Announcement

Collapse
No announcement yet.

Active Directory could not create the NTDS Settings object for this domain controller

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Active Directory could not create the NTDS Settings object for this domain controller

    I have two servers running Windows 2003, latest service pack installed. The Primary Domain Controller is on a 10.0.0.0/24 network and is named 'Ernie'. The second server is on a 10.1.0.0/24 network and is on the domain and I can log in using the domain's [GNE] Administrator credentials.

    The Administrator is member of:
    Account Operators
    Administrators
    Backup Operators
    DHCP Administrators
    Domain Admins
    Domain Users
    Enterprise Admins
    Group Policy Creator Owners
    Remote Desktop Users
    Schema Admins

    When using 'dcpromo' to change this server into a Secondary Domain Controller, by selecting 'Additional domain controller for an existing domain', the wizard stops the NetLogon and then tries to update the NTDS Settings. It then returns this error message:

    The operation failed because:

    Active Directory could not create the NTDS Settings object for this domain controller

    CN=NTDS Settings,CN=FOZZIE,CN=Servers,CN=Brookmans-Park,CN=Sites,CN=Configuration,DC=globecastne,DC=c om
    on the remote domain controller ernie.globecastne.com.

    Ensure the provided network credentials have sufficient permissions.

    "An internal error occurred."

    ----------------------------------------------------------------------

    How can I give Administrator the rights to do this. I have policies in place, and I predicted that it has something to do with this, but even after removing these policies [and changing their settings] I' am still receiving these errors. Any ideas guys and gals...?

    Note:
    I found these articles and have changed my server settings to force TCP
    http://www.adminlife.com/247referenc.../15/75851.aspx
    http://support.microsoft.com/?kbid=244474
    Last edited by kibble; 5th September 2005, 12:46.

  • #2
    Re: Active Directory could not create the NTDS Settings object for this domain controller

    This kerberos hack only applies in WAN environments with MTU issues. Is that what you have, or are these DC's on the same LAN seperated only by a router/switch?

    The error does point to a network problem. Obviously, it is not a permission thing. Policies are equally unlikely. Any ports being blocked? Sure?

    Another idea. Does this AD have a history of promotions/demotions? Was the DC you are trying to promote ever in the AD before? If so, you may have metadata issues.

    Comment


    • #3
      Re: Active Directory could not create the NTDS Settings object for this domain controller

      > Does this AD have a history of promotions/demotions?

      Just saw your other thread. This one looks to be right on the money. Cleanup the directory first.

      http://support.microsoft.com/default...b;en-us;216498

      Comment


      • #4
        Re: Active Directory could not create the NTDS Settings object for this domain controller

        I have performed a cleanup and still no luck, this was one of the first things I tried in fact...

        Still very stuck.

        Comment


        • #5
          Re: Active Directory could not create the NTDS Settings object for this domain controller

          Please check the following settings:

          1. Correct timezone + time in each server.
          2. The new server point to the current DC as DNS server + NSLOOKUP
          Working as useal.
          3. The new server member of the current domain.
          4. Current backup for the DC.
          5. FSMO on the first DC working.
          6. No firewall beetwen the exiting DC and the new server (also disable
          Win 2003 ICF)
          7. Remote registry service working on each server.
          8. The new subnet (of the new DC) added to the currect active directory site
          or you create a new active directory site.

          http://support.microsoft.com/default...b;en-us;837932

          Regards,

          Yuval
          Best Regards,

          Yuval Sinay

          LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

          Comment


          • #6
            Re: Active Directory could not create the NTDS Settings object for this domain controller

            FSMO on Ernie is done, this is what NetDOM displays:

            Code:
             P:\>NetDOM Query fsmo
            Schema owner		ernie.globecastne.com
            
            Domain role owner		ernie.globecastne.com
            
            PDC role			ernie.globecastne.com
            
            RID pool manager		ernie.globecastne.com
            
            Infrastructure owner	ernie.globecastne.com
            
            The command completed successfully.
            
            P:\>ipconfig /all
            
            Windows IP Configuration
            
               Host Name . . . . . . . . . . . . : ernie
               Primary Dns Suffix  . . . . . . . : globecastne.com
               Node Type . . . . . . . . . . . . : Unknown
               IP Routing Enabled. . . . . . . . : Yes
               WINS Proxy Enabled. . . . . . . . : Yes
               DNS Suffix Search List. . . . . . : globecastne.com
            
            Ethernet adapter Globecastne:
            
               Connection-specific DNS Suffix  . : globecastne.com
               Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
               Physical Address. . . . . . . . . : 00-11-43-E6-42-6F
               DHCP Enabled. . . . . . . . . . . : No
               IP Address. . . . . . . . . . . . : 10.0.0.7
               Subnet Mask . . . . . . . . . . . : 255.255.255.0
               Default Gateway . . . . . . . . . : 10.0.0.250
               DNS Servers . . . . . . . . . . . : 10.0.0.7
               Primary WINS Server . . . . . . . : 10.0.0.7
               Secondary WINS Server . . . . . . : 10.1.0.3
            Ipconfig on fozzie showed this
            Code:
            P:\>ipconfig /all
            
            Windows IP Configuration
            
               Host Name . . . . . . . . . . . . : fozzie
               Primary Dns Suffix  . . . . . . . : globecastne.com
               Node Type . . . . . . . . . . . . : Unknown
               IP Routing Enabled. . . . . . . . : Yes
               WINS Proxy Enabled. . . . . . . . : Yes
               DNS Suffix Search List. . . . . . : globecastne.com
            
            Ethernet adapter Globecastne:
            
               Connection-specific DNS Suffix  . : globecastne.com
               Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
               Physical Address. . . . . . . . . : 00-11-43-E6-43-5F
               DHCP Enabled. . . . . . . . . . . : No
               IP Address. . . . . . . . . . . . : 10.1.0.3
               Subnet Mask . . . . . . . . . . . : 255.255.255.0
               Default Gateway . . . . . . . . . : 10.1.0.250
               DNS Servers . . . . . . . . . . . : 10.0.0.7
               Primary WINS Server . . . . . . . : 10.1.0.3
               Secondary WINS Server . . . . . . : 10.0.0.7
            Remote registry on both machines, the server is on the domain, times are synch'ed to the second, subnets & sites are defined. The Active Directory database is checked, compressed and in good healthy working order, yet I still can't get the server to join as a secondary domain controller.

            Still very stuck...
            Last edited by kibble; 6th September 2005, 12:03.

            Comment


            • #7
              Re: Active Directory could not create the NTDS Settings object for this domain controller

              Why there Node Type . . . . . . . . . . . . : Unknown in each server IP settings?!
              Please review my lasy post
              Best Regards,

              Yuval Sinay

              LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

              Comment


              • #8
                Re: Active Directory could not create the NTDS Settings object for this domain controller

                > Why there Node Type . . . . . . . . . . . . : Unknown in each server IP settings?!

                I'm not sure how that would prevent a DC promotion? How would that work?

                The ip config looks fine otherwise. If you have excluded the network issues we mentioned, my money is still on the metadata cleanup. It is easy to make a mistake there.

                Long shot: check the permissions on the site container, they might be wrong and explain this issue:

                CN=Servers,CN=Brookmans-Park,CN=Sites,CN=Configuration,DC=globecastne,DC=c om

                Comment


                • #9
                  Re: Active Directory could not create the NTDS Settings object for this domain contro

                  hello

                  you should take a netmon trace when you try to make the dcpromo

                  and analyze it!

                  we can identify a lot of issues like even the issue is not networking.

                  cheers
                  Mig

                  Comment

                  Working...
                  X