|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Infrastructure FSMO role owner attibute not correct in root domainI recieve the following error in my OpsMgr2007 which indicates that my root domain has a problem AD Replication Monitoring : encountered a runtime error. Failed to obtain the InfrastructureMaster using a well known GUID. The error returned was: 'Failed to get the 'fSMORoleOwner' attribute from the object 'LDAP://cservername.domain.subdomain.net/<WKGUID=2fbac1870ade11d297c400c04fd8d5cd,DC=ForestDnsZones,DC=eccocorp,DC=net>'. The error returned was: 'The directory property cannot be found in the cache. ' (0x8000500D)' (0x8000500D) And by following what suggested in this article: http://www.mombu.com/microsoft/mom-management-pack-active-directory/t-ad-topology-discovery-error-me-too-199177.html The i correctly find that i have a error on the infrastucture object in AD which point to a probably a deleted DC But then the problem is that i can't change the property When try changing it in ADSI Edit i get the following error: Operation Failed. Error code: 0x20ae The role owner attribute could not be read 000020AE: SvcErr: DSID-03152BF7, Problem 5003 (WILL_NOT_PERFORM) Data 0 I have also tried to seize the role with NTDSUTIL onto the same server which seems to hold the role right now, but with no luck What can i do now? Thank you for you time /Alex Howdie!
Beamer wrote: > When try changing it in ADSI Edit i get the following error: So what is the current IM role holder? Check with "netdom query fsmo". > > Operation Failed. Error code: 0x20ae > The role owner attribute could not be read > > 000020AE: SvcErr: DSID-03152BF7, Problem 5003 > (WILL_NOT_PERFORM) Data 0 > > I have also tried to seize the role with NTDSUTIL onto the same server which > seems to hold the role right now, but with no luck > > What can i do now? Is it still online and accessible? What does "have tried with NTDSUTIL with no luck" mean? Cheers, Florian -- Microsoft MVP - Group Policy eMail: prename [at] frickelsoft [dot] net. blog: http://www.frickelsoft.net/blog. Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste From a command prompt run the following:
netdom query fsmo This will detail the fsmo role holders, you should then be able to go to that dc and verify that things are ok. I will post a diagnostics set of commands at the end of this thread as well. You can consider to run them if you want to. I have a SCOM server as well and just tuning it and I get a lot of noise and I see a fsmo error from time to time, so if you are seeing this every few days I don't think I would be overly concerned. Run diagnostics against your Active Directory domain. If you don't have the support tools installed, install them from your server install disk. d:\support\tools\setup.exe Run dcdiag, netdiag and repadmin in verbose mode. -> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log -> netdiag.exe /v > c:\netdiag.log (On each dc) -> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt -> dnslint /ad /s "ip address of your dc" **Note: Using the /E switch in dcdiag will run diagnostics against ALL dc's in the forest. If you have significant numbers of DC's this test could generate significant detail and take a long time. You also want to take into account slow links to dc's will also add to the testing time. If you download a gui script I wrote it should be simple to set and run (DCDiag and NetDiag). It also has the option to run individual tests without having to learn all the switch options. The details will be output in notepad text files that pop up automagically. The script is located on my website at http://www.pbbergs.com/windows/downloads.htm Just select both dcdiag and netdiag make sure verbose is set. (Leave the default settings for dcdiag as set when selected) When complete search for fail, error and warning messages. Description and download for dnslint http://support.microsoft.com/kb/321045 -- Show quoteHide quotePaul Bergson MVP - Directory Services MCTS, MCT, MCSE, MCSA, Security+, BS CSci 2008, 2003, 2000 (Early Achiever), NT4 http://www.pbbergs.com Please no e-mails, any questions should be posted in the NewsGroup This posting is provided "AS IS" with no warranties, and confers no rights. "Beamer" <Bea***@discussions.microsoft.com> wrote in message news:25FD8489-3A3C-4667-B5B9-E794CC25AC9B@microsoft.com... > Hi Guys > > I recieve the following error in my OpsMgr2007 which indicates that my > root > domain has a problem > > AD Replication Monitoring : encountered a runtime error. > Failed to obtain the InfrastructureMaster using a well known GUID. > The error returned was: 'Failed to get the 'fSMORoleOwner' attribute from > the object > 