Hi,
I have a forest with a parent (domain.local) and 4 child domains (branch1.domain.local, branch2, etc) running Windows Server 2003 R2 SP2.
We decided to introduce Windows Server 2012 into it. The forest and domain functional level are/were both at 2003 before the introduction.
We installed 2012 into the parent domain and it promoted to a DC fine (call it NEWSERVER). We gave it all 5 FSMO roles. Replication was looking OK, so we demoted and removed the original 2003 R2 server from the parent domain. The child domains still had 2003 R2 in it.
When we went to install 2012 into one of the child domains, it said it couldn't contact the OLD parent server to verify the forest had been upgraded. We'll call it OLDSERVER. A query of the FSMO roles in the child domain showed it thought OLDSERVER was still the Schema Master and Domain Naming Master. A query in the parent domain showed NEWSERVER was holding those two roles. In the AD Sites and Services on the child domains, under Default-First-Site-Name OLDSERVER was still there, but not NEWSERVER. We removed OLDSERVER by saying it was offline/could not be contacted.
Fast forward a few days, and now the reference to OLDSERVER is gone...now the schema master shows ERROR (blank in ADSIedit) for all child domain. About a day after that the parent domain now shows ERROR as well (did it replicate back? How did it go from thinking it was the schema master to having nothing?)
I thought perhaps trying to seize the role may work from NEWSERVER, but when I did that, it said "failed with no such attribute" and "the attribute specified in the operation is not present on the object".
So then I take a look at whether NEWSERVER is a global catalog or not....it isn't. It shows it isn't advertising AND is not ready to become one.
So in the end, the 4 child domains do not have NEWSERVER in the Default-First-Site-Name under servers and do not have it as an option. Looking through the replication summary/history, they are only replicating with each other and not the parent.
The parent domain shows the following errors in the directory services log:
Event ID 1925
The attempt to establish a replication link for the following writable directory partition failed.
This directory service will be unable to replicate with the source directory service until this problem is corrected.
Additional Data
Error value:
8418 The replication operation failed because of a schema mismatch between the servers involved.
Event ID 1926
The attempt to establish a replication link to a read-only directory partition with the following parameters failed.
Additional Data
Error value:
8418 The replication operation failed because of a schema mismatch between the servers involved.
Event ID 1311
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
Directory partition:
DC=branch1,DC=domain,DC=local
There is insufficient site connectivity information for the KCC to create a spanning tree replication topology. Or, one or more directory servers with this directory partition are unable to replicate the directory partition information. This is probably due
to inaccessible directory servers.
Running repadmin /showreps gets the following errors:
- The replication operation failed because of a schema mismatch between the servers involved.
- KCC could not add this REPLICA LINK due to error.
The schema version on the parent domain is 56 (correct for 2012), and on all child domains it shows as31 (correct for 2003 R2). Forestprep and Domainprep were done on the parent domain, but domainprep was not done on the child domains since we hadn't installed 2012 at that point...and by the time we went to install 2012 in a child domain, the child had shown the ERROR as the schema master, so it couldn't verify forestprep had been done, and therefore we can't add any more DCs to the child domains or do domainprep.
I used ADSIedit to clear out all references to OLDSERVER, but things aren't replicating yet...
I'm wondering if I'm going in circles... which errors should I be concentrating on fixing first... is the schema mismatch preventing replication, or is lack of replication preventing NEWSERVER from becoming GC and therefore preventing the children from knowing the schema was extended? Unfortunately I cannot get the child domains to SEE NEWSERVER as a bridgehead option until it is a GC. The children and parent had successful replication with each other 1 day before the upgrade, it's been less than a week, so nothing past the tombstone life.