Warning / Error with AD Replication Partner Op Master Consistency

[philipp]

Hello everybody

I imported the new AD MP (6.0.6452.0) and now I get following warnings and
errors on each domain controller.

Warning - Event ID = 1000
AD Replication Partner Op Master Consistency : The script 'AD Replication
Partner Op Master Consistency' failed to get the fSMORoleOwner for
'adxx.xxx.xxx'.
The error returned was '' (0x80020009)

Error - Event ID = 45
AD Replication Partner Op Master Consistency : Unable to determine
infrastructure Op Master on domain controller 'adxx'.

Have someone a idea and can please help with the step?

Thank you Philipp

[Walter Eikenboom]

Hello Philipp,

Did you set the appropriate permissions with an run as account to monitor
AD?
Have a look at the following configuration article on technet for Active
directory moniotoring.

Regards,
Walter
http://weblogwally.spaces.live.com

http://technet.microsoft.com/en-us/library/dd279716.aspx
"philipp" <phi...@discussions.microsoft.com> wrote in message
news:EFEBD360-E807-4559...@microsoft.com...

[philipp]

Hi Walter

Thank you for your answer. I think i have set the appropriate permissions
with an run as account correctly. The other tests (OP Master schema, OP
Master domain, OP Master PDC and OP Master RID) with the same script (AD
Replication Partner Op Master Consistency' ) runs succesfull.

Regards, Philipp

[philipp]

Hello everbody

I have further the following Warning and Error Messages:

Warning - Event ID = 1000
AD Replication Partner Op Master Consistency : The script 'AD Replication
Partner Op Master Consistency' failed to get the fSMORoleOwner for
'adxx.xxx.xxx'.
The error returned was '' (0x80020009)

Error - Event ID = 45
AD Replication Partner Op Master Consistency : Unable to determine
infrastructure Op Master on domain controller 'adxx'.

Have nobody a idea what can i do for fix this problem?

Cheers Philipp

[Ian Blyth]

I have sseen this werror at a customer site where I have just installed
OpsMgr with the latest AD MP. I thought it may be an AD issue as the cutsomer
mention that they thought there were issues with AD. But if I am getting the
same error as someone else it seems less likely.

Ian

[adg...@bgsu.edu]

I have started seeing this error on my OpsMgr 2007 SP1 system also.
The errors began immediately after importing the latest version of the
ADMP, 6.0.6452. The only suggested resolutions I've found so far is
to disable the monitor, which I don't want to do. Monitoring AD
replication is a major reason we imported this management pack, so
disabling it would defeat the purpose of having it. Any suggestions
would be much appreciated.

[Jonathan.H]

I have the same error, initially running with the SP1 MP from the SP1
CD without any major issues.

I updated last week to the updated MP from the MS web site and am now
getting this and other errors:

The Domain Controller's Op Master is inconsitent
Script Based Test Failed to Complete
Could not determine the FSMO role holder
AD Replication Monitoring - Access Denied Alert

Followed the guide as close as possible, even tried using a domain
admin a/c as the replication monitor user a/c without joy

From scanning the various groups it looks as if there are a number of
people having issues related to the updated AD MP

Just hope there will be a fix or workaround soon.

As stated in the previous threads, any suggestions would be greatfully
received.

Cheers.

Jonathan.

[Magnus Sörensson]

Hi,

I also have this problem on a newly installed SCOM 2007 SP1. Have imported
the the latest AD MP and get eventid 45 and 1000 as described in the first
post here.

Have tried all things in the AD MP Guide and even running the run as account
as domain Admin but nothing helps.

Has anyone come to a resolution to this ???

