Sign in with
Sign up | Sign in
Your question

dcpromo failure, don’t know how to get replication working

Last response: in Windows 2000/NT
Share
March 17, 2005 4:26:32 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

i have 2 DCs on my network, OCP and OCP2. i have only one domain in
my forest. i want to demote the second one (OCP2), but dcpromo is not
working. i get the following error: "The operation failed because:
The Directory Service failed to replicate off changes made locally.
’The DSA operation is unable to proceed because of a DNS lookup
failure.’" i’ve read that i could do a /forceremoval but that it is
only a last resort, so i’d like to see if i can remedy this without
forcing removal.

in http://support.microsoft.com/kb/332199 MS states "Microsoft
Windows 2000 or Microsoft Windows Server 2003 domain controllers may
not gracefully demote by using the Active Directory Installation
Wizard (Dcpromo.exe). CAUSE: This behavior may occur if a required
dependency or operation fails. These include network connectivity,
name resolution, authentication, Active Directory directory service
replication, or the location of a critical object in Active
Directory."

i know that replication is NOT working. i made policy changes a few
weeks ago, and any workstation that pulls its policies from OCP2 does
not get the most recent changes. i can also tell by comparing the
"registry.pol" files. on OCP, the file is 4,856 bytes and dated
3/4/05. on OCP2, the file is 4,216 and dated 2/17/05. however, when
i view the group policy on both machines through an MMC, they are the
same. i don’t know how to fix this.

how do i get these machines in sync with each other?

on a side note, i have verified that OCP is the global catalog server,
domain naming master, pdc emulator, rid master and infrastructure
master. i do not know how to verify if it is the schema master before
i demote OCP2.

how do i verify that the DC i am not trying to demote is not the
schema master?

thank you for any and all help. i’ve been fighting with this for
weeks now.

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Active-Directory-dcpromo-f...
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1083753
Anonymous
March 17, 2005 10:48:15 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hello,
This seems to be a DNS issue.
Ensure all clients/servers and domain controllers within your domain has
there TCP/IP DNS Servers, set to the server hosting dns for your active
directory, it should be one of the domain controllers. Use nslookup to
troubleshooting name resolution. e.g nslookup domainname.com, ensure a DC
answers. as well try e.g ocp.domainname.com , verify you get the name
resolved successfully

The FSMO roles should transfer automatically during demote, this can
operation may fail some times, how ever it dosen't seems to be related in
your case.
--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips

