none
fsmo tansfer error

    Question

  • hi..

    while i am trying to transfer Schema master.. i was getting the following error. The Requested FSMO operation failed. The current FSMO holder could not contacted. The transfer of the current operation master could not be perfomed.

    after googling.. i had pointed domain controller DNS to internal ip..even though i am not able to transfer the roles..

    Thursday, April 26, 2012 6:31 AM

All replies

  • Run netdom query FSMO and check which is the domain controller that host schema master.

    Make sure DC is holding schema master is online.

    Regards,

    _Prashant_


    MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Thursday, April 26, 2012 6:34 AM
  • i had runned the query and it said me that my DC is having all the roles.. but i am not able to transfer the roles.
    Thursday, April 26, 2012 6:38 AM
  • Make sure you are performing this with the account which has got schema admin rights

    If you are unable to do this using GUI , Please use NTDSUTIL command line.

    http://support.microsoft.com/kb/255504/en-us

    Also refer below thread which discuss the same problem

    http://www.winvistatips.com/transfer-current-operations-master-could-not-performed-t779801.html

    Regards,

    _Prashant_


    MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Thursday, April 26, 2012 6:45 AM
  • i had tried, as suggested. Got the following error

    fsmo maintenance: transfer infrastructure master
    ldap_modify_sW error 0x34(52 (Unavailable).
    Ldap extended error message is 000020AF: SvcErr: DSID-03210380, problem 5002 (UN
    AVAILABLE), data 8456

    Win32 error returned is 0x20af(The requested FSMO operation failed. The current
    FSMO holder could not be contacted.)
    )
    Depending on the error code this may indicate a connection,
    ldap, or role transfer error.
    Server "pridc" knows about 5 roles
    Schema - CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C
    N=Configuration,DC=dipl,DC=com
    Naming Master - CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=
    Sites,CN=Configuration,DC=dipl,DC=com
    PDC - CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=C
    onfiguration,DC=dipl,DC=com
    RID - CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=C
    onfiguration,DC=dipl,DC=com
    Infrastructure - CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN
    =Sites,CN=Configuration,DC=dipl,DC=com

    Thursday, April 26, 2012 6:58 AM
  • Hello,

    if you use schema MMC please assure to be connected to the DC NOT having the schema FSMO to transfer it.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Thursday, April 26, 2012 7:03 AM
  • i am unable to get u..could u plz describe in details.. thanks
    Thursday, April 26, 2012 7:08 AM
  • Agree with Meinolf,

     Also Please make sure all your DC point to correct DNS server . Did you check the link provided by me in my earlier post?

    http://www.winvistatips.com/transfer-current-operations-master-could-not-performed-t779801.html

    Also I would recommand you to check the DNS suffix of the domain controller on which you are perfomring the transfer

    It is better you run unedited ipconfig /all on the DC and post the result here.

    Regards,

    _Prashant_


    MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Thursday, April 26, 2012 7:14 AM
  • Hi,

    Make sure that the current FSMO role holder is online and can be contacted.

    Connect to the DC to which you want to transfer the FSMO role.

    Transfer the Schema Master Role

    Use the Active Directory Schema Master snap-in to transfer the schema master role. Before you can use this snap-in, you must register the Schmmgmt.dll file.

    Register Schmmgmt.dll

    1. Click Start, and then click Run.
    2. Type regsvr32 schmmgmt.dll in the Open box, and then click OK.
    3. Click OK when you receive the message that the operation succeeded.

    Transfer the Schema Master Role

    1. Click Start, click Run, type mmc in the Open box, and then click OK.
    2. On the File, menu click Add/Remove Snap-in.
    3. Click Add.
    4. Click Active Directory Schema, click Add, click Close, and then click OK.
    5. In the console tree, right-click Active Directory Schema, and then click Change Domain Controller.
    6. Click Specify Name, type the name of the domain controller that will be the new role holder, and then click OK.
    7. In the console tree, right-click Active Directory Schema, and then click Operations Master.
    8. Click Change.
    9. Click OK to confirm that you want to transfer the role, and then click Close.


