Announcement

Collapse
No announcement yet.

fsmo roles problem

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • fsmo roles problem

    Hello,

    I have a new network with some problems.
    I dont know the history so all I can do is look at the current problems.

    The situation:
    3 DC who are also GC.
    lets call them server1, server2, server3.
    server 1 and server2 also have exchange installed.
    server1 and server2 I can locate physically and I can also ping them.
    server3 i cannot locate physically or ping.

    Server1 should be the main Server. Server2 is only up because there's an app on it thats still used.
    There is no need to have AD or exchange on server2.

    A strange thing I notice.
    If I check the FSMO roles on server1:
    All roles except the domain naming master are for Server1
    server 2 has the domain naming master role.
    So I try transfering the role to Server1 (in the AD domains and trusts)
    But there I get the message that the current domain name master is offline and I cannot transfer the role.

    If I check the FSMO roles on server2:
    Server1 has: schema owner, RID Pool Manager
    Server2 has: domain role owner, PDC role, infrastructure owner
    If I try to transfer here it says:
    Rid:error on the operation masters
    schema master is server1 but it says server1 is offline

    extra info:
    Server1 has the DHCP and DNS role active. clients get server1 as DNS
    Server2 also has the dns role but the DNS service is disabled.

    Anyone can help me out here?
    How can I bring all FSMO roles to Server1 and safely take out server 2 concerning AD and exchange?

    Thanks!
    Last edited by bazzr; 5th March 2015, 23:39.

  • #2
    Re: fsmo roles problem

    The first thing I would do would be to re-enable the DNS service on server 2.

    Then make sure that each server points at it's partner server for primary DNs and itself for secondary DNS.

    Then I would run the Domain Controller and DNS server Best Practice Analyzers on each server.

    Post the results of those here.

    Comment


    • #3
      Re: fsmo roles problem

      Hi thanks for the help.
      It took me some time but there are 50 people working on this system so I try to be very careful during the week.

      So dns server on server2 is up and running now.
      dns servers point to each other as primary and to itselves as secondary.

      What I found:

      server1
      DNS: all compliant
      AD:
      error
      -This domain controller must advertise itself as PDC for the domain
      warning
      -the schema master and domain naming master role should be owned by the same domain controller in the forest

      in the AD event viewer I get a lot of:
      1864 error: this directory server has not recently received replication information...
      2092 warnings "this server is owner of following fsmo roles but does not consider it valid..)
      1925 warning: attempt to establish a replication link...failed
      the 1925 error concerns the Server3 which I cannot find or ping.
      2093 warning poinint to server2: remote server which is owner of a fsmo role is not responding..

      besides that in the system viewer
      al lot of errors:
      event 3, 4, 11 concerning security-kerberos
      5774, netlogon: the dynamic registration of the dns record.... failed on server2 dns server


      server2 is a 2003 (sbs) version so no bpa available
      dns events:
      4515: xxxx.local is loaded from MicrosoftDNS but another version of this zone has been found inDomain DnsZones.xxxx.local

      ad events
      1864 NTDS Replication not working
      2092 and 2093: concerning not being able to contact certain FSMO roles
      1308 NTDS KCC replication with server1 failed..access denied
      error 474 : verification databasepage from C:\WINDOWS\NTDS\ntds has failed

      system event:
      event 4 and 27 concerning kerberos issues
      error 3097: this computer is configured to be primary DC but server1 thinks it is nos primary DC

      So a lot of issues.

      Any advice?
      thanks!
      Last edited by bazzr; 7th March 2015, 14:38.

      Comment


      • #4
        Re: fsmo roles problem

        From memory, I believe SBS needs to have all the FSMO Roles because it likes to be the boss of everything. I haven't played with SBS for around 7 years but if you are going to pull SBS 2003 out of the network then you might like to tell us exactly the Domain composition and what you are trying to transition it to.

        If you remove SBS 2003 without the correct migration procedure then you will have a mess. Click image for larger version

Name:	shithittingfan.gif
Views:	6
Size:	18.9 KB
ID:	466983

        There are others who can better advise you on what to do depending on your plans or what is required. Provide lots of info and ask questions.
        1 1 was a racehorse.
        2 2 was 1 2.
        1 1 1 1 race 1 day,
        2 2 1 1 2

        Comment


        • #5
          Re: fsmo roles problem

          Well I would like the server1(server 2008 ) to have all the FSMO roles.
          Take out server2 (SBS2003).

          But there's is some problem with transfering the roles.
          Seems like they dont 'see' each other.

          Since its a working environment I dont want to take any risks.
          So any advice on how to proceed would be very welcome.
          Thanks!

          Comment


          • #6
            Re: fsmo roles problem

            Migrate SBS 2003 to Server 2008

            What version of Exchange are you running on Server1?
            Do you want to keep it?
            The setup with SBS2003 and a separate Exchange Server sounds like a big bloody mess to inherit.
            1 1 was a racehorse.
            2 2 was 1 2.
            1 1 1 1 race 1 day,
            2 2 1 1 2

            Comment


            • #7
              Re: fsmo roles problem

              Server1 is a server 2008 with exchange 2010(14.01.0438.000)
              Server2 is an sbs2003 with exchange 6.5.7638.1

              Yes I want to keep the server2008r2 with exchange, AD, DNS, DHCP and File Server role on it.

              I want to shutdown and remove the SBS. I think it is not even supposed to be running with another DC in the domain. So I want to get rid of it as quick as possible.

              Yes idd..a mess

              Comment


              • #8
                Re: fsmo roles problem

                SBS can run with additional servers, and additional domain controllers, as long as it holds the FSMOs

                Read and digest the previously posted link on removing SBS from the domain, then follow it.
                Tom Jones
                MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                PhD, MSc, FIAP, MIITT
                IT Trainer / Consultant
                Ossian Ltd
                Scotland

                ** Remember to give credit where credit is due and leave reputation points where appropriate **

                Comment


                • #9
                  Re: fsmo roles problem

                  Well I tried to do the standard migration before I posted this.
                  But I get errors about the SBS not having all the FSMO roles.

                  First one when I try to install the SBS service pack.

                  Comment


                  • #10
                    Re: fsmo roles problem

                    So transfer the FSMOs from the other DC to the SBS (note do not seize the FSMOs unless they belong to a completely non-existent DC)
                    Tom Jones
                    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                    PhD, MSc, FIAP, MIITT
                    IT Trainer / Consultant
                    Ossian Ltd
                    Scotland

                    ** Remember to give credit where credit is due and leave reputation points where appropriate **

                    Comment

                    Working...
                    X