Announcement

Collapse
No announcement yet.

The directory service was unable to allocate a relative identifier

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • The directory service was unable to allocate a relative identifier

    Hello guys and girls,

    I tried to join a workstation to a domain and it gave me the "The directory service was unable to allocate a relative identifier"

    Now I have tried to create a new user in the domain and it gives me the same error message.

    The setup:
    1x Windows 2003 Domain Controller (DC + DHCP + DNS + Print Server + File Server)
    1x Windows 2003 Exchange Server

    Previous to this setup it used to be the same but it was a Windows 2000 environment which was migrated to the new Windows 2003 setup.
    The migration was done following the MS articles of moving FSO's and so forth.

    When the migration was done the old servers were left on for 3 months and then switched off after that, the old servers are no longer available on the site.

    The setup has been on purely 2k3 for around a year now and have not experienced any big problems.

    Some useful info:
    DCDIAG output:
    ---------------------

    Domain Controller Diagnosis
    Performing initial setup:
    Done gathering initial info.
    Doing initial required tests

    Testing server: Default-First-Site-Name\BF-DC
    Starting test: Connectivity
    ......................... BF-DC passed test Connectivity
    Doing primary tests

    Testing server: Default-First-Site-Name\BF-DC
    Starting test: Replications
    [Replications Check,BF-DC] A recent replication attempt failed:
    From BFMAIN to BF-DC
    Naming Context: CN=Schema,CN=Configuration,DC=company,DC=co,DC=uk
    The replication generated an error (8524):
    The DSA operation is unable to proceed because of a DNS lookup failure.
    The failure occurred at 2011-04-05 23:49:40.
    The last success occurred at 2008-09-15 00:29:12.
    22242 failures have occurred since the last success.
    The guid-based DNS name f723ee2b-03b5-4990-97de-5c0ff9f343d2._msdcs.company.co.uk
    is not registered on one or more DNS servers.
    [BFMAIN] DsBindWithSpnEx() failed with error 1722,
    The RPC server is unavailable..
    [Replications Check,BF-DC] A recent replication attempt failed:
    From BFMAIN to BF-DC
    Naming Context: CN=Configuration,DC=company,DC=co,DC=uk
    The replication generated an error (8524):
    The DSA operation is unable to proceed because of a DNS lookup failure.
    The failure occurred at 2011-04-05 23:48:37.
    The last success occurred at 2008-09-15 00:41:28.
    23759 failures have occurred since the last success.
    The guid-based DNS name f723ee2b-03b5-4990-97de-5c0ff9f343d2._msdcs.company.co.uk
    is not registered on one or more DNS servers.
    [Replications Check,BF-DC] A recent replication attempt failed:
    From BFMAIN to BF-DC
    Naming Context: DC=company,DC=co,DC=uk
    The replication generated an error (8524):
    The DSA operation is unable to proceed because of a DNS lookup failure.
    The failure occurred at 2011-04-05 23:47:35.
    The last success occurred at 2008-09-15 00:31:01.
    22548 failures have occurred since the last success.
    The guid-based DNS name f723ee2b-03b5-4990-97de-5c0ff9f343d2._msdcs.company.co.uk
    is not registered on one or more DNS servers.
    REPLICATION-RECEIVED LATENCY WARNING
    BF-DC: Current time is 2011-04-06 00:34:25.
    CN=Schema,CN=Configuration,DC=company,DC=co,DC=uk
    Last replication recieved from BFMAIN at 2008-09-15 00:29:12.
    WARNING: This latency is over the Tombstone Lifetime of 60 days!
    CN=Configuration,DC=company,DC=co,DC=uk
    Last replication recieved from BFMAIN at 2008-09-15 00:41:28.
    WARNING: This latency is over the Tombstone Lifetime of 60 days!
    DC=company,DC=co,DC=uk
    Last replication recieved from BFMAIN at 2008-09-15 00:31:01.
    WARNING: This latency is over the Tombstone Lifetime of 60 days!
    ......................... BF-DC passed test Replications
    Starting test: NCSecDesc
    ......................... BF-DC passed test NCSecDesc
    Starting test: NetLogons
    ......................... BF-DC passed test NetLogons
    Starting test: Advertising
    ......................... BF-DC passed test Advertising
    Starting test: KnowsOfRoleHolders
    ......................... BF-DC passed test KnowsOfRoleHolders
    Starting test: RidManager
    The DS has corrupt data: rIDPreviousAllocationPool value is not valid
    No rids allocated -- please check eventlog.
    ......................... BF-DC failed test RidManager
    Starting test: MachineAccount
    ......................... BF-DC passed test MachineAccount
    Starting test: Services
    ......................... BF-DC passed test Services
    Starting test: ObjectsReplicated
    ......................... BF-DC passed test ObjectsReplicated
    Starting test: frssysvol
    ......................... BF-DC passed test frssysvol
    Starting test: frsevent
    There are warning or error events within the last 24 hours after the
    SYSVOL has been shared. Failing SYSVOL replication problems may cause
    Group Policy problems.
    ......................... BF-DC failed test frsevent
    Starting test: kccevent
    ......................... BF-DC passed test kccevent
    Starting test: systemlog
    An Error Event occured. EventID: 0xC00003EA
    Time Generated: 04/05/2011 23:45:34
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0x0000410B
    Time Generated: 04/05/2011 23:47:23
    Event String: The request for a new account-identifier pool
    An Error Event occured. EventID: 0xC0000073
    Time Generated: 04/05/2011 23:47:51
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC0001B5B
    Time Generated: 04/05/2011 23:48:20
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0x00000423
    Time Generated: 04/05/2011 23:48:37
    Event String: The DHCP service failed to see a directory server
    An Error Event occured. EventID: 0xC0000036
    Time Generated: 04/05/2011 23:48:48
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC0000036
    Time Generated: 04/05/2011 23:48:48
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0x00000423
    Time Generated: 04/05/2011 23:49:01
    Event String: The DHCP service failed to see a directory server
    ......................... BF-DC failed test systemlog
    Starting test: VerifyReferences
    ......................... BF-DC passed test VerifyReferences

