Unable to move global catalog between domains (server 2003 r2)

Ask a question

Friday, February 01, 2013 5:01 PM

0

I am unable to move global catalog to primary domain controller

i followed the below articlie to move the GC.

Article ID: 313994
support.microsoft.com/kb/313994

below current server roles and GC information.

C:\Documents and Settings\Administrator.SCOREPLUS>netdom query fsmo
Schema owner                SPLUSDXBSRV.score-plus.com

Domain role owner           SPLUSDXBSRV.score-plus.com

PDC role                    SPLUSDXBSRV.score-plus.com

RID pool manager            SPLUSDXBSRV.score-plus.com

Infrastructure owner        SPLUSDXBSRV.score-plus.com

The command completed successfully.

C:\Documents and Settings\Administrator.SCOREPLUS>nltest /dsgetdc:score-plus.com
/server:splusdxbsrv
           DC: \\SPLUSDXBSRV.score-plus.com
      Address: \\192.168.76.90
     Dom Guid: dc66e65c-ad07-4b80-9272-9fe95bf47084
     Dom Name: score-plus.com
Forest Name: score-plus.com
Dc Site Name: Default-First-Site-Name
Our Site Name: Default-First-Site-Name
        Flags: PDC DS LDAP KDC TIMESERV GTIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS
_FOREST CLOSE_SITE
The command completed successfully

C:\Documents and Settings\Administrator.SCOREPLUS>nltest /dsgetdc:score-plus.com
/server:splusqatar
           DC: \\splusqatar.score-plus.com
      Address: \\192.168.152.80
     Dom Guid: dc66e65c-ad07-4b80-9272-9fe95bf47084
     Dom Name: score-plus.com
Forest Name: score-plus.com
Dc Site Name: Default-First-Site-Name
Our Site Name: Default-First-Site-Name
        Flags: GC DS LDAP KDC TIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLO
SE_SITE
The command completed successfully

C:\Documents and Settings\Administrator.SCOREPLUS>

C:\Documents and Settings\Administrator.SCOREPLUS>dsquery server -forest -isgc
"CN=SPLUSQATAR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,D
C=score-plus,DC=com"
"CN=SPLUSDXBSRV,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,
DC=score-plus,DC=com"
- Reply
- Quote

All Replies

Friday, February 01, 2013 5:13 PM

0
Hello,

Please elaborate the same and as per best practices all DC"s should be running as Global Catalog server only.

To configure a domain controller as a global catalog server
1. Open Active Directory Sites and Services.
2. In the console tree, right-click NTDS Settings.
  
  Where?
  
  Active Directory Sites and Services/Sites/YourApplicableSite/Servers/YourApplicableServer/NTDS Settings
3. Click Properties.
4. On the General page, select the global catalog check box.
Rgds Vinay
- Reply
- Quote
Friday, February 01, 2013 5:33 PM

0

hello vinay,

thanks for the reply,

I have already selected DC as GC server and when i shutdown the additional domain (current GC server) users are unable to login to the domain.

Under event log i have the below error

EventID 1126

Active Directory Domain Services was unable to establish a connection with the global catalog.

Additional Data

Error value:

1355 The specified domain either does not exist or could not be contacted.

Internal ID:

3200e25

User Action:

Make sure a global catalog is available in the forest, and is reachable from this domain controller. You may use the nltest utility to diagnose this problem.
- Reply
- Quote
Friday, February 01, 2013 6:01 PM

1
It takes some time before the DC is fully promoted to a GC, it turns out it isn't ready yet as peer your "nltest /dsgetdc:score-plus.com
/server:splusdxbsrv" command the server misses the GC flag, meaning it's not a GC yet.

For more information:
Verify global catalog readiness:
http://technet.microsoft.com/en-us/library/cc739901(v=ws.10).aspx

Requirements for Global Catalog Readiness:
http://technet.microsoft.com/en-us/library/how-global-catalog-servers-work(v=ws.10).aspx

Troubleshooting problems with promoting a domain controller to a global catalog server:
http://support.microsoft.com/kb/910204?wa=wsignin1.0

Enfo Zipper
Christoffer Andersson – Principal Advisor
http://blogs.chrisse.se - Directory Services Blog
- Edited by Christoffer Andersson Friday, February 01, 2013 6:04 PM
- Proposed As Answer by i.biswajith Friday, February 01, 2013 7:10 PM
- Reply
- Quote
Friday, February 01, 2013 7:15 PM

1

In addition,

You can check the readyness from ldp.exe.

Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin
- Reply
- Quote
Friday, February 01, 2013 7:36 PM

0

Hi Christoffer,

thanks for the quick response

i have waited for almost 5 to 6 hrs, but still GC flag not appearing in the PDC, not sure how to fix this.

report using LDP

ld = ldap_open("splusdxbsrv", 389);
Established connection to splusdxbsrv.
Retrieving base DSA information...
Result <0>: (null)
Matched DNs:
Getting 1 entries:
>> Dn:
1> currentTime: 2/1/2013 22:27:25 Arab Standard Time Arab Standard Time;
1> subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=score-plus,DC=com;
1> dsServiceName: CN=NTDS Settings,CN=SPLUSDXBSRV,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=score-plus,DC=com;
5> namingContexts: DC=score-plus,DC=com; CN=Configuration,DC=score-plus,DC=com; CN=Schema,CN=Configuration,DC=score-plus,DC=com; DC=DomainDnsZones,DC=score-plus,DC=com; DC=ForestDnsZones,DC=score-plus,DC=com;
1> defaultNamingContext: DC=score-plus,DC=com;
1> schemaNamingContext: CN=Schema,CN=Configuration,DC=score-plus,DC=com;
1> configurationNamingContext: CN=Configuration,DC=score-plus,DC=com;
1> rootDomainNamingContext: DC=score-plus,DC=com;
23> supportedControl: 1.2.840.113556.1.4.319; 1.2.840.113556.1.4.801; 1.2.840.113556.1.4.473; 1.2.840.113556.1.4.528; 1.2.840.113556.1.4.417; 1.2.840.113556.1.4.619; 1.2.840.113556.1.4.841; 1.2.840.113556.1.4.529; 1.2.840.113556.1.4.805; 1.2.840.113556.1.4.521; 1.2.840.113556.1.4.970; 1.2.840.113556.1.4.1338; 1.2.840.113556.1.4.474; 1.2.840.113556.1.4.1339; 1.2.840.113556.1.4.1340; 1.2.840.113556.1.4.1413; 2.16.840.1.113730.3.4.9; 2.16.840.1.113730.3.4.10; 1.2.840.113556.1.4.1504; 1.2.840.113556.1.4.1852; 1.2.840.113556.1.4.802; 1.2.840.113556.1.4.1907; 1.2.840.113556.1.4.1948;
2> supportedLDAPVersion: 3; 2;
12> supportedLDAPPolicies: MaxPoolThreads; MaxDatagramRecv; MaxReceiveBuffer; InitRecvTimeout; MaxConnections; MaxConnIdleTime; MaxPageSize; MaxQueryDuration; MaxTempTableSize; MaxResultSetSize; MaxNotificationPerConn; MaxValRange;
1> highestCommittedUSN: 31068949;
4> supportedSASLMechanisms: GSSAPI; GSS-SPNEGO; EXTERNAL; DIGEST-MD5;
1> dnsHostName: SPLUSDXBSRV.score-plus.com;
1> ldapServiceName: score-plus.com:splusdxbsrv$@SCORE-PLUS.COM;
1> serverName: CN=SPLUSDXBSRV,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=score-plus,DC=com;
3> supportedCapabilities: 1.2.840.113556.1.4.800; 1.2.840.113556.1.4.1670; 1.2.840.113556.1.4.1791;
1> isSynchronized: TRUE;
1> isGlobalCatalogReady: FALSE;
1> domainFunctionality: 2 = ( DS_BEHAVIOR_WIN2003 );
1> forestFunctionality: 0 = ( DS_BEHAVIOR_WIN2000 );
1> domainControllerFunctionality: 2 = ( DS_BEHAVIOR_WIN2003 );
-----------