"thecheat" <UseLinkToEmail@WindowsForumz.com> skrev i meddelandet
news:3_1083753_1477de87fdae5c2ee9220118b66a01ab@windowsforumz.com...
>i have 2 DCs on my network, OCP and OCP2. i have only one domain in
> my forest. i want to demote the second one (OCP2), but dcpromo is not
> working. i get the following error: "The operation failed because:
> The Directory Service failed to replicate off changes made locally.
> 'The DSA operation is unable to proceed because of a DNS lookup
> failure.'" i've read that i could do a /forceremoval but that it is
> only a last resort, so i'd like to see if i can remedy this without
> forcing removal.
>
> in http://support.microsoft.com/kb/332199 MS states "Microsoft
> Windows 2000 or Microsoft Windows Server 2003 domain controllers may
> not gracefully demote by using the Active Directory Installation
> Wizard (Dcpromo.exe). CAUSE: This behavior may occur if a required
> dependency or operation fails. These include network connectivity,
> name resolution, authentication, Active Directory directory service
> replication, or the location of a critical object in Active
> Directory."
>
> i know that replication is NOT working. i made policy changes a few
> weeks ago, and any workstation that pulls its policies from OCP2 does
> not get the most recent changes. i can also tell by comparing the
> "registry.pol" files. on OCP, the file is 4,856 bytes and dated
> 3/4/05. on OCP2, the file is 4,216 and dated 2/17/05. however, when
> i view the group policy on both machines through an MMC, they are the
> same. i don't know how to fix this.
>
> how do i get these machines in sync with each other?
>
> on a side note, i have verified that OCP is the global catalog server,
> domain naming master, pdc emulator, rid master and infrastructure
> master. i do not know how to verify if it is the schema master before
> i demote OCP2.
>
> how do i verify that the DC i am not trying to demote is not the
> schema master?
>
> thank you for any and all help. i've been fighting with this for
> weeks now.
>
> --
> Posted using the http://www.windowsforumz.com interface, at author's
> request
> Articles individually checked for conformance to usenet standards
> Topic URL:
> http://www.windowsforumz.com/Active-Directory-dcpromo-f...
> Visit Topic URL to contact author (reg. req'd). Report abuse:
> http://www.windowsforumz.com/eform.php?p=1083753
March 17, 2005 10:48:16 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"Chriss3 MVP" wrote:
> Hello,
> This seems to be a DNS issue.
> Ensure all clients/servers and domain controllers within your
> domain has
> there TCP/IP DNS Servers, set to the server hosting dns for
> your active
> directory, it should be one of the domain controllers. Use
> nslookup to
> troubleshooting name resolution. e.g nslookup domainname.com,
> ensure a DC
> answers. as well try e.g ocp.domainname.com , verify you get
> the name
> resolved successfully
>
> The FSMO roles should transfer automatically during demote,
> this can
> operation may fail some times, how ever it dosen't seems to be
> related in
> your case.
> --
> Regards
> Christoffer Andersson
> Microsoft MVP - Directory Services
>
> No email replies please - reply in the newsgroup
> ------------------------------------------------
> http://www.chrisse.se - Active Directory Tips
>
> "thecheat" <UseLinkToEmail@WindowsForumz.com> skrev i
> meddelandet
> news:3_1083753_1477de87fdae5c2ee9220118b66a01ab@windowsforumz.com...
> >i have 2 DCs on my network, OCP and OCP2. i have only one
> domain in
> > my forest. i want to demote the second one (OCP2), but
> dcpromo is not
> > working. i get the following error: "The operation failed
> because:
> > The Directory Service failed to replicate off changes made
> locally.
> > 'The DSA operation is unable to proceed because of a DNS
> lookup
> > failure.'" i've read that i could do a /forceremoval but
> that it is
> > only a last resort, so i'd like to see if i can remedy this
> without
> > forcing removal.
> >
> > in http://support.microsoft.com/kb/332199 MS states "Microsoft
> > Windows 2000 or Microsoft Windows Server 2003 domain
> controllers may
> > not gracefully demote by using the Active Directory
> Installation
> > Wizard (Dcpromo.exe). CAUSE: This behavior may occur if a
> required
> > dependency or operation fails. These include network
> connectivity,
> > name resolution, authentication, Active Directory directory
> service
> > replication, or the location of a critical object in Active
> > Directory."
> >
> > i know that replication is NOT working. i made policy
> changes a few
> > weeks ago, and any workstation that pulls its policies from
> OCP2 does
> > not get the most recent changes. i can also tell by
> comparing the
> > "registry.pol" files. on OCP, the file is 4,856 bytes and
> dated
> > 3/4/05. on OCP2, the file is 4,216 and dated 2/17/05.
> however, when
> > i view the group policy on both machines through an MMC,
> they are the
> > same. i don't know how to fix this.
> >
> > how do i get these machines in sync with each other?
> >
> > on a side note, i have verified that OCP is the global
> catalog server,
> > domain naming master, pdc emulator, rid master and
> infrastructure
> > master. i do not know how to verify if it is the schema
> master before
> > i demote OCP2.
> >
> > how do i verify that the DC i am not trying to demote is not
> the
> > schema master?
> >
> > thank you for any and all help. i've been fighting with
> this for
> > weeks now.
> >
> > --
> > Posted using the http://www.windowsforumz.com interface, at author's
> > request
> > Articles individually checked for conformance to usenet
> standards
> > Topic URL:
> > http://www.windowsforumz.com/Active-Directory-dcpromo-f...
> > Visit Topic URL to contact author (reg. req'd). Report
> abuse:
> > http://www.windowsforumz.com/eform.php?p=1083753

thank you for the help.

i currently have all workstations, and OCP2 (the problem DC), pointed
to OCP for DNS (192.168.1.44).

every computer except OCP (the DNS server) is set up as follows:
preferred DNS: 192.168.1.44 (OCP)
alternate DNS: 199.2.252.10 (Sprint)

OCP (the DNS server) is set up as follows:
preferred DNS: 199.2.252.10 (Sprint)
alternate DNS: 60.something (another internet DNS address)

would you say that i have these configured correctly?

i also meant to say earlier that i am getting the following error in
the event log on OCP

Event Type: Error
Event Source: NtFrs
Event Category: None
Event ID: 13555
Date: 1/24/2005
Time: 8:08:24 AM
User: N/A
Computer: OCP
Description:
The File Replication Service is in an error state.

lastly, here is a screenshot of DNS in MMC on OCP. also, i am using
forwarders on OCP.

http://sadchild.cjb.net/dns.jpg
Related resources
Anonymous
March 17, 2005 10:48:17 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

All DCs and workstations should point to internal DNS servers only, so
preferred set as 192.168.1.44. OCP should point to itself as well and
configured to forward requests to your ISP dns server. So when clients need
to resolve a name to an ip address internally, the dns server would handle
that resolution. Name resolution for hosts outside (Internet), the queries
would be forwarded to the ISP. It would be a good idea to have a second dns
server setup for fault tolerance purposes.