'LDAP://cservername.domain.subdomain.net/<WKGUID=2fbac1870ade11d297c400c04fd8d5cd,DC=ForestDnsZones,DC=eccocorp,DC=net>'. > The error returned was: 'The directory property cannot be found in the > cache. > ' (0x8000500D)' (0x8000500D) > > And by following what suggested in this article: > http://www.mombu.com/microsoft/mom-management-pack-active-directory/t-ad-topology-discovery-error-me-too-199177.html > > The i correctly find that i have a error on the infrastucture object in AD > which point to a probably a deleted DC > > But then the problem is that i can't change the property > > When try changing it in ADSI Edit i get the following error: > > Operation Failed. Error code: 0x20ae > The role owner attribute could not be read > > 000020AE: SvcErr: DSID-03152BF7, Problem 5003 > (WILL_NOT_PERFORM) Data 0 > > I have also tried to seize the role with NTDSUTIL onto the same server > which > seems to hold the role right now, but with no luck > > What can i do now? > > Thank you for you time > > /Alex Hello Beamer,
Please post an output from "netdom query fsmo" and also run diagnosti tools dcdiag /v and netdiag /v, repadmin /showrepl if more DC's exist. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm Show quoteHide quote > Hi Guys > > I recieve the following error in my OpsMgr2007 which indicates that my > root domain has a problem > > AD Replication Monitoring : encountered a runtime error. > > Failed to obtain the InfrastructureMaster using a well known GUID. > > The error returned was: 'Failed to get the 'fSMORoleOwner' attribute > from > > the object > > 'LDAP://cservername.domain.subdomain.net/<WKGUID=2fbac1870ade11d297c40 > 0c04fd8d5cd,DC=ForestDnsZones,DC=eccocorp,DC=net>'. > > The error returned was: 'The directory property cannot be found in the > cache. > > ' (0x8000500D)' (0x8000500D) > > And by following what suggested in this article: > http://www.mombu.com/microsoft/mom-management-pack-active-directory/t- > ad-topology-discovery-error-me-too-199177.html > > The i correctly find that i have a error on the infrastucture object > in AD which point to a probably a deleted DC > > But then the problem is that i can't change the property > > When try changing it in ADSI Edit i get the following error: > > Operation Failed. Error code: 0x20ae > The role owner attribute could not be read > 000020AE: SvcErr: DSID-03152BF7, Problem 5003 > (WILL_NOT_PERFORM) Data 0 > I have also tried to seize the role with NTDSUTIL onto the same server > which seems to hold the role right now, but with no luck > > What can i do now? > > Thank you for you time > > /Alex > Hi Guys
Thanks for your answers.. I guess i didn't state my question well enough.. I have more or less exactly the same problem as mentioned in this article: http://www.mombu.com/microsoft/mom-management-pack-active-directory/t-ad-topology-discovery-error-me-too-199177.html The only difference is that my gibberish entry is in the ForrestDNSZone and that i can't seem to change it. If i run netdom query fsmo then i get the nice answer that the infrastructure master is at the right server.. but when i look at the infrastucture object in the ForrestDNSZone with ADSIEdit it has gibberish typed into the FSMORoleOwner attribute.. So SCOM says correctly that there is a wrong entry in the ForrestDnsZone Do you still need me to provide you with the diagnostics logs? /Alex the way to assign a new role owner to the IM of the app NC is to write a new
value into it. It should be the DN of the NTDS Settings object of an existing DC also checkout: http://support.microsoft.com/kb/949257 -- Show quoteHide quoteCheers, (HOPEFULLY THIS INFORMATION HELPS YOU!) # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services # BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx ------------------------------------------------------------------------------------------ * This posting is provided "AS IS" with no warranties and confers no rights! * Always test ANY suggestion in a test environment before implementing! ------------------------------------------------------------------------------------------ ################################################# ################################################# ------------------------------------------------------------------------------------------ "Beamer" <Bea***@discussions.microsoft.com> wrote in message news:25FD8489-3A3C-4667-B5B9-E794CC25AC9B@microsoft.com... > Hi Guys > > I recieve the following error in my OpsMgr2007 which indicates that my > root > domain has a problem > > AD Replication Monitoring : encountered a runtime error. > Failed to obtain the InfrastructureMaster using a well known GUID. > The error returned was: 'Failed to get the 'fSMORoleOwner' attribute from > the object > 