5a-be82-796cc24f6ec1,CN=PATHFILE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=PATHIXASP,DC=com is the Domain Owner, but is deleted.
                            Role PDC Owner = CN=NTDS Settings,CN=PATHFILE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=PATHIXASP,DC=com
                            Role Rid Owner = CN=NTDS Settings,CN=PATHFILE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=PATHIXASP,DC=com
                            Role Infrastructure Update Owner = CN=NTDS Settings,CN=PATHIXCOM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=PATHIXASP,DC=com
                            ......................... PATHFILE failed test KnowsOfRoleHolders
                            Test omitted by user request: RidManager
                            Test omitted by user request: MachineAccount
                            Test omitted by user request: Services
                            Test omitted by user request: OutboundSecureChannels
                            Test omitted by user request: ObjectsReplicated
                            Test omitted by user request: frssysvol
                            Test omitted by user request: frsevent
                            Test omitted by user request: kccevent
                            Test omitted by user request: systemlog
                            Test omitted by user request: VerifyReplicas
                            Test omitted by user request: VerifyReferences
                            Test omitted by user request: VerifyEnterpriseReferences
                            Test omitted by user request: CheckSecurityError

                            Running partition tests on : Schema
                            Test omitted by user request: CrossRefValidation
                            Test omitted by user request: CheckSDRefDom

                            Running partition tests on : Configuration
                            Test omitted by user request: CrossRefValidation
                            Test omitted by user request: CheckSDRefDom

                            Running partition tests on : PATHIXASP
                            Test omitted by user request: CrossRefValidation
                            Test omitted by user request: CheckSDRefDom

                            Running enterprise tests on : PATHIXASP.com
                            Test omitted by user request: Intersite
                            Test omitted by user request: FsmoCheck
                            Test omitted by user request: DNS

                            Comment


                            • #15
                              Re: Schema Role does not exist

                              Does pathfile show up under Sites and Services? Someone deleted something.

                              Comment

                              Working...
                              X