hth,
Chris

"thecheat" <DoNotEmail@WindowsForumz.com> wrote in message
news:3_1084101_7a4b31524b54387b9431298735843a30@windowsforumz.com...
> "Chriss3 MVP" wrote:
> > Hello,
> > This seems to be a DNS issue.
> > Ensure all clients/servers and domain controllers within your
> > domain has
> > there TCP/IP DNS Servers, set to the server hosting dns for
> > your active
> > directory, it should be one of the domain controllers. Use
> > nslookup to
> > troubleshooting name resolution. e.g nslookup domainname.com,
> > ensure a DC
> > answers. as well try e.g ocp.domainname.com , verify you get
> > the name
> > resolved successfully
> >
> > The FSMO roles should transfer automatically during demote,
> > this can
> > operation may fail some times, how ever it dosen't seems to be
> > related in
> > your case.
> > --
> > Regards
> > Christoffer Andersson
> > Microsoft MVP - Directory Services
> >
> > No email replies please - reply in the newsgroup
> > ------------------------------------------------
> > http://www.chrisse.se - Active Directory Tips
> >
> > "thecheat" <UseLinkToEmail@WindowsForumz.com> skrev i
> > meddelandet
> > news:3_1083753_1477de87fdae5c2ee9220118b66a01ab@windowsforumz.com...
> > >i have 2 DCs on my network, OCP and OCP2. i have only one
> > domain in
> > > my forest. i want to demote the second one (OCP2), but
> > dcpromo is not
> > > working. i get the following error: "The operation failed
> > because:
> > > The Directory Service failed to replicate off changes made
> > locally.
> > > 'The DSA operation is unable to proceed because of a DNS
> > lookup
> > > failure.'" i've read that i could do a /forceremoval but
> > that it is
> > > only a last resort, so i'd like to see if i can remedy this
> > without
> > > forcing removal.
> > >
> > > in http://support.microsoft.com/kb/332199 MS states "Microsoft
> > > Windows 2000 or Microsoft Windows Server 2003 domain
> > controllers may
> > > not gracefully demote by using the Active Directory
> > Installation
> > > Wizard (Dcpromo.exe). CAUSE: This behavior may occur if a
> > required
> > > dependency or operation fails. These include network
> > connectivity,
> > > name resolution, authentication, Active Directory directory
> > service
> > > replication, or the location of a critical object in Active
> > > Directory."
> > >
> > > i know that replication is NOT working. i made policy
> > changes a few
> > > weeks ago, and any workstation that pulls its policies from
> > OCP2 does
> > > not get the most recent changes. i can also tell by
> > comparing the
> > > "registry.pol" files. on OCP, the file is 4,856 bytes and
> > dated
> > > 3/4/05. on OCP2, the file is 4,216 and dated 2/17/05.
> > however, when
> > > i view the group policy on both machines through an MMC,
> > they are the
> > > same. i don't know how to fix this.
> > >
> > > how do i get these machines in sync with each other?
> > >
> > > on a side note, i have verified that OCP is the global
> > catalog server,
> > > domain naming master, pdc emulator, rid master and
> > infrastructure
> > > master. i do not know how to verify if it is the schema
> > master before
> > > i demote OCP2.
> > >
> > > how do i verify that the DC i am not trying to demote is not
> > the
> > > schema master?
> > >
> > > thank you for any and all help. i've been fighting with
> > this for
> > > weeks now.
> > >
> > > --
> > > Posted using the http://www.windowsforumz.com interface, at author's
> > > request
> > > Articles individually checked for conformance to usenet
> > standards
> > > Topic URL:
> > >
http://www.windowsforumz.com/Active-Directory-dcpromo-f...
> > > Visit Topic URL to contact author (reg. req'd). Report
> > abuse:
> > > http://www.windowsforumz.com/eform.php?p=1083753
>
> thank you for the help.
>
> i currently have all workstations, and OCP2 (the problem DC), pointed
> to OCP for DNS (192.168.1.44).
>
> every computer except OCP (the DNS server) is set up as follows:
> preferred DNS: 192.168.1.44 (OCP)
> alternate DNS: 199.2.252.10 (Sprint)
>
> OCP (the DNS server) is set up as follows:
> preferred DNS: 199.2.252.10 (Sprint)
> alternate DNS: 60.something (another internet DNS address)
>
> would you say that i have these configured correctly?
>
> i also meant to say earlier that i am getting the following error in
> the event log on OCP
>
> Event Type: Error
> Event Source: NtFrs
> Event Category: None
> Event ID: 13555
> Date: 1/24/2005
> Time: 8:08:24 AM
> User: N/A
> Computer: OCP
> Description:
> The File Replication Service is in an error state.
>
> lastly, here is a screenshot of DNS in MMC on OCP. also, i am using
> forwarders on OCP.
>
> http://sadchild.cjb.net/dns.jpg
March 18, 2005 2:54:55 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"C Hall" wrote:
> All DCs and workstations should point to internal DNS servers
> only, so
> preferred set as 192.168.1.44. OCP should point to itself as
> well and
> configured to forward requests to your ISP dns server. So when
> clients need
> to resolve a name to an ip address internally, the dns server
> would handle
> that resolution. Name resolution for hosts outside (Internet),
> the queries
> would be forwarded to the ISP. It would be a good idea to have
> a second dns