/Magnus S

Hello Jonathan.H,

[Anders Bengtsson [MVP]]

Hi,

Looks like a problem we had in MOM 2000, http://support.microsoft.com/kb/875425

--
Anders Bengtsson
Microsoft MVP - Operations Manager
Microsoft Certified Trainer (MCT)
http://www.contoso.se

[Magnus Sörensson]

Hello Anders Bengtsson [MVP],

I have tried that with no luck. But I have done some more research of this
and if I take the script on the client and run it manually everything goes
OK and I see the correct events in event manager under Operations Manager.
It logs the event ID 99 and says that it has found all fsmoRoles. But when
the script runs automatically it logs the events 45 and 1000.

We are running the opsmgr service with Local System and has specified an
account in the run as profile for "AD MP" for the computer. This is the same
account which I use to log into the computer when I can manually run the
script OK.

To run the script you have to put in 2 arguments also and I have tested it
with both the <NetBIOSname> and the <FQDN> and also with an 1 for bLogSuccessEvent.

Any ideas where the problem can be or is there a way to see what arguments
OpsMgr uses when it runs the script automatically ???. Could it be a permission
problem and if so where shall I start looking ???

Will continue to test here ;-)

/Magnus

> Hi,
>
> Looks like a problem we had in MOM 2000,
> http://support.microsoft.com/kb/875425
>

[Magnus Sörensson]

Hi again ...

A little update here. Tested the script with an argument of 0 for bLogSuccessEvent
and then I get the error 45 and 1000 in the Eventlog.

Does anybody no how to see what arguments are shiped with the script from
opsmgr and if it is correct that it should be 0 or 1 there ???

/Magnus

[Anders Bengtsson [MVP]]

Hi Magnus,

You should be enable to see parameters that ops mgr use from the rule or
monitor running the script.

--
Anders Bengtsson
Microsoft MVP - Operations Manager
Microsoft Certified Trainer (MCT)
http://www.contoso.se

> Hi again ...

[Erling B.K.]

Hi Anders - we have the same error (Alerts from our win2003 and win2008 DC's
after installing the latest AD MP yesterday):
----------------------------------------------------
Alert: AD Op Master is inconsistent
AvailabilityHealth
Source: xxxxxDC
Path: xxxxDC.xxx.com
Last modified by: System
Last modified time: 20-12-2008 09:11:34
Alert description: The Domain Controller's Op Master is inconsitent. See
additional alerts for details.
-------------------------------------
Must i run of to work and try to find the problem i our AD, or is the MP not
correct / is it a false alert i am seeing - and if it is shall we disable
some rule until an update is on MS site ?

Yours Erling B. Kjeldsen
University of Southern Denmark

[Erling B.K.]

Hi again - My Event 1000 in the Operations Manager Eventlog - Looks somewhat
different:

AD Replication Partner Op Master Consistency : The script 'AD Replication

Partner Op Master Consistency' failed to executethe following LDAP query:
'<LDAP://xxxxxxxxxxx/CN=Configuration,DC=X,DC=XXX,DC=com>;(&(objectClass=crossRefContainer)(fSMORoleOwner=*));fSMORoleOwner;Subtree'.
The error returned was 'Table does not exist.' (0x80040E37)

Hope that this will help to clarify - i also hope that this is "just" a SCOM
MP Error - and our AD's are not affected..

Yours Erling Brandt Kjeldsen
University of Southern Denmark

[philipp]

Hello at all...

Thank you for all the interested answers.

My Problem is, we have on a Production System in 1 Month more then 55000
Events!! Is the Event 1000 and 45 a AD-MP Error? Or works the script 'AD
Replication Partner Op Master Consistency' not correct?

Have someone a idea or a Workaround for this Problem?

Best Regards, Philipp

[Arman Obosyan]

Hello,
Installed today AD MP 6.0.6452.0, gating same Warning/Error messages
Any updates on this issue?

Arman Obosyan

"philipp" <phi...@discussions.microsoft.com> wrote in message

news:9DABCE07-6209-4AF4...@microsoft.com...

