Announcement

Collapse
No announcement yet.

Sezing FSMO roles

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Sezing FSMO roles

    Hello all,

    I have a question about sezing the roles on my dc.

    I am running windows 2000 advance server with SP4 and the operations master is showing ERROR in the box when you try and transfer and I can't find a lot on where to start looking etc. The server is still working ok but is dying.

    My main question is when I seizing the roles what happens, is another dc forced to take them over?

    Just a little confused about it all.

    Many thanks

    Simon
    Last edited by Si_Pe; 13th July 2006, 15:42.
    Kind Regards,
    Simon

  • #2
    Re: Sezing FSMO roles

    What is the "ERROR" you're getting?
    Seizing roles is never ideal but if you do, make sure the server you're seizing the role from is offline and NEVER comes back online. (meaning if you want to use that server again it will need to be reformatted)
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Re: Sezing FSMO roles

      Originally posted by JeremyW
      What is the "ERROR" you're getting?
      Seizing roles is never ideal but if you do, make sure the server you're seizing the role from is offline and NEVER comes back online. (meaning if you want to use that server again it will need to be reformatted)

      many thanks for your reply,

      When you look at the FSMO roles within Active Directory all it says where it should list the server name is "ERROR"

      When I rebuild the server can it be called the same name then?

      So will another dc be forced to create the roles?

      Thanks again
      Kind Regards,
      Simon

      Comment


      • #4
        Re: Sezing FSMO roles

        When you look at the FSMO roles within Active Directory all it says where it should list the server name is "ERROR"
        Do you get this on all your DCs or just the one that's failing?

        When I rebuild the server can it be called the same name then?
        I believe so, its account will need to be reset and because it was a DC you'll need to clean up AD ('cause if you seize the role you won't be able to bring it back online to uninstall AD)

        So will another dc be forced to create the roles?
        I'm not as familiar with 2k as I am with 2k3 but you should be able to use ntdsutil. You can also clean up you AD with ntdsutil. (note the different link)
        Regards,
        Jeremy

        Network Consultant/Engineer
        Baltimore - Washington area and beyond
        www.gma-cpa.com

        Comment


        • #5
          Re: Sezing FSMO roles

          Originally posted by JeremyW
          Do you get this on all your DCs or just the one that's failing?

          It shows on the two dc's.

          I believe so, its account will need to be reset and because it was a DC you'll need to clean up AD ('cause if you seize the role you won't be able to bring it back online to uninstall AD) ok brilliant so looks like this is my only option.

          I'm not as familiar with 2k as I am with 2k3 but you should be able to use ntdsutil. You can also clean up you AD with ntdsutil. (note the different link)
          Do I use to create new roles or to force them to a new server?

          You have been very helpful!

          Thanks
          Kind Regards,
          Simon

          Comment


          • #6
            Re: Sezing FSMO roles

            You would actually seize them if the server is unavailable.

            If the serve is online you can transfer the roles to a new server.

            Comment


            • #7
              Re: Sezing FSMO roles

              Originally posted by wullieb1
              You would actually seize them if the server is unavailable.

              If the serve is online you can transfer the roles to a new server.
              Thanks

              Sorry I am being stupid I think. What about the other dc. Will Ad no longer work without these roles. So would it be a restore from backup for ad?

              Thanks again
              Kind Regards,
              Simon

              Comment


              • #8
                Re: Sezing FSMO roles

                You need the roles for full functionality and no, you won't need to restore from backup.

                The best way is to transfer the roles so lets get back to my earlier question; are you getting the error on all DCs or just the one that's failing?
                Regards,
                Jeremy

                Network Consultant/Engineer
                Baltimore - Washington area and beyond
                www.gma-cpa.com

                Comment


                • #9
                  Re: Sezing FSMO roles

                  Originally posted by JeremyW
                  You need the roles for full functionality and no, you won't need to restore from backup.

                  The best way is to transfer the roles so lets get back to my earlier question; are you getting the error on all DCs or just the one that's failing?
                  Ok sorry,

                  Yeah I am getting the error on all roles in AD on Both DC's

                  Thanks for your help this has been a issue for a while now and with your help I think I may come to the correct way of fixing it.