    Regards,
    Rafic

    If you found this post helpful, please give it a "Helpful" vote.
    If it answered your question, remember to mark it as an "Answer".
    This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

    Thursday, April 26, 2012 7:14 AM
  • i had checked up the link. and it is not working..

    i had pointed all my servers dns to DC DNS..even though it is not working.. i strongly believe that my dns server is not working properly

    can u please provide me a link or provide me the steps to repair dns

    Thursday, April 26, 2012 7:24 AM
  • chandut,

     Please post the unedited ipconfig /all of the DC from which you are perfomring this task.

    Regards,

    _Prashant_


    MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Thursday, April 26, 2012 7:27 AM
  • Hi,

    Please post the unedited ipconfig /all from the problematic server.

    Can you ping your FSMO role holder?


    Regards,
    Rafic

    If you found this post helpful, please give it a "Helpful" vote.
    If it answered your question, remember to mark it as an "Answer".
    This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

    Thursday, April 26, 2012 7:28 AM
  •  

    Hi,

    Here is an article regarding how to troubleshoot DNS problem:

    http://technet.microsoft.com/en-us/library/cc787724(WS.10).aspx

    Hope it can help.

    Regards

    Kevin


    TechNet Community Support

    Thursday, April 26, 2012 7:36 AM
  • Hi 

    Seems likes there has been problem with the contact your primary domain controller which FSMO rolles are being hold.

    1.Please do check AD site and services which that domain controller in a proper place. 

    2.double check the FQDN and command which you are being used.

    3.Make try this on GUI mode.

    Below article help you how to transfer FSMO role 

    http://support.microsoft.com/kb/324801

    Thursday, April 26, 2012 7:44 AM
  • As requested following are the ipconfig /all of our servers

    Domain Controller

    C:\Users\Administrator>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : DC
       Primary Dns Suffix  . . . . . . . : dipl.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : dipl.com
       System Quarantine State . . . . . : Not Restricted


    Ethernet adapter Local Area Connection 4:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection #
    3
       Physical Address. . . . . . . . . : 00-0C-29-16-8E-A0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 10.10.10.9(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.254.0
       Default Gateway . . . . . . . . . : 10.10.10.1
       DNS Servers . . . . . . . . . . . : 10.10.10.9
                                           10.10.10.49
                                           192.168.20.49
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter Local Area Connection* 9:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 02-00-54-55-4E-01
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 11:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : isatap.{0C96CF6D-57FF-4667-9D98-2DE214AB1
    75E}
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Additional domain controller

    C:\Users\Administrator>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : DC
       Primary Dns Suffix  . . . . . . . : dipl.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : dipl.com
       System Quarantine State . . . . . : Not Restricted


    Ethernet adapter Local Area Connection 4:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection #
    3
       Physical Address. . . . . . . . . : 00-0C-29-16-8E-A0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 10.10.10.9(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.254.0
       Default Gateway . . . . . . . . . : 10.10.10.1
       DNS Servers . . . . . . . . . . . : 10.10.10.9
                                           10.10.10.49
                                           192.168.20.49
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter Local Area Connection* 9:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 02-00-54-55-4E-01
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 11:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : isatap.{0C96CF6D-57FF-4667-9D98-2DE214AB1
    75E}
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    C:\Users\Administrator>

     New server.. (For transferring roles)

    C:\Users\Administrator.DIPL>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : pridc
       Primary Dns Suffix  . . . . . . . : dipl.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : dipl.com

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
       Physical Address. . . . . . . . . : 00-0C-29-15-C8-75
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 10.10.10.48(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.254.0
       Default Gateway . . . . . . . . . : 10.10.10.1
       DNS Servers . . . . . . . . . . . : 10.10.10.9
                                           10.10.10.49
                                           127.0.0.1
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter Local Area Connection* 8:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : isatap.{89B6CFF1-7D6D-459A-BCB7-C50A211A1
    9D5}
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Thursday, April 26, 2012 8:18 AM
  • i am able to ping FSMO holder.
    Thursday, April 26, 2012 8:19 AM
  • Its seems that there is replication issue between dc due to dns misconfig or necessary port not open for AD replication.

    Ensure the following on DC:
    1. Each DC / DNS server points to its private IP address as primary DNS server and other remote/local DNS servers as secondary in TCP/IP properties.
    2. Each DC has just one IP address and single network adapter is enabled.
    3. Contact your ISP and get valid DNS IPs from them and add it in to the forwarders, Do not set public DNS server in TCP/IP setting of DC.
    4. Once you are done, run "ipconfig /flushdns & ipconfig /registerdns", restart DNS and NETLOGON service each DC.
    Do not put private DNS IP addresses in forwarder list.
    5.Assigning static IP address to DC if IP address is assigned by DHCP server to DC.It is strongly not recommended.

