No announcement yet.

Event ID 1837: attempt to transfer operation master failed

  • Filter
  • Time
  • Show
Clear All
new posts

  • Event ID 1837: attempt to transfer operation master failed


    We use a class C network for testing purposes, the first domain controller (DC1) was set to IP, before DC promo, the controller was set to point to itself in the preferred DNS settings. After DC promo, the server held all five FSMO roles and had its own DNS zone.
    After DC promo, all logs looked fine, we did testing by setting up computers, printers, and other basic domain necessities. Each client was set up to point to DC1 as itís preferred, no secondary DNS server was added. DC1 forwarders were set to our organizationís public DNS. All worked well, we then added a second domain controller (DC2) IP, itís preferred DNS was set to DC1, run the DC promo, ensure everything synchronized fine, checked all long for any inconsistencies, after deciding all was well, set DC2 to point to itself for preferred DNS, as it was set up as a DNS server, added secondary dns on all clients as (DC2). Forwarders and other domain information was added successfully through replication so I did not have to change or update any additional settings.

    Next tested the transfer of FSMO roles from DC1 to DC2, I log into DC2 with my administrator credentials, connect to DC1 and using the GUI transfer all five roles without a problem, the pull not push concept. I should mention that since both servers are in the same forests, same domain, both were turned on as Global Catalogs. All 5 FSMO roles were transferred without a problem, confirmed by the netdom function. Perform a few more tests, all looks well, so now I decide to transfer the FSMO roles back to DC1 using ntdsutil. I log into DC1, connect to DC1 through ndtsutil and start transferring all of my roles. The first four roles went without a problem, until I get to the naming master, when I get the error that DC2 could not be reached.

    At this point I am completely baffled as all replication across the domain is fine, so I go back and issue a forest-wide synchronization, still no luck. I know both servers are connected, I go into DC1 and add DC2 as its secondary DNS server, force a forest wire replication and still no luck. Went away, thought about it for a few days, tried again both ndtsutil and GUI, still no luck. I was at the point where I wanted to seize the naming master role, and re-format DC2. Then got the idea that if no communication can be established with the second server maybe my DNS records could be corrupted.

    Next, I go into the DNS tab and create a custom AAA record to point to DC2, so any time there is a call to DC2.mylocaldomain.local, that will be associated with IP, go back to NDTSutil and the naming master transfer works fine.

    Did I do something wrong on the initial set up which could have caused my DNS records to be corrupted, or point to a different server?

    Why would the other four roles transfer fine, while no connection could be established for the naming master?

    Is there a preferred order in which the roles should be transferred?

    Shouldnít the two servers have their DNS synchronized? My logs indicated all replication was fine.

    Should I go and look at something specific in DC2, I still have it as I did not have seize the naming master role.

    This was a great disaster/recovery lesson, could it be that more work needs to be dome on 2008, that event ID is not mentioned widely on the web, even Microsoftís own tech resource web site has no info on this event.

    Thanks for all the wisdom