> server setup for fault tolerance purposes.
>
> hth,
> Chris
>
> "thecheat" <DoNotEmail@WindowsForumz.com> wrote in message
> news:3_1084101_7a4b31524b54387b9431298735843a30@windowsforumz.com...
> > "Chriss3 MVP" wrote:
>  > > Hello,
>  > > This seems to be a DNS issue.
>  > > Ensure all clients/servers and domain controllers
> within your
>  > > domain has
>  > > there TCP/IP DNS Servers, set to the server hosting
> dns for
>  > > your active
>  > > directory, it should be one of the domain
> controllers. Use
>  > > nslookup to
>  > > troubleshooting name resolution. e.g nslookup
> domainname.com,
>  > > ensure a DC
>  > > answers. as well try e.g ocp.domainname.com ,
> verify you get
>  > > the name
>  > > resolved successfully
>  > >
>  > > The FSMO roles should transfer automatically during
> demote,
>  > > this can
>  > > operation may fail some times, how ever it dosen't
> seems to be
>  > > related in
>  > > your case.
>  > > --
>  > > Regards
>  > > Christoffer Andersson
>  > > Microsoft MVP - Directory Services
>  > >
>  > > No email replies please - reply in the newsgroup
>  > > ------------------------------------------------
>  > > http://www.chrisse.se - Active Directory Tips
>  > >
>  > > "thecheat" <UseLinkToEmail@WindowsForumz.com>
> skrev i
>  > > meddelandet
>  > >
> news:3_1083753_1477de87fdae5c2ee9220118b66a01ab@windowsforumz.com...
>   > > >i have 2 DCs on my network, OCP and OCP2. i
> have only one
>  > > domain in
>   > > > my forest. i want to demote the second one
> (OCP2), but
>  > > dcpromo is not
>   > > > working. i get the following error: "The
> operation failed
>  > > because:
>   > > > The Directory Service failed to replicate
> off changes made
>  > > locally.
>   > > > 'The DSA operation is unable to proceed
> because of a DNS
>  > > lookup
>   > > > failure.'" i've read that i could do a
> /forceremoval but
>  > > that it is
>   > > > only a last resort, so i'd like to see if i
> can remedy this
>  > > without
>   > > > forcing removal.
>   > > >
>   > > > in http://support.microsoft.com/kb/332199
> MS states "Microsoft
>   > > > Windows 2000 or Microsoft Windows Server
> 2003 domain
>  > > controllers may
>   > > > not gracefully demote by using the Active
> Directory
>  > > Installation
>   > > > Wizard (Dcpromo.exe). CAUSE: This behavior
> may occur if a
>  > > required
>   > > > dependency or operation fails. These
> include network
>  > > connectivity,
>   > > > name resolution, authentication, Active
> Directory directory
>  > > service
>   > > > replication, or the location of a critical
> object in Active
>   > > > Directory."
>   > > >
>   > > > i know that replication is NOT working. i
> made policy
>  > > changes a few
>   > > > weeks ago, and any workstation that pulls
> its policies from
>  > > OCP2 does
>   > > > not get the most recent changes. i can
> also tell by
>  > > comparing the
>   > > > "registry.pol" files. on OCP, the file is
> 4,856 bytes and
>  > > dated
>   > > > 3/4/05. on OCP2, the file is 4,216 and
> dated 2/17/05.
>  > > however, when
>   > > > i view the group policy on both machines
> through an MMC,
>  > > they are the
>   > > > same. i don't know how to fix this.
>   > > >
>   > > > how do i get these machines in sync with
> each other?
>   > > >
>   > > > on a side note, i have verified that OCP is
> the global
>  > > catalog server,
>   > > > domain naming master, pdc emulator, rid
> master and
>  > > infrastructure
>   > > > master. i do not know how to verify if it
> is the schema
>  > > master before
>   > > > i demote OCP2.
>   > > >
>   > > > how do i verify that the DC i am not trying
> to demote is not
>  > > the
>   > > > schema master?
>   > > >
>   > > > thank you for any and all help. i've been
> fighting with
>  > > this for
>   > > > weeks now.
>   > > >
>   > > > --
>   > > > Posted using the
> http://www.windowsforumz.com interface, at author's
>   > > > request
>   > > > Articles individually checked for
> conformance to usenet
>  > > standards
>   > > > Topic URL:
>   > > >
> http://www.windowsforumz.com/Active-Directory-dcpromo-f...
>   > > > Visit Topic URL to contact author (reg.
> req'd). Report
>  > > abuse:
>   > > >
> http://www.windowsforumz.com/eform.php?p=1083753
> >
> > thank you for the help.
> >
> > i currently have all workstations, and OCP2 (the problem
> DC), pointed
> > to OCP for DNS (192.168.1.44).
> >
> > every computer except OCP (the DNS server) is set up as
> follows:
> > preferred DNS: 192.168.1.44 (OCP)
> > alternate DNS: 199.2.252.10 (Sprint)
> >
> > OCP (the DNS server) is set up as follows:
> > preferred DNS: 199.2.252.10 (Sprint)
> > alternate DNS: 60.something (another internet DNS address)
> >
> > would you say that i have these configured correctly?
> >
> > i also meant to say earlier that i am getting the following
> error in
> > the event log on OCP
> >
> > Event Type: Error
> > Event Source: NtFrs
> > Event Category: None
> > Event ID: 13555
> > Date: 1/24/2005
> > Time: 8:08:24 AM
> > User: N/A
> > Computer: OCP
> > Description:
> > The File Replication Service is in an error state.
> >
> > lastly, here is a screenshot of DNS in MMC on OCP. also, i
> am using
> > forwarders on OCP.
> >
> > http://sadchild.cjb.net/dns.jpg

