Odd FSMO role seize problem

Giganews Newsgroups
Subject: Odd FSMO role seize problem
Posted by:  openi…@gmail.com
Date: Wed, 01 Aug 2007

Hello everybody,

I have the following strange problem. I'm running a single domain
Windows 2000 Active Directory forest. I recently had to seize the FSMO
roles since the server which was holding those roles went belly up and
was unrecoverable.

I used NTDS to seize the roles and everything seemed fine. I ran
"netdom query fsmo" on the DC where I had transferred the roles and
the result was encouraging.

Schema owner                dc01.e.local
Domain role owner          dc01.e.local
PDC role                    dc01.e.local
RID pool manager            dc01.e.local
Infrastructure owner        dc01.e.local

I waited for a while for replication to occur, then I started checking
on the other domain controllers. I have another one in the same site
and five more in five different sites. On each of these domain
controllers, the result was:

Schema owner                dc01.e.local
The system cannot find the file specified.

The command failed to complete successfully.

Since then, I have checked replication (no errors). I have checked the
event logs (no problems related to this specific issue). Objects
created and deleted on dc01.e.local are being correctly replicated to
the other domain controllers.

ADUC and ADSS report "ERROR" on the operation roles window, unless I
ran them on dc01.e.local of course.

DCDIAG /test:FSMOCHECK on the contrary, passes fine on every DC.

So basically, except for the Schema owner role, every DC is still
pointing to the old (dead) domain controller for the remaining FSMO
roles, while dc01.e.local is happy convinced that it is holding all
the roles fine.

Now I cannot transfer nor seize those roles again on dc01.e.local
because that DC is claiming to be running those roles already. I
cannot transfer those roles on any other DC because they still believe
that the roles are running on a dead server, so the only option would
be seize but then again if I seize those roles I would have to kill
dc01.e.local (which is running fine, and I'd rather not).

Has anybody got a clue about what has happened and a suggestion about
how to fix this mess ? thank you.

Replies