Error Joining Domain

[Rashid]

Error Joining Domain

I have set up a server as a Disaster Recovery Machine. I
did an Ntback up of the System state data our live Domain
Controller (one that runs all the primary roles), and then
did a restore on a test machine that I set up on a
completely separate/isolated.
On successful completion of the restore the test AD
machine was behaving fine apparently, however when I
attempt to connect another server to this domain via
Dcpromo I get the following error:

"Error Joining Domain
The operation failed because:
The attempt to join this computer to the --- domain failed.
The directory service was unable to allocate a relative
identifier".

Is this message indicative of a more fundamental issue
with the domain controller, is there any areas I need to
look into to aid troubleshooting this problem?

 

[Eric Fleischman [MSFT]]

Hello,

Can you tell us about this environment?
What service pack is it at? Is it a single dc or multiple in the dr
environment? Does it hold the FSMO roles or no? How many machines were in
the production environment?

My bet is that this is init sync, but let me know the answers to the
questions above and I'll let you know for sure.

~Eric

 

[Rashid]

Hello Eric,

Thank you very much for your respone.
The Server that I have restored System State to in the
test environment is at Service Pack 4.
In the live environment it is part of a multiple DC
environment (one other domain controller has been deployed
in that environment), however this machine was the first
Domain Controller and has kept all the roles.

The machine I am trying to connect to this domain as an
additional domain controller also is running Service Pack
4. In the production environment there were about 80
machines (windows 2000 workstations, servers and MACs).

Regards

Rashid

-----Original Message-----
Hello,

Can you tell us about this environment?
What service pack is it at? Is it a single dc or multiple in the dr
environment? Does it hold the FSMO roles or no? How many machines were in
the production environment?

My bet is that this is init sync, but let me know the answers to the
questions above and I'll let you know for sure.

~Eric

--
Eric Fleischman [MSFT]
Directory Services
This posting is provided "AS IS" with no warranties, and confers no rights.

Error Joining Domain

I have set up a server as a Disaster Recovery Machine. I
did an Ntback up of the System state data our live Domain
Controller (one that runs all the primary roles), and then
did a restore on a test machine that I set up on a
completely separate/isolated.
On successful completion of the restore the test AD
machine was behaving fine apparently, however when I
attempt to connect another server to this domain via
Dcpromo I get the following error:

"Error Joining Domain
The operation failed because:
The attempt to join this computer to the --- domain failed.
The directory service was unable to allocate a relative
identifier".

Is this message indicative of a more fundamental issue
with the domain controller, is there any areas I need to
look into to aid troubleshooting this problem?

.

 

[Eric Fleischman [MSFT]]

Yea, this is init sync.
There is a safeguard in AD whereby we can't use anything that typically is
serviced by a FSMO role until replication has taken place with a replica
partner post-reboot. The idea is, if we were down for a whlie and now just
came back, maybe someone seized a fsmo role while we were down. If we do an
inbound replication first, then we'll hear about it and not continue to do
fsmo-tasks and possibly cause a colision (overlapping schema, duplicate
rid's, duplidate domain names, etc)

In a test environment like this, the way around it would be to either
restore at least two dc's that replicate with one another, or metadata clean
up the other DC(s) in the environment, then delete the connection objects
from this dc (aka whack the co's in the ntds container under the dc)

~Eric

--
Eric Fleischman [MSFT]
Directory Services
This posting is provided "AS IS" with no warranties, and confers no rights

Hello Eric,

Thank you very much for your respone.
The Server that I have restored System State to in the
test environment is at Service Pack 4.
In the live environment it is part of a multiple DC
environment (one other domain controller has been deployed
in that environment), however this machine was the first
Domain Controller and has kept all the roles.

The machine I am trying to connect to this domain as an
additional domain controller also is running Service Pack
4. In the production environment there were about 80
machines (windows 2000 workstations, servers and MACs).

Regards

Rashid

-----Original Message-----
Hello,

Can you tell us about this environment?
What service pack is it at? Is it a single dc or multiple in the dr
environment? Does it hold the FSMO roles or no? How many machines were in
the production environment?

My bet is that this is init sync, but let me know the answers to the
questions above and I'll let you know for sure.