thank you very much. that seems to have been the problem. i set
OCP’s preferred DNS to itself, and then OCP2 demoted itself without
problem!

/tip CHall $10

i have another question.

you can see in the screenshot below that even though OCP2 is no longer
in the Domain Controllers OU, it is still listed as a server in ’sites
and services’. i did notice that the ’NTDS settings’
sub-......."thing" is no longer there under OCP2 anymore, just under
OCP. (sub-folder? sub-item? sub-setting?)

my question is should i manually delete this, will it go away on its
own or should i let it stay there?

http://home.comcast.net/~ingoldsby/ocp2lingers.jpg
Anonymous
March 18, 2005 4:14:15 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Glad that helped.
Good luck,
Chris

"thecheat" <DoNotEmail@WindowsForumz.com> wrote in message
news:3_1085590_c845142d39bdf38565aba91cf6ad1885@windowsforumz.com...
> "C Hall" wrote:
> > All DCs and workstations should point to internal DNS servers
> > only, so
> > preferred set as 192.168.1.44. OCP should point to itself as
> > well and
> > configured to forward requests to your ISP dns server. So when
> > clients need
> > to resolve a name to an ip address internally, the dns server
> > would handle
> > that resolution. Name resolution for hosts outside (Internet),
> > the queries
> > would be forwarded to the ISP. It would be a good idea to have
> > a second dns
> > server setup for fault tolerance purposes.
> >
> > hth,
> > Chris
> >
> > "thecheat" <DoNotEmail@WindowsForumz.com> wrote in message
> > news:3_1084101_7a4b31524b54387b9431298735843a30@windowsforumz.com...
> > > "Chriss3 MVP" wrote:
> >  > > Hello,
> >  > > This seems to be a DNS issue.
> >  > > Ensure all clients/servers and domain controllers
> > within your
> >  > > domain has
> >  > > there TCP/IP DNS Servers, set to the server hosting
> > dns for
> >  > > your active
> >  > > directory, it should be one of the domain
> > controllers. Use
> >  > > nslookup to
> >  > > troubleshooting name resolution. e.g nslookup
> > domainname.com,
> >  > > ensure a DC
> >  > > answers. as well try e.g ocp.domainname.com ,
> > verify you get
> >  > > the name
> >  > > resolved successfully
> >  > >
> >  > > The FSMO roles should transfer automatically during
> > demote,
> >  > > this can
> >  > > operation may fail some times, how ever it dosen't
> > seems to be
> >  > > related in
> >  > > your case.
> >  > > --
> >  > > Regards
> >  > > Christoffer Andersson
> >  > > Microsoft MVP - Directory Services
> >  > >
> >  > > No email replies please - reply in the newsgroup
> >  > > ------------------------------------------------
> >  > > http://www.chrisse.se - Active Directory Tips
> >  > >
> >  > > "thecheat" <UseLinkToEmail@WindowsForumz.com>
> > skrev i
> >  > > meddelandet
> >  > >
> > news:3_1083753_1477de87fdae5c2ee9220118b66a01ab@windowsforumz.com...
> >   > > >i have 2 DCs on my network, OCP and OCP2. i
> > have only one
> >  > > domain in
> >   > > > my forest. i want to demote the second one
> > (OCP2), but
> >  > > dcpromo is not
> >   > > > working. i get the following error: "The
> > operation failed
> >  > > because:
> >   > > > The Directory Service failed to replicate
> > off changes made
> >  > > locally.
> >   > > > 'The DSA operation is unable to proceed
> > because of a DNS
> >  > > lookup
> >   > > > failure.'" i've read that i could do a
> > /forceremoval but
> >  > > that it is
> >   > > > only a last resort, so i'd like to see if i
> > can remedy this
> >  > > without
> >   > > > forcing removal.
> >   > > >
> >   > > > in http://support.microsoft.com/kb/332199
> > MS states "Microsoft
> >   > > > Windows 2000 or Microsoft Windows Server
> > 2003 domain
> >  > > controllers may
> >   > > > not gracefully demote by using the Active
> > Directory
> >  > > Installation
> >   > > > Wizard (Dcpromo.exe). CAUSE: This behavior
> > may occur if a
> >  > > required
> >   > > > dependency or operation fails. These
> > include network
> >  > > connectivity,
> >   > > > name resolution, authentication, Active
> > Directory directory
> >  > > service
> >   > > > replication, or the location of a critical
> > object in Active
> >   > > > Directory."
> >   > > >
> >   > > > i know that replication is NOT working. i
> > made policy
> >  > > changes a few
> >   > > > weeks ago, and any workstation that pulls
> > its policies from
> >  > > OCP2 does
> >   > > > not get the most recent changes. i can
> > also tell by
> >  > > comparing the
> >   > > > "registry.pol" files. on OCP, the file is
> > 4,856 bytes and
> >  > > dated
> >   > > > 3/4/05. on OCP2, the file is 4,216 and
> > dated 2/17/05.
> >  > > however, when
> >   > > > i view the group policy on both machines
> > through an MMC,
> >  > > they are the
> >   > > > same. i don't know how to fix this.
> >   > > >
> >   > > > how do i get these machines in sync with
> > each other?
> >   > > >
> >   > > > on a side note, i have verified that OCP is
> > the global
> >  > > catalog server,
> >   > > > domain naming master, pdc emulator, rid
> > master and
> >  > > infrastructure
> >   > > > master. i do not know how to verify if it
> > is the schema
> >  > > master before
