[cifs-protocol] Error message while trying to demote Windows 2008r2
Edgar Olougouna
edgaro at microsoft.com
Tue Oct 9 13:48:47 MDT 2012
Matthieu,
Did you have a look at dcpromo.log? Please check the log and see if you can spot at which step the error is occurring. Also check which DC owns the various FSMO roles.
Then review that step and processing at Samba's side.
The DC was in the process of locating a DSA to which any remaining updates and FSMO roles can be transferred as part of demoting an NDNC replica. (NDNC - Non-Domain Naming Context). In your case it was the DomainDnsZones partition. (Question: Did you have any particular DNS configuration? )
There was no target found. The error could be due to the following:
1. Failure to convert NC name into a DNS name,
You should see DsCrackNames () on the wire that includes these:
Flags DS_NAME_FLAG_SYNTACTICAL_ONLY
formatOffered DS_FQDN_1779_NAME
formatDesired DS_CANONICAL_NAME
2. Failure to find another DC that hosts this NC
You will see something equivalent to DsGetDcName() on the wire. This is like a DC location.
The first time, if the DC could not find an appropriate entry in the cache that matches these
Flags = DS_AVOID_SELF | DS_IS_DNS_NAME | DS_RETURN_DNS_NAME | DS_ONLY_LDAP_NEEDED | DS_WRITABLE_REQUIRED | DS_DIRECTORY_SERVICE_REQUIRED
the second time, it will force the DC locator to refresh its cache.
Flags |= DS_FORCE_REDISCOVERY
3. Failure to translate the DSA DNS name into an DSA DN.
You will see an LDAP search on the wire. If it's successful, then it will extract the dsServiceName attribute.
Additional references:
The operation failed because Active Directory Domain Services could not transfer the remaining data in the directory partition DC=DomainDnsZones,DC=DomainName,DC=Local to Active Directory Domain Controller DCName
http://blogs.microsoft.co.il/blogs/yuval14/archive/2011/07/14/the-operation-failed-because-active-directory-domain-services-could-not-transfer-the-remaining-data-in-the-directory-partition-dc-domaindnszones-dc-domainname-dc-local-to-active-directory-domain-controller-dcname.aspx
Error message when you run the "Adprep /rodcprep" command in Windows Server 2008: "Adprep could not contact a replica for partition DC=DomainDnsZones,DC=Contoso,DC=com"
http://support.microsoft.com/kb/949257
dcpromo remove domain controller failed
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/72640045-616b-4b6c-8fc4-e30dd8463402/
Demoting a Domain Controller Error
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/a56a351f-c3f8-4ad3-bbe6-6a26fafa19a8
Add or remove an application directory partition replica
http://technet.microsoft.com/en-us/library/cc778798.aspx
Thanks,
Edgar
From: Edgar Olougouna
Sent: Tuesday, October 02, 2012 4:27 PM
To: 'Matthieu Patou'; pfif at tridgell.net; cifs-protocol at samba.org
Subject: RE: Error message while trying to demote Windows 2008r2
Thanks Matthieu,
I will review the code, trace this error and find out the possible reasons.
Thanks,
Edgar
-----Original Message-----
From: Matthieu Patou [mailto:mat at matws.net]
Sent: Tuesday, October 02, 2012 1:19 AM
To: Edgar Olougouna; pfif at tridgell.net; cifs-protocol at samba.org
Subject: Error message while trying to demote Windows 2008r2
Hello Edgar,
Find attached the error message that we had in IOLab when trying to demote Windows DC.
I checked that the crossRef objects related to the DNS partitions have a msDS-NC-Replica-Locations attribute for the DC to demote and the other DC, I also checked that the nTDSDSA object for the samba DC has the attribute msDS-HasInstantiatedNCs and msDS-HasInstantiatedNCs set for those two applications NC.
Thanks for investigating.
Matthieu.
More information about the cifs-protocol
mailing list