ld = ldap_open("splusqatar", 389);
Established connection to splusqatar.
Retrieving base DSA information...
Result <0>: (null)
Matched DNs:
Getting 1 entries:
>> Dn:
1> currentTime: 2/1/2013 22:28:11 Arab Standard Time Arab Standard Time;
1> subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=score-plus,DC=com;
1> dsServiceName: CN=NTDS Settings,CN=SPLUSQATAR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=score-plus,DC=com;
5> namingContexts: DC=score-plus,DC=com; CN=Configuration,DC=score-plus,DC=com; CN=Schema,CN=Configuration,DC=score-plus,DC=com; DC=DomainDnsZones,DC=score-plus,DC=com; DC=ForestDnsZones,DC=score-plus,DC=com;
1> defaultNamingContext: DC=score-plus,DC=com;
1> schemaNamingContext: CN=Schema,CN=Configuration,DC=score-plus,DC=com;
1> configurationNamingContext: CN=Configuration,DC=score-plus,DC=com;
1> rootDomainNamingContext: DC=score-plus,DC=com;
23> supportedControl: 1.2.840.113556.1.4.319; 1.2.840.113556.1.4.801; 1.2.840.113556.1.4.473; 1.2.840.113556.1.4.528; 1.2.840.113556.1.4.417; 1.2.840.113556.1.4.619; 1.2.840.113556.1.4.841; 1.2.840.113556.1.4.529; 1.2.840.113556.1.4.805; 1.2.840.113556.1.4.521; 1.2.840.113556.1.4.970; 1.2.840.113556.1.4.1338; 1.2.840.113556.1.4.474; 1.2.840.113556.1.4.1339; 1.2.840.113556.1.4.1340; 1.2.840.113556.1.4.1413; 2.16.840.1.113730.3.4.9; 2.16.840.1.113730.3.4.10; 1.2.840.113556.1.4.1504; 1.2.840.113556.1.4.1852; 1.2.840.113556.1.4.802; 1.2.840.113556.1.4.1907; 1.2.840.113556.1.4.1948;
2> supportedLDAPVersion: 3; 2;
12> supportedLDAPPolicies: MaxPoolThreads; MaxDatagramRecv; MaxReceiveBuffer; InitRecvTimeout; MaxConnections; MaxConnIdleTime; MaxPageSize; MaxQueryDuration; MaxTempTableSize; MaxResultSetSize; MaxNotificationPerConn; MaxValRange;
1> highestCommittedUSN: 31573057;
4> supportedSASLMechanisms: GSSAPI; GSS-SPNEGO; EXTERNAL; DIGEST-MD5;
1> dnsHostName: splusqatar.score-plus.com;
1> ldapServiceName: score-plus.com:splusqatar$@SCORE-PLUS.COM;
1> serverName: CN=SPLUSQATAR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=score-plus,DC=com;
3> supportedCapabilities: 1.2.840.113556.1.4.800; 1.2.840.113556.1.4.1670; 1.2.840.113556.1.4.1791;
1> isSynchronized: TRUE;
1> isGlobalCatalogReady: TRUE;
1> domainFunctionality: 2 = ( DS_BEHAVIOR_WIN2003 );
1> forestFunctionality: 0 = ( DS_BEHAVIOR_WIN2000 );
1> domainControllerFunctionality: 2 = ( DS_BEHAVIOR_WIN2003 );
-----------
- Reply
- Quote
Friday, February 01, 2013 7:39 PM

0

hi biswajith,

the value is showing false
- Reply
- Quote
Friday, February 01, 2013 7:43 PM

1

Look in the "Directory Services" log at the DC you're trying to promote to GC, it should semi-frequenly log about the progress/delay? (If so post those here) If not turn the logging level for the 'Knowledge Consistency Checker (KCC)' to at least 1 (Minimal):

See: http://technet.microsoft.com/en-us/library/cc961809.aspx
Enfo Zipper
Christoffer Andersson – Principal Advisor
http://blogs.chrisse.se - Directory Services Blog
- Reply
- Quote
Friday, February 01, 2013 7:57 PM

0

hi christoffer

you can download the log from the below link

http://217.165.126.146:9090/share.cgi?ssid=0gltjhh

----

last event

Promotion of this domain controller to a global catalog will be delayed for the following interval.

Interval (minutes):
30

This delay is necessary so that the required directory partitions can be prepared before the global catalog is advertised. In the registry, you can specify the number of seconds that the directory system agent will wait before promoting the local domain controller to a global catalog. For more information about the Global Catalog Delay Advertisement registry value, see the Resource Kit Distributed Systems Guide.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
- Reply
- Quote
Friday, February 01, 2013 8:08 PM

1

How many domains do you have in your forests? (Have there been other domains in the past)

Can you post the output of the following command:
repadmin /showreps /v

Can you post the output of the following command (to list current NCs in your forest) - Change 'YOURDOMAIN' to match your domain name.
dsquery * "CN=Configuration,DC=YOURDOMAIN,DC=com" -filter "(&(objectClass=crossRef)(objectCategory=crossRef))" -attr NcName
Enfo Zipper
Christoffer Andersson – Principal Advisor
http://blogs.chrisse.se - Directory Services Blog
- Reply
- Quote
Friday, February 01, 2013 8:27 PM

0

i have 1 DC and 6 ADC in different geographical locations, i have few domain that has crashed or not demoted properly.

C:\Documents and Settings\Administrator.SCOREPLUS>dsquery * "CN=Configuration,DC
=score-plus,DC=com" -filter "(&(objectClass=crossRef)(objectCategory=crossRef))"
-attr NcName
NcName
CN=Configuration,DC=score-plus,DC=com
DC=score-plus,DC=com
CN=Schema,CN=Configuration,DC=score-plus,DC=com
DC=splusdxb02,DC=score-plus,DC=com
DC=DomainDnsZones,DC=score-plus,DC=com
DC=ForestDnsZones,DC=score-plus,DC=com

DC=splusdxb02 crashed almost two years back. current DC is Splusdxbsrv

repadmin /showreps /v

        Last success @ 2011-01-04 15:59:52.
    Default-First-Site-Name\SPLUSAUHSRV via RPC
        DC object GUID: 2ba8b02c-db9b-43fe-9990-fb43d7e3125a
        Address: 2ba8b02c-db9b-43fe-9990-fb43d7e3125a._msdcs.score-plus.com
        DC invocationID: 77dc86e3-c7c3-4805-9449-5ddea1c9ce3e
        SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
        USNs: 185061/OU, 185061/PU
        Last attempt @ 2013-02-01 23:59:57 was successful.
    Default-First-Site-Name\SPLUSQATAR via RPC
        DC object GUID: e1ceeea5-ac15-46c9-aa53-e62f2b9a5c8a
        Address: e1ceeea5-ac15-46c9-aa53-e62f2b9a5c8a._msdcs.score-plus.com
        DC invocationID: c73fadc5-7d71-4e24-a608-029eda1c2c5f
        SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
        USNs: 31573105/OU, 31573105/PU
        Last attempt @ 2013-02-02 00:06:27 was successful.

