Adding additionl DC to existing windows 2003 Domain

I have been following the Documentation on this site trying to add and
additional Windows 2k3 dc to an existing domain which has one of there
Windows 2k3 DC.

The primary server being the existing Windows 2k3 dc is located on a network
whilst the new DC is located on a wan (VPN). I have setup the dns ect and
this all seems to be fine, I can see the servers from either side and ping
them by name. I have added the new windows 2003 server to the domain but
when I try and undcpromo /adv I get the following error.....

The Error which I am receving is as follows...

Active Directory could not create the NTDS Settings object for this domain
controller CN=NTDS
Settings,CN=LAKEBACKUP1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lakesidehotel,DC
=co,DC=uk on the remote domain controller
lakesideserver.lakesidehotel.co.uk. Ensure the provided network credentials
have sufficient permissions.

"Could not find the domain controller for this domain."

I have made sure that the administrator account on the exisitng DC has
domain Admin right and it has full rights but still I recieve the above
error.

The error states " Could not find the domain controller for this Domain"
although I can ping it from the remote Win 2k3 server and vice versur.

Does anyone have any ideas or advice?

Thank you in advance!

Read the article Firewall Ports needed for Replication off of the articles
link at

http://www.pbbergs.com

My guess is you don't have all the ports opened, there is a tool in this
document that will guide you to test if this is all correctly setup.
Excerpt below:

Download PortQryUI and run the tool
Select the destination DC or PDC

Select Domains and Trusts

Validate the ports that should be open in fact are
via the output provided by the tool.

For additional info on this tool see
PortQry features, this is the backend tool for PortQryUI


--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
http://www.pbbergs.com

This posting is provided "AS IS" with no warranties, and confers no rights.

"Simon Glencross" <simon.glencross@sg.consultancy.co.uk> wrote in message
news:%23aDjoxjPGHA.3984@TK2MSFTNGP14.phx.gbl...
>I have been following the Documentation on this site trying to add and
>additional Windows 2k3 dc to an existing domain which has one of there
>Windows 2k3 DC.
>
> The primary server being the existing Windows 2k3 dc is located on a
> network whilst the new DC is located on a wan (VPN). I have setup the dns
> ect and this all seems to be fine, I can see the servers from either side
> and ping them by name. I have added the new windows 2003 server to the
> domain but when I try and undcpromo /adv I get the following error.....
>
> The Error which I am receving is as follows...
>
> Active Directory could not create the NTDS Settings object for this domain
> controller CN=NTDS
> Settings,CN=LAKEBACKUP1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lakesidehotel,DC
> =co,DC=uk on the remote domain controller
> lakesideserver.lakesidehotel.co.uk. Ensure the provided network
> credentials have sufficient permissions.
>
> "Could not find the domain controller for this domain."
>
> I have made sure that the administrator account on the exisitng DC has
> domain Admin right and it has full rights but still I recieve the above
> error.
>
> The error states " Could not find the domain controller for this Domain"
> although I can ping it from the remote Win 2k3 server and vice versur.
>
> Does anyone have any ideas or advice?
>
> Thank you in advance!
>

Paul is probably right in respect of the ports being blocked. This may not be
limited to a firewall though.

If your wan connection does not go through a firewall and only throught the
site routers, you may want to look at the access lists on the routers.

If you are routing through a firewall, you could use the firewall to monitor
the ports used and identify which rules are blocking the traffic.

if you can, test the tool as suggested from a client at the far end. If you
dont want to use third part y tools and the distance between sites is not to
great then you could always do dc promo from the hub and re-instate the new
DC in the remote site. then use the MS replmon tool to monitor ad
replication. check out the other tools such as dcdiag.

Make sure to create the other site in AD sites and services if it has not
already been done.

Mark

"Paul Bergson" wrote:

> Read the article Firewall Ports needed for Replication off of the articles
> link at
>
> http://www.pbbergs.com
>
> My guess is you don't have all the ports opened, there is a tool in this
> document that will guide you to test if this is all correctly setup.
> Excerpt below:
>
> Download PortQryUI and run the tool
> Select the destination DC or PDC
>
> Select Domains and Trusts
>
> Validate the ports that should be open in fact are
> via the output provided by the tool.
>
> For additional info on this tool see
> PortQry features, this is the backend tool for PortQryUI
>
>
> --
>
> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> http://www.pbbergs.com
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> "Simon Glencross" <simon.glencross@sg.consultancy.co.uk> wrote in message
> news:%23aDjoxjPGHA.3984@TK2MSFTNGP14.phx.gbl...
> >I have been following the Documentation on this site trying to add and
> >additional Windows 2k3 dc to an existing domain which has one of there
> >Windows 2k3 DC.
> >
> > The primary server being the existing Windows 2k3 dc is located on a
> > network whilst the new DC is located on a wan (VPN). I have setup the dns
> > ect and this all seems to be fine, I can see the servers from either side
> > and ping them by name. I have added the new windows 2003 server to the
> > domain but when I try and undcpromo /adv I get the following error.....
> >
> > The Error which I am receving is as follows...
> >
> > Active Directory could not create the NTDS Settings object for this domain
> > controller CN=NTDS
> > Settings,CN=LAKEBACKUP1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lakesidehotel,DC
> > =co,DC=uk on the remote domain controller
> > lakesideserver.lakesidehotel.co.uk. Ensure the provided network
> > credentials have sufficient permissions.
> >
> > "Could not find the domain controller for this domain."
> >
> > I have made sure that the administrator account on the exisitng DC has
> > domain Admin right and it has full rights but still I recieve the above
> > error.
> >
> > The error states " Could not find the domain controller for this Domain"
> > although I can ping it from the remote Win 2k3 server and vice versur.
> >
> > Does anyone have any ideas or advice?
> >
> > Thank you in advance!
> >
>
>
>

Ok, sorry for the delay in reponding to your help, I have checked the ports
with the port query tool and they are all accessable but I am still getting
the same error?? Do you have any other suggestions?

Many Thanks

Smon
"Paul Bergson" <pbergson@allete_nospam.com> wrote in message
news:OOxkodkPGHA.3408@TK2MSFTNGP12.phx.gbl...
> Read the article Firewall Ports needed for Replication off of the articles
> link at
>
> http://www.pbbergs.com
>
> My guess is you don't have all the ports opened, there is a tool in this
> document that will guide you to test if this is all correctly setup.
> Excerpt below:
>
> Download PortQryUI and run the tool
> Select the destination DC or PDC
>
> Select Domains and Trusts
>
> Validate the ports that should be open in fact are
> via the output provided by the tool.
>
> For additional info on this tool see
> PortQry features, this is the backend tool for PortQryUI
>
>
> --
>
> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> http://www.pbbergs.com
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
> "Simon Glencross" <simon.glencross@sg.consultancy.co.uk> wrote in message
> news:%23aDjoxjPGHA.3984@TK2MSFTNGP14.phx.gbl...
>>I have been following the Documentation on this site trying to add and
>>additional Windows 2k3 dc to an existing domain which has one of there
>>Windows 2k3 DC.
>>
>> The primary server being the existing Windows 2k3 dc is located on a
>> network whilst the new DC is located on a wan (VPN). I have setup the dns
>> ect and this all seems to be fine, I can see the servers from either side
>> and ping them by name. I have added the new windows 2003 server to the
>> domain but when I try and undcpromo /adv I get the following error.....
>>
>> The Error which I am receving is as follows...
>>
>> Active Directory could not create the NTDS Settings object for this
>> domain controller CN=NTDS
>> Settings,CN=LAKEBACKUP1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lakesidehotel,DC
>> =co,DC=uk on the remote domain controller
>> lakesideserver.lakesidehotel.co.uk. Ensure the provided network
>> credentials have sufficient permissions.
>>
>> "Could not find the domain controller for this domain."
>>
>> I have made sure that the administrator account on the exisitng DC has
>> domain Admin right and it has full rights but still I recieve the above
>> error.
>>
>> The error states " Could not find the domain controller for this Domain"
>> although I can ping it from the remote Win 2k3 server and vice versur.
>>
>> Does anyone have any ideas or advice?
>>
>> Thank you in advance!
>>
>
>

This should work but test it anyway
NTFRSUTL version server_name (Server name equals remote dc. Do this from
both DC's to each other)



Are you getting any Event System Log messages? This is a pretty tough thing
to debug without more info.

Try repadmin /showrepl * /csv > c:\repadmin.csv

Open this up in Excel and hopefully you will find some error info

--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
http://www.pbbergs.com

This posting is provided "AS IS" with no warranties, and confers no rights.

