When promoting a server to be a global catalog, Event ID 1119 indicates the promotion was successful.
1. If Event ID 1119 is not logged, investigate the environment to determine:
- Number of domains in the forest.
- Names of the domains hosted by domain controllers in the global catalog’s local site.
- Names of the domains hosted by domain controllers in remote sites.
2. Review the directory service event log for relevant events such as 1559, 1578, 1110, and 1126. If you do not see any relevant events, enable diagnostic logging on the global catalog by configuring the following values in the registry. For more information see KB article 314980.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics
Inter-Site Messaging - 2
Replication Events - 3
Internal Processing - 1
Global Catalog - 4
3. If an Event ID 1119 exists stating that the domain controller was successfully promoted as a global catalog, and it was a recently logged event, then possibly it has started advertising before it fully synchronized all domain partitions hosted by domain controllers in remote sites. By default, any Windows 2000 domain controller on SP2 or lower will only check to ensure that all domain partitions hosted in its own site have successfully replicated. If there is a domain context in the forest that does not have a domain controller in the server’s local site or another global catalog in the site containing that partition, the domain controller will still advertise as a global catalog even though those partitions have not yet synchronized. This behavior is enforced by the following registry value:
HKEY_LOCAL_MACHINE\CurrentControlSet\Services\NTDS\Parameters
Value Name: Global Catalog Partition Occupancy
Value Type: REG_DWORD
Default Value: 4
The default value of 4 means all partitions in the same site are synchronized fully. This is also the maximum value if the domain controller is at SP2 or lower. In SP3, the value can now be set to 6, which requires all partitions in the forest to be synchronized before a domain controller will advertise as a global catalog. If the issue involves Microsoft Exchange Server, reference KB article 304403 for more information. Creating a connection object to the appropriate domain controller hosting the missing domain partition and forcing replication may expedite the process. To do this, perform the following steps:
- 1. In Active Directory Sites and Services, expand the problem server's site, and then the server object for that server.
- 2. Right-click on NTDS Settings and select New Active Directory Connection.
- 3. Locate a domain controller that hosts the missing domain partition, double-click it, and click OK.
- 4. Right-click the new connection object and select Replicate Now.
To force replication using the Repadmin tool:
repadmin /sync DC=<MyMissingDomainName>,DC=<com> <MyProblemServerName> <GuidofSourceServer, ie.0d67193c-8cb1-4c4c-bd7c-af98e11d6d67>
Note To obtain the GUID of the server, run repadmin /showreps \\<source server> and copy the ObjectGuid.
4. If no Event ID 1119 exists in the directory service event log, or the domain controller is not advertising as a global catalog, then determine what partitions have not replicated yet. Focusing on any Knowledge Consistency Checker (KCC) errors, specifically Event ID 1265, will help determine what partitions it is having problems with. If no helpful events are logged, then enable diagnostic logging as in KB article 314980. The more important registry entries to focus on are the following:
Replication Events: set to 3.
Inter-Site Messaging: set to 2.
Internal Processing: set to 1.
Global Catalog: set to 4.
Note Remove these settings when finished troubleshooting, as they will continue to fill up the event log.
Once relevant events are identified, try to determine the reason for the replication failure, which is often listed at the bottom of the event description, generally referring to a “DNS lookup failure” or “Access is denied” error. After obtaining the error refer back to the troubleshooter and follow steps in the section pertaining to that error message.
After resolving all of the relevant errors, to verify the global catalog is advertising you can check the isGlobalCatalogReady value to ensure it is TRUE. To do this, start the Ldp tool included in the Windows 2000 Support Tools. On the Connection menu, click Connect. In the Server Name box, type the name for the global catalog server that is used for lookup. In the Port Number box, type 3268. Leave the Connectionless check box clear. In the right-most column, several lines of text are displayed. Towards the bottom of the output, look for the isGlobalCatalogReady value.
Posts