CN=Configuration,DC=score-plus,DC=com
    Default-First-Site-Name\RAKSERVER via RPC
        DC object GUID: 16c567c0-1910-4eb3-8327-0c0178fd7e3a
        Address: 16c567c0-1910-4eb3-8327-0c0178fd7e3a._msdcs.score-plus.com
        DC invocationID: 0e8f68f7-f43d-497a-9981-384bba503a1e
        SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
        USNs: 5714155/OU, 5714155/PU
        Last attempt @ 2013-02-01 23:56:46 failed, result 1722 (0x6ba):
            The RPC server is unavailable.
        18297 consecutive failure(s).
        Last success @ 2011-01-04 15:57:40.
    Default-First-Site-Name\SHARJAHSERVER via RPC
        DC object GUID: b704189e-7b32-4788-ba26-208ec311a0c0
        Address: b704189e-7b32-4788-ba26-208ec311a0c0._msdcs.score-plus.com
        DC invocationID: 69bd6035-9d3d-4c9c-9d13-53af81c79b1e
        SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
        USNs: 18544142/OU, 18544142/PU
        Last attempt @ 2013-02-01 23:56:47 failed, result -2146893022 (0x8009032
2):
            The target principal name is incorrect.
        13398 consecutive failure(s).
        Last success @ 2011-07-27 16:24:25.
    Default-First-Site-Name\SPLUSALAINSRV via RPC
        DC object GUID: aad0b07f-efaf-4861-847b-dc901c33f140
        Address: aad0b07f-efaf-4861-847b-dc901c33f140._msdcs.score-plus.com
        DC invocationID: ed4c8be5-abb3-46ec-8f05-408a404d4b79
        SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
        USNs: 2978182/OU, 2978182/PU
        Last attempt @ 2013-02-01 23:57:08 failed, result 1722 (0x6ba):
            The RPC server is unavailable.
        19378 consecutive failure(s).
        Last success @ 2010-11-20 16:49:26.
    Default-First-Site-Name\SPALAINSRV via RPC
        DC object GUID: d3277126-c801-4490-ba73-164e9ed1a8dc
        Address: d3277126-c801-4490-ba73-164e9ed1a8dc._msdcs.score-plus.com
        DC invocationID: d6cfa991-bbbc-4191-a2f0-1a4dd570450a
        SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
        USNs: 600880/OU, 600880/PU
        Last attempt @ 2013-02-01 23:57:29 failed, result 1722 (0x6ba):
            The RPC server is unavailable.
        11 consecutive failure(s).
        Last success @ 2013-02-01 14:57:01.
    Default-First-Site-Name\SPLUSAUHSRV via RPC
        DC object GUID: 2ba8b02c-db9b-43fe-9990-fb43d7e3125a
        Address: 2ba8b02c-db9b-43fe-9990-fb43d7e3125a._msdcs.score-plus.com
        DC invocationID: 77dc86e3-c7c3-4805-9449-5ddea1c9ce3e
        SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
        USNs: 185152/OU, 185152/PU
        Last attempt @ 2013-02-02 00:08:15 was successful.
    Default-First-Site-Name\SPLUSQATAR via RPC
        DC object GUID: e1ceeea5-ac15-46c9-aa53-e62f2b9a5c8a
        Address: e1ceeea5-ac15-46c9-aa53-e62f2b9a5c8a._msdcs.score-plus.com
        DC invocationID: c73fadc5-7d71-4e24-a608-029eda1c2c5f
        SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
        USNs: 31573172/OU, 31573172/PU
        Last attempt @ 2013-02-02 00:09:33 was successful.

