Old operational master still thinks it is the "one"
- by Doug
Hi there,
I have a domain with 3 AD servers for now i'll just call them:
AD01 (Win 2008 GC, Operations master)
AD02 (Win 2008 GC)
AD03 (Win 2003 GC)
A couple of months there was some hardware issues with AD01 so the operations master, PDC and Infrastructure Master was moved to AD02. All machines where on while this was happening.
AD01 (Win 2008 GC)
AD02 (Win 2008 GC, Operations master)
AD03 (Win 2003 GC)
AD01 was then shutdown for a month. Upon starting this machine up with replaced hardware (NIC and RAID card) i now have a weird problem.
AD01 Thinks it is operations master still in AD on the local box
AD02 & AD03 Thinks AD02 is operations master in AD on both boxes
When running DCDIAG on AD01 i get a number of issues (listed below)
When running "dcdiag /test:advertising" on AD01:
Doing primary tests
Testing server: Default-First-Site-Name\AD01
Starting test: Advertising
Warning: DsGetDcName returned information for \\ad02.domain.local, when
we were trying to reach AD01.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... AD01 failed test Advertising
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : domain
Running enterprise tests on : domain.local
When running "dcdiag" on AD01 i get the following errors (excerpt of the Final output):
Testing server: Default-First-Site-Name\AD01
Starting test: Advertising
Warning: DsGetDcName returned information for \\ad02.domain.local, when
we were trying to reach AD01.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... AD01 failed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=domain,DC=local
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=domain,DC=local
Starting test: Replications
[Replications Check,Replications Check] Inbound replication is
disabled.
To correct, run "repadmin /options AD01 -DISABLE_INBOUND_REPL"
[Replications Check,AD01] Outbound replication is disabled.
To correct, run "repadmin /options AD01 -DISABLE_OUTBOUND_REPL"
So the problem appeasr to be that when i moved the operations master, AD01 never got the memo, and now that it's started up, all the other AD servers don't think its the boss anymore when it trys to replicate etc. So i really need to manually update AD01 so that it knows who the operations master, instrastructure and PDC is - but i'm not having any luck
I've been googling for nearly a day and all solutions lead to "the cake is a lie"
Your ninja skills will be greatly appreciated
