FSMO - Event 16650

  • Thread starter Thread starter rmota
  • Start date Start date
R

rmota

I had to redo my 1º DC, it was not possible to recover the
backup of the system state, he was removed one day before
DC to present problems, but in the recovery it presented
problems, then I redid the server, with the same
configurations, now it is constantly presenting the
mistake 16650 (SAM) and sells the boletin Microsoft
248410, I verified that in the event "Directory Service"
doesn't present replicação mistake, the boletin still
suggests alterations in "Domain Controller Security
Policy" happens that when opening this function the
following mistake he/she appears, " Faild to open the
group policy object, you may not have appropriate rights,
in the same mistake also has the following
message "Details - The specified domain either not exit
or coult not be contacted. when this DC was OK, this
function worked, I verified FSMO and GC, and the 5 eat +
GC are turning in DC that I have just redone, that
actually was 1st DC created, and I changed the paper "
infrastruture for another server, but the mistake
continues, and the function that I mentioned above
continues disabled, if they have faced similar problem,
tell me some clues.

tanks
rmota
 
When the #1 dc "crashed" was it removed from AD via ntdsutil doing a
metadata cleanup from the other dc before #1 was re-installed, brought back
on line, and made a dc again?
216498 HOW TO: Remove Data in Active Directory After an Unsuccessful Domain
http://support.microsoft.com/?id=216498
Were any fsmo roles that it held when it crashed, seized to the other dc as
well before it came back;
255504 Using Ntdsutil.exe to Seize or Transfer FSMO Roles to a Domain
Controller
http://support.microsoft.com/?id=255504
The rid master error in that 16650 can often also be corrected by moving the
role to the machine complaining about not being able to find it, or another
dc in the domain.
Was dns moved to the second dc or was it already running on that machine or
another one?
Are you still able to ping your domain name (fqdn) and all dc's by dns name
and get replies from all?

I'm not clear about the steps you took after #1 dc crashed, and what was
done to both it and the second dc, and the order in which they were done
(very important). If #1 wasn't correctly cleaned up before it was brought
back into the domain (especially if the same name was used), dns not
functioning ok, any fsmo roles #1 may have had not seized to the second dc
first, etc it will cause problems and we need to be clear on what steps were
taken during this process.
If you run "netdom query fsmo" it will tell you who holds the fsmo roles,
but if the #1 dc held some earlier, and was brought back with the same name
and then seized them back, don't know which one AD is looking for (#1old or
#1new).
#1 may need to be demoted again, things cleared up, and then re-promoted
again, but it will help if you can let us know all of the steps taken during
the problem.

--
David Brandt
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.
I had to redo my 1º DC, it was not possible to recover the
backup of the system state, he was removed one day before
DC to present problems, but in the recovery it presented
problems, then I redid the server, with the same
configurations, now it is constantly presenting the
mistake 16650 (SAM) and sells the boletin Microsoft
248410, I verified that in the event "Directory Service"
doesn't present replicação mistake, the boletin still
suggests alterations in "Domain Controller Security
Policy" happens that when opening this function the
following mistake he/she appears, " Faild to open the
group policy object, you may not have appropriate rights,
in the same mistake also has the following
message "Details - The specified domain either not exit
or coult not be contacted. when this DC was OK, this
function worked, I verified FSMO and GC, and the 5 eat +
GC are turning in DC that I have just redone, that
actually was 1st DC created, and I changed the paper "
infrastruture for another server, but the mistake
continues, and the function that I mentioned above
continues disabled, if they have faced similar problem,
tell me some clues.

tanks
rmota
 
-----Original Message-----
When the #1 dc "crashed" was it removed from AD via ntdsutil doing a
metadata cleanup from the other dc before #1 was re- installed, brought back
on line, and made a dc again?
216498 HOW TO: Remove Data in Active Directory After an Unsuccessful Domain
http://support.microsoft.com/?id=216498
Were any fsmo roles that it held when it crashed, seized to the other dc as
well before it came back;
255504 Using Ntdsutil.exe to Seize or Transfer FSMO Roles to a Domain
Controller
http://support.microsoft.com/?id=255504
The rid master error in that 16650 can often also be corrected by moving the
role to the machine complaining about not being able to find it, or another
dc in the domain.
Was dns moved to the second dc or was it already running on that machine or
another one?
Are you still able to ping your domain name (fqdn) and all dc's by dns name
and get replies from all?