"Simon Glencross" <simon.glencross@sg.consultancy.co.uk> wrote in message
news:ejhrls2RGHA.4456@TK2MSFTNGP14.phx.gbl...
> Ok, sorry for the delay in reponding to your help, I have checked the
> ports with the port query tool and they are all accessable but I am still
> getting the same error?? Do you have any other suggestions?
>
> Many Thanks
>
> Smon
> "Paul Bergson" <pbergson@allete_nospam.com> wrote in message
> news:OOxkodkPGHA.3408@TK2MSFTNGP12.phx.gbl...
>> Read the article Firewall Ports needed for Replication off of the
>> articles link at
>>
>> http://www.pbbergs.com
>>
>> My guess is you don't have all the ports opened, there is a tool in this
>> document that will guide you to test if this is all correctly setup.
>> Excerpt below:
>>
>> Download PortQryUI and run the tool
>> Select the destination DC or PDC
>>
>> Select Domains and Trusts
>>
>> Validate the ports that should be open in fact are
>> via the output provided by the tool.
>>
>> For additional info on this tool see
>> PortQry features, this is the backend tool for PortQryUI
>>
>>
>> --
>>
>> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>> http://www.pbbergs.com
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> "Simon Glencross" <simon.glencross@sg.consultancy.co.uk> wrote in message
>> news:%23aDjoxjPGHA.3984@TK2MSFTNGP14.phx.gbl...
>>>I have been following the Documentation on this site trying to add and
>>>additional Windows 2k3 dc to an existing domain which has one of there
>>>Windows 2k3 DC.
>>>
>>> The primary server being the existing Windows 2k3 dc is located on a
>>> network whilst the new DC is located on a wan (VPN). I have setup the
>>> dns ect and this all seems to be fine, I can see the servers from either
>>> side and ping them by name. I have added the new windows 2003 server to
>>> the domain but when I try and undcpromo /adv I get the following
>>> error.....
>>>
>>> The Error which I am receving is as follows...
>>>
>>> Active Directory could not create the NTDS Settings object for this
>>> domain controller CN=NTDS
>>> Settings,CN=LAKEBACKUP1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lakesidehotel,DC
>>> =co,DC=uk on the remote domain controller
>>> lakesideserver.lakesidehotel.co.uk. Ensure the provided network
>>> credentials have sufficient permissions.
>>>
>>> "Could not find the domain controller for this domain."
>>>
>>> I have made sure that the administrator account on the exisitng DC has
>>> domain Admin right and it has full rights but still I recieve the above
>>> error.
>>>
>>> The error states " Could not find the domain controller for this Domain"
>>> although I can ping it from the remote Win 2k3 server and vice versur.
>>>
>>> Does anyone have any ideas or advice?
>>>
>>> Thank you in advance!
>>>
>>
>>
>
>

Umm,

from the secondary server to the primary server ntfrsutl works and returns
the version info BUT if I do the same from the primary to the remote I the
following error

error - cannot bind w/authentication to computer, lakebackup1; 000006d9
(1753)
error - cannot bind w/o authentication to computer, lakebackup1: 000006d9
(1753)

Error - cannot RPC to computer, lakebackup1; 000006d9 (1753)

I have checked the ports again and they are all open any ideas?

Do I have the have iis installed?

Kind REgards

Simon


"Paul Bergson" <pbergson@allete_nospam.com> wrote in message
news:%23q0nzH3RGHA.792@TK2MSFTNGP10.phx.gbl...
> This should work but test it anyway
> NTFRSUTL version server_name (Server name equals remote dc. Do this from
> both DC's to each other)
>
>
>
> Are you getting any Event System Log messages? This is a pretty tough
> thing to debug without more info.
>
> Try repadmin /showrepl * /csv > c:\repadmin.csv
>
> Open this up in Excel and hopefully you will find some error info
>
> --
>
> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> http://www.pbbergs.com
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
> "Simon Glencross" <simon.glencross@sg.consultancy.co.uk> wrote in message
> news:ejhrls2RGHA.4456@TK2MSFTNGP14.phx.gbl...
>> Ok, sorry for the delay in reponding to your help, I have checked the
>> ports with the port query tool and they are all accessable but I am still
>> getting the same error?? Do you have any other suggestions?
>>
>> Many Thanks
>>
>> Smon
>> "Paul Bergson" <pbergson@allete_nospam.com> wrote in message
>> news:OOxkodkPGHA.3408@TK2MSFTNGP12.phx.gbl...
>>> Read the article Firewall Ports needed for Replication off of the
>>> articles link at
>>>
>>> http://www.pbbergs.com
>>>
>>> My guess is you don't have all the ports opened, there is a tool in this
>>> document that will guide you to test if this is all correctly setup.
>>> Excerpt below:
>>>
>>> Download PortQryUI and run the tool
>>> Select the destination DC or PDC
>>>
>>> Select Domains and Trusts
>>>
>>> Validate the ports that should be open in fact
>>> are via the output provided by the tool.
>>>
>>> For additional info on this tool see
>>> PortQry features, this is the backend tool for PortQryUI
>>>
>>>
>>> --
>>>
>>> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>>> http://www.pbbergs.com
>>>
>>> This posting is provided "AS IS" with no warranties, and confers no
>>> rights.
>>>
>>> "Simon Glencross" <simon.glencross@sg.consultancy.co.uk> wrote in
>>> message news:%23aDjoxjPGHA.3984@TK2MSFTNGP14.phx.gbl...
>>>>I have been following the Documentation on this site trying to add and
>>>>additional Windows 2k3 dc to an existing domain which has one of there
>>>>Windows 2k3 DC.
>>>>
>>>> The primary server being the existing Windows 2k3 dc is located on a
>>>> network whilst the new DC is located on a wan (VPN). I have setup the
>>>> dns ect and this all seems to be fine, I can see the servers from
>>>> either side and ping them by name. I have added the new windows 2003
>>>> server to the domain but when I try and undcpromo /adv I get the
>>>> following error.....
>>>>
>>>> The Error which I am receving is as follows...
>>>>
>>>> Active Directory could not create the NTDS Settings object for this
>>>> domain controller CN=NTDS
>>>> Settings,CN=LAKEBACKUP1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lakesidehotel,DC
>>>> =co,DC=uk on the remote domain controller
>>>> lakesideserver.lakesidehotel.co.uk. Ensure the provided network
>>>> credentials have sufficient permissions.
>>>>
>>>> "Could not find the domain controller for this domain."
>>>>
>>>> I have made sure that the administrator account on the exisitng DC has
>>>> domain Admin right and it has full rights but still I recieve the above
>>>> error.
>>>>
>>>> The error states " Could not find the domain controller for this
>>>> Domain" although I can ping it from the remote Win 2k3 server and vice
>>>> versur.
>>>>
>>>> Does anyone have any ideas or advice?
>>>>
>>>> Thank you in advance!
>>>>
>>>
>>>
>>
>>
>
>

Here is the ntrsapi.log file not sure is this will help

<NtFrsApi_PrepareForPromotionW: 372: 2559: 13:14:30> ===============
Promotion Start:
<NtFrsApi_PrepareForPromotionW: 372: 2560: 13:14:30>
<NtFrsApi_PrepareForPromotionW: 372: 2562: 13:14:30> Prepare promotion:
<NtFrsApi_Prepare: 372: 2330: 13:14:30> Prepare:
<NtFrsApi_Prepare: 372: 2358: 13:14:30> Prepare: FRS Registry
<NtFrsApi_Prepare: 372: 2371: 13:14:30> Prepare: Netlogon
registry
<NtFrsApi_Prepare: 372: 2402: 13:14:30> Prepare: Service
<NtFrsApi_Prepare: 372: 2471: 13:14:30> Prepare: Restart
service
<NtFrsApi_WaitForService: 372: 1895: 13:14:30> Waiting for service.
<NtFrsApi_WaitForService: 372: 1895: 13:14:31> Waiting for service.
<NtFrsApi_Prepare: 372: 2522: 13:14:32> Prepare done: 0
<NtFrsApi_PrepareForPromotionW: 372: 2564: 13:14:32> Prepare promotion
done: 0
<NtFrsApi_StartPromotionW: 372: 3787: 13:14:32> Promotion start:
Parent \\lakesideserver.lakesidehotel.co.uk
<NtFrsApi_StartPromotionW: 372: 3788: 13:14:32> Promotion start:
Account lakesidehotel.co.uk\ADMINISTRATOR
<NtFrsApi_StartPromotionW: 372: 3789: 13:14:32> Promotion start: Set
lakesidehotel.co.uk
<NtFrsApi_StartPromotionW: 372: 3790: 13:14:32> Promotion start: Type
Domain
<NtFrsApi_StartPromotionW: 372: 3791: 13:14:33> Promotion start:
Primary 0
<NtFrsApi_StartPromotionW: 372: 3792: 13:14:33> Promotion start:
Stage \\?\C:\WINDOWS\SYSVOL\staging areas\lakesidehotel.co.uk
<NtFrsApi_StartPromotionW: 372: 3793: 13:14:33> Promotion start: Root
C:\WINDOWS\SYSVOL\sysvol\lakesidehotel.co.uk
<NtFrsApi_StartPromotionW: 372: 3867: 13:14:33> Promotion start done:
Set lakesidehotel.co.uk, 0
<NtFrsApi_StartPromotion_Thread:1196: 3508: 13:14:33> Promotion thread
start: Parent \\lakesideserver.lakesidehotel.co.uk
<NtFrsApi_StartPromotion_Thread:1196: 3509: 13:14:33> Promotion thread
start: Account (null)
<NtFrsApi_StartPromotion_Thread:1196: 3510: 13:14:33> Promotion thread
start: Set lakesidehotel.co.uk
<NtFrsApi_StartPromotion_Thread:1196: 3511: 13:14:33> Promotion thread
start: Type Domain
<NtFrsApi_StartPromotion_Thread:1196: 3512: 13:14:33> Promotion thread
start: Primary 0
<NtFrsApi_StartPromotion_Thread:1196: 3513: 13:14:33> Promotion thread
start: Stage \\?\C:\WINDOWS\SYSVOL\staging areas\lakesidehotel.co.uk
<NtFrsApi_StartPromotion_Thread:1196: 3514: 13:14:33> Promotion thread
start: Root C:\WINDOWS\SYSVOL\sysvol\lakesidehotel.co.uk
<NtFrsApi_BindWithAuth: 1196: 1502: 13:14:33> Bind With Auth:
(null)
<NtFrsApi_BindWithAuth: 1196: 1531: 13:14:33> Bind With Auth:
compose to LAKEBACKUP1
<NtFrsApi_BindWithAuth: 1196: 1536: 13:14:33> Bind With Auth:
compose done to LAKEBACKUP1; 0
<NtFrsApi_BindWithAuth: 1196: 1552: 13:14:33> Bind With Auth:
resolve to LAKEBACKUP1
<NtFrsApi_BindWithAuth: 1196: 1555: 13:14:33> Bind With Auth:
resolve done to LAKEBACKUP1; 0
<NtFrsApi_BindWithAuth: 1196: 1561: 13:14:33> Bind With Auth:
princname to LAKEBACKUP1
<NtFrsApi_BindWithAuth: 1196: 1564: 13:14:33> Bind With Auth:
princname done to LAKEBACKUP1; 0
<NtFrsApi_BindWithAuth: 1196: 1570: 13:14:33> Bind With Auth: auth
to LAKEBACKUP1 (princname lakebackup1$@LAKESIDEHOTEL.CO.UK)
<NtFrsApi_BindWithAuth: 1196: 1577: 13:14:33> Bind With Auth: set
auth done to LAKEBACKUP1; 0
<NtFrsApi_BindWithAuth: 1196: 1619: 13:14:33> Bind With Auth done:
0
<NtFrsApi_StartPromotion_Thread:1196: 3668: 13:14:33> Promotion thread rpc
demote: Set lakesidehotel.co.uk
<NtFrsApi_StartPromotion_Thread:1196: 3675: 13:14:34> Promotion thread rpc
demote done: 0 (00000000)
<NtFrsApi_StartPromotion_Thread:1196: 3718: 13:14:34> Promotion thread
complete: Set lakesidehotel.co.uk
<NtFrsApi_StartPromotion_Thread:1196: 3720: 13:14:34> Promotion thread
complete: Thread 0, Service 0
<NtFrsApi_AbortPromotionW: 372: 3411: 13:17:45> Abort promotion:
<NtFrsApi_Abort: 372: 3201: 13:17:45> Abort:
<NtFrsApi_Abort: 372: 3228: 13:17:45> Abort: threads
<NtFrsApi_Abort: 372: 3254: 13:17:46> Abort: service
<NtFrsApi_WaitForService: 372: 1895: 13:17:46> Waiting for service.
<NtFrsApi_WaitForService: 372: 1895: 13:17:47> Waiting for service.
<NtFrsApi_WaitForService: 372: 1895: 13:17:48> Waiting for service.
<NtFrsApi_WaitForService: 372: 1895: 13:17:49> Waiting for service.
<NtFrsApi_WaitForService: 372: 1895: 13:17:50> Waiting for service.
<NtFrsApi_WaitForService: 372: 1895: 13:17:51> Waiting for service.
<NtFrsApi_WaitForService: 372: 1895: 13:17:52> Waiting for service.
<NtFrsApi_WaitForService: 372: 1895: 13:17:53> Waiting for service.
<NtFrsApi_WaitForService: 372: 1895: 13:17:54> Waiting for service.
<NtFrsApi_WaitForService: 372: 1895: 13:17:55> Waiting for service.
<NtFrsApi_Abort: 372: 3269: 13:17:56> Abort: registry
<NtFrsApi_Abort: 372: 3378: 13:17:56> Abort done: 0
<NtFrsApi_AbortPromotionW: 372: 3413: 13:17:56> Abort promotion done:
0