CN=Schema,CN=Configuration,DC=score-plus,DC=com
    Default-First-Site-Name\SPALAINSRV via RPC
        DC object GUID: d3277126-c801-4490-ba73-164e9ed1a8dc
        Address: d3277126-c801-4490-ba73-164e9ed1a8dc._msdcs.score-plus.com
        DC invocationID: d6cfa991-bbbc-4191-a2f0-1a4dd570450a
        SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
        USNs: 600708/OU, 600708/PU
        Last attempt @ 2013-02-01 23:57:50 failed, result 1722 (0x6ba):
            The RPC server is unavailable.
        11 consecutive failure(s).
        Last success @ 2013-02-01 14:45:55.
    Default-First-Site-Name\RAKSERVER via RPC
        DC object GUID: 16c567c0-1910-4eb3-8327-0c0178fd7e3a
        Address: 16c567c0-1910-4eb3-8327-0c0178fd7e3a._msdcs.score-plus.com
        DC invocationID: 0e8f68f7-f43d-497a-9981-384bba503a1e
        SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
        USNs: 5710631/OU, 5710631/PU
        Last attempt @ 2013-02-01 23:58:11 failed, result 1722 (0x6ba):
            The RPC server is unavailable.
        18296 consecutive failure(s).
        Last success @ 2011-01-04 15:58:48.
    Default-First-Site-Name\SHARJAHSERVER via RPC
        DC object GUID: b704189e-7b32-4788-ba26-208ec311a0c0
        Address: b704189e-7b32-4788-ba26-208ec311a0c0._msdcs.score-plus.com
        DC invocationID: 69bd6035-9d3d-4c9c-9d13-53af81c79b1e
        SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
        USNs: 18543687/OU, 18543687/PU
        Last attempt @ 2013-02-01 23:58:11 failed, result -2146893022 (0x8009032
2):
            The target principal name is incorrect.
        13397 consecutive failure(s).
        Last success @ 2011-07-27 15:59:41.
    Default-First-Site-Name\SPLUSALAINSRV via RPC
        DC object GUID: aad0b07f-efaf-4861-847b-dc901c33f140
        Address: aad0b07f-efaf-4861-847b-dc901c33f140._msdcs.score-plus.com
        DC invocationID: ed4c8be5-abb3-46ec-8f05-408a404d4b79
        SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
        USNs: 2978133/OU, 2978133/PU
        Last attempt @ 2013-02-01 23:58:32 failed, result 1722 (0x6ba):
            The RPC server is unavailable.
        19377 consecutive failure(s).
        Last success @ 2010-11-20 16:49:32.
    Default-First-Site-Name\SPLUSQATAR via RPC
        DC object GUID: e1ceeea5-ac15-46c9-aa53-e62f2b9a5c8a
        Address: e1ceeea5-ac15-46c9-aa53-e62f2b9a5c8a._msdcs.score-plus.com
        DC invocationID: c73fadc5-7d71-4e24-a608-029eda1c2c5f
        SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
        USNs: 31572951/OU, 31572951/PU
        Last attempt @ 2013-02-01 23:58:32 was successful.
    Default-First-Site-Name\SPLUSAUHSRV via RPC
        DC object GUID: 2ba8b02c-db9b-43fe-9990-fb43d7e3125a
        Address: 2ba8b02c-db9b-43fe-9990-fb43d7e3125a._msdcs.score-plus.com
        DC invocationID: 77dc86e3-c7c3-4805-9449-5ddea1c9ce3e
        SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
        USNs: 185061/OU, 185061/PU
        Last attempt @ 2013-02-01 23:58:33 was successful.

DC=DomainDnsZones,DC=score-plus,DC=com
    Default-First-Site-Name\SHARJAHSERVER via RPC
        DC object GUID: b704189e-7b32-4788-ba26-208ec311a0c0
        Address: b704189e-7b32-4788-ba26-208ec311a0c0._msdcs.score-plus.com
        DC invocationID: 69bd6035-9d3d-4c9c-9d13-53af81c79b1e
        SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
        USNs: 18543708/OU, 18543708/PU
        Last attempt @ 2013-02-01 23:56:25 failed, result 1256 (0x4e8):
            The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
        13398 consecutive failure(s).
        Last success @ 2011-07-27 16:00:05.
    Default-First-Site-Name\RAKSERVER via RPC
        DC object GUID: 16c567c0-1910-4eb3-8327-0c0178fd7e3a
        Address: 16c567c0-1910-4eb3-8327-0c0178fd7e3a._msdcs.score-plus.com
        DC invocationID: 0e8f68f7-f43d-497a-9981-384bba503a1e
        SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
        USNs: 5710645/OU, 5710645/PU
        Last attempt @ 2013-02-01 23:56:46 failed, result 1256 (0x4e8):
            The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
        18298 consecutive failure(s).
        Last success @ 2011-01-04 16:00:16.
    Default-First-Site-Name\SPLUSALAINSRV via RPC
        DC object GUID: aad0b07f-efaf-4861-847b-dc901c33f140
        Address: aad0b07f-efaf-4861-847b-dc901c33f140._msdcs.score-plus.com
        DC invocationID: ed4c8be5-abb3-46ec-8f05-408a404d4b79
        SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
        USNs: 2978179/OU, 2978179/PU
        Last attempt @ 2013-02-01 23:57:08 failed, result 1256 (0x4e8):
            The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
        19378 consecutive failure(s).
        Last success @ 2010-11-20 16:49:36.
    Default-First-Site-Name\SPALAINSRV via RPC
        DC object GUID: d3277126-c801-4490-ba73-164e9ed1a8dc
        Address: d3277126-c801-4490-ba73-164e9ed1a8dc._msdcs.score-plus.com
        DC invocationID: d6cfa991-bbbc-4191-a2f0-1a4dd570450a
        SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
        USNs: 600735/OU, 600735/PU
        Last attempt @ 2013-02-01 23:57:29 failed, result 1256 (0x4e8):
            The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
        12 consecutive failure(s).
        Last success @ 2013-02-01 14:46:11.
    Default-First-Site-Name\SPLUSQATAR via RPC
        DC object GUID: e1ceeea5-ac15-46c9-aa53-e62f2b9a5c8a
        Address: e1ceeea5-ac15-46c9-aa53-e62f2b9a5c8a._msdcs.score-plus.com
        DC invocationID: c73fadc5-7d71-4e24-a608-029eda1c2c5f
        SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
        USNs: 31572965/OU, 31572965/PU
        Last attempt @ 2013-02-01 23:59:57 was successful.
    Default-First-Site-Name\SPLUSAUHSRV via RPC
        DC object GUID: 2ba8b02c-db9b-43fe-9990-fb43d7e3125a
        Address: 2ba8b02c-db9b-43fe-9990-fb43d7e3125a._msdcs.score-plus.com
        DC invocationID: 77dc86e3-c7c3-4805-9449-5ddea1c9ce3e
        SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
        USNs: 185061/OU, 185061/PU
        Last attempt @ 2013-02-01 23:59:57 was successful.