~Eric

--
Eric Fleischman [MSFT]
Directory Services
This posting is provided "AS IS" with no warranties, and confers no rights.

Error Joining Domain

I have set up a server as a Disaster Recovery Machine. I
did an Ntback up of the System state data our live Domain
Controller (one that runs all the primary roles), and then
did a restore on a test machine that I set up on a
completely separate/isolated.
On successful completion of the restore the test AD
machine was behaving fine apparently, however when I
attempt to connect another server to this domain via
Dcpromo I get the following error:

"Error Joining Domain
The operation failed because:
The attempt to join this computer to the --- domain failed.
The directory service was unable to allocate a relative
identifier".

Is this message indicative of a more fundamental issue
with the domain controller, is there any areas I need to
look into to aid troubleshooting this problem?

.

 

[Rashid]

Hi Eric,

Thank you very much, it worked, your'e a star!!!

-----Original Message-----
Yea, this is init sync.
There is a safeguard in AD whereby we can't use anything that typically is
serviced by a FSMO role until replication has taken place with a replica
partner post-reboot. The idea is, if we were down for a whlie and now just
came back, maybe someone seized a fsmo role while we were down. If we do an
inbound replication first, then we'll hear about it and not continue to do
fsmo-tasks and possibly cause a colision (overlapping schema, duplicate
rid's, duplidate domain names, etc)

In a test environment like this, the way around it would be to either
restore at least two dc's that replicate with one another, or metadata clean
up the other DC(s) in the environment, then delete the connection objects
from this dc (aka whack the co's in the ntds container under the dc)

~Eric

--
Eric Fleischman [MSFT]
Directory Services
This posting is provided "AS IS" with no warranties, and confers no rights

Hello Eric,

Thank you very much for your respone.
The Server that I have restored System State to in the
test environment is at Service Pack 4.
In the live environment it is part of a multiple DC
environment (one other domain controller has been deployed
in that environment), however this machine was the first
Domain Controller and has kept all the roles.

The machine I am trying to connect to this domain as an
additional domain controller also is running Service Pack
4. In the production environment there were about 80
machines (windows 2000 workstations, servers and MACs).

Regards

Rashid



multiple
in the dr many
machines were in and
confers no rights.

.

 

[Eric Fleischman [MSFT]]

Glad it is working.
I'd swear there is a KB on this, but I can't find it. I just sent mail to
the kb 'folk to see if I'm crazy. If there is one I'll post it back. So, if
you're interested to see if I find one, check back on this thread in a few
days after the appropriate hw is done.

~Eric

--
Eric Fleischman [MSFT]
Directory Services
This posting is provided "AS IS" with no warranties, and confers no rights

Hi Eric,

Thank you very much, it worked, your'e a star!!!

-----Original Message-----
Yea, this is init sync.
There is a safeguard in AD whereby we can't use anything that typically is
serviced by a FSMO role until replication has taken place with a replica
partner post-reboot. The idea is, if we were down for a whlie and now just
came back, maybe someone seized a fsmo role while we were down. If we do an
inbound replication first, then we'll hear about it and not continue to do
fsmo-tasks and possibly cause a colision (overlapping schema, duplicate
rid's, duplidate domain names, etc)

In a test environment like this, the way around it would be to either
restore at least two dc's that replicate with one another, or metadata clean
up the other DC(s) in the environment, then delete the connection objects
from this dc (aka whack the co's in the ntds container under the dc)

~Eric

--
Eric Fleischman [MSFT]
Directory Services
This posting is provided "AS IS" with no warranties, and confers no rights

Hello Eric,

Thank you very much for your respone.
The Server that I have restored System State to in the
test environment is at Service Pack 4.
In the live environment it is part of a multiple DC
environment (one other domain controller has been deployed
in that environment), however this machine was the first
Domain Controller and has kept all the roles.

The machine I am trying to connect to this domain as an
additional domain controller also is running Service Pack
4. In the production environment there were about 80
machines (windows 2000 workstations, servers and MACs).

Regards

Rashid




-----Original Message-----
Hello,

Can you tell us about this environment?
What service pack is it at? Is it a single dc or multiple
in the dr
environment? Does it hold the FSMO roles or no? How many
machines were in
the production environment?