"Paul Bergson" <pbergson@allete_nospam.com> wrote in message
news:%23q0nzH3RGHA.792@TK2MSFTNGP10.phx.gbl...
> This should work but test it anyway
> NTFRSUTL version server_name (Server name equals remote dc. Do this from
> both DC's to each other)
>
>
>
> Are you getting any Event System Log messages? This is a pretty tough
> thing to debug without more info.
>
> Try repadmin /showrepl * /csv > c:\repadmin.csv
>
> Open this up in Excel and hopefully you will find some error info
>
> --
>
> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> http://www.pbbergs.com
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
> "Simon Glencross" <simon.glencross@sg.consultancy.co.uk> wrote in message
> news:ejhrls2RGHA.4456@TK2MSFTNGP14.phx.gbl...
>> Ok, sorry for the delay in reponding to your help, I have checked the
>> ports with the port query tool and they are all accessable but I am still
>> getting the same error?? Do you have any other suggestions?
>>
>> Many Thanks
>>
>> Smon
>> "Paul Bergson" <pbergson@allete_nospam.com> wrote in message
>> news:OOxkodkPGHA.3408@TK2MSFTNGP12.phx.gbl...
>>> Read the article Firewall Ports needed for Replication off of the
>>> articles link at
>>>
>>> http://www.pbbergs.com
>>>
>>> My guess is you don't have all the ports opened, there is a tool in this
>>> document that will guide you to test if this is all correctly setup.
>>> Excerpt below:
>>>
>>> Download PortQryUI and run the tool
>>> Select the destination DC or PDC
>>>
>>> Select Domains and Trusts
>>>
>>> Validate the ports that should be open in fact
>>> are via the output provided by the tool.
>>>
>>> For additional info on this tool see
>>> PortQry features, this is the backend tool for PortQryUI
>>>
>>>
>>> --
>>>
>>> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>>> http://www.pbbergs.com
>>>
>>> This posting is provided "AS IS" with no warranties, and confers no
>>> rights.
>>>
>>> "Simon Glencross" <simon.glencross@sg.consultancy.co.uk> wrote in
>>> message news:%23aDjoxjPGHA.3984@TK2MSFTNGP14.phx.gbl...
>>>>I have been following the Documentation on this site trying to add and
>>>>additional Windows 2k3 dc to an existing domain which has one of there
>>>>Windows 2k3 DC.
>>>>
>>>> The primary server being the existing Windows 2k3 dc is located on a
>>>> network whilst the new DC is located on a wan (VPN). I have setup the
>>>> dns ect and this all seems to be fine, I can see the servers from
>>>> either side and ping them by name. I have added the new windows 2003
>>>> server to the domain but when I try and undcpromo /adv I get the
>>>> following error.....
>>>>
>>>> The Error which I am receving is as follows...
>>>>
>>>> Active Directory could not create the NTDS Settings object for this
>>>> domain controller CN=NTDS
>>>> Settings,CN=LAKEBACKUP1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lakesidehotel,DC
>>>> =co,DC=uk on the remote domain controller
>>>> lakesideserver.lakesidehotel.co.uk. Ensure the provided network
>>>> credentials have sufficient permissions.
>>>>
>>>> "Could not find the domain controller for this domain."
>>>>
>>>> I have made sure that the administrator account on the exisitng DC has
>>>> domain Admin right and it has full rights but still I recieve the above
>>>> error.
>>>>
>>>> The error states " Could not find the domain controller for this
>>>> Domain" although I can ping it from the remote Win 2k3 server and vice
>>>> versur.
>>>>
>>>> Does anyone have any ideas or advice?
>>>>
>>>> Thank you in advance!
>>>>
>>>
>>>
>>
>>
>
>

Did you try the repadmin /showrepl * /csv > c:\repadmin.csv

--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
http://www.pbbergs.com

This posting is provided "AS IS" with no warranties, and confers no rights.