                  Thanks
                  Kind Regards,
                  Simon

                  Comment


                  • #10
                    Re: Sezing FSMO roles

                    Have you checked the Event logs to see if there's any errors there?
                    You could also try transfering the roles (not seizing) using ntdsutil.
                    See:
                    http://www.petri.com/transferring_fsmo_roles.htm
                    http://www.petri.com/determining_fsmo_role_holders.htm
                    Regards,
                    Jeremy

                    Network Consultant/Engineer
                    Baltimore - Washington area and beyond
                    www.gma-cpa.com

                    Comment


                    • #11
                      Re: Sezing FSMO roles

                      Originally posted by JeremyW
                      Have you checked the Event logs to see if there's any errors there?
                      You could also try transfering the roles (not seizing) using ntdsutil.
                      See:
                      http://www.petri.com/transferring_fsmo_roles.htm
                      http://www.petri.com/determining_fsmo_role_holders.htm
                      I have looked there and checked DNS and it seems to be working ok, I would like to transfer the roles or seize them and then rebuild this server. Is transfering the best option then?

                      If I use NTDSUTIL to transfer the roles is it more likely to work even though it has the error and the GUI wont move them?

                      I will check the logs again now to see what new items are in there.

                      Thanks again! Your helping me on the road to recovery.

                      Cheers
                      Kind Regards,
                      Simon

                      Comment


                      • #12
                        Re: Sezing FSMO roles

                        Transferring is definitely the way to go. Seizing is when all else fails.

                        I did a quick google search on the error and didn't find anything. Maybe someone more experienced had come across this before...?

                        I would determine if ntdsutil can see which server is holding which role. If it can then my guess would be that you'd be able to use ntdsutil to transfer the roles. These are only guesses and and it may make matters worse so make sure you have a current backup of all the servers.
                        Regards,
                        Jeremy

                        Network Consultant/Engineer
                        Baltimore - Washington area and beyond
                        www.gma-cpa.com

                        Comment


                        • #13
                          Re: Sezing FSMO roles

                          Originally posted by Si_Pe
                          I have looked there and checked DNS and it seems to be working ok, I would like to transfer the roles or seize them and then rebuild this server. Is transfering the best option then?

                          If I use NTDSUTIL to transfer the roles is it more likely to work even though it has the error and the GUI wont move them?

                          I will check the logs again now to see what new items are in there.

                          Thanks again! Your helping me on the road to recovery.

                          Cheers
                          Hello again,

                          I have used NTDSUTIL To see what server holds the roles and it has come back with the following results which I am cofused by as the roles seem to be held on the other dc.

                          E:\Documents and Settings\localadmin>netdom query /domain:endsnet fsmo
                          The system cannot find the file specified.

                          The command failed to complete successfully.

                          E:\Documents and Settings\localadmin>ntdsutil
                          ntdsutil: roles
                          fsmo maintenance: connections
                          server connections: connect to server endscs1
                          Binding to endscs1 ...
                          Connected to endscs1 using credentials of locally logged on user
                          server connections: q
                          fsmo maintenance: select operation target
                          select operation target: list roles for connected server
                          Server "endscs1" knows about 5 roles
                          Schema - CN="NTDS Settings
                          DEL:cd53d892-b33e-4b2f-9934-a46359430699",CN="ENDSCS1
                          DEL:5609fab6-8f1c-4de3-b588-669ba20fb267",CN=Servers,CN=Default-First-Site-Name,
                          CN=Sites,CN=Configuration,DC=endsnet,DC=local
                          Domain - CN="NTDS Settings
                          DEL:cd53d892-b33e-4b2f-9934-a46359430699",CN="ENDSCS1
                          DEL:5609fab6-8f1c-4de3-b588-669ba20fb267",CN=Servers,CN=Default-First-Site-Name,
                          CN=Sites,CN=Configuration,DC=endsnet,DC=local
                          PDC - CN="NTDS Settings
                          DEL:cd53d892-b33e-4b2f-9934-a46359430699",CN="ENDSCS1
                          DEL:5609fab6-8f1c-4de3-b588-669ba20fb267",CN=Servers,CN=Default-First-Site-Name,
                          CN=Sites,CN=Configuration,DC=endsnet,DC=local
                          RID - CN="NTDS Settings
                          DEL:cd53d892-b33e-4b2f-9934-a46359430699",CN="ENDSCS1
                          DEL:5609fab6-8f1c-4de3-b588-669ba20fb267",CN=Servers,CN=Default-First-Site-Name,
                          CN=Sites,CN=Configuration,DC=endsnet,DC=local
                          Infrastructure - CN="NTDS Settings
                          DEL:cd53d892-b33e-4b2f-9934-a46359430699",CN="ENDSCS1
                          DEL:5609fab6-8f1c-4de3-b588-669ba20fb267",CN=Servers,CN=Default-First-Site-Name,
                          CN=Sites,CN=Configuration,DC=endsnet,DC=local
                          select operation target:


                          The server we are having problems with is Endscs2.

