VMware Cloud Community
Johnkpjm
Contributor
Contributor
‎08-25-2015 03:39 PM

FSMO Role issue between Linked Mode VCenters

Recently performed a certificate update on a 'Production' VCenter environment, since then there has been an issue with the FSMO role between a Linked Mode VCenter 'DR' Environment.

(VCENTER 5.1)

They have not replicated in over a month now, with the replication issue starting since the certificates in VCENTER1 were updated.

For this scenario i've just changed the server names due to privacy, VCENTER1 is the "Production" Vcenter environment. VCENTER2 is the "DR" Environment.

Event log:

From FSMO Role owner

Event ID; 2092

This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated succesfully with any of its partners this this server has been restarted.

Oeprtations which require contacting a FSMO operation master will fail until this condition is corrected.

FSMO Role: CN=Partitions,CN=Configuration,CN={671AFF97-BB39-8177-768D86A9CC26}

From the other Vcenter server;

Event ID; 2093

The remote server which is the owner of the FSMO role is not responding. The server has not replicated with the FSMO role owner recently.

Operations which require contacting a FSMO Operation master will fail until this condition is corrected.

FSMO Role: CN=Schema,CN=Configuration,CN={671AFF97-BB39-8177-768D86A9CC26}

From DSMGMT:

Server "VCENTER2:389" knows about 2 roles

Schema - CN=NTDS Settings,CN=VCENTER1$VMwareVCMSDS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,CN={671AFF97-BB39-49C5-8177-768D86A9CC26}

Naming Master - CN=NTDS Settings,CN=VCENTER1$VMwareVCMSDS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,CN={671AFF97-BB39-49C5-8177-768D86A9CC26}

Server "VCENTER1:389" knows about 2 roles

Schema - CN=NTDS Settings,CN=VCENTER1$VMwareVCMSDS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,CN={671AFF97-BB39-49C5-8177-768D86A9CC26}

Naming Master - CN=NTDS Settings,CN=VCENTER1$VMwareVCMSDS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,CN={671AFF97-BB39-49C5-8177-768D86A9CC26}

*Edit*

Also the repadmin /showrepl does not show any replication errors, both servers are successfully replicating with all DC's in the environment, but do not list each other.

0 Kudos
4 Replies
IBM_India
Enthusiast
Enthusiast
‎08-25-2015 05:57 PM

can you check below Firewall setting

When configuring the firewall ensure that these ports are open:

Service

Port/Protocol

RPC endpoint mapper

135/tcp, 135/udp

Network basic input/output system (NetBIOS) name service

137/tcp, 137/udp

NetBIOS datagram service

138/udp

NetBIOS session service

139/tcp

RPC dynamic assignment

1024-65535/tcp

Server message block (SMB) over IP (Microsoft-DS)

445/tcp, 445/udp

Lightweight Directory Access Protocol (LDAP)

389/tcp

LDAP ping

389/udp

LDAP over SSL

636/tcp

Global catalog LDAP

3268/tcp

Global catalog LDAP over SSL

3269/tcp

Kerberos

88/tcp, 88/udp

Domain Name Service (DNS)

53/tcp1, 53/udp

Windows Internet Naming Service (WINS) resolution (if required)

1512/tcp, 1512/udp

WINS replication (if required)

42/tcp, 42/udp

vCenter 4.x8443/tcp
if you think this post is helpful, please provide points accordingly thanks Zubair Technical Specialist
0 Kudos
Johnkpjm
Contributor
Contributor
‎08-25-2015 06:29 PM

The Firewall on both servers is disabled for all profiles.

0 Kudos
IBM_India
Enthusiast
Enthusiast
‎08-25-2015 09:42 PM

check services are running,

few times services are not started or put into delay start

so please restart and start services of VC

if you think this post is helpful, please provide points accordingly thanks Zubair Technical Specialist
0 Kudos
Johnkpjm
Contributor
Contributor
‎08-26-2015 03:27 PM

Have tried that but no success, all services are running, both servers have been restarted and services restarted.

Another Error in the ADAM logs on VCENTER2;

Event ID; 1308

The Knowledge Consistency Checker (KCC) has detected that successive attempts to replicate with the following directory service has consistently failed.

Attempts:

972

Directory service:

CN=NTDS Settings,CN=VCENTER2$VMwareVCMSDS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