"Simon Glencross" <simon.glencross@sg.consultancy.co.uk> wrote in message
news:%23wzTDv3RGHA.4900@TK2MSFTNGP09.phx.gbl...
> Here is the ntrsapi.log file not sure is this will help
>
> <NtFrsApi_PrepareForPromotionW: 372: 2559: 13:14:30> ===============
> Promotion Start:
> <NtFrsApi_PrepareForPromotionW: 372: 2560: 13:14:30>
> <NtFrsApi_PrepareForPromotionW: 372: 2562: 13:14:30> Prepare promotion:
> <NtFrsApi_Prepare: 372: 2330: 13:14:30> Prepare:
> <NtFrsApi_Prepare: 372: 2358: 13:14:30> Prepare: FRS
> Registry
> <NtFrsApi_Prepare: 372: 2371: 13:14:30> Prepare: Netlogon
> registry
> <NtFrsApi_Prepare: 372: 2402: 13:14:30> Prepare: Service
> <NtFrsApi_Prepare: 372: 2471: 13:14:30> Prepare: Restart
> service
> <NtFrsApi_WaitForService: 372: 1895: 13:14:30> Waiting for
> service.
> <NtFrsApi_WaitForService: 372: 1895: 13:14:31> Waiting for
> service.
> <NtFrsApi_Prepare: 372: 2522: 13:14:32> Prepare done: 0
> <NtFrsApi_PrepareForPromotionW: 372: 2564: 13:14:32> Prepare promotion
> done: 0
> <NtFrsApi_StartPromotionW: 372: 3787: 13:14:32> Promotion start:
> Parent \\lakesideserver.lakesidehotel.co.uk
> <NtFrsApi_StartPromotionW: 372: 3788: 13:14:32> Promotion start:
> Account lakesidehotel.co.uk\ADMINISTRATOR
> <NtFrsApi_StartPromotionW: 372: 3789: 13:14:32> Promotion start:
> Set lakesidehotel.co.uk
> <NtFrsApi_StartPromotionW: 372: 3790: 13:14:32> Promotion start:
> Type Domain
> <NtFrsApi_StartPromotionW: 372: 3791: 13:14:33> Promotion start:
> Primary 0
> <NtFrsApi_StartPromotionW: 372: 3792: 13:14:33> Promotion start:
> Stage \\?\C:\WINDOWS\SYSVOL\staging areas\lakesidehotel.co.uk
> <NtFrsApi_StartPromotionW: 372: 3793: 13:14:33> Promotion start:
> Root C:\WINDOWS\SYSVOL\sysvol\lakesidehotel.co.uk
> <NtFrsApi_StartPromotionW: 372: 3867: 13:14:33> Promotion start
> done: Set lakesidehotel.co.uk, 0
> <NtFrsApi_StartPromotion_Thread:1196: 3508: 13:14:33> Promotion thread
> start: Parent \\lakesideserver.lakesidehotel.co.uk
> <NtFrsApi_StartPromotion_Thread:1196: 3509: 13:14:33> Promotion thread
> start: Account (null)
> <NtFrsApi_StartPromotion_Thread:1196: 3510: 13:14:33> Promotion thread
> start: Set lakesidehotel.co.uk
> <NtFrsApi_StartPromotion_Thread:1196: 3511: 13:14:33> Promotion thread
> start: Type Domain
> <NtFrsApi_StartPromotion_Thread:1196: 3512: 13:14:33> Promotion thread
> start: Primary 0
> <NtFrsApi_StartPromotion_Thread:1196: 3513: 13:14:33> Promotion thread
> start: Stage \\?\C:\WINDOWS\SYSVOL\staging areas\lakesidehotel.co.uk
> <NtFrsApi_StartPromotion_Thread:1196: 3514: 13:14:33> Promotion thread
> start: Root C:\WINDOWS\SYSVOL\sysvol\lakesidehotel.co.uk
> <NtFrsApi_BindWithAuth: 1196: 1502: 13:14:33> Bind With Auth:
> (null)
> <NtFrsApi_BindWithAuth: 1196: 1531: 13:14:33> Bind With Auth:
> compose to LAKEBACKUP1
> <NtFrsApi_BindWithAuth: 1196: 1536: 13:14:33> Bind With Auth:
> compose done to LAKEBACKUP1; 0
> <NtFrsApi_BindWithAuth: 1196: 1552: 13:14:33> Bind With Auth:
> resolve to LAKEBACKUP1
> <NtFrsApi_BindWithAuth: 1196: 1555: 13:14:33> Bind With Auth:
> resolve done to LAKEBACKUP1; 0
> <NtFrsApi_BindWithAuth: 1196: 1561: 13:14:33> Bind With Auth:
> princname to LAKEBACKUP1
> <NtFrsApi_BindWithAuth: 1196: 1564: 13:14:33> Bind With Auth:
> princname done to LAKEBACKUP1; 0
> <NtFrsApi_BindWithAuth: 1196: 1570: 13:14:33> Bind With Auth:
> auth to LAKEBACKUP1 (princname lakebackup1$@LAKESIDEHOTEL.CO.UK)
> <NtFrsApi_BindWithAuth: 1196: 1577: 13:14:33> Bind With Auth: set
> auth done to LAKEBACKUP1; 0
> <NtFrsApi_BindWithAuth: 1196: 1619: 13:14:33> Bind With Auth
> done: 0
> <NtFrsApi_StartPromotion_Thread:1196: 3668: 13:14:33> Promotion thread
> rpc demote: Set lakesidehotel.co.uk
> <NtFrsApi_StartPromotion_Thread:1196: 3675: 13:14:34> Promotion thread
> rpc demote done: 0 (00000000)
> <NtFrsApi_StartPromotion_Thread:1196: 3718: 13:14:34> Promotion thread
> complete: Set lakesidehotel.co.uk
> <NtFrsApi_StartPromotion_Thread:1196: 3720: 13:14:34> Promotion thread
> complete: Thread 0, Service 0
> <NtFrsApi_AbortPromotionW: 372: 3411: 13:17:45> Abort promotion:
> <NtFrsApi_Abort: 372: 3201: 13:17:45> Abort:
> <NtFrsApi_Abort: 372: 3228: 13:17:45> Abort: threads
> <NtFrsApi_Abort: 372: 3254: 13:17:46> Abort: service
> <NtFrsApi_WaitForService: 372: 1895: 13:17:46> Waiting for
> service.
> <NtFrsApi_WaitForService: 372: 1895: 13:17:47> Waiting for
> service.
> <NtFrsApi_WaitForService: 372: 1895: 13:17:48> Waiting for
> service.
> <NtFrsApi_WaitForService: 372: 1895: 13:17:49> Waiting for
> service.
> <NtFrsApi_WaitForService: 372: 1895: 13:17:50> Waiting for
> service.
> <NtFrsApi_WaitForService: 372: 1895: 13:17:51> Waiting for
> service.
> <NtFrsApi_WaitForService: 372: 1895: 13:17:52> Waiting for
> service.
> <NtFrsApi_WaitForService: 372: 1895: 13:17:53> Waiting for
> service.
> <NtFrsApi_WaitForService: 372: 1895: 13:17:54> Waiting for
> service.
> <NtFrsApi_WaitForService: 372: 1895: 13:17:55> Waiting for
> service.
> <NtFrsApi_Abort: 372: 3269: 13:17:56> Abort: registry
> <NtFrsApi_Abort: 372: 3378: 13:17:56> Abort done: 0
> <NtFrsApi_AbortPromotionW: 372: 3413: 13:17:56> Abort promotion
> done: 0
>
>
>
> "Paul Bergson" <pbergson@allete_nospam.com> wrote in message
> news:%23q0nzH3RGHA.792@TK2MSFTNGP10.phx.gbl...
>> This should work but test it anyway
>> NTFRSUTL version server_name (Server name equals remote dc. Do this
>> from both DC's to each other)
>>
>>
>>
>> Are you getting any Event System Log messages? This is a pretty tough
>> thing to debug without more info.
>>
>> Try repadmin /showrepl * /csv > c:\repadmin.csv
>>
>> Open this up in Excel and hopefully you will find some error info
>>
>> --
>>
>> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>> http://www.pbbergs.com
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> "Simon Glencross" <simon.glencross@sg.consultancy.co.uk> wrote in message
>> news:ejhrls2RGHA.4456@TK2MSFTNGP14.phx.gbl...
>>> Ok, sorry for the delay in reponding to your help, I have checked the
>>> ports with the port query tool and they are all accessable but I am
>>> still getting the same error?? Do you have any other suggestions?
>>>
>>> Many Thanks
>>>
>>> Smon
>>> "Paul Bergson" <pbergson@allete_nospam.com> wrote in message
>>> news:OOxkodkPGHA.3408@TK2MSFTNGP12.phx.gbl...
>>>> Read the article Firewall Ports needed for Replication off of the
>>>> articles link at
>>>>
>>>> http://www.pbbergs.com
>>>>
>>>> My guess is you don't have all the ports opened, there is a tool in
>>>> this document that will guide you to test if this is all correctly
>>>> setup. Excerpt below:
>>>>
>>>> Download PortQryUI and run the tool
>>>> Select the destination DC or PDC
>>>>
>>>> Select Domains and Trusts
>>>>
>>>> Validate the ports that should be open in fact
>>>> are via the output provided by the tool.
>>>>
>>>> For additional info on this tool see
>>>> PortQry features, this is the backend tool for PortQryUI
>>>>
>>>>
>>>> --
>>>>
>>>> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>>>> http://www.pbbergs.com
>>>>
>>>> This posting is provided "AS IS" with no warranties, and confers no
>>>> rights.
>>>>
>>>> "Simon Glencross" <simon.glencross@sg.consultancy.co.uk> wrote in
>>>> message news:%23aDjoxjPGHA.3984@TK2MSFTNGP14.phx.gbl...
>>>>>I have been following the Documentation on this site trying to add and
>>>>>additional Windows 2k3 dc to an existing domain which has one of there
>>>>>Windows 2k3 DC.
>>>>>
>>>>> The primary server being the existing Windows 2k3 dc is located on a
>>>>> network whilst the new DC is located on a wan (VPN). I have setup the
>>>>> dns ect and this all seems to be fine, I can see the servers from
>>>>> either side and ping them by name. I have added the new windows 2003
>>>>> server to the domain but when I try and undcpromo /adv I get the
>>>>> following error.....
>>>>>
>>>>> The Error which I am receving is as follows...
>>>>>
>>>>> Active Directory could not create the NTDS Settings object for this
>>>>> domain controller CN=NTDS
>>>>> Settings,CN=LAKEBACKUP1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lakesidehotel,DC
>>>>> =co,DC=uk on the remote domain controller
>>>>> lakesideserver.lakesidehotel.co.uk. Ensure the provided network
>>>>> credentials have sufficient permissions.
>>>>>
>>>>> "Could not find the domain controller for this domain."
>>>>>
>>>>> I have made sure that the administrator account on the exisitng DC has
>>>>> domain Admin right and it has full rights but still I recieve the
>>>>> above error.
>>>>>
>>>>> The error states " Could not find the domain controller for this
>>>>> Domain" although I can ping it from the remote Win 2k3 server and vice
>>>>> versur.
>>>>>
>>>>> Does anyone have any ideas or advice?
>>>>>
>>>>> Thank you in advance!
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

Paul,

I have itmay tell you more than it does me I hope :(

Default-First-Site-Name\LAKESIDESERVER

DC Options: IS_GC

Site Options: (none)

DC object GUID: b4d75537-32c9-4536-a960-3b52b46a848c

DC invocationID: 2de56e26-c0f9-49fa-b8a3-8fdeabb3cb7c



DsReplicaGetInfo() failed with status 8453 (0x2105):

Can't retrieve message string 8453 (0x2105) error 1815.




