Posts Tagged fsMORoleOwner

OpsMgr/SCOM 2007 R2 – AD Replication Monitoring Failed (fSMORoleOwner attribute)

Posted by on Friday, 22 April, 2011

We get a warning in OpsMgr/SCOM 2007 R2 from the Active Directory 2008 Management Pack. Active Directory is running fine but OpsMgr find something what seems like corruption.

We get Warnings from all the Domain Controllers “Script Based Test Failed to Complete“. And event id 1000 are show in the “OperationManager” event log on the DC.

Detail of an Warning:

AD Replication Monitoring : encountered a runtime error.
Failed to obtain the InfrastructureMaster using a well known GUID.
The error returned was: ‘Failed to get the ‘fSMORoleOwner’ attribute from the object ‘LDAP://nlnbdcsrv01.more2know.local/<WKGUID=2fbac1870ade11d297c400c04fd8d5cd, DC=ForestDnsZones,DC=more2know,DC=local>’.
The error returned was: ‘There is no such object on the server.’ (0x80072030)’ (0x80072030)

If you read the warning, The real error is “There is no such object on the server”

The problem is that the AD Attribute “fSMORoleOwner” for the infrastructureMaster is set to an Old DC. The value was “CN=NTDS Settings\0ADEL:b6bc57e7-dbbf-41e5-82d2-7bc4b166af3f,CN=<OLDServername>\0ADEL:ae94f589-9bd8-4ec3-af7f-54afaf662beb,CN=Servers,CN=<SiteName>,CN=Sites,CN=Configuration,DC=domain,DC=local”.
It was referencing an old DC that was demote a long time ago. It was demoted a long time ago. These settings are in the partition ForestDnsZones and DomainDNSZones.

We must have so change the value to the DN of the current Infrastructure Master. Microsoft has the seam error when you want to Run adprep /rodcprep. See. http://support.microsoft.com/kb/949257

1. Find out what the correct DN of the Infrastructure Master

  1. Run Adsiedit.msc
  2. Connect to the server which hold the infrastructure Role
  3. Connect to CN=Configuration,DC=<domain>,DC=<suffix>.
  4. Expand CN=Sites -> CN=”Site of the IM” -> CN=Servers -> CN=”Infrasturcte Master”
  5. Open the Properties of CN=NTDS Settings
  6. Find DistinguishedName and copy the value


     
 

2. Change the ForestDnsZone fSMORoleOwner

  1. Run Adsiedit.msc
  2. Connect to the server which hold the infrastructure Role
  3. Connect to DC=ForestDnsZones,DC=<domain>,DC=<suffix>.
  4. Open the properties for the Infrastructure object.
  5. Check the fSMORoleOwner attribute.
  6. Specify an infrastructure role owner that is online for the partition. You can do this by manually modifying the fSMORoleOwner attribute on the object.

The value is formatted like:

CN=NTDS Settings,CN=<hostname>,CN=Servers,CN=<sitename>,CN=Sites, CN=Configuration,DC=domain,DC=local


Connect to de Infrastructure Master (IM) and select ForestDnsZones


Change the fSMORoleOwner

3. Change the DomainDnsZone fSMORoleOwner

  1. Run Adsiedit.msc
  2. Connect to the server which hold the infrastructure Role
  3. Connect to DC=DomainDnsZones,DC=<domain>,DC=<suffix>.
  4. Open the properties for the Infrastructure object.
  5. Check the fSMORoleOwner attribute.
  6. Specify an infrastructure role owner that is online for the partition. You can do this by manually modifying the fSMORoleOwner attribute on the object.

    The value is formatted like:
    CN=NTDS Settings,CN=<hostname>,CN=Servers,CN=<sitename>,CN=Sites, CN=Configuration,DC=domain,DC=local

!! Note. You need to connect to the DC that currently is the Infrastructure FSMO. If you connect to any other DC you will get a error message saying “000020Ae: svcErr:DSID-031524F1, problem 5003 (WILL_NOT_PERFORM), data 0