[mntbkr...@gmail.com]

On 6 Jan, 03:41, "Arman Obosyan" <arm...@community.nospam> wrote:
> Hello,
> Installed today AD MP 6.0.6452.0, gating same Warning/Error messages
> Any updates on this issue?
>
> Arman Obosyan
>

> "philipp" <phil...@discussions.microsoft.com> wrote in message

>
> news:9DABCE07-6209-4AF4...@microsoft.com...
>
>
>
> > Hello at all...
>
> > Thank you for all the interested answers.
>
> > My Problem is, we have on a Production System in 1 Month more then 55000
> > Events!! Is the Event 1000 and 45 a AD-MP Error? Or works the script 'AD
> > Replication Partner Op Master Consistency' not correct?
>
> > Have someone a idea or a Workaround for this Problem?
>
> > Best Regards, Philipp
>
> > "Erling B.K." wrote:
>
> >> Hi again - My Event 1000 in the Operations Manager Eventlog - Looks
> >> somewhat
> >> different:
>
> >> AD Replication Partner Op Master Consistency : The script 'AD Replication
> >> Partner Op Master Consistency' failed to executethe following LDAP query:

> >> '<LDAP://xxxxxxxxxxx/CN=Configuration,DC=X,DC=XXX,DC=com>;(&(objectClass=cr­ossRefContainer)(fSMORoleOwner=*));fSMORoleOwner;Subtree'.

> >> > >>>>> On Thu, 11 Dec 2008 05:05:51 -0800 (PST), adgr...@bgsu.edu wrote:
>
> >> > >>>>>> I have started seeing this error on my OpsMgr 2007 SP1 system
> >> > >>>>>> also.
> >> > >>>>>> The errors began immediately after importing the latest version
> >> > >>>>>> of
> >> > >>>>>> the ADMP, 6.0.6452.  The only suggested resolutions I've found
> >> > >>>>>> so
> >> > >>>>>> far is to disable the monitor, which I don't want to do.
> >> > >>>>>> Monitoring AD replication is a major reason we imported this
> >> > >>>>>> management pack, so disabling it would defeat the purpose of
> >> > >>>>>> having

> >> > >>>>>> it.  Any suggestions would be much appreciated.- Dölj citerad text -
>
> - Visa citerad text -

I have been struggling with these alerts since the new AD MP install
and have found the resolution for our situation. All the following
alerts came in during the same time period:

_________________________________________________________________
Alert: Could not determine the FSMO role holder.
Source: <SERVER>
Path: <SERVER FQDN>
Last modified by: System
Last modified time: 1/7/2009 12:01:24 AM Alert description: AD
Replication Partner Op Master Consistency : Unable to determine schema
Op Master on domain controller '<TARGET SERVER NETBIOS NAME>'.
_________________________________________________________________
Alert: AD Client Side - Script Based Test Failed to Complete
Source: <SERVER>
Path: <SERVER FQDN>
Last modified by: System
Last modified time: 1/7/2009 12:01:24 AM Alert description: AD

Replication Partner Op Master Consistency : The script 'AD Replication
Partner Op Master Consistency' failed to executethe following LDAP

query: '<LDAP://<TARGET SERVER FQDN NAME>/
CN=Schema,CN=Configuration,DC=xx,DC=xx,DC=net>;(&(objectClass=dMD)

(fSMORoleOwner=*));fSMORoleOwner;Subtree'.
The error returned was 'Table does not exist.' (0x80040E37)

_________________________________________________________________

Alert: AD Op Master is inconsistent

Source: <SERVER>
Path: <SERVER FQDN>
Last modified by: System
Last modified time: 1/7/2009 12:01:21 AM Alert description: The Domain

Controller's Op Master is inconsitent. See additional alerts for
details.

_________________________________________________________________

All these alerts are DNS related. In one situation, we had a bad DNS
record on one of out top-level DNS servers. We could ping the netbios
name, but could not ping the FQDN (it was a DC in another domain
within our forest). In the second instance, there was a bad IP address
in the HOST file. Once all DNS resolution was resolved, the alerts
auto cleared.

We also have the alerts come in and then auto resolve on their own.
This happened when soemone rebooted a DC in another domain and that
server was the only DC for their domain.