'LDAP://cservername.domain.subdomain.net/<WKGUID=2fbac1870ade11d297c400c04fd8d5cd,DC=ForestDnsZones,DC=eccocorp,DC=net>'. > The error returned was: 'The directory property cannot be found in the > cache. > ' (0x8000500D)' (0x8000500D) > > And by following what suggested in this article: > http://www.mombu.com/microsoft/mom-management-pack-active-directory/t-ad-topology-discovery-error-me-too-199177.html > > The i correctly find that i have a error on the infrastucture object in AD > which point to a probably a deleted DC > > But then the problem is that i can't change the property > > When try changing it in ADSI Edit i get the following error: > > Operation Failed. Error code: 0x20ae > The role owner attribute could not be read > > 000020AE: SvcErr: DSID-03152BF7, Problem 5003 > (WILL_NOT_PERFORM) Data 0 > > I have also tried to seize the role with NTDSUTIL onto the same server > which > seems to hold the role right now, but with no luck > > What can i do now? > > Thank you for you time > > /Alex Hi Jorge
Thank you for you answer. I would love to write the apropriate value into the field but it won't let me.. it still gives me the error below when i try to: Show quoteHide quote > Operation Failed. Error code: 0x20ae > The role owner attribute could not be read > > 000020AE: SvcErr: DSID-03152BF7, Problem 5003 > (WILL_NOT_PERFORM) Data 0 "Jorge de Almeida Pinto [MVP - DS]" wrote: > the way to assign a new role owner to the IM of the app NC is to write a new > value into it. It should be the DN of the NTDS Settings object of an > existing DC > > also checkout: > http://support.microsoft.com/kb/949257 > > -- > > Cheers, > (HOPEFULLY THIS INFORMATION HELPS YOU!) > > # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services # > > BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx > BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx > ------------------------------------------------------------------------------------------ > * This posting is provided "AS IS" with no warranties and confers no rights! > * Always test ANY suggestion in a test environment before implementing! > ------------------------------------------------------------------------------------------ > ################################################# > ################################################# > ------------------------------------------------------------------------------------------ > > "Beamer" <Bea***@discussions.microsoft.com> wrote in message > news:25FD8489-3A3C-4667-B5B9-E794CC25AC9B@microsoft.com... > > Hi Guys > > > > I recieve the following error in my OpsMgr2007 which indicates that my > > root > > domain has a problem > > > > AD Replication Monitoring : encountered a runtime error. > > Failed to obtain the InfrastructureMaster using a well known GUID. > > The error returned was: 'Failed to get the 'fSMORoleOwner' attribute from > > the object > > 'LDAP://cservername.domain.subdomain.net/<WKGUID=2fbac1870ade11d297c400c04fd8d5cd,DC=ForestDnsZones,DC=eccocorp,DC=net>'. > > The error returned was: 'The directory property cannot be found in the > > cache. > > ' (0x8000500D)' (0x8000500D) > > > > And by following what suggested in this article: > > http://www.mombu.com/microsoft/mom-management-pack-active-directory/t-ad-topology-discovery-error-me-too-199177.html > > > > The i correctly find that i have a error on the infrastucture object in AD > > which point to a probably a deleted DC > > > > But then the problem is that i can't change the property > > > > When try changing it in ADSI Edit i get the following error: > > > > Operation Failed. Error code: 0x20ae > > The role owner attribute could not be read > > > > 000020AE: SvcErr: DSID-03152BF7, Problem 5003 > > (WILL_NOT_PERFORM) Data 0 > > > > I have also tried to seize the role with NTDSUTIL onto the same server > > which > > seems to hold the role right now, but with no luck > > > > What can i do now? > > > > Thank you for you time > > > > /Alex > > do you have the correct permissions? (domain admin)
-- Show quoteHide quoteCheers, (HOPEFULLY THIS INFORMATION HELPS YOU!) # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services # BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx ------------------------------------------------------------------------------------------ * This posting is provided "AS IS" with no warranties and confers no rights! * Always test ANY suggestion in a test environment before implementing! ------------------------------------------------------------------------------------------ ################################################# ################################################# ------------------------------------------------------------------------------------------ "Beamer" <Bea***@discussions.microsoft.com> wrote in message