I'm not clear about the steps you took after #1 dc crashed, and what was
done to both it and the second dc, and the order in which they were done
(very important). If #1 wasn't correctly cleaned up before it was brought
back into the domain (especially if the same name was used), dns not
functioning ok, any fsmo roles #1 may have had not seized to the second dc
first, etc it will cause problems and we need to be clear on what steps were
taken during this process.
If you run "netdom query fsmo" it will tell you who holds the fsmo roles,
but if the #1 dc held some earlier, and was brought back with the same name
and then seized them back, don't know which one AD is looking for (#1old or
#1new).
#1 may need to be demoted again, things cleared up, and then re-promoted
again, but it will help if you can let us know all of the steps taken during
the problem.

--
David Brandt
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.
I had to redo my 1º DC, it was not possible to recover the
backup of the system state, he was removed one day before
DC to present problems, but in the recovery it presented
problems, then I redid the server, with the same
configurations, now it is constantly presenting the
mistake 16650 (SAM) and sells the boletin Microsoft
248410, I verified that in the event "Directory Service"
doesn't present replicação mistake, the boletin still
suggests alterations in "Domain Controller Security
Policy" happens that when opening this function the
following mistake he/she appears, " Faild to open the
group policy object, you may not have appropriate rights,
in the same mistake also has the following
message "Details - The specified domain either not exit
or coult not be contacted. when this DC was OK, this
function worked, I verified FSMO and GC, and the 5 eat +
GC are turning in DC that I have just redone, that
actually was 1st DC created, and I changed the paper "
infrastruture for another server, but the mistake
continues, and the function that I mentioned above
continues disabled, if they have faced similar problem,
tell me some clues.

tanks
rmota


.
Dear friend, these were the steps for the recovery of the
Click to expand...
server that pifou,
I have the backup of the system very recent state, but I
didn't get to use, therefore the equipment, that pifou was
first DC, servant in my net, I didn't get to use reason,
when reinstalling him/it ONLY in the server, I used the
same name and ip, as he had DNS, DHCP, I didn't know if it
should just install the ALONE, and to lower the backup, or
to install all of them tool and to lower the backup, then
I just left the ALONE, and I restored the backup, that
didn't present mistakes, but when initializing the server,
it presented mistake of DLL, and it didn't initialize in
none in the way, then I had to redo the whole equipment
again with AD, DNS, DHCP, made everything with the same
configurations, but it appeared every 2 minutes the
mistake 16650. In the event, there is no replicação
mistake. In the new server servant he/she has GC, all of
the papers, except "Infraesture" that I passed for another
server. I also observed that this new server doesn't allow
access to "Domain controler security policy, " because
he/she says that there is no previlégios, or that the
domain is not accessible, see if it can help me,
thanks
rmota
 
#1 = problem dc
#2 = second dc that appears to be operating ok

IF, #2 is indeed operating ok, with the exception of errors referring to #1,
and we have dns working ok on either #2 or another machine and it is ok as
well (ie, you can ping domain and dc's by dns name and get replies), then;
Either transfer or seize the remaining 4 fsmo roles from #1 to #2
verify with "netdom query fsmo" command that it then shows it holding all 5
roles (netdom is one of the support tools installed from CD -
support/tools/setup.exe).
Demote #1 to server, either gracefully using dcpromo if it will, or
forcefully using the following;
290723 How to Forcefully Demote a Windows 2000 Domain Controller