    -->>MULTIHOMING Domain controllers is not recommended, it always results in multiple problems.
    ------------------------------------
    1. Domain Controllers should not be multi-homed
    2. Being a VPN Server and even simply running RRAS makes it multi-homed.
    3. DNS even just all by itself, is better on a single homed machine.
    4. Domain Controllers with the PDC Role are automatically Domain Master Browser. Master Browsers should not be multi-homed

    272294 - Active Directory Communication Fails on Multihomed Domain Controllers http://support.microsoft.com/default.aspx?scid=kb;en-us;272294


    Active Directory Firewall Ports - Let's Try To Make This Simple
    http://msmvps.com/blogs/acefekay/archive/2011/11/01/active-directory-firewall-ports-let-s-try-to-make-this-simple.aspx

    If still the issue persist post the ipconfig /all,dcdiag /q and repadmin /replsum output.Also check the event log for any warning or errors.

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Thursday, April 26, 2012 8:24 AM
  • Your DOmain controller and Additional Domain controller has got same IP address ? (10.10.10.9)?

    which is the source domain controller which holds Schema FSMO Role?

    which is the destination domain controller where you want to transfer the role

    Please expalins

    Reagards,

    _Prashant_


    MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Thursday, April 26, 2012 8:26 AM
  • Hi,

    Make sure your DNS is healthy first. It seems to be a replication issue. Post the below output.

    Run dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt
    repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt  ["dc* is a place holder for the starting name of the DCs if they all begin the same (if more then one DC exists)]


    Regards,
    Rafic

    If you found this post helpful, please give it a "Helpful" vote.
    If it answered your question, remember to mark it as an "Answer".
    This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

    Thursday, April 26, 2012 8:30 AM
  • 10.10.10.9 is my primary domain controller

    10.10.10.49 is my additional domain controller

    10.10.10.48 is the new server i buid it as additional domain controller and i wpuld like to transfer the roles to it.

    Thursday, April 26, 2012 8:37 AM
  • may be i had copied same ipconfig /all for dc and adc

    10.10.10.9 is my primary domain controller

    10.10.10.49 is my additional domain controller

    10.10.10.48 is the new server i buid it as additional domain controller and i wpuld like to transfer the roles to it.


    • Edited by chandut Thursday, April 26, 2012 8:43 AM
    Thursday, April 26, 2012 8:40 AM
  • It seems that you have not posted the correct IP details if the above mentioned are IP address of DC what is this IP address 192.168.20.49? Also in the previous post you two DC having same IP address 10.10.10.9.

    Also please post the dcdiag and repadmin output as well.


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Thursday, April 26, 2012 8:50 AM
  • Command Line: "dcdiag.exe
    /v /c /d /e /s:dcname"

    Directory Server Diagnosis


    Performing initial setup:

       * Connecting to directory service on server dcname.

       Ldap search capabality attribute search failed on server dcname, return

       value = 81
       The host dcname could not be resolved to an IP address. Check the DNS

       server, DHCP, server name, etc.

       DcDiag: uncaught exception raised, continuing search

     

    Thursday, April 26, 2012 8:56 AM
  • Hi,

    Replace the dcname with your domain controller name

    dcdiag /v /c /d /e /s:dcname

    or just post the output dcdiag /v


    Regards,
    Rafic

    If you found this post helpful, please give it a "Helpful" vote.
    If it answered your question, remember to mark it as an "Answer".
    This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

    Thursday, April 26, 2012 9:00 AM
  • Hello,

    please UPLOAD files to Windows Sky drive and do NOT post the complete content here, Just pipe the output to a textfile for all of the otuput:

    dcdiag /v /c /d /e /s:dcname >c\:dcdiag.log


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Thursday, April 26, 2012 9:14 AM
  • i am unable to take the report of dcdiag /v

    Thursday, April 26, 2012 9:16 AM
  • i had uploaded file to sky drive ..please check it from the below link

    https://skydrive.live.com/redir.aspx?cid=e66d08a537e716a3&resid=E66D08A537E716A3!128&parid=root

    Thursday, April 26, 2012 9:32 AM
  • Hi,

    please run the below command and post it in skydrive.

    dcdiag /v /c /d /e /s:DC.dipl.com >c\:dcdiag.log

    Are you sure the DNS service is running on the primary DC?