news:3BB7835C-58C5-4AE0-A10D-CDAC3553CCEE@microsoft.com... > Hi Jorge > > Thank you for you answer. > > I would love to write the apropriate value into the field but it won't let > me.. > > it still gives me the error below when i try to: > >> Operation Failed. Error code: 0x20ae >> The role owner attribute could not be read >> >> 000020AE: SvcErr: DSID-03152BF7, Problem 5003 >> (WILL_NOT_PERFORM) Data 0 > > > "Jorge de Almeida Pinto [MVP - DS]" wrote: > >> the way to assign a new role owner to the IM of the app NC is to write a >> new >> value into it. It should be the DN of the NTDS Settings object of an >> existing DC >> >> also checkout: >> http://support.microsoft.com/kb/949257 >> >> -- >> >> Cheers, >> (HOPEFULLY THIS INFORMATION HELPS YOU!) >> >> # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services # >> >> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx >> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx >> ------------------------------------------------------------------------------------------ >> * This posting is provided "AS IS" with no warranties and confers no >> rights! >> * Always test ANY suggestion in a test environment before implementing! >> ------------------------------------------------------------------------------------------ >> ################################################# >> ################################################# >> ------------------------------------------------------------------------------------------ >> >> "Beamer" <Bea***@discussions.microsoft.com> wrote in message >> news:25FD8489-3A3C-4667-B5B9-E794CC25AC9B@microsoft.com... >> > Hi Guys >> > >> > I recieve the following error in my OpsMgr2007 which indicates that my >> > root >> > domain has a problem >> > >> > AD Replication Monitoring : encountered a runtime error. >> > Failed to obtain the InfrastructureMaster using a well known GUID. >> > The error returned was: 'Failed to get the 'fSMORoleOwner' attribute >> > from >> > the object >> > 'LDAP://cservername.domain.subdomain.net/<WKGUID=2fbac1870ade11d297c400c04fd8d5cd,DC=ForestDnsZones,DC=eccocorp,DC=net>'. >> > The error returned was: 'The directory property cannot be found in the >> > cache. >> > ' (0x8000500D)' (0x8000500D) >> > >> > And by following what suggested in this article: >> > http://www.mombu.com/microsoft/mom-management-pack-active-directory/t-ad-topology-discovery-error-me-too-199177.html >> > >> > The i correctly find that i have a error on the infrastucture object in >> > AD >> > which point to a probably a deleted DC >> > >> > But then the problem is that i can't change the property >> > >> > When try changing it in ADSI Edit i get the following error: >> > >> > Operation Failed. Error code: 0x20ae >> > The role owner attribute could not be read >> > >> > 000020AE: SvcErr: DSID-03152BF7, Problem 5003 >> > (WILL_NOT_PERFORM) Data 0 >> > >> > I have also tried to seize the role with NTDSUTIL onto the same server >> > which >> > seems to hold the role right now, but with no luck >> > >> > What can i do now? >> > >> > Thank you for you time >> > >> > /Alex >> >> I had the correct rights (domain admins.. verfied on the object), and still
got the "could not be read" error. I got this error when trying to set it on several domain controllers. However, I was able to updat the value by connecting to the partition on the server that actually was the infrastructure master. I don't know i that was the real "fix" or just a coincidence or not though. Show quoteHide quote "Jorge de Almeida Pinto [MVP - DS]" wrote: > do you have the correct permissions? (domain admin) > > -- > > Cheers, > (HOPEFULLY THIS INFORMATION HELPS YOU!) > > # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services # > > BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx > BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx > ------------------------------------------------------------------------------------------ > * This posting is provided "AS IS" with no warranties and confers no rights! > * Always test ANY suggestion in a test environment before implementing! > ------------------------------------------------------------------------------------------ > ################################################# > ################################################# > ------------------------------------------------------------------------------------------ > > "Beamer" <Bea***@discussions.microsoft.com> wrote in message > news:3BB7835C-58C5-4AE0-A10D-CDAC3553CCEE@microsoft.com... > > Hi Jorge > > > > Thank you for you answer. > > > > I would love to write the apropriate value into the field but it won't let > > me.. > > > > it still gives me the error below when i try to: > > > >> Operation Failed. Error code: 