> >   > > > i demote OCP2.
> >   > > >
> >   > > > how do i verify that the DC i am not trying
> > to demote is not
> >  > > the
> >   > > > schema master?
> >   > > >
> >   > > > thank you for any and all help. i've been
> > fighting with
> >  > > this for
> >   > > > weeks now.
> >   > > >
> >   > > > --
> >   > > > Posted using the
> > http://www.windowsforumz.com interface, at author's
> >   > > > request
> >   > > > Articles individually checked for
> > conformance to usenet
> >  > > standards
> >   > > > Topic URL:
> >   > > >
> >
http://www.windowsforumz.com/Active-Directory-dcpromo-f...
> >   > > > Visit Topic URL to contact author (reg.
> > req'd). Report
> >  > > abuse:
> >   > > >
> > http://www.windowsforumz.com/eform.php?p=1083753
> > >
> > > thank you for the help.
> > >
> > > i currently have all workstations, and OCP2 (the problem
> > DC), pointed
> > > to OCP for DNS (192.168.1.44).
> > >
> > > every computer except OCP (the DNS server) is set up as
> > follows:
> > > preferred DNS: 192.168.1.44 (OCP)
> > > alternate DNS: 199.2.252.10 (Sprint)
> > >
> > > OCP (the DNS server) is set up as follows:
> > > preferred DNS: 199.2.252.10 (Sprint)
> > > alternate DNS: 60.something (another internet DNS address)
> > >
> > > would you say that i have these configured correctly?
> > >
> > > i also meant to say earlier that i am getting the following
> > error in
> > > the event log on OCP
> > >
> > > Event Type: Error
> > > Event Source: NtFrs
> > > Event Category: None
> > > Event ID: 13555
> > > Date: 1/24/2005
> > > Time: 8:08:24 AM
> > > User: N/A
> > > Computer: OCP
> > > Description:
> > > The File Replication Service is in an error state.
> > >
> > > lastly, here is a screenshot of DNS in MMC on OCP. also, i
> > am using
> > > forwarders on OCP.
> > >
> > > http://sadchild.cjb.net/dns.jpg
>
> thank you very much. that seems to have been the problem. i set
> OCP's preferred DNS to itself, and then OCP2 demoted itself without
> problem!
>
> /tip CHall $10
>
> i have another question.
>
> you can see in the screenshot below that even though OCP2 is no longer
> in the Domain Controllers OU, it is still listed as a server in 'sites
> and services'. i did notice that the 'NTDS settings'
> sub-......."thing" is no longer there under OCP2 anymore, just under
> OCP. (sub-folder? sub-item? sub-setting?)
>
> my question is should i manually delete this, will it go away on its
> own or should i let it stay there?
>
> http://home.comcast.net/~ingoldsby/ocp2lingers.jpg
March 18, 2005 7:23:54 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"C Hall" wrote:
> Glad that helped.
> Good luck,
> Chris
>
> "thecheat" <DoNotEmail@WindowsForumz.com> wrote in message
> news:3_1085590_c845142d39bdf38565aba91cf6ad1885@windowsforumz.com...
> > "C Hall" wrote:
>  > > All DCs and workstations should point to internal
> DNS servers
>  > > only, so
>  > > preferred set as 192.168.1.44. OCP should point to
> itself as
>  > > well and
>  > > configured to forward requests to your ISP dns
> server. So when
>  > > clients need
>  > > to resolve a name to an ip address internally, the
> dns server
>  > > would handle
>  > > that resolution. Name resolution for hosts outside
> (Internet),
>  > > the queries
>  > > would be forwarded to the ISP. It would be a good
> idea to have
>  > > a second dns
>  > > server setup for fault tolerance purposes.
>  > >
>  > > hth,
>  > > Chris
>  > >
>  > > "thecheat" <DoNotEmail@WindowsForumz.com>
> wrote in message
>  > >
> news:3_1084101_7a4b31524b54387b9431298735843a30@windowsforumz.com...
>   > > > "Chriss3 MVP" wrote:
>  > >  > > Hello,
>  > >  > > This seems to be a DNS issue.
>  > >  > > Ensure all clients/servers and
> domain controllers
>  > > within your
>  > >  > > domain has
>  > >  > > there TCP/IP DNS Servers, set to
> the server hosting
>  > > dns for
>  > >  > > your active
>  > >  > > directory, it should be one of the
> domain
>  > > controllers. Use
>  > >  > > nslookup to
>  > >  > > troubleshooting name resolution.
> e.g nslookup
>  > > domainname.com,
>  > >  > > ensure a DC
>  > >  > > answers. as well try e.g
> ocp.domainname.com ,
>  > > verify you get
>  > >  > > the name
>  > >  > > resolved successfully
>  > >  > >
>  > >  > > The FSMO roles should transfer
> automatically during
>  > > demote,
>  > >  > > this can
>  > >  > > operation may fail some times, how
> ever it dosen't
>  > > seems to be
>  > >  > > related in
>  > >  > > your case.
>  > >  > > --
>  > >  > > Regards
>  > >  > > Christoffer Andersson
>  > >  > > Microsoft MVP - Directory Services
>  > >  > >
>  > >  > > No email replies please - reply in
> the newsgroup
>  > >  > >
> ------------------------------------------------
>  > >  > > http://www.chrisse.se - Active
> Directory Tips
>  > >  > >
>  > >  > > "thecheat"
> <UseLinkToEmail@WindowsForumz.com>
>  > > skrev i
>  > >  > > meddelandet
>  > >  > >
>  > >
> news:3_1083753_1477de87fdae5c2ee9220118b66a01ab@windowsforumz.com...
>  > >   > > >i have 2 DCs on my
> network, OCP and OCP2. i
>  > > have only one
>  > >  > > domain in
>  > >   > > > my forest. i want to
> demote the second one
>  > > (OCP2), but
>  > >  > > dcpromo is not