    I can see a DNS name resolution issue and the last replication was happened months before.


    Regards,
    Rafic

    If you found this post helpful, please give it a "Helpful" vote.
    If it answered your question, remember to mark it as an "Answer".
    This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!


    • Edited by iamrafic Thursday, April 26, 2012 9:43 AM
    Thursday, April 26, 2012 9:40 AM
  • unable to generate report of it. do i have any alternate to get the report.

    DNS service is running on DC.  We have some problem with dc( dns issue). it been so many months we had stopped our dc..till this time we are running from ADC.. now we want all the roles to be transfered from DC to Additinal domain controller or to new server.

    we spent so many days to sort it out..but no luck :(

    Thursday, April 26, 2012 10:06 AM
  • Hi,

    Your server exceeded the tombstone life time. You need to do a force removal on the DC and run a metadata cleanup.

    Run dcpromo /forceremoval to force demotion of the DC
    Resize FSMO roles that this DC was holder to another DC
    Perform a metadata cleanup
    Delete all remaining DNS records of this DC
    Promote again the DC


    Forcibly Removing Active Directory from a DC - Retire a Domain ...
    www.petri.co.il/forcibly_removing_active_directoy_from_dc.htm


    Seizing FSMO Roles
    www.petri.co.il/seizing_fsmo_roles.htm


    Regards,
    Rafic

    If you found this post helpful, please give it a "Helpful" vote.
    If it answered your question, remember to mark it as an "Answer".
    This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

    Thursday, April 26, 2012 10:14 AM
  • Please post the required log in skydrive as there is replication issue between DC.


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Thursday, April 26, 2012 10:15 AM
    • Edited by chandut Thursday, April 26, 2012 11:27 AM
    Thursday, April 26, 2012 11:05 AM
  • How many DC you have in the n/w the log you posted have many DC as below.
    DC, WIN-LBKR4RIS11P,ADC,AXProdserver,ADCL,rmprod,CRMTest,EXC etc.

    The clock difference between the home server DC and target server ADC.Netlogn service is in pause state on server name DC.Can you let us know how many DC you have in the n/w.How is your domain architecture?

    Check the server DC as mentioned the netlogn service is paused state it could be due low disk space or the server is in USN rollback state.Have you recently restored any DC with image backup?

    Also please ensure below.

    Ensure the follwoing DNS setting on DC.

    --Check the DNS setting on the Server it should point to itself(assuming that dns role is installed on the server).If multiple DNS are present add the alternate dns setting as well.

    --If the public ip address is added in the NIC DNS setting remove the same and add to DNS forwarders if required.

    --If 127.0.0.1 is entered as dns remove the same and add ip address.

    --Check NIC binding the NIC which is online and has ip details should be in first order.If multiple NIC are present then disabled the unrequired NIC.http://theregime.wordpress.com/2008/03/04/how-to-setview-the-nic-bind-order-in-windows/

    --Also make sure the IPv6 is configured to dynamic (Automatically).

    2.Ran ipconfig /flushdns and ipconfig /registerdns

    3.Restart the netlogon and DNS service

    4.Ran repadmin /syncall /AdeP on all DC to force the replication.

    5.Once done ran dcdiag /q to check for any errors.

    Configure authorative time server on the PDC role holder server below is the KB article for the same.
    http://support.microsoft.com/kb/816042

    To configure an NTP client: http://www.ehow.com/how_5981545_configure-windows-ntp-client.html

    Please also make sure that udp port 123 which as direction the chosen NTP server is not blocked.

    For other domain computers / servers, make sure that they are using NT5DS for time sync. More here: http://support.microsoft.com/kb/223184

    Check the required firewall port is open for AD communication.
    Active Directory Firewall Ports:http://technet.microsoft.com/en-us/library/bb727063.aspx

    Please post the dcdiag /q and repadmin /replsum output in proper format .Also let us know how is your AD architecture designed.

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Friday, April 27, 2012 9:13 AM
  • Hi,

    It looks DNS server issue . Pl test your DNS server like this

    Click start, Administrative tools and then click DNS.

    Click on monitoring tab

    The option which you can select to test querying of the DNS server are listed.

    Andiappan

    Friday, April 27, 2012 11:32 AM