"Paul Bergson" <pbergson@allete_nospam.com> wrote in message
news:%23fuTqk6RGHA.4264@TK2MSFTNGP11.phx.gbl...
> Did you try the repadmin /showrepl * /csv > c:\repadmin.csv
>
> --
>
> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> http://www.pbbergs.com
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
> "Simon Glencross" <simon.glencross@sg.consultancy.co.uk> wrote in message
> news:%23wzTDv3RGHA.4900@TK2MSFTNGP09.phx.gbl...
>> Here is the ntrsapi.log file not sure is this will help
>>
>> <NtFrsApi_PrepareForPromotionW: 372: 2559: 13:14:30> ===============
>> Promotion Start:
>> <NtFrsApi_PrepareForPromotionW: 372: 2560: 13:14:30>
>> <NtFrsApi_PrepareForPromotionW: 372: 2562: 13:14:30> Prepare promotion:
>> <NtFrsApi_Prepare: 372: 2330: 13:14:30> Prepare:
>> <NtFrsApi_Prepare: 372: 2358: 13:14:30> Prepare: FRS
>> Registry
>> <NtFrsApi_Prepare: 372: 2371: 13:14:30> Prepare: Netlogon
>> registry
>> <NtFrsApi_Prepare: 372: 2402: 13:14:30> Prepare: Service
>> <NtFrsApi_Prepare: 372: 2471: 13:14:30> Prepare: Restart
>> service
>> <NtFrsApi_WaitForService: 372: 1895: 13:14:30> Waiting for
>> service.
>> <NtFrsApi_WaitForService: 372: 1895: 13:14:31> Waiting for
>> service.
>> <NtFrsApi_Prepare: 372: 2522: 13:14:32> Prepare done: 0
>> <NtFrsApi_PrepareForPromotionW: 372: 2564: 13:14:32> Prepare promotion
>> done: 0
>> <NtFrsApi_StartPromotionW: 372: 3787: 13:14:32> Promotion start:
>> Parent \\lakesideserver.lakesidehotel.co.uk
>> <NtFrsApi_StartPromotionW: 372: 3788: 13:14:32> Promotion start:
>> Account lakesidehotel.co.uk\ADMINISTRATOR
>> <NtFrsApi_StartPromotionW: 372: 3789: 13:14:32> Promotion start:
>> Set lakesidehotel.co.uk
>> <NtFrsApi_StartPromotionW: 372: 3790: 13:14:32> Promotion start:
>> Type Domain
>> <NtFrsApi_StartPromotionW: 372: 3791: 13:14:33> Promotion start:
>> Primary 0
>> <NtFrsApi_StartPromotionW: 372: 3792: 13:14:33> Promotion start:
>> Stage \\?\C:\WINDOWS\SYSVOL\staging areas\lakesidehotel.co.uk
>> <NtFrsApi_StartPromotionW: 372: 3793: 13:14:33> Promotion start:
>> Root C:\WINDOWS\SYSVOL\sysvol\lakesidehotel.co.uk
>> <NtFrsApi_StartPromotionW: 372: 3867: 13:14:33> Promotion start
>> done: Set lakesidehotel.co.uk, 0
>> <NtFrsApi_StartPromotion_Thread:1196: 3508: 13:14:33> Promotion thread
>> start: Parent \\lakesideserver.lakesidehotel.co.uk
>> <NtFrsApi_StartPromotion_Thread:1196: 3509: 13:14:33> Promotion thread
>> start: Account (null)
>> <NtFrsApi_StartPromotion_Thread:1196: 3510: 13:14:33> Promotion thread
>> start: Set lakesidehotel.co.uk
>> <NtFrsApi_StartPromotion_Thread:1196: 3511: 13:14:33> Promotion thread
>> start: Type Domain
>> <NtFrsApi_StartPromotion_Thread:1196: 3512: 13:14:33> Promotion thread
>> start: Primary 0
>> <NtFrsApi_StartPromotion_Thread:1196: 3513: 13:14:33> Promotion thread
>> start: Stage \\?\C:\WINDOWS\SYSVOL\staging areas\lakesidehotel.co.uk
>> <NtFrsApi_StartPromotion_Thread:1196: 3514: 13:14:33> Promotion thread
>> start: Root C:\WINDOWS\SYSVOL\sysvol\lakesidehotel.co.uk
>> <NtFrsApi_BindWithAuth: 1196: 1502: 13:14:33> Bind With Auth:
>> (null)
>> <NtFrsApi_BindWithAuth: 1196: 1531: 13:14:33> Bind With Auth:
>> compose to LAKEBACKUP1
>> <NtFrsApi_BindWithAuth: 1196: 1536: 13:14:33> Bind With Auth:
>> compose done to LAKEBACKUP1; 0
>> <NtFrsApi_BindWithAuth: 1196: 1552: 13:14:33> Bind With Auth:
>> resolve to LAKEBACKUP1
>> <NtFrsApi_BindWithAuth: 1196: 1555: 13:14:33> Bind With Auth:
>> resolve done to LAKEBACKUP1; 0
>> <NtFrsApi_BindWithAuth: 1196: 1561: 13:14:33> Bind With Auth:
>> princname to LAKEBACKUP1
>> <NtFrsApi_BindWithAuth: 1196: 1564: 13:14:33> Bind With Auth:
>> princname done to LAKEBACKUP1; 0
>> <NtFrsApi_BindWithAuth: 1196: 1570: 13:14:33> Bind With Auth:
>> auth to LAKEBACKUP1 (princname lakebackup1$@LAKESIDEHOTEL.CO.UK)
>> <NtFrsApi_BindWithAuth: 1196: 1577: 13:14:33> Bind With Auth:
>> set auth done to LAKEBACKUP1; 0
>> <NtFrsApi_BindWithAuth: 1196: 1619: 13:14:33> Bind With Auth
>> done: 0
>> <NtFrsApi_StartPromotion_Thread:1196: 3668: 13:14:33> Promotion thread
>> rpc demote: Set lakesidehotel.co.uk
>> <NtFrsApi_StartPromotion_Thread:1196: 3675: 13:14:34> Promotion thread
>> rpc demote done: 0 (00000000)
>> <NtFrsApi_StartPromotion_Thread:1196: 3718: 13:14:34> Promotion thread
>> complete: Set lakesidehotel.co.uk
>> <NtFrsApi_StartPromotion_Thread:1196: 3720: 13:14:34> Promotion thread
>> complete: Thread 0, Service 0
>> <NtFrsApi_AbortPromotionW: 372: 3411: 13:17:45> Abort promotion:
>> <NtFrsApi_Abort: 372: 3201: 13:17:45> Abort:
>> <NtFrsApi_Abort: 372: 3228: 13:17:45> Abort: threads
>> <NtFrsApi_Abort: 372: 3254: 13:17:46> Abort: service
>> <NtFrsApi_WaitForService: 372: 1895: 13:17:46> Waiting for
>> service.
>> <NtFrsApi_WaitForService: 372: 1895: 13:17:47> Waiting for
>> service.
>> <NtFrsApi_WaitForService: 372: 1895: 13:17:48> Waiting for
>> service.
>> <NtFrsApi_WaitForService: 372: 1895: 13:17:49> Waiting for
>> service.
>> <NtFrsApi_WaitForService: 372: 1895: 13:17:50> Waiting for
>> service.
>> <NtFrsApi_WaitForService: 372: 1895: 13:17:51> Waiting for
>> service.
>> <NtFrsApi_WaitForService: 372: 1895: 13:17:52> Waiting for
>> service.
>> <NtFrsApi_WaitForService: 372: 1895: 13:17:53> Waiting for
>> service.
>> <NtFrsApi_WaitForService: 372: 1895: 13:17:54> Waiting for
>> service.
>> <NtFrsApi_WaitForService: 372: 1895: 13:17:55> Waiting for
>> service.
>> <NtFrsApi_Abort: 372: 3269: 13:17:56> Abort: registry
>> <NtFrsApi_Abort: 372: 3378: 13:17:56> Abort done: 0
>> <NtFrsApi_AbortPromotionW: 372: 3413: 13:17:56> Abort promotion
>> done: 0
>>
>>
>>
>> "Paul Bergson" <pbergson@allete_nospam.com> wrote in message
>> news:%23q0nzH3RGHA.792@TK2MSFTNGP10.phx.gbl...
>>> This should work but test it anyway
>>> NTFRSUTL version server_name (Server name equals remote dc. Do this
>>> from both DC's to each other)
>>>
>>>
>>>
>>> Are you getting any Event System Log messages? This is a pretty tough
>>> thing to debug without more info.
>>>
>>> Try repadmin /showrepl * /csv > c:\repadmin.csv
>>>
>>> Open this up in Excel and hopefully you will find some error info
>>>
>>> --
>>>
>>> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>>> http://www.pbbergs.com
>>>
>>> This posting is provided "AS IS" with no warranties, and confers no
>>> rights.
>>>
>>> "Simon Glencross" <simon.glencross@sg.consultancy.co.uk> wrote in
>>> message news:ejhrls2RGHA.4456@TK2MSFTNGP14.phx.gbl...
>>>> Ok, sorry for the delay in reponding to your help, I have checked the
>>>> ports with the port query tool and they are all accessable but I am
>>>> still getting the same error?? Do you have any other suggestions?
>>>>
>>>> Many Thanks
>>>>
>>>> Smon
>>>> "Paul Bergson" <pbergson@allete_nospam.com> wrote in message
>>>> news:OOxkodkPGHA.3408@TK2MSFTNGP12.phx.gbl...
>>>>> Read the article Firewall Ports needed for Replication off of the
>>>>> articles link at
>>>>>
>>>>> http://www.pbbergs.com
>>>>>
>>>>> My guess is you don't have all the ports opened, there is a tool in
>>>>> this document that will guide you to test if this is all correctly
>>>>> setup. Excerpt below:
>>>>>
>>>>> Download PortQryUI and run the tool
>>>>> Select the destination DC or PDC
>>>>>
>>>>> Select Domains and Trusts
>>>>>
>>>>> Validate the ports that should be open in fact
>>>>> are via the output provided by the tool.
>>>>>
>>>>> For additional info on this tool
>>>>> see PortQry features, this is the backend tool for PortQryUI
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>>>>> http://www.pbbergs.com
>>>>>
>>>>> This posting is provided "AS IS" with no warranties, and confers no
>>>>> rights.
>>>>>
>>>>> "Simon Glencross" <simon.glencross@sg.consultancy.co.uk> wrote in
>>>>> message news:%23aDjoxjPGHA.3984@TK2MSFTNGP14.phx.gbl...
>>>>>>I have been following the Documentation on this site trying to add and
>>>>>>additional Windows 2k3 dc to an existing domain which has one of there
>>>>>>Windows 2k3 DC.
>>>>>>
>>>>>> The primary server being the existing Windows 2k3 dc is located on a
>>>>>> network whilst the new DC is located on a wan (VPN). I have setup the
>>>>>> dns ect and this all seems to be fine, I can see the servers from
>>>>>> either side and ping them by name. I have added the new windows 2003
>>>>>> server to the domain but when I try and undcpromo /adv I get the
>>>>>> following error.....
>>>>>>
>>>>>> The Error which I am receving is as follows...
>>>>>>
>>>>>> Active Directory could not create the NTDS Settings object for this
>>>>>> domain controller CN=NTDS
>>>>>> Settings,CN=LAKEBACKUP1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lakesidehotel,DC
>>>>>> =co,DC=uk on the remote domain controller
>>>>>> lakesideserver.lakesidehotel.co.uk. Ensure the provided network
>>>>>> credentials have sufficient permissions.
>>>>>>
>>>>>> "Could not find the domain controller for this domain."
>>>>>>
>>>>>> I have made sure that the administrator account on the exisitng DC
>>>>>> has domain Admin right and it has full rights but still I recieve the
>>>>>> above error.
>>>>>>
>>>>>> The error states " Could not find the domain controller for this
>>>>>> Domain" although I can ping it from the remote Win 2k3 server and
>>>>>> vice versur.
>>>>>>
>>>>>> Does anyone have any ideas or advice?
>>>>>>
>>>>>> Thank you in advance!
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

Try this info

http://support.microsoft.com/default...b;en-us;329860

--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
http://www.pbbergs.com

This posting is provided "AS IS" with no warranties, and confers no rights.