                          So I am guessing that along the way Endscs1 has been rebuilt and AD wasnt removed correctly.

                          What do I need to do next.

                          Thanks very much.

                          Si
                          Kind Regards,
                          Simon

                          Comment


                          • #14
                            Re: Sezing FSMO roles

                            Originally posted by JeremyW
                            Transferring is definitely the way to go. Seizing is when all else fails.

                            I did a quick google search on the error and didn't find anything. Maybe someone more experienced had come across this before...?

                            I would determine if ntdsutil can see which server is holding which role. If it can then my guess would be that you'd be able to use ntdsutil to transfer the roles. These are only guesses and and it may make matters worse so make sure you have a current backup of all the servers.
                            Thanks,

                            So I guess in theory what I should be able to do seeing as NTDSUTIL has come back knowing of the 5 roles that I should be able to transfer them using NTDSUTIL to server2 and then transfer them back to server1?

                            Thanks
                            Si
                            Kind Regards,
                            Simon

                            Comment


                            • #15
                              Re: Sezing FSMO roles

                              Hello me again,

                              I have tried to transfer the roles but has come up with the following error when trying to transfer.

                              E:\Documents and Settings\localadmin>ntdsutil
                              ntdsutil: roles
                              fsmo maintenance: connections
                              server connections: connect to server endscs1
                              Binding to endscs1 ...
                              Connected to endscs1 using credentials of locally logged on user
                              server connections: q
                              fsmo maintenance: transfer domain naming master
                              ldap_modify_sW error 0x34(52 (Unavailable).
                              Ldap extended error message is 000020AF: SvcErr: DSID-03210227, problem 5002 (UN
                              AVAILABLE), data 8

                              Win32 error returned is 0x20af(The requested FSMO operation failed. The current
                              FSMO holder could not be contacted.)
                              )
                              Depending on the error code this may indicate a connection,
                              ldap, or role transfer error.
                              Server "endscs1" knows about 5 roles
                              Schema - CN="NTDS Settings
                              DEL:cd53d892-b33e-4b2f-9934-a46359430699",CN="ENDSCS1
                              DEL:5609fab6-8f1c-4de3-b588-669ba20fb267",CN=Servers,CN=Default-First-Site-Name,
                              CN=Sites,CN=Configuration,DC=endsnet,DC=local
                              Domain - CN="NTDS Settings
                              DEL:cd53d892-b33e-4b2f-9934-a46359430699",CN="ENDSCS1
                              DEL:5609fab6-8f1c-4de3-b588-669ba20fb267",CN=Servers,CN=Default-First-Site-Name,
                              CN=Sites,CN=Configuration,DC=endsnet,DC=local
                              PDC - CN="NTDS Settings
                              DEL:cd53d892-b33e-4b2f-9934-a46359430699",CN="ENDSCS1
                              DEL:5609fab6-8f1c-4de3-b588-669ba20fb267",CN=Servers,CN=Default-First-Site-Name,
                              CN=Sites,CN=Configuration,DC=endsnet,DC=local
                              RID - CN="NTDS Settings
                              DEL:cd53d892-b33e-4b2f-9934-a46359430699",CN="ENDSCS1
                              DEL:5609fab6-8f1c-4de3-b588-669ba20fb267",CN=Servers,CN=Default-First-Site-Name,
                              CN=Sites,CN=Configuration,DC=endsnet,DC=local
                              Infrastructure - CN="NTDS Settings
                              DEL:cd53d892-b33e-4b2f-9934-a46359430699",CN="ENDSCS1
                              DEL:5609fab6-8f1c-4de3-b588-669ba20fb267",CN=Servers,CN=Default-First-Site-Name,
                              CN=Sites,CN=Configuration,DC=endsnet,DC=local
                              fsmo maintenance:

                              Looks like a seize is the only way to go? Can I have some help and some suggestions on the next step please?

                              Thanks again!
                              Kind Regards,
                              Simon

                              Comment

                              Working...
                              X