0x20ae > >> The role owner attribute could not be read > >> > >> 000020AE: SvcErr: DSID-03152BF7, Problem 5003 > >> (WILL_NOT_PERFORM) Data 0 > > > > > > "Jorge de Almeida Pinto [MVP - DS]" wrote: > > > >> the way to assign a new role owner to the IM of the app NC is to write a > >> new > >> value into it. It should be the DN of the NTDS Settings object of an > >> existing DC > >> > >> also checkout: > >> http://support.microsoft.com/kb/949257 > >> > >> -- > >> > >> Cheers, > >> (HOPEFULLY THIS INFORMATION HELPS YOU!) > >> > >> # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services # > >> > >> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx > >> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx > >> ------------------------------------------------------------------------------------------ > >> * This posting is provided "AS IS" with no warranties and confers no > >> rights! > >> * Always test ANY suggestion in a test environment before implementing! > >> ------------------------------------------------------------------------------------------ > >> ################################################# > >> ################################################# > >> ------------------------------------------------------------------------------------------ > >> > >> "Beamer" <Bea***@discussions.microsoft.com> wrote in message > >> news:25FD8489-3A3C-4667-B5B9-E794CC25AC9B@microsoft.com... > >> > Hi Guys > >> > > >> > I recieve the following error in my OpsMgr2007 which indicates that my > >> > root > >> > domain has a problem > >> > > >> > AD Replication Monitoring : encountered a runtime error. > >> > Failed to obtain the InfrastructureMaster using a well known GUID. > >> > The error returned was: 'Failed to get the 'fSMORoleOwner' attribute > >> > from > >> > the object > >> > 'LDAP://cservername.domain.subdomain.net/<WKGUID=2fbac1870ade11d297c400c04fd8d5cd,DC=ForestDnsZones,DC=eccocorp,DC=net>'. > >> > The error returned was: 'The directory property cannot be found in the > >> > cache. > >> > ' (0x8000500D)' (0x8000500D) > >> > > >> > And by following what suggested in this article: > >> > http://www.mombu.com/microsoft/mom-management-pack-active-directory/t-ad-topology-discovery-error-me-too-199177.html > >> > > >> > The i correctly find that i have a error on the infrastucture object in > >> > AD > >> > which point to a probably a deleted DC > >> > > >> > But then the problem is that i can't change the property > >> > > >> > When try changing it in ADSI Edit i get the following error: > >> > > >> > Operation Failed. Error code: 0x20ae > >> > The role owner attribute could not be read > >> > > >> > 000020AE: SvcErr: DSID-03152BF7, Problem 5003 > >> > (WILL_NOT_PERFORM) Data 0 > >> > > >> > I have also tried to seize the role with NTDSUTIL onto the same server > >> > which > >> > seems to hold the role right now, but with no luck > >> > > >> > What can i do now? > >> > > >> > Thank you for you time > >> > > >> > /Alex > >> > >> > Yep, i think that is the key.
Make the edit on the actual FSMO role holder. I just tried to fix the CN=Infrastructure object under the ForestDNSZones (i had previously just done the DomainDNSZones), and it gave the same error from a random DC. I connected to the infrastructure FSMO role holder for the root domain, and it worked just fine. Michael Show quoteHide quote "Michael Lehman" wrote: > I had the correct rights (domain admins.. verfied on the object), and still > got the "could not be read" error. > > I got this error when trying to set it on several domain controllers. > However, I was able to updat the value by connecting to the partition on the > server that actually was the infrastructure master. > > I don't know i that was the real "fix" or just a coincidence or not though. > > > > "Jorge de Almeida Pinto [MVP - DS]" wrote: > > > do you have the correct permissions? (domain admin) > > > > -- > > > > Cheers, > > (HOPEFULLY THIS INFORMATION HELPS YOU!) > > > > # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services # > > > > BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx > > BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx > > ------------------------------------------------------------------------------------------ > > * This posting is provided "AS IS" with no warranties and confers no rights! > > * Always test ANY suggestion in a test environment before implementing! > > ------------------------------------------------------------------------------------------ > > ################################################# > > ################################################# > > ------------------------------------------------------------------------------------------ > > > > "Beamer" <Bea***@discussions.microsoft.com> wrote