DC=ForestDnsZones,DC=score-plus,DC=com
    Default-First-Site-Name\SHARJAHSERVER via RPC
        DC object GUID: b704189e-7b32-4788-ba26-208ec311a0c0
        Address: b704189e-7b32-4788-ba26-208ec311a0c0._msdcs.score-plus.com
        DC invocationID: 69bd6035-9d3d-4c9c-9d13-53af81c79b1e
        SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
        USNs: 18543708/OU, 18543708/PU
        Last attempt @ 2013-02-01 23:56:25 failed, result 1256 (0x4e8):
            The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
        13398 consecutive failure(s).
        Last success @ 2011-07-27 16:00:06.
    Default-First-Site-Name\RAKSERVER via RPC
        DC object GUID: 16c567c0-1910-4eb3-8327-0c0178fd7e3a
        Address: 16c567c0-1910-4eb3-8327-0c0178fd7e3a._msdcs.score-plus.com
        DC invocationID: 0e8f68f7-f43d-497a-9981-384bba503a1e
        SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
        USNs: 5710645/OU, 5710645/PU
        Last attempt @ 2013-02-01 23:56:46 failed, result 1256 (0x4e8):
            The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
        18298 consecutive failure(s).
        Last success @ 2011-01-04 16:00:17.
    Default-First-Site-Name\SPLUSALAINSRV via RPC
        DC object GUID: aad0b07f-efaf-4861-847b-dc901c33f140
        Address: aad0b07f-efaf-4861-847b-dc901c33f140._msdcs.score-plus.com
        DC invocationID: ed4c8be5-abb3-46ec-8f05-408a404d4b79
        SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
        USNs: 2978179/OU, 2978179/PU
        Last attempt @ 2013-02-01 23:57:08 failed, result 1256 (0x4e8):
            The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
        19378 consecutive failure(s).
        Last success @ 2010-11-20 16:49:37.
    Default-First-Site-Name\SPALAINSRV via RPC
        DC object GUID: d3277126-c801-4490-ba73-164e9ed1a8dc
        Address: d3277126-c801-4490-ba73-164e9ed1a8dc._msdcs.score-plus.com
        DC invocationID: d6cfa991-bbbc-4191-a2f0-1a4dd570450a
        SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
        USNs: 600735/OU, 600735/PU
        Last attempt @ 2013-02-01 23:57:29 failed, result 1256 (0x4e8):
            The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
        12 consecutive failure(s).
        Last success @ 2013-02-01 14:46:23.
    Default-First-Site-Name\SPLUSQATAR via RPC
        DC object GUID: e1ceeea5-ac15-46c9-aa53-e62f2b9a5c8a
        Address: e1ceeea5-ac15-46c9-aa53-e62f2b9a5c8a._msdcs.score-plus.com
        DC invocationID: c73fadc5-7d71-4e24-a608-029eda1c2c5f
        SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
        USNs: 31572965/OU, 31572965/PU
        Last attempt @ 2013-02-01 23:59:57 was successful.
    Default-First-Site-Name\SPLUSAUHSRV via RPC
        DC object GUID: 2ba8b02c-db9b-43fe-9990-fb43d7e3125a
        Address: 2ba8b02c-db9b-43fe-9990-fb43d7e3125a._msdcs.score-plus.com
        DC invocationID: 77dc86e3-c7c3-4805-9449-5ddea1c9ce3e
        SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
        USNs: 185061/OU, 185061/PU
        Last attempt @ 2013-02-01 23:59:57 was successful.

