Announcement

Collapse
No announcement yet.

Windows 2000 Server...FSMO Problems

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Windows 2000 Server...FSMO Problems

    Hi,

    This my first thread. I have an issue that I can't figure out what it is. I have two DCs. Serv1 and Serv2. Serv1 is the main and Serv2 is a backup DC. Serv1 crashed and we had to restore it. After that, we did a DC promo. We were having replication problems but after restarting the schema, that started working again. When I check for the holder of all 5 roles, Serv1 has all of them. But now, in my event log on both servers, I'm seeing msgs about There is no DC in my domain. Also, on Serv2 , when I check for Schema Master, it gives me an error sometimes. If I reload it and check again, it will show Serv1 as the master. The other thing that's strange is when I check the Operations Master on Serv1, Serv1 is the master, but it doesn't have Serv2 as an option to transfer any of the roles to. But when I check the Operations Master on Serv2, Serv1 is the master and it has Serv2 as an option to transfer the roles to. I'm not sure if that's related to the no DC in my domain problem.
    Thanks in advance....

  • #2
    Re: Windows 2000 Server...FSMO Problems

    What roles were on Serv1 when it failed?
    What does "restarting the schema" mean?
    When you restored Serv1 what was the exact order of the steps you took?
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Re: Windows 2000 Server...FSMO Problems

      Serv1 had all 5 of them before it crashed. I meant Reloading the schema not restarting...Sorry about that.
      When we restored Serv1, we joined it to the domain. We assigned it the same name that it had before then we did a dc promo. That was all that we've done.

      Comment


      • #4
        Re: Windows 2000 Server...FSMO Problems

        You'll need to do Metadata Cleanup and then seize all the roles back to Serv1.

        HTH
        Regards,
        Jeremy

        Network Consultant/Engineer
        Baltimore - Washington area and beyond
        www.gma-cpa.com

        Comment


        • #5
          Re: Windows 2000 Server...FSMO Problems

          I was thinking about that..But when I do a Metadata cleanup on Serv2 and seize all the roles to Serv1 again...Is Serv2 still gonna be a Backup DC? I thought once you seize the roles from a DC, it won't take those roles again. I'm just afraid something else happens to Serv1 and Serv2 won't do the job till I get Serv1 back up and running...Thanks

          Comment


          • #6
            Re: Windows 2000 Server...FSMO Problems

            Were any of the roles ever seized?
            For the record, Active Directory is a multimaster environment where any DC can modify AD. The FSMO roles are certain parts of AD that are single master (FSMO). They are used mainly to support administrative functions. If your FSMO are offline for awhile your users won't even know the difference (unless they change their password).
            Regards,
            Jeremy

            Network Consultant/Engineer
            Baltimore - Washington area and beyond
            www.gma-cpa.com

            Comment


            • #7
              Re: Windows 2000 Server...FSMO Problems

              None of the roles were ever seized but I don't wanna seize the roles of Serv2 and then lose a DC. I understand the FSMO part. I'm an MCSA. But if my primary DC is down and it takes me a few days to get it back up. I need Serv2 to be functioning. I still need my users to be able to change passwords if need to.
              According to MS article 255504:
              "A domain controller whose FSMO roles have been seized should not be permitted to communicate with existing domain controllers in the forest. In this scenario, you should either format the hard disk and reinstall the operating system on such domain controllers or forcibly demote such domain controllers on a private network and then remove their metadata on a surviving domain controller in the forest by using the ntdsutil /metadata cleanup command. The risk of introducing a former FSMO role holder whose role has been seized into the forest is that the original role holder may continue to operate as before until it inbound-replicates knowledge of the role seizure. Known risks of two domain controllers owning the same FSMO roles include creating security principals that have overlapping RID pools, and other problems. "

              Would transferring the roles work??

              Comment


              • #8
                Re: Windows 2000 Server...FSMO Problems

                Originally posted by kleer82
                I understand the FSMO part. I'm an MCSA
                I suppose this stems from my "multi-master" comment. I should have said that the reason for the explanation is because you mentioned Serv2 was a "Backup DC" but there is no more BDCs in 2000 on. All DCs have an editable copy the directory.

                Other things you've stated:
                -Serv1 had all 5 roles when it crashed
                -You never seized any roles

                Therefore Serv2 doesn't have any roles and now Serv1 probably doesn't have any roles either due to the fact that you reinstalled and ran dcpromo. I think the reason it still comes up as Serv1 having the roles is because the metadata cleanup was never performed.

                You can try transferring the roles but unless I'm mistaken it won't work because Serv1, I don't think, has any roles to transfer.

                Regards,
                Jeremy
                MCSE
                MCSA + Messaging
                Regards,
                Jeremy

                Network Consultant/Engineer
                Baltimore - Washington area and beyond
                www.gma-cpa.com

                Comment

                Working...
                X