in message > > news:3BB7835C-58C5-4AE0-A10D-CDAC3553CCEE@microsoft.com... > > > Hi Jorge > > > > > > Thank you for you answer. > > > > > > I would love to write the apropriate value into the field but it won't let > > > me.. > > > > > > it still gives me the error below when i try to: > > > > > >> Operation Failed. Error code: 0x20ae > > >> The role owner attribute could not be read > > >> > > >> 000020AE: SvcErr: DSID-03152BF7, Problem 5003 > > >> (WILL_NOT_PERFORM) Data 0 > > > > > > > > > "Jorge de Almeida Pinto [MVP - DS]" wrote: > > > > > >> the way to assign a new role owner to the IM of the app NC is to write a > > >> new > > >> value into it. It should be the DN of the NTDS Settings object of an > > >> existing DC > > >> > > >> also checkout: > > >> http://support.microsoft.com/kb/949257 > > >> > > >> -- > > >> > > >> Cheers, > > >> (HOPEFULLY THIS INFORMATION HELPS YOU!) > > >> > > >> # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services # > > >> > > >> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx > > >> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx > > >> ------------------------------------------------------------------------------------------ > > >> * This posting is provided "AS IS" with no warranties and confers no > > >> rights! > > >> * Always test ANY suggestion in a test environment before implementing! > > >> ------------------------------------------------------------------------------------------ > > >> ################################################# > > >> ################################################# > > >> ------------------------------------------------------------------------------------------ > > >> > > >> "Beamer" <Bea***@discussions.microsoft.com> wrote in message > > >> news:25FD8489-3A3C-4667-B5B9-E794CC25AC9B@microsoft.com... > > >> > Hi Guys > > >> > > > >> > I recieve the following error in my OpsMgr2007 which indicates that my > > >> > root > > >> > domain has a problem > > >> > > > >> > AD Replication Monitoring : encountered a runtime error. > > >> > Failed to obtain the InfrastructureMaster using a well known GUID. > > >> > The error returned was: 'Failed to get the 'fSMORoleOwner' attribute > > >> > from > > >> > the object > > >> > 'LDAP://cservername.domain.subdomain.net/<WKGUID=2fbac1870ade11d297c400c04fd8d5cd,DC=ForestDnsZones,DC=eccocorp,DC=net>'. > > >> > The error returned was: 'The directory property cannot be found in the > > >> > cache. > > >> > ' (0x8000500D)' (0x8000500D) > > >> > > > >> > And by following what suggested in this article: > > >> > http://www.mombu.com/microsoft/mom-management-pack-active-directory/t-ad-topology-discovery-error-me-too-199177.html > > >> > > > >> > The i correctly find that i have a error on the infrastucture object in > > >> > AD > > >> > which point to a probably a deleted DC > > >> > > > >> > But then the problem is that i can't change the property > > >> > > > >> > When try changing it in ADSI Edit i get the following error: > > >> > > > >> > Operation Failed. Error code: 0x20ae > > >> > The role owner attribute could not be read > > >> > > > >> > 000020AE: SvcErr: DSID-03152BF7, Problem 5003 > > >> > (WILL_NOT_PERFORM) Data 0 > > >> > > > >> > I have also tried to seize the role with NTDSUTIL onto the same server > > >> > which > > >> > seems to hold the role right now, but with no luck > > >> > > > >> > What can i do now? > > >> > > > >> > Thank you for you time > > >> > > > >> > /Alex > > >> > > >> > > We just ran into this problem where I work. We ended up contacting
Microsoft and after 2.5 days we got our fix. It turns out that we had to install DNS on the Infrastructure master and then we could edit the FSMOROLEOWNER attribute. I think what is the most aggravating about this is that everywhere else, it shows the correct server. It's just under DomainDNSZones and ForestDNSZones that it's incorrect. You still have to edit the attribute on the Infrastructure master and you have to make sure that when you edit it, you put in the server that is currently the infrastructure master (it won't let you put in a server that is not, we wanted to move our Infrastructure master back to the original server afterwards). Anyways, I hope this helps for anybody that had tried everything above with no success. 
Other interesting topics
What am I doing wrong? (Want to use Server 2003 R2 for Domain Cont
offline KB 810859 Home directory Win2k3R2 Domain Preparing for Win2k8 Member & Domain Controllers User dis-join from domain, how to re-join again Roamin Profiles Error message: During a logon attempt, the user's security context servers loooking for group policy on dead server Quick question about two-way trust. duplicate SPN's |
|||||||||||||||||||||||
