M
Mark Stinson
Greetings:
I administer a Win2K domain for a local high school. We are a single domain
within a single forest, running off of a single domain controller. The DC is
Win2K Server with SP4. There was a second domain controller about a year
ago, but the hardware was needed for something else, so it was DCPROMO'd and
reformatted with 2K Pro. All role masters stayed with the initial DC.
While adding user accounts and new workstations to the domain, I received an
error message saying that the pool of relative identifiers had been
exhausted. In checking the logs, I found two items: 16645 telling me that
the pool had been exhausted, and 16647 telling me that the server was
requesting more identifiers from the RID master. Including deleted users
accounts, there are about 500 objects in the domain, which would represent
the original pool of identifiers. Rebooting the server (both warm and cold)
did nothing. Following the reboots, the AD U&C snap-in no longer connected
to the domain and it could not find the global catalog. I could force it to
connect to the domain controller, but not to the domain. I keep receiving
the message that the domain cannot be found. I have stopped, started and
restarted DNS, but this did not resolve the problem. The snap-in shows that
the DC knows who the role masters are and I have manually seized the roles
using NTDSUTIL just to be sure. This also did not resolve the problem.
Finally, because there are relatively few AD objects, I decided that
removing AD and reinstalling with DCPROMO might be appropriate. Because it
cannot find the domain, it cannot validate my permissions and will not allow
me to remove AD.
I have run DCDIAG and NETDIAG. The results of the DCDIAG are below. All
NETDIAG tests showed "passed," with the exception of the WAN links, which
was skipped because we have none.
I am almost to the point of reformatting, reinstalling and recreating the
domain, but am hoping that there is a better way of handling it. Thanks for
any help you can give.
Mark Stinson
Horizon City, Texas
DCDIAG RESULTS
Performing initial setup:
Done gathering initial info.
Doing initial non skippeable tests
Testing server: Default-First-Site-Name\HHSPROXY
Starting test: Connectivity
.......................... HHSPROXY passed test Connectiv
Doing primary tests
Testing server: Default-First-Site-Name\HHSPROXY
Starting test: Replications
[Replications Check,HHSPROXY] A recent replication attem
From BCISLAB-INSTR to HHSPROXY
Naming Context: CN=Schema,CN=Configuration,DC=HHS,DC=
The replication generated an error (8524):
The DSA operation is unable to proceed because of a D
re.
The failure occurred at 2003-08-16 08:50.20.
The last success occurred at 2002-12-13 08:49.33.
5543 failures have occurred since the last success.
The guid-based DNS name d0317994-d94a-4e61-b3ec-6b5dd
HHS.CISD
is not registered on one or more DNS servers.
[BCISLAB-INSTR] DsBind() failed with error 1722,
The RPC server is unavailable..
[Replications Check,HHSPROXY] A recent replication attem
From BCISLAB-INSTR to HHSPROXY
Naming Context: CN=Configuration,DC=HHS,DC=CISD
The replication generated an error (8524):
The DSA operation is unable to proceed because of a D
re.
The failure occurred at 2003-08-16 08:50.20.
The last success occurred at 2002-12-13 09:04.54.
5587 failures have occurred since the last success.
The guid-based DNS name d0317994-d94a-4e61-b3ec-6b5dd
HHS.CISD
is not registered on one or more DNS servers.
[Replications Check,HHSPROXY] A recent replication attem
From BCISLAB-INSTR to HHSPROXY
Naming Context: DC=HHS,DC=CISD
The replication generated an error (8524):
The DSA operation is unable to proceed because of a D
re.
The failure occurred at 2003-08-16 08:50.20.
The last success occurred at 2002-12-13 09:12.38.
5615 failures have occurred since the last success.
The guid-based DNS name d0317994-d94a-4e61-b3ec-6b5dd
HHS.CISD
is not registered on one or more DNS servers.
.......................... HHSPROXY passed test Replicati
Starting test: NCSecDesc
.......................... HHSPROXY passed test NCSecDesc
Starting test: NetLogons
.......................... HHSPROXY passed test NetLogons
Starting test: Advertising
Fatal Error
sGetDcName (HHSPROXY) call failed, error 13
The Locator could not find the server.
.......................... HHSPROXY failed test Advertisi
Starting test: KnowsOfRoleHolders
.......................... HHSPROXY passed test KnowsOfRo
Starting test: RidManager
.......................... HHSPROXY passed test RidManage
Starting test: MachineAccount
.......................... HHSPROXY passed test MachineAc
Starting test: Services
.......................... HHSPROXY passed test Services
Starting test: ObjectsReplicated
.......................... HHSPROXY passed test ObjectsRe
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
.......................... HHSPROXY passed test frssysvol
Starting test: kccevent
.......................... HHSPROXY passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00004105
Time Generated: 08/16/2003 08:58:38
(Event String could not be retrieved)
.......................... HHSPROXY failed test systemlog
Running enterprise tests on : HHS.CISD
Starting test: Intersite
.......................... HHS.CISD passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, er
A Global Catalog Server could not be located - All GC's
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 13
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 135
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 13
A KDC could not be located - All the KDCs are down.