"Simon Glencross" <simon.glencross@sg.consultancy.co.uk> wrote in message
news:OVeyIE8RGHA.4452@TK2MSFTNGP12.phx.gbl...
> Paul,
>
> I have itmay tell you more than it does me I hope :(
>
> Default-First-Site-Name\LAKESIDESERVER
>
> DC Options: IS_GC
>
> Site Options: (none)
>
> DC object GUID: b4d75537-32c9-4536-a960-3b52b46a848c
>
> DC invocationID: 2de56e26-c0f9-49fa-b8a3-8fdeabb3cb7c
>
>
>
> DsReplicaGetInfo() failed with status 8453 (0x2105):
>
> Can't retrieve message string 8453 (0x2105) error 1815.
>
>
>
>
> "Paul Bergson" <pbergson@allete_nospam.com> wrote in message
> news:%23fuTqk6RGHA.4264@TK2MSFTNGP11.phx.gbl...
>> Did you try the repadmin /showrepl * /csv > c:\repadmin.csv
>>
>> --
>>
>> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>> http://www.pbbergs.com
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> "Simon Glencross" <simon.glencross@sg.consultancy.co.uk> wrote in message
>> news:%23wzTDv3RGHA.4900@TK2MSFTNGP09.phx.gbl...
>>> Here is the ntrsapi.log file not sure is this will help
>>>
>>> <NtFrsApi_PrepareForPromotionW: 372: 2559: 13:14:30> ===============
>>> Promotion Start:
>>> <NtFrsApi_PrepareForPromotionW: 372: 2560: 13:14:30>
>>> <NtFrsApi_PrepareForPromotionW: 372: 2562: 13:14:30> Prepare
>>> promotion:
>>> <NtFrsApi_Prepare: 372: 2330: 13:14:30> Prepare:
>>> <NtFrsApi_Prepare: 372: 2358: 13:14:30> Prepare: FRS
>>> Registry
>>> <NtFrsApi_Prepare: 372: 2371: 13:14:30> Prepare: Netlogon
>>> registry
>>> <NtFrsApi_Prepare: 372: 2402: 13:14:30> Prepare: Service
>>> <NtFrsApi_Prepare: 372: 2471: 13:14:30> Prepare: Restart
>>> service
>>> <NtFrsApi_WaitForService: 372: 1895: 13:14:30> Waiting for
>>> service.
>>> <NtFrsApi_WaitForService: 372: 1895: 13:14:31> Waiting for
>>> service.
>>> <NtFrsApi_Prepare: 372: 2522: 13:14:32> Prepare done: 0
>>> <NtFrsApi_PrepareForPromotionW: 372: 2564: 13:14:32> Prepare promotion
>>> done: 0
>>> <NtFrsApi_StartPromotionW: 372: 3787: 13:14:32> Promotion start:
>>> Parent \\lakesideserver.lakesidehotel.co.uk
>>> <NtFrsApi_StartPromotionW: 372: 3788: 13:14:32> Promotion start:
>>> Account lakesidehotel.co.uk\ADMINISTRATOR
>>> <NtFrsApi_StartPromotionW: 372: 3789: 13:14:32> Promotion start:
>>> Set lakesidehotel.co.uk
>>> <NtFrsApi_StartPromotionW: 372: 3790: 13:14:32> Promotion start:
>>> Type Domain
>>> <NtFrsApi_StartPromotionW: 372: 3791: 13:14:33> Promotion start:
>>> Primary 0
>>> <NtFrsApi_StartPromotionW: 372: 3792: 13:14:33> Promotion start:
>>> Stage \\?\C:\WINDOWS\SYSVOL\staging areas\lakesidehotel.co.uk
>>> <NtFrsApi_StartPromotionW: 372: 3793: 13:14:33> Promotion start:
>>> Root C:\WINDOWS\SYSVOL\sysvol\lakesidehotel.co.uk
>>> <NtFrsApi_StartPromotionW: 372: 3867: 13:14:33> Promotion start
>>> done: Set lakesidehotel.co.uk, 0
>>> <NtFrsApi_StartPromotion_Thread:1196: 3508: 13:14:33> Promotion thread
>>> start: Parent \\lakesideserver.lakesidehotel.co.uk
>>> <NtFrsApi_StartPromotion_Thread:1196: 3509: 13:14:33> Promotion thread
>>> start: Account (null)
>>> <NtFrsApi_StartPromotion_Thread:1196: 3510: 13:14:33> Promotion thread
>>> start: Set lakesidehotel.co.uk
>>> <NtFrsApi_StartPromotion_Thread:1196: 3511: 13:14:33> Promotion thread
>>> start: Type Domain
>>> <NtFrsApi_StartPromotion_Thread:1196: 3512: 13:14:33> Promotion thread
>>> start: Primary 0
>>> <NtFrsApi_StartPromotion_Thread:1196: 3513: 13:14:33> Promotion thread
>>> start: Stage \\?\C:\WINDOWS\SYSVOL\staging areas\lakesidehotel.co.uk
>>> <NtFrsApi_StartPromotion_Thread:1196: 3514: 13:14:33> Promotion thread
>>> start: Root C:\WINDOWS\SYSVOL\sysvol\lakesidehotel.co.uk
>>> <NtFrsApi_BindWithAuth: 1196: 1502: 13:14:33> Bind With Auth:
>>> (null)
>>> <NtFrsApi_BindWithAuth: 1196: 1531: 13:14:33> Bind With Auth:
>>> compose to LAKEBACKUP1
>>> <NtFrsApi_BindWithAuth: 1196: 1536: 13:14:33> Bind With Auth:
>>> compose done to LAKEBACKUP1; 0
>>> <NtFrsApi_BindWithAuth: 1196: 1552: 13:14:33> Bind With Auth:
>>> resolve to LAKEBACKUP1
>>> <NtFrsApi_BindWithAuth: 1196: 1555: 13:14:33> Bind With Auth:
>>> resolve done to LAKEBACKUP1; 0
>>> <NtFrsApi_BindWithAuth: 1196: 1561: 13:14:33> Bind With Auth:
>>> princname to LAKEBACKUP1
>>> <NtFrsApi_BindWithAuth: 1196: 1564: 13:14:33> Bind With Auth:
>>> princname done to LAKEBACKUP1; 0
>>> <NtFrsApi_BindWithAuth: 1196: 1570: 13:14:33> Bind With Auth:
>>> auth to LAKEBACKUP1 (princname lakebackup1$@LAKESIDEHOTEL.CO.UK)
>>> <NtFrsApi_BindWithAuth: 1196: 1577: 13:14:33> Bind With Auth:
>>> set auth done to LAKEBACKUP1; 0
>>> <NtFrsApi_BindWithAuth: 1196: 1619: 13:14:33> Bind With Auth
>>> done: 0
>>> <NtFrsApi_StartPromotion_Thread:1196: 3668: 13:14:33> Promotion thread
>>> rpc demote: Set lakesidehotel.co.uk
>>> <NtFrsApi_StartPromotion_Thread:1196: 3675: 13:14:34> Promotion thread
>>> rpc demote done: 0 (00000000)
>>> <NtFrsApi_StartPromotion_Thread:1196: 3718: 13:14:34> Promotion thread
>>> complete: Set lakesidehotel.co.uk
>>> <NtFrsApi_StartPromotion_Thread:1196: 3720: 13:14:34> Promotion thread
>>> complete: Thread 0, Service 0
>>> <NtFrsApi_AbortPromotionW: 372: 3411: 13:17:45> Abort promotion:
>>> <NtFrsApi_Abort: 372: 3201: 13:17:45> Abort:
>>> <NtFrsApi_Abort: 372: 3228: 13:17:45> Abort: threads
>>> <NtFrsApi_Abort: 372: 3254: 13:17:46> Abort: service
>>> <NtFrsApi_WaitForService: 372: 1895: 13:17:46> Waiting for
>>> service.
>>> <NtFrsApi_WaitForService: 372: 1895: 13:17:47> Waiting for
>>> service.
>>> <NtFrsApi_WaitForService: 372: 1895: 13:17:48> Waiting for
>>> service.
>>> <NtFrsApi_WaitForService: 372: 1895: 13:17:49> Waiting for
>>> service.
>>> <NtFrsApi_WaitForService: 372: 1895: 13:17:50> Waiting for
>>> service.
>>> <NtFrsApi_WaitForService: 372: 1895: 13:17:51> Waiting for
>>> service.
>>> <NtFrsApi_WaitForService: 372: 1895: 13:17:52> Waiting for
>>> service.
>>> <NtFrsApi_WaitForService: 372: 1895: 13:17:53> Waiting for
>>> service.
>>> <NtFrsApi_WaitForService: 372: 1895: 13:17:54> Waiting for
>>> service.
>>> <NtFrsApi_WaitForService: 372: 1895: 13:17:55> Waiting for
>>> service.
>>> <NtFrsApi_Abort: 372: 3269: 13:17:56> Abort: registry
>>> <NtFrsApi_Abort: 372: 3378: 13:17:56> Abort done: 0
>>> <NtFrsApi_AbortPromotionW: 372: 3413: 13:17:56> Abort promotion
>>> done: 0
>>>
>>>
>>>
>>> "Paul Bergson" <pbergson@allete_nospam.com> wrote in message
>>> news:%23q0nzH3RGHA.792@TK2MSFTNGP10.phx.gbl...
>>>> This should work but test it anyway
>>>> NTFRSUTL version server_name (Server name equals remote dc. Do this
>>>> from both DC's to each other)
>>>>
>>>>
>>>>
>>>> Are you getting any Event System Log messages? This is a pretty tough
>>>> thing to debug without more info.
>>>>
>>>> Try repadmin /showrepl * /csv > c:\repadmin.csv
>>>>
>>>> Open this up in Excel and hopefully you will find some error info
>>>>
>>>> --
>>>>
>>>> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>>>> http://www.pbbergs.com
>>>>
>>>> This posting is provided "AS IS" with no warranties, and confers no
>>>> rights.
>>>>
>>>> "Simon Glencross" <simon.glencross@sg.consultancy.co.uk> wrote in
>>>> message news:ejhrls2RGHA.4456@TK2MSFTNGP14.phx.gbl...
>>>>> Ok, sorry for the delay in reponding to your help, I have checked the
>>>>> ports with the port query tool and they are all accessable but I am
>>>>> still getting the same error?? Do you have any other suggestions?
>>>>>
>>>>> Many Thanks
>>>>>
>>>>> Smon
>>>>> "Paul Bergson" <pbergson@allete_nospam.com> wrote in message
>>>>> news:OOxkodkPGHA.3408@TK2MSFTNGP12.phx.gbl...
>>>>>> Read the article Firewall Ports needed for Replication off of the
>>>>>> articles link at
>>>>>>
>>>>>> http://www.pbbergs.com
>>>>>>
>>>>>> My guess is you don't have all the ports opened, there is a tool in
>>>>>> this document that will guide you to test if this is all correctly
>>>>>> setup. Excerpt below:
>>>>>>
>>>>>> Download PortQryUI and run the tool
>>>>>> Select the destination DC or PDC
>>>>>>
>>>>>> Select Domains and Trusts
>>>>>>
>>>>>> Validate the ports that should be open in fact
>>>>>> are via the output provided by the tool.
>>>>>>
>>>>>> For additional info on this tool
>>>>>> see PortQry features, this is the backend tool for PortQryUI
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>>>>>> http://www.pbbergs.com
>>>>>>
>>>>>> This posting is provided "AS IS" with no warranties, and confers no
>>>>>> rights.
>>>>>>
>>>>>> "Simon Glencross" <simon.glencross@sg.consultancy.co.uk> wrote in
>>>>>> message news:%23aDjoxjPGHA.3984@TK2MSFTNGP14.phx.gbl...
>>>>>>>I have been following the Documentation on this site trying to add
>>>>>>>and additional Windows 2k3 dc to an existing domain which has one of
>>>>>>>there Windows 2k3 DC.
>>>>>>>
>>>>>>> The primary server being the existing Windows 2k3 dc is located on a
>>>>>>> network whilst the new DC is located on a wan (VPN). I have setup
>>>>>>> the dns ect and this all seems to be fine, I can see the servers
>>>>>>> from either side and ping them by name. I have added the new windows
>>>>>>> 2003 server to the domain but when I try and undcpromo /adv I get
>>>>>>> the following error.....
>>>>>>>
>>>>>>> The Error which I am receving is as follows...
>>>>>>>
>>>>>>> Active Directory could not create the NTDS Settings object for this
>>>>>>> domain controller CN=NTDS
>>>>>>> Settings,CN=LAKEBACKUP1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lakesidehotel,DC
>>>>>>> =co,DC=uk on the remote domain controller
>>>>>>> lakesideserver.lakesidehotel.co.uk. Ensure the provided network
>>>>>>> credentials have sufficient permissions.
>>>>>>>
>>>>>>> "Could not find the domain controller for this domain."
>>>>>>>
>>>>>>> I have made sure that the administrator account on the exisitng DC
>>>>>>> has domain Admin right and it has full rights but still I recieve
>>>>>>> the above error.
>>>>>>>
>>>>>>> The error states " Could not find the domain controller for this
>>>>>>> Domain" although I can ping it from the remote Win 2k3 server and
>>>>>>> vice versur.
>>>>>>>
>>>>>>> Does anyone have any ideas or advice?
>>>>>>>
>>>>>>> Thank you in advance!
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