>  > >   > > > working. i get the
> following error: "The
>  > > operation failed
>  > >  > > because:
>  > >   > > > The Directory Service
> failed to replicate
>  > > off changes made
>  > >  > > locally.
>  > >   > > > 'The DSA operation is
> unable to proceed
>  > > because of a DNS
>  > >  > > lookup
>  > >   > > > failure.'" i've read
> that i could do a
>  > > /forceremoval but
>  > >  > > that it is
>  > >   > > > only a last resort, so
> i'd like to see if i
>  > > can remedy this
>  > >  > > without
>  > >   > > > forcing removal.
>  > >   > > >
>  > >   > > > in
> http://support.microsoft.com/kb/332199
>  > > MS states "Microsoft
>  > >   > > > Windows 2000 or
> Microsoft Windows Server
>  > > 2003 domain
>  > >  > > controllers may
>  > >   > > > not gracefully demote
> by using the Active
>  > > Directory
>  > >  > > Installation
>  > >   > > > Wizard (Dcpromo.exe).
> CAUSE: This behavior
>  > > may occur if a
>  > >  > > required
>  > >   > > > dependency or operation
> fails. These
>  > > include network
>  > >  > > connectivity,
>  > >   > > > name resolution,
> authentication, Active
>  > > Directory directory
>  > >  > > service
>  > >   > > > replication, or the
> location of a critical
>  > > object in Active
>  > >   > > > Directory."
>  > >   > > >
>  > >   > > > i know that replication
> is NOT working. i
>  > > made policy
>  > >  > > changes a few
>  > >   > > > weeks ago, and any
> workstation that pulls
>  > > its policies from
>  > >  > > OCP2 does
>  > >   > > > not get the most recent
> changes. i can
>  > > also tell by
>  > >  > > comparing the
>  > >   > > > "registry.pol" files.
> on OCP, the file is
>  > > 4,856 bytes and
>  > >  > > dated
>  > >   > > > 3/4/05. on OCP2, the
> file is 4,216 and
>  > > dated 2/17/05.
>  > >  > > however, when
>  > >   > > > i view the group policy
> on both machines
>  > > through an MMC,
>  > >  > > they are the
>  > >   > > > same. i don't know how
> to fix this.
>  > >   > > >
>  > >   > > > how do i get these
> machines in sync with
>  > > each other?
>  > >   > > >
>  > >   > > > on a side note, i have
> verified that OCP is
>  > > the global
>  > >  > > catalog server,
>  > >   > > > domain naming master,
> pdc emulator, rid
>  > > master and
>  > >  > > infrastructure
>  > >   > > > master. i do not know
> how to verify if it
>  > > is the schema
>  > >  > > master before
>  > >   > > > i demote OCP2.
>  > >   > > >
>  > >   > > > how do i verify that
> the DC i am not trying
>  > > to demote is not
>  > >  > > the
>  > >   > > > schema master?
>  > >   > > >
>  > >   > > > thank you for any and
> all help. i've been
>  > > fighting with
>  > >  > > this for
>  > >   > > > weeks now.
>  > >   > > >
>  > >   > > > --
>  > >   > > > Posted using the
>  > > http://www.windowsforumz.com interface, at author's
>  > >   > > > request
>  > >   > > > Articles individually
> checked for
>  > > conformance to usenet
>  > >  > > standards
>  > >   > > > Topic URL:
>  > >   > > >
>  > >
> http://www.windowsforumz.com/Active-Directory-dcpromo-f...
>  > >   > > > Visit Topic URL to
> contact author (reg.
>  > > req'd). Report
>  > >  > > abuse:
>  > >   > > >
>  > > http://www.windowsforumz.com/eform.php?p=1083753
>   > > >
>   > > > thank you for the help.
>   > > >
>   > > > i currently have all workstations, and OCP2
> (the problem
>  > > DC), pointed
>   > > > to OCP for DNS (192.168.1.44).
>   > > >
>   > > > every computer except OCP (the DNS server)
> is set up as
>  > > follows:
>   > > > preferred DNS: 192.168.1.44 (OCP)
>   > > > alternate DNS: 199.2.252.10 (Sprint)
>   > > >
>   > > > OCP (the DNS server) is set up as follows:
>   > > > preferred DNS: 199.2.252.10 (Sprint)
>   > > > alternate DNS: 60.something (another
> internet DNS address)
>   > > >
>   > > > would you say that i have these configured
> correctly?
>   > > >
>   > > > i also meant to say earlier that i am
> getting the following
>  > > error in
>   > > > the event log on OCP
>   > > >
>   > > > Event Type: Error
>   > > > Event Source: NtFrs
>   > > > Event Category: None
>   > > > Event ID: 13555
>   > > > Date: 1/24/2005
>   > > > Time: 8:08:24 AM
>   > > > User: N/A
>   > > > Computer: OCP
>   > > > Description:
>   > > > The File Replication Service is in an error
> state.
>   > > >
>   > > > lastly, here is a screenshot of DNS in MMC
> on OCP. also, i
>  > > am using
>   > > > forwarders on OCP.
>   > > >
>   > > > http://sadchild.cjb.net/dns.jpg
> >
> > thank you very much. that seems to have been the problem.
> i set
> > OCP's preferred DNS to itself, and then OCP2 demoted itself
> without
> > problem!
> >
> > /tip CHall $10
> >
> > i have another question.
> >
> > you can see in the screenshot below that even though OCP2 is
> no longer
> > in the Domain Controllers OU, it is still listed as a server
> in 'sites
> > and services'. i did notice that the 'NTDS settings'
> > sub-......."thing" is no longer there under OCP2 anymore,
> just under
> > OCP. (sub-folder? sub-item? sub-setting?)
> >
> > my question is should i manually delete this, will it go
> away on its
> > own or should i let it stay there?
> >
> > http://home.comcast.net/~ingoldsby/ocp2lingers.jpg