I hope that helps. Here is a good link to investigate DNS issues:
http://www.windowsnetworking.com/articles_tutorials/Using-NSLOOKUP-DNS-Server-diagnosis.html

-CK

[CK01]

I have been struggling with these alerts since the new AD MP install and have
found the resolution for our situation. All the following alerts came in
during the same time period:

_________________________________________________________________
Alert: Could not determine the FSMO role holder.
Source: <SERVER>
Path: <SERVER FQDN>
Last modified by: System

Last modified time: 1/7/2009 12:01:24 AM Alert description: AD Replication
Partner Op Master Consistency : Unable to determine schema Op Master on

domain controller '<TARGET SERVER NETBIOS NAME>'.
_________________________________________________________________

Alert: AD Client Side - Script Based Test Failed to Complete

Source: <SERVER>
Path: <SERVER FQDN>
Last modified by: System

Last modified time: 1/7/2009 12:01:24 AM Alert description: AD Replication

Partner Op Master Consistency : The script 'AD Replication Partner Op Master

Consistency' failed to executethe following LDAP query: '<LDAP://<TARGET
SERVER FQDN
NAME>/CN=Schema,CN=Configuration,DC=xx,DC=xx,DC=net>;(&(objectClass=dMD)(fSMORoleOwner=*));fSMORoleOwner;Subtree'.

The error returned was 'Table does not exist.' (0x80040E37)

_________________________________________________________________

Alert: AD Op Master is inconsistent
Source: <SERVER>
Path: <SERVER FQDN>
Last modified by: System

Last modified time: 1/7/2009 12:01:21 AM Alert description: The Domain

Controller's Op Master is inconsitent. See additional alerts for details.

_________________________________________________________________

All these alerts are DNS related. In one situation, we had a bad DNS record

on one of our top-level DNS servers. We could ping the netbios name, but

could not ping the FQDN (it was a DC in another domain within our forest). In
the second instance, there was a bad IP address in the HOST file. Once all
DNS resolution was resolved, the alerts auto cleared.

We also have the alerts come in and then auto resolve on their own. This

happened when someone rebooted a DC in another child domain and that server

was the only DC for their domain.

I hope that helps. Here is a good link to investigate DNS issues:
http://www.windowsnetworking.com/articles_tutorials/Using-NSLOOKUP-DNS-Server-diagnosis.html

-CK

[Sebastian]

Hi Phillip,

we also had too many alerts and we are working on to reduce this number.

We had a configuration error with the AD MP Account.
Please refer to the AD MP Installation Guide, Page 12, paragraph 7.

You must associate the AD MP Account with each AD Controller individually
and manually.
We chose the easy way and associated only with the Management Server. Of
course that was not enough.

Once the misconfig was corrected the alerts had gone.

sebastian

[kristof]

Hi,

I'm having the same errormessage together with the errormessage AD Client
Side - Script Based Test Failed to Complete .
As additional info of this errormessage I get a error nr 0x80020009

I already reinstalled many times the ad scom agents but that does not work.
I did a little bit debugging and it seems that the script used to test
replication is not runned with the AD Replication monitoring account. It
runnes with system. (system has no access on ad)

When I verify the AD server 1 I see 2 monmonitor.Exe services running. 1
with system 1 with the ad replication monitoring account.

Can you help me with this?
It seems that scom is not sending it to the right one

thx

[kristof]

"kristof" wrote:

> Hi,
>
> I'm having the same errormessage together with the errormessage AD Client
> Side - Script Based Test Failed to Complete .
> As additional info of this errormessage I get a error nr 0x80020009
>
> I already reinstalled many times the ad scom agents but that does not work.
> I did a little bit debugging and it seems that the script used to test
> replication is not runned with the AD Replication monitoring account. It
> runnes with system. (system has no access on ad)
>

> When I verify the AD server 1 I see <3> monmonitor.Exe services running. <2>