Paul,

Thank you for your help it was much appreciated I have it working at long
last!!

Thanks Again....


"Paul Bergson" <pbergson@allete_nospam.com> wrote in message
news:%23%23jWlwGSGHA.3192@TK2MSFTNGP09.phx.gbl...
> Try this info
>
> http://support.microsoft.com/default...b;en-us;329860
>
> --
>
> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> http://www.pbbergs.com
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
> "Simon Glencross" <simon.glencross@sg.consultancy.co.uk> wrote in message
> news:OVeyIE8RGHA.4452@TK2MSFTNGP12.phx.gbl...
>> Paul,
>>
>> I have itmay tell you more than it does me I hope :(
>>
>> Default-First-Site-Name\LAKESIDESERVER
>>
>> DC Options: IS_GC
>>
>> Site Options: (none)
>>
>> DC object GUID: b4d75537-32c9-4536-a960-3b52b46a848c
>>
>> DC invocationID: 2de56e26-c0f9-49fa-b8a3-8fdeabb3cb7c
>>
>>
>>
>> DsReplicaGetInfo() failed with status 8453 (0x2105):
>>
>> Can't retrieve message string 8453 (0x2105) error 1815.
>>
>>
>>
>>
>> "Paul Bergson" <pbergson@allete_nospam.com> wrote in message
>> news:%23fuTqk6RGHA.4264@TK2MSFTNGP11.phx.gbl...
>>> Did you try the repadmin /showrepl * /csv > c:\repadmin.csv
>>>
>>> --
>>>
>>> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>>> http://www.pbbergs.com
>>>
>>> This posting is provided "AS IS" with no warranties, and confers no
>>> rights.
>>>
>>> "Simon Glencross" <simon.glencross@sg.consultancy.co.uk> wrote in
>>> message news:%23wzTDv3RGHA.4900@TK2MSFTNGP09.phx.gbl...
>>>> Here is the ntrsapi.log file not sure is this will help
>>>>
>>>> <NtFrsApi_PrepareForPromotionW: 372: 2559: 13:14:30> ===============
>>>> Promotion Start:
>>>> <NtFrsApi_PrepareForPromotionW: 372: 2560: 13:14:30>
>>>> <NtFrsApi_PrepareForPromotionW: 372: 2562: 13:14:30> Prepare
>>>> promotion:
>>>> <NtFrsApi_Prepare: 372: 2330: 13:14:30> Prepare:
>>>> <NtFrsApi_Prepare: 372: 2358: 13:14:30> Prepare: FRS
>>>> Registry
>>>> <NtFrsApi_Prepare: 372: 2371: 13:14:30> Prepare:
>>>> Netlogon registry
>>>> <NtFrsApi_Prepare: 372: 2402: 13:14:30> Prepare: Service
>>>> <NtFrsApi_Prepare: 372: 2471: 13:14:30> Prepare: Restart
>>>> service
>>>> <NtFrsApi_WaitForService: 372: 1895: 13:14:30> Waiting for
>>>> service.
>>>> <NtFrsApi_WaitForService: 372: 1895: 13:14:31> Waiting for
>>>> service.
>>>> <NtFrsApi_Prepare: 372: 2522: 13:14:32> Prepare done: 0
>>>> <NtFrsApi_PrepareForPromotionW: 372: 2564: 13:14:32> Prepare
>>>> promotion done: 0
>>>> <NtFrsApi_StartPromotionW: 372: 3787: 13:14:32> Promotion start:
>>>> Parent \\lakesideserver.lakesidehotel.co.uk
>>>> <NtFrsApi_StartPromotionW: 372: 3788: 13:14:32> Promotion start:
>>>> Account lakesidehotel.co.uk\ADMINISTRATOR
>>>> <NtFrsApi_StartPromotionW: 372: 3789: 13:14:32> Promotion start:
>>>> Set lakesidehotel.co.uk
>>>> <NtFrsApi_StartPromotionW: 372: 3790: 13:14:32> Promotion start:
>>>> Type Domain
>>>> <NtFrsApi_StartPromotionW: 372: 3791: 13:14:33> Promotion start:
>>>> Primary 0
>>>> <NtFrsApi_StartPromotionW: 372: 3792: 13:14:33> Promotion start:
>>>> Stage \\?\C:\WINDOWS\SYSVOL\staging areas\lakesidehotel.co.uk
>>>> <NtFrsApi_StartPromotionW: 372: 3793: 13:14:33> Promotion start:
>>>> Root C:\WINDOWS\SYSVOL\sysvol\lakesidehotel.co.uk
>>>> <NtFrsApi_StartPromotionW: 372: 3867: 13:14:33> Promotion start
>>>> done: Set lakesidehotel.co.uk, 0
>>>> <NtFrsApi_StartPromotion_Thread:1196: 3508: 13:14:33> Promotion thread
>>>> start: Parent \\lakesideserver.lakesidehotel.co.uk
>>>> <NtFrsApi_StartPromotion_Thread:1196: 3509: 13:14:33> Promotion thread
>>>> start: Account (null)
>>>> <NtFrsApi_StartPromotion_Thread:1196: 3510: 13:14:33> Promotion thread
>>>> start: Set lakesidehotel.co.uk
>>>> <NtFrsApi_StartPromotion_Thread:1196: 3511: 13:14:33> Promotion thread
>>>> start: Type Domain
>>>> <NtFrsApi_StartPromotion_Thread:1196: 3512: 13:14:33> Promotion thread
>>>> start: Primary 0
>>>> <NtFrsApi_StartPromotion_Thread:1196: 3513: 13:14:33> Promotion thread
>>>> start: Stage \\?\C:\WINDOWS\SYSVOL\staging areas\lakesidehotel.co.uk
>>>> <NtFrsApi_StartPromotion_Thread:1196: 3514: 13:14:33> Promotion thread
>>>> start: Root C:\WINDOWS\SYSVOL\sysvol\lakesidehotel.co.uk
>>>> <NtFrsApi_BindWithAuth: 1196: 1502: 13:14:33> Bind With Auth:
>>>> (null)
>>>> <NtFrsApi_BindWithAuth: 1196: 1531: 13:14:33> Bind With Auth:
>>>> compose to LAKEBACKUP1
>>>> <NtFrsApi_BindWithAuth: 1196: 1536: 13:14:33> Bind With Auth:
>>>> compose done to LAKEBACKUP1; 0
>>>> <NtFrsApi_BindWithAuth: 1196: 1552: 13:14:33> Bind With Auth:
>>>> resolve to LAKEBACKUP1
>>>> <NtFrsApi_BindWithAuth: 1196: 1555: 13:14:33> Bind With Auth:
>>>> resolve done to LAKEBACKUP1; 0
>>>> <NtFrsApi_BindWithAuth: 1196: 1561: 13:14:33> Bind With Auth:
>>>> princname to LAKEBACKUP1
>>>> <NtFrsApi_BindWithAuth: 1196: 1564: 13:14:33> Bind With Auth:
>>>> princname done to LAKEBACKUP1; 0
>>>> <NtFrsApi_BindWithAuth: 1196: 1570: 13:14:33> Bind With Auth:
>>>> auth to LAKEBACKUP1 (princname lakebackup1$@LAKESIDEHOTEL.CO.UK)
>>>> <NtFrsApi_BindWithAuth: 1196: 1577: 13:14:33> Bind With Auth:
>>>> set auth done to LAKEBACKUP1; 0
>>>> <NtFrsApi_BindWithAuth: 1196: 1619: 13:14:33> Bind With Auth
>>>> done: 0
>>>> <NtFrsApi_StartPromotion_Thread:1196: 3668: 13:14:33> Promotion thread
>>>> rpc demote: Set lakesidehotel.co.uk
>>>> <NtFrsApi_StartPromotion_Thread:1196: 3675: 13:14:34> Promotion thread
>>>> rpc demote done: 0 (00000000)