does anybody have any insight to my question right above my screenshot
in my last post? "should i manually delete this, will it go away on
its own or should i let it stay there?"

also, someone else on a different forum asked the following question
in the same thread i posted my original question:

Is my problem the same???
Hi,
I have a windows 2000 server which is a DC. I have set up an
additional PC with Windows 2000 server. I have ran DCPROMO and made it
an additional DC. I have also made it an additional global catalog.
When I turn off the original DC server however and leave the
additional DC pc on and try to access users and computers on the PC I
get the following error message:
Naming information cannot be located because: The specified domain
either does not exist or could not be contacted.
What can I do to allow me to access AD when the original DC is
switched off
Is this the same problem? Should I point the DNS on the additional
server to point to itself?

this is where that question was posted if anybody has an answer for
this other person:
http://www.techsupportforum.com/showthread.php?t=44342
Anonymous
March 21, 2005 1:44:40 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

See this article:
http://support.microsoft.com/Default.aspx?kbid=216364

> > > http://home.comcast.net/~ingoldsby/ocp2lingers.jpg
>
> does anybody have any insight to my question right above my screenshot
> in my last post? "should i manually delete this, will it go away on
> its own or should i let it stay there?"
>
> also, someone else on a different forum asked the following question
> in the same thread i posted my original question:
>
> Is my problem the same???

It's a bit confusing to bring in another post....are you needing just the
question above answered or do you have other issues? If you have a seperate
issue than the one above, you would probably be best served to start a new
thread.


> Hi,
> I have a windows 2000 server which is a DC. I have set up an
> additional PC with Windows 2000 server. I have ran DCPROMO and made it
> an additional DC. I have also made it an additional global catalog.
> When I turn off the original DC server however and leave the
> additional DC pc on and try to access users and computers on the PC I
> get the following error message:
> Naming information cannot be located because: The specified domain
> either does not exist or could not be contacted.
> What can I do to allow me to access AD when the original DC is
> switched off
> Is this the same problem? Should I point the DNS on the additional
> server to point to itself?
>
> this is where that question was posted if anybody has an answer for
> this other person:
> http://www.techsupportforum.com/showthread.php?t=44342
March 21, 2005 7:14:06 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"C Hall" wrote:
>See this article:
>http://support.microsoft.com/Default.aspx?kbid=216364
>

thank you, that cleared it all up for me.

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Active-Directory-dcpromo-f...
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1091706
Anonymous
March 21, 2005 7:36:41 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Glad that helped.
"thecheat" <UseLinkToEmail@WindowsForumz.com> wrote in message
news:3_1091706_4bee84e1498992716b43e71d65253779@windowsforumz.com...
> "C Hall" wrote:
> >See this article:
> >http://support.microsoft.com/Default.aspx?kbid=216364
> >
>
> thank you, that cleared it all up for me.
>
> --
> Posted using the http://www.windowsforumz.com interface, at author's
request
> Articles individually checked for conformance to usenet standards
> Topic URL:
http://www.windowsforumz.com/Active-Directory-dcpromo-f...
> Visit Topic URL to contact author (reg. req'd). Report abuse:
http://www.windowsforumz.com/eform.php?p=1091706
!