Source: Default-First-Site-Name\SHARJAHSERVER
******* 13398 CONSECUTIVE FAILURES since 2011-07-27 16:39:37
Last error: -2146893022 (0x80090322):
            The target principal name is incorrect.

Source: Default-First-Site-Name\SPALAINSRV
******* 12 CONSECUTIVE FAILURES since 2013-02-01 14:57:01
Last error: 1256 (0x4e8):
            The remote system is not available. For information about network tr
oubleshooting, see Windows Help.

Source: Default-First-Site-Name\ABUDHABI
******* 20 CONSECUTIVE FAILURES since 2013-02-01 19:01:27
Last error: 8524 (0x214c):
            The DSA operation is unable to proceed because of a DNS lookup failu
re.

Naming Context: DC=DomainDnsZones,DC=score-plus,DC=com
Source: Default-First-Site-Name\ABUDHABI
******* WARNING: KCC could not add this REPLICA LINK due to error.

Naming Context: DC=ForestDnsZones,DC=score-plus,DC=com
Source: Default-First-Site-Name\ABUDHABI
******* WARNING: KCC could not add this REPLICA LINK due to error.

Naming Context: CN=Configuration,DC=score-plus,DC=com
Source: Default-First-Site-Name\ABUDHABI
******* WARNING: KCC could not add this REPLICA LINK due to error.

Naming Context: DC=score-plus,DC=com
Source: Default-First-Site-Name\ABUDHABI
******* WARNING: KCC could not add this REPLICA LINK due to error.

Naming Context: CN=Schema,CN=Configuration,DC=score-plus,DC=com
Source: Default-First-Site-Name\ABUDHABI
******* WARNING: KCC could not add this REPLICA LINK due to error.

Source: Default-First-Site-Name\SPLUSALAINSRV
******* 19378 CONSECUTIVE FAILURES since 2010-11-20 16:49:37
Last error: 1256 (0x4e8):
            The remote system is not available. For information about network tr
oubleshooting, see Windows Help.

Source: Default-First-Site-Name\RAKSERVER
******* 18298 CONSECUTIVE FAILURES since 2011-01-04 16:00:17
Last error: 1256 (0x4e8):
            The remote system is not available. For information about network tr
oubleshooting, see Windows Help.

C:\Documents and Settings\Administrator.SCOREPLUS>
- Reply
- Quote
Friday, February 01, 2013 8:34 PM

0

Directory service log

The local domain controller has been selected to be a global catalog. However, the domain controller does not host a read-only replica of the following directory partition.

Directory partition:
DC=splusdxb02,DC=score-plus,DC=com

A precondition to becoming a global catalog is that a domain controller must host a read-only replica of all directory partitions in the forest. This event might have occurred because a Knowledge Consistency Checker (KCC) task has not completed or because the domain controller is unable to add a replica of the directory partition due to unavailable source domain controllers.

An attempt to add the replica will be tried again at the next KCC interval.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
- Reply
- Quote
Friday, February 01, 2013 9:39 PM

2
Do you still have the domain "DC=splusdxb02,DC=score-plus,DC=com"? Cause the DC your executing the repadmin command on hasn't replicated in that domain for years!? Or is this a orphaned domain where no DCs longer exists?

If you proceed to remove the domain 'splusdxb02' following:
How to remove orphaned domains from Active Directory:
http://support.microsoft.com/kb/230306
Enfo Zipper
Christoffer Andersson – Principal Advisor
http://blogs.chrisse.se - Directory Services Blog
- Marked As Answer by Superuser2013 Saturday, February 02, 2013 1:56 PM
- Reply
- Quote
Friday, February 01, 2013 9:43 PM

1

In addition please post the output of the following commands:
nltest /dclist:splusdxb02
nltest /dclist:score-plus
Enfo Zipper
Christoffer Andersson – Principal Advisor
http://blogs.chrisse.se - Directory Services Blog
- Reply
- Quote

Saturday, February 02, 2013 6:38 AM

In addition,

Please disable windows fireswall if enabled.

Also below ports should be opened in all the DCs for AD/DNS.