>>>> <NtFrsApi_StartPromotion_Thread:1196: 3718: 13:14:34> Promotion thread
>>>> complete: Set lakesidehotel.co.uk
>>>> <NtFrsApi_StartPromotion_Thread:1196: 3720: 13:14:34> Promotion thread
>>>> complete: Thread 0, Service 0
>>>> <NtFrsApi_AbortPromotionW: 372: 3411: 13:17:45> Abort promotion:
>>>> <NtFrsApi_Abort: 372: 3201: 13:17:45> Abort:
>>>> <NtFrsApi_Abort: 372: 3228: 13:17:45> Abort: threads
>>>> <NtFrsApi_Abort: 372: 3254: 13:17:46> Abort: service
>>>> <NtFrsApi_WaitForService: 372: 1895: 13:17:46> Waiting for
>>>> service.
>>>> <NtFrsApi_WaitForService: 372: 1895: 13:17:47> Waiting for
>>>> service.
>>>> <NtFrsApi_WaitForService: 372: 1895: 13:17:48> Waiting for
>>>> service.
>>>> <NtFrsApi_WaitForService: 372: 1895: 13:17:49> Waiting for
>>>> service.
>>>> <NtFrsApi_WaitForService: 372: 1895: 13:17:50> Waiting for
>>>> service.
>>>> <NtFrsApi_WaitForService: 372: 1895: 13:17:51> Waiting for
>>>> service.
>>>> <NtFrsApi_WaitForService: 372: 1895: 13:17:52> Waiting for
>>>> service.
>>>> <NtFrsApi_WaitForService: 372: 1895: 13:17:53> Waiting for
>>>> service.
>>>> <NtFrsApi_WaitForService: 372: 1895: 13:17:54> Waiting for
>>>> service.
>>>> <NtFrsApi_WaitForService: 372: 1895: 13:17:55> Waiting for
>>>> service.
>>>> <NtFrsApi_Abort: 372: 3269: 13:17:56> Abort: registry
>>>> <NtFrsApi_Abort: 372: 3378: 13:17:56> Abort done: 0
>>>> <NtFrsApi_AbortPromotionW: 372: 3413: 13:17:56> Abort promotion
>>>> done: 0
>>>>
>>>>
>>>>
>>>> "Paul Bergson" <pbergson@allete_nospam.com> wrote in message
>>>> news:%23q0nzH3RGHA.792@TK2MSFTNGP10.phx.gbl...
>>>>> This should work but test it anyway
>>>>> NTFRSUTL version server_name (Server name equals remote dc. Do this
>>>>> from both DC's to each other)
>>>>>
>>>>>
>>>>>
>>>>> Are you getting any Event System Log messages? This is a pretty tough
>>>>> thing to debug without more info.
>>>>>
>>>>> Try repadmin /showrepl * /csv > c:\repadmin.csv
>>>>>
>>>>> Open this up in Excel and hopefully you will find some error info
>>>>>
>>>>> --
>>>>>
>>>>> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>>>>> http://www.pbbergs.com
>>>>>
>>>>> This posting is provided "AS IS" with no warranties, and confers no
>>>>> rights.
>>>>>
>>>>> "Simon Glencross" <simon.glencross@sg.consultancy.co.uk> wrote in
>>>>> message news:ejhrls2RGHA.4456@TK2MSFTNGP14.phx.gbl...
>>>>>> Ok, sorry for the delay in reponding to your help, I have checked the
>>>>>> ports with the port query tool and they are all accessable but I am
>>>>>> still getting the same error?? Do you have any other suggestions?
>>>>>>
>>>>>> Many Thanks
>>>>>>
>>>>>> Smon
>>>>>> "Paul Bergson" <pbergson@allete_nospam.com> wrote in message
>>>>>> news:OOxkodkPGHA.3408@TK2MSFTNGP12.phx.gbl...
>>>>>>> Read the article Firewall Ports needed for Replication off of the
>>>>>>> articles link at
>>>>>>>
>>>>>>> http://www.pbbergs.com
>>>>>>>
>>>>>>> My guess is you don't have all the ports opened, there is a tool in
>>>>>>> this document that will guide you to test if this is all correctly
>>>>>>> setup. Excerpt below:
>>>>>>>
>>>>>>> Download PortQryUI and run the tool
>>>>>>> Select the destination DC or PDC
>>>>>>>
>>>>>>> Select Domains and Trusts
>>>>>>>
>>>>>>> Validate the ports that should be open in
>>>>>>> fact are via the output provided by the tool.
>>>>>>>
>>>>>>> For additional info on this tool
>>>>>>> see PortQry features, this is the backend tool for PortQryUI
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>>>>>>> http://www.pbbergs.com
>>>>>>>
>>>>>>> This posting is provided "AS IS" with no warranties, and confers no
>>>>>>> rights.
>>>>>>>
>>>>>>> "Simon Glencross" <simon.glencross@sg.consultancy.co.uk> wrote in
>>>>>>> message news:%23aDjoxjPGHA.3984@TK2MSFTNGP14.phx.gbl...
>>>>>>>>I have been following the Documentation on this site trying to add
>>>>>>>>and additional Windows 2k3 dc to an existing domain which has one of
>>>>>>>>there Windows 2k3 DC.
>>>>>>>>
>>>>>>>> The primary server being the existing Windows 2k3 dc is located on
>>>>>>>> a network whilst the new DC is located on a wan (VPN). I have setup
>>>>>>>> the dns ect and this all seems to be fine, I can see the servers
>>>>>>>> from either side and ping them by name. I have added the new
>>>>>>>> windows 2003 server to the domain but when I try and undcpromo /adv
>>>>>>>> I get the following error.....
>>>>>>>>
>>>>>>>> The Error which I am receving is as follows...
>>>>>>>>
>>>>>>>> Active Directory could not create the NTDS Settings object for this
>>>>>>>> domain controller CN=NTDS
>>>>>>>> Settings,CN=LAKEBACKUP1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lakesidehotel,DC
>>>>>>>> =co,DC=uk on the remote domain controller
>>>>>>>> lakesideserver.lakesidehotel.co.uk. Ensure the provided network
>>>>>>>> credentials have sufficient permissions.
>>>>>>>>
>>>>>>>> "Could not find the domain controller for this domain."
>>>>>>>>
>>>>>>>> I have made sure that the administrator account on the exisitng DC
>>>>>>>> has domain Admin right and it has full rights but still I recieve
>>>>>>>> the above error.
>>>>>>>>
>>>>>>>> The error states " Could not find the domain controller for this
>>>>>>>> Domain" although I can ping it from the remote Win 2k3 server and
>>>>>>>> vice versur.
>>>>>>>>
>>>>>>>> Does anyone have any ideas or advice?
>>>>>>>>
>>>>>>>> Thank you in advance!
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>