    Running partition tests on : ForestDnsZones
    Starting test: CrossRefValidation
    ......................... ForestDnsZones passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... ForestDnsZones passed test CheckSDRefDom

    Running partition tests on : DomainDnsZones
    Starting test: CrossRefValidation
    ......................... DomainDnsZones passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... DomainDnsZones passed test CheckSDRefDom

    Running partition tests on : Schema
    Starting test: CrossRefValidation
    ......................... Schema passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... Schema passed test CheckSDRefDom

    Running partition tests on : Configuration
    Starting test: CrossRefValidation
    ......................... Configuration passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... Configuration passed test CheckSDRefDom

    Running partition tests on : company
    Starting test: CrossRefValidation
    ......................... company passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... company passed test CheckSDRefDom

    Running enterprise tests on : company.co.uk
    Starting test: Intersite
    ......................... company.co.uk passed test Intersite
    Starting test: FsmoCheck
    ......................... company.co.uk passed test FsmoCheck




    I hope you are able to help, looking forward to ideas on how to resolve this.
    Most of the information I have found (specially on the MS site) mainly advises to seize the RID role and so forth, but kinda afraid of doing this.

    Im able to provide remote access to the server if needed be (if there are people here that are kind enough to help remotely )
    Blog: smoothblog.co.uk

  • #2
    Re: The directory service was unable to allocate a relative identifier

    Check which server holds the RIDMaster FSMO role and confirm all DCs can access it
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: The directory service was unable to allocate a relative identifier

      Originally posted by Ossian View Post
      Check which server holds the RIDMaster FSMO role and confirm all DCs can access it
      Cheers, The records show that it is the RIDMASTER and FSO Master.
      It is after all the only DC on the network.
      Unless I am not checking it right, what method would you use?
      I just did it through the AD msc
      Blog: smoothblog.co.uk

      Comment


      • #4
        Re: The directory service was unable to allocate a relative identifier

        Definitely something wrong with your FSMO roles.

        Has this server always just existed by itself ? Is it SBS?

        do the correct _msdcs and other resource records exist in your dns console ?\

        you've told us you only have one DC, but your dcdiag output clearly shows replication attempts. I would try a metadatacleanup, and seizing the FSMO roles (even if it thinks it already has them)
        Last edited by tehcamel; 7th April 2011, 14:27.

        sigpic


        Please do show your appreciation to those who assist you by leaving Rep Point

        Comment


        • #5
          Re: The directory service was unable to allocate a relative identifier

          Based on your dcdiag output, that might just be one of many problems you may have there.
          I suspect is due to incorrectly restoring procedures of the ad database in the past or transfer/seizure of the fsmo roles.

          Check the directory services and DNS events and post what's logged there that can be relevant.
          Caesar's cipher - 3

          ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

          SFX JNRS FC U6 MNGR

          Comment

          Working...
          X