If #1 does not demote gracefully and you have to force it, then use one of
the earlier (216498) to remove it from AD.
Wait awhile and check #2 to be sure that no big errors in event logs and it
appears to be working ok.
Then add #1 back into the domain again

--
David Brandt
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.
-----Original Message-----
When the #1 dc "crashed" was it removed from AD via ntdsutil doing a
metadata cleanup from the other dc before #1 was re- installed, brought back
on line, and made a dc again?
216498 HOW TO: Remove Data in Active Directory After an Unsuccessful Domain
http://support.microsoft.com/?id=216498
Were any fsmo roles that it held when it crashed, seized to the other dc as
well before it came back;
255504 Using Ntdsutil.exe to Seize or Transfer FSMO Roles to a Domain
Controller
http://support.microsoft.com/?id=255504
The rid master error in that 16650 can often also be corrected by moving the
role to the machine complaining about not being able to find it, or another
dc in the domain.
Was dns moved to the second dc or was it already running on that machine or
another one?
Are you still able to ping your domain name (fqdn) and all dc's by dns name
and get replies from all?

I'm not clear about the steps you took after #1 dc crashed, and what was
done to both it and the second dc, and the order in which they were done
(very important). If #1 wasn't correctly cleaned up before it was brought
back into the domain (especially if the same name was used), dns not
functioning ok, any fsmo roles #1 may have had not seized to the second dc
first, etc it will cause problems and we need to be clear on what steps were
taken during this process.
If you run "netdom query fsmo" it will tell you who holds the fsmo roles,
but if the #1 dc held some earlier, and was brought back with the same name
and then seized them back, don't know which one AD is looking for (#1old or
#1new).
#1 may need to be demoted again, things cleared up, and then re-promoted
again, but it will help if you can let us know all of the steps taken during
the problem.

--
David Brandt
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.
I had to redo my 1º DC, it was not possible to recover the
backup of the system state, he was removed one day before
DC to present problems, but in the recovery it presented
problems, then I redid the server, with the same
configurations, now it is constantly presenting the
mistake 16650 (SAM) and sells the boletin Microsoft
248410, I verified that in the event "Directory Service"
doesn't present replicação mistake, the boletin still
suggests alterations in "Domain Controller Security
Policy" happens that when opening this function the
following mistake he/she appears, " Faild to open the
group policy object, you may not have appropriate rights,
in the same mistake also has the following
message "Details - The specified domain either not exit
or coult not be contacted. when this DC was OK, this
function worked, I verified FSMO and GC, and the 5 eat +
GC are turning in DC that I have just redone, that
actually was 1st DC created, and I changed the paper "
infrastruture for another server, but the mistake
continues, and the function that I mentioned above
continues disabled, if they have faced similar problem,
tell me some clues.

tanks
rmota


.
Dear friend, these were the steps for the recovery of the
Click to expand...
server that pifou,
I have the backup of the system very recent state, but I
didn't get to use, therefore the equipment, that pifou was
first DC, servant in my net, I didn't get to use reason,
when reinstalling him/it ONLY in the server, I used the
same name and ip, as he had DNS, DHCP, I didn't know if it
should just install the ALONE, and to lower the backup, or
to install all of them tool and to lower the backup, then
I just left the ALONE, and I restored the backup, that
didn't present mistakes, but when initializing the server,
it presented mistake of DLL, and it didn't initialize in
none in the way, then I had to redo the whole equipment
again with AD, DNS, DHCP, made everything with the same
configurations, but it appeared every 2 minutes the
mistake 16650. In the event, there is no replicação
mistake. In the new server servant he/she has GC, all of
the papers, except "Infraesture" that I passed for another
server. I also observed that this new server doesn't allow
access to "Domain controler security policy, " because
he/she says that there is no previlégios, or that the
domain is not accessible, see if it can help me,
thanks
rmota
 
Back
Top