Article ID: 254933 - View products that this article applies to.
This article was previously published under Q254933
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/256986/EN-US/ )Description of the Microsoft Windows Registry
The domain naming master Flexible Single Master Operations (FSMO) role holder is assigned to the domain controller that is responsible for making changes to the CN=Partitions,CN=Configuration, DC=domain configuration container in Active Directory. The configuration naming context is shared and replicated by all Windows 2000-based domain controllers in the same forest.
This article describes issues that can occur when Windows 2000-based servers that are being promoted or demoted are unable to contact the domain naming master FSMO role holder during Active Directory promotion or demotion.
The domain naming master FSMO role holder is the only computer that can add or remove a domain in a Windows 2000 Active Directory forest, and is the only FSMO role owner contacted by the Active Directory Installation Wizard (Dcpromo.exe). No FSMO role access is required to promote or demote replica domain controllers in an existing domain.
Investigate Domain Name System (DNS) name resolution, network connectivity, and consistency in Active Directory for the current domain naming master FSMO role holder when "naming master" or "FSMO" error messages occur during Dcpromo operations.
Active Directory PromotionWindows 2000-based servers that are being promoted to domain controllers may generate the following error message when they are unable to contact the domain naming master FSMO role holder during promotion (in this case, the first domain controller of a new child domain, Y, of the root domain Z.COM):
The %SystemRoot%\Debug\Dcpromo.log file shows similar information:
The operation failed because:
To perform the requested operation, the directory service needs to contact the Domain Naming Master (server servername). The attempt to contact it failed. The specified server cannot perform the requested operation.
DD/MM HH:MM:SS [INFO] Installing the Directory ServiceA related message can occur when information about a new domain in the forest has not yet been replicated to the computer that is the intended holder of the domain naming FSMO role for the forest:
DD/MM HH:MM:SS [INFO] Calling NtdsInstall for y.z.com
DD/MM HH:MM:SS [INFO] Starting the Directory Service installation
DD/MM HH:MM:SS [INFO] Validating user supplied options
DD/MM HH:MM:SS [INFO] Determining local site to enter
DD/MM HH:MM:SS [INFO] Examining existing Enterprise Directory Service
DD/MM HH:MM:SS [INFO] Error - To perform the requested operation, the Directory Service needs to contact the Domain Naming Master (server z-dc-01.y.z.com). The attempt to contact it failed. (58)
DD/MM HH:MM:SS [INFO] NtdsInstall for y.z.com returned 58
DD/MM HH:MM:SS [INFO] DsRolepInstallDs returned 58
DD/MM HH:MM:SS [ERROR] Failed to install the directory service (58)
DD/MM HH:MM:SS [INFO] The attempted domain controller operation has completed
DD/MM HH:MM:SS [INFO] DsRolepSetOperationDone returned 0
This behavior can be caused by inconsistency in the domain naming master role owner as seen by different domain controllers in the forest because of replication latency or problems. Use the following troubleshooting steps to determine if a problem exists:
Active Directory Installation Failed. The operation failed because: The Directory Service failed to create the object CN=servername,CN=Partitions,CN=Configuration,DC=Y,DC=Z,DC=com. Please check the event log for possible system errors. The directory cannot validate the proposed naming context name because it does not hold a replica of the naming context above the proposed naming context. Please ensure that the domain naming master role is held by a that is server configured as a global catalog server, and that that server is up to date with its replication partners.