Service	Port/protocol
RPC endpoint mapper	135/tcp, 135/udp
Network basic input/output system (NetBIOS) name service	137/tcp, 137/udp
NetBIOS datagram service	138/udp
NetBIOS session service	139/tcp
RPC dynamic assignment	Win 2k/2003:1024-65535/tcp Win 2008+:49152-65535/tcp
Server message block (SMB) over IP (Microsoft-DS)	445/tcp, 445/udp
Lightweight Directory Access Protocol (LDAP)	389/tcp
LDAP ping	389/udp
LDAP over SSL	636/tcp
Global catalog LDAP	3268/tcp
Global catalog LDAP over SSL	3269/tcp
Kerberos	88/tcp, 88/udp
Domain Name Service (DNS)	53/tcp1, 53/udp

Use port query for that.
http://www.microsoft.com/en-in/download/details.aspx?id=17148

Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin

Saturday, February 02, 2013 12:12 PM

0

DC=splusdxb02 is an orphaned domain; i removed this as you mentioned.
- Reply
- Quote
Saturday, February 02, 2013 12:15 PM

0
C:\Documents and Settings\Administrator.SCOREPLUS>nltest /dclist:score-plus.com
Get list of DCs in domain 'score-plus.com' from '\\SPLUSDXBSRV.score-plus.com'.
         splusqatar.score-plus.com       [DS] Site: Default-First-Site-Name
      SHARJAHSERVER.score-plus.com       [DS] Site: Default-First-Site-Name
        SPLUSDXBSRV.score-plus.com [PDC] [DS] Site: Default-First-Site-Name
      spluskvserver.score-plus.com
           abudhabi.score-plus.com       [DS] Site: Default-First-Site-Name
          RAKSERVER.score-plus.com       [DS] Site: Default-First-Site-Name
        alainserver.score-plus.com       [DS] Site: Default-First-Site-Name
      splusalainsrv.score-plus.com       [DS] Site: Default-First-Site-Name
    SP-ALAIN-SERVER.score-plus.com
      SP-AUH-SERVER.score-plus.com       [DS] Site: Default-First-Site-Name
    scoreplu-shjsrv.score-plus.com       [DS] Site: Default-First-Site-Name
                      SPLUSAUHSRV1       [DS] Site: Default-First-Site-Name
        splusraksrv.score-plus.com       [DS] Site: Default-First-Site-Name
        splusauhsrv.score-plus.com       [DS] Site: Default-First-Site-Name
         spalainsrv.score-plus.com       [DS] Site: Default-First-Site-Name
The command completed successfully

C:\Documents and Settings\Administrator.SCOREPLUS>nltest /dclist:splusdxb02
Cannot find DC to get DC list from.Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
The command completed successfully
- Edited by Superuser2013 Saturday, February 02, 2013 12:19 PM
- Reply
- Quote
Saturday, February 02, 2013 1:47 PM

0

hi Christoffer,

after removing the orphaned domain "DC=splusdxb02", splusdxbsrv also flaged as GC.

C:\Documents and Settings\Administrator.SCOREPLUS>nltest /dsgetdc:score-plus.com
/server:splusdxbsrv
           DC: \\SPLUSDXBSRV.score-plus.com
      Address: \\192.168.76.90
     Dom Guid: dc66e65c-ad07-4b80-9272-9fe95bf47084
     Dom Name: score-plus.com
Forest Name: score-plus.com
Dc Site Name: Default-First-Site-Name
Our Site Name: Default-First-Site-Name
        Flags: PDC GC DS LDAP KDC TIMESERV GTIMESERV WRITABLE DNS_DC DNS_DOMAIN
DNS_FOREST CLOSE_SITE
The command completed successfully

below kb says once the new GC has selected we have to wait for event ID 1119 to appear under directory service log, still this event doesn't appear.

support.microsoft.com/kb/313994
- Reply
- Quote
Saturday, February 02, 2013 3:19 PM

0
I'm glad that the situation seems to have been resolved, reading the event i'm not really sure but there is several ways to check if the GC is ready:
1. nltest /dsgetdc:score-plus.com /server:splusdxbsrv (You have already done that and it show's that it's a GC)
2. The following regkey should exists on 'splusdxbsrv' Global Catalog Promotion Complete registry entry stored in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\ is set to the value 1. If it is, then the computer is advertising as a Global Catalog server.
3. The 'isGlobalCatalogReady' attribute should show true (You can check this with LDP.exe) as Biswajit Biswas has posted a print screen of earlier in this thread.
Have you got event ID: 1790 logged? (That in indicates that the max retry to make the DC a GC has been hit, and you need to restart the DC to have it try again)
Enfo Zipper
Christoffer Andersson – Principal Advisor
http://blogs.chrisse.se - Directory Services Blog
- Reply
- Quote
Saturday, February 02, 2013 3:23 PM

0

Great Chris.
Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin
- Reply
- Quote
Saturday, February 02, 2013 7:40 PM

0

hi christoffer/biswajit

everything looks fine, still i don't have event ID 1119 and 1790 logged, as a final test i have to shutdown the current GC to see all is working fine.

i will let you know this by tommorrow.

thanks christoffer and biswajit for your help, really great stuff.
- Reply
- Quote
Sunday, February 03, 2013 5:17 PM

0

hi christoffer,

All working fine, once again thanks your support
- Reply
- Quote

Unable to move global catalog between domains (server 2003 r2)

All Replies

To configure a domain controller as a global catalog server

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support by product

Other support links

Not an IT pro?