.......................... HHS.CISD failed test FsmoCheck
I administer a Win2K domain for a local high school. We are a single domain
within a single forest, running off of a single domain controller. The DC is
Win2K Server with SP4. There was a second domain controller about a year
ago, but the hardware was needed for something else, so it was DCPROMO'd and
reformatted with 2K Pro. All role masters stayed with the initial DC.
While adding user accounts and new workstations to the domain, I received an
error message saying that the pool of relative identifiers had been
exhausted. In checking the logs, I found two items: 16645 telling me that
the pool had been exhausted, and 16647 telling me that the server was
requesting more identifiers from the RID master. Including deleted users
accounts, there are about 500 objects in the domain, which would represent
the original pool of identifiers. Rebooting the server (both warm and cold)
did nothing. Following the reboots, the AD U&C snap-in no longer connected
to the domain and it could not find the global catalog. I could force it to
connect to the domain controller, but not to the domain. I keep receiving
the message that the domain cannot be found. I have stopped, started and
restarted DNS, but this did not resolve the problem. The snap-in shows that
the DC knows who the role masters are and I have manually seized the roles
using NTDSUTIL just to be sure. This also did not resolve the problem.
Finally, because there are relatively few AD objects, I decided that
removing AD and reinstalling with DCPROMO might be appropriate. Because it
cannot find the domain, it cannot validate my permissions and will not allow
me to remove AD.
I have run DCDIAG and NETDIAG. The results of the DCDIAG are below. All
NETDIAG tests showed "passed," with the exception of the WAN links, which
was skipped because we have none.
I am almost to the point of reformatting, reinstalling and recreating the
domain, but am hoping that there is a better way of handling it. Thanks for
any help you can give.
Mark Stinson
Horizon City, Texas
DCDIAG RESULTS
Performing initial setup:
Done gathering initial info.
Doing initial non skippeable tests
Testing server: Default-First-Site-Name\HHSPROXY
Starting test: Connectivity
.......................... HHSPROXY passed test Connectiv
Doing primary tests
Testing server: Default-First-Site-Name\HHSPROXY
Starting test: Replications
[Replications Check,HHSPROXY] A recent replication attem
From BCISLAB-INSTR to HHSPROXY
Naming Context: CN=Schema,CN=Configuration,DC=HHS,DC=
The replication generated an error (8524):
The DSA operation is unable to proceed because of a D
re.
The failure occurred at 2003-08-16 08:50.20.
The last success occurred at 2002-12-13 08:49.33.
5543 failures have occurred since the last success.
The guid-based DNS name d0317994-d94a-4e61-b3ec-6b5dd
HHS.CISD
is not registered on one or more DNS servers.
[BCISLAB-INSTR] DsBind() failed with error 1722,
The RPC server is unavailable..
[Replications Check,HHSPROXY] A recent replication attem
From BCISLAB-INSTR to HHSPROXY
Naming Context: CN=Configuration,DC=HHS,DC=CISD
The replication generated an error (8524):
The DSA operation is unable to proceed because of a D
re.
The failure occurred at 2003-08-16 08:50.20.
The last success occurred at 2002-12-13 09:04.54.
5587 failures have occurred since the last success.
The guid-based DNS name d0317994-d94a-4e61-b3ec-6b5dd
HHS.CISD
is not registered on one or more DNS servers.
[Replications Check,HHSPROXY] A recent replication attem
From BCISLAB-INSTR to HHSPROXY
Naming Context: DC=HHS,DC=CISD
The replication generated an error (8524):
The DSA operation is unable to proceed because of a D
re.
The failure occurred at 2003-08-16 08:50.20.
The last success occurred at 2002-12-13 09:12.38.
5615 failures have occurred since the last success.
The guid-based DNS name d0317994-d94a-4e61-b3ec-6b5dd
HHS.CISD
is not registered on one or more DNS servers.
.......................... HHSPROXY passed test Replicati
Starting test: NCSecDesc
.......................... HHSPROXY passed test NCSecDesc
Starting test: NetLogons
.......................... HHSPROXY passed test NetLogons
Starting test: Advertising
Fatal Error
sGetDcName (HHSPROXY) call failed, error 13The Locator could not find the server.
.......................... HHSPROXY failed test Advertisi
Starting test: KnowsOfRoleHolders
.......................... HHSPROXY passed test KnowsOfRo
Starting test: RidManager
.......................... HHSPROXY passed test RidManage
Starting test: MachineAccount
.......................... HHSPROXY passed test MachineAc
Starting test: Services
.......................... HHSPROXY passed test Services
Starting test: ObjectsReplicated
.......................... HHSPROXY passed test ObjectsRe
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
.......................... HHSPROXY passed test frssysvol
Starting test: kccevent
.......................... HHSPROXY passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00004105
Time Generated: 08/16/2003 08:58:38
(Event String could not be retrieved)
.......................... HHSPROXY failed test systemlog
Running enterprise tests on : HHS.CISD
Starting test: Intersite
.......................... HHS.CISD passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, er
A Global Catalog Server could not be located - All GC's
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 13
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 135
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 13
A KDC could not be located - All the KDCs are down.
.......................... HHS.CISD failed test FsmoCheck