RE: [ActiveDir] Event id 16650

[Jorge de Almeida Pinto]

Title: Event id 16650

Hi,

 

This event ID means the DC is asking for a new RID pool to create security principals locally and it cannot obtain. RID pools are issued by the RID Master.

Event ID 16647 (The domain controller is starting a request for a new account-identifier pool) means it's starting the RID pool request process and 16648 (The request for a new account-identifier pool has completed successfully) means it succesfully received the RID pool from the RID master.

For more info on event ID 16650 check out: http://www.eventid.net/display.asp?eventid=16650&eventno=896&source=SAM&phase=1

 

One question.  You mention that the newly promoted DC holds the FSMO RID Master role. Which DC was holding the RID Master role when the new DC was being promoted the first time and the second time (after the rename)? If your RID master died and you're promoting a new DC to replace the old RID master then first seize the RID Master role to another DC. To check which DCs hold the FSMO roles use NETDOM QUERY FSMO (execute this on the new DC and on another DC). My experience is that when a DC needs a new RID pool but it does not get one, you cannot create security principals but the DC also ignores LDAP queries by clients. As it did not get a RID pool (according to the event id) I expect that it will also not register the DNS records you mention in DNS (to check DNS records use NETDIAG /TEST:DNS /FIX)

Also, be sure to clean up the metadata in AD of the failed DC

 

Can you also mention the steps you took before, during and after the promotion of the new DC?

 

Regards,

Jorge

 

 

---

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Sunday, April 25, 2004 14:15
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Event id 16650

Dear Experts,
I am getting this event id 16650. Actually, itz a newly promoted Domain Controller in the forest mean to say,itz an additional domain controller. While I was promoting, before it completed the promotion, accidently, they system got restarted. I have then renamed the machine + deleted the NTDS folder + deleted from sites&services and then promoted it again. It was succesfull but not all the records are created in DNS.

The evend id 16650 description is "The account-identifier allocator failed to initialize properly.  The record data contains the NT error code that caused the failure.  Windows 2000 will retry the initialization until it succeeds; until that time, account creation will be denied on this Domain Controller.  Please look for other SAM event logs that may indicate the exact reason for the failure."

This machine is holding all the FSMO roles + RID pool too.
Where can I find SAM log for the exact reason of failure. I am attaching dcdiag/v test.
How can I resolve this issue without demoting this again.??

Awaiting your thoughts on this issue.

Regards,
Mohammed Athif Khaleel
Asst.Network Engineer
AlFaisaliah Group Information Technology
Tel.: +966-1-461-0077 x.209
Moble.: +966-59774015
Email: [EMAIL PROTECTED]
"Save Internet, Keep all the systems patched"
<<Dcdiag.txt>>

-----------------------------------------------------
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom/which they are addressed. If you have received this email in error please notify the system manager at the following email address: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Al Faisaliah Group. Internet communications cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, arrive late or contain viruses. The sender therefore does not accept liability for any errors or omissions in the context of this message, which arise as a result of Internet transmission.  Finally, the recipient should check this email and any attachments for the presence of viruses. Al Faisaliah Group accepts no liability for any damage caused by any virus transmitted by this email.

-----------------------------------------------------

This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.