My bet is that this is init sync, but let me know the
answers to the
questions above and I'll let you know for sure.

~Eric

--
Eric Fleischman [MSFT]
Directory Services
This posting is provided "AS IS" with no warranties, and
confers no rights.



Error Joining Domain

I have set up a server as a Disaster Recovery Machine. I
did an Ntback up of the System state data our live
Domain
Controller (one that runs all the primary roles), and
then
did a restore on a test machine that I set up on a
completely separate/isolated.
On successful completion of the restore the test AD
machine was behaving fine apparently, however when I
attempt to connect another server to this domain via
Dcpromo I get the following error:

"Error Joining Domain
The operation failed because:
The attempt to join this computer to the --- domain
failed.
The directory service was unable to allocate a relative
identifier".

Is this message indicative of a more fundamental issue
with the domain controller, is there any areas I need to
look into to aid troubleshooting this problem?





.

.

 

[Eric Fleischman [MSFT]]

BTW: I should have mentioned....
After doing this you do *NOT* want to bring this box back into production.
When done playing in test, blow the box away.

~Eric

--
Eric Fleischman [MSFT]
Directory Services
This posting is provided "AS IS" with no warranties, and confers no rights

Glad it is working.
I'd swear there is a KB on this, but I can't find it. I just sent mail to
the kb 'folk to see if I'm crazy. If there is one I'll post it back. So, if
you're interested to see if I find one, check back on this thread in a few
days after the appropriate hw is done.

~Eric

--
Eric Fleischman [MSFT]
Directory Services
This posting is provided "AS IS" with no warranties, and confers no rights

Hi Eric,

Thank you very much, it worked, your'e a star!!!

-----Original Message-----
Yea, this is init sync.
There is a safeguard in AD whereby we can't use anything that typically is
serviced by a FSMO role until replication has taken place with a replica
partner post-reboot. The idea is, if we were down for a whlie and now just
came back, maybe someone seized a fsmo role while we were down. If we do an
inbound replication first, then we'll hear about it and not continue to do
fsmo-tasks and possibly cause a colision (overlapping schema, duplicate
rid's, duplidate domain names, etc)

In a test environment like this, the way around it would be to either
restore at least two dc's that replicate with one another, or metadata clean
up the other DC(s) in the environment, then delete the connection objects
from this dc (aka whack the co's in the ntds container under the dc)

~Eric

--
Eric Fleischman [MSFT]
Directory Services
This posting is provided "AS IS" with no warranties, and confers no rights


Hello Eric,

Thank you very much for your respone.
The Server that I have restored System State to in the
test environment is at Service Pack 4.
In the live environment it is part of a multiple DC
environment (one other domain controller has been deployed
in that environment), however this machine was the first
Domain Controller and has kept all the roles.

The machine I am trying to connect to this domain as an
additional domain controller also is running Service Pack
4. In the production environment there were about 80
machines (windows 2000 workstations, servers and MACs).

Regards

Rashid




-----Original Message-----
Hello,

Can you tell us about this environment?
What service pack is it at? Is it a single dc or multiple
in the dr
environment? Does it hold the FSMO roles or no? How many
machines were in
the production environment?

My bet is that this is init sync, but let me know the
answers to the
questions above and I'll let you know for sure.

~Eric

--
Eric Fleischman [MSFT]
Directory Services
This posting is provided "AS IS" with no warranties, and
confers no rights.



Error Joining Domain

I have set up a server as a Disaster Recovery Machine. I
did an Ntback up of the System state data our live
Domain
Controller (one that runs all the primary roles), and
then
did a restore on a test machine that I set up on a
completely separate/isolated.
On successful completion of the restore the test AD
machine was behaving fine apparently, however when I
attempt to connect another server to this domain via
Dcpromo I get the following error:

"Error Joining Domain
The operation failed because:
The attempt to join this computer to the --- domain
failed.
The directory service was unable to allocate a relative
identifier".

Is this message indicative of a more fundamental issue
with the domain controller, is there any areas I need to
look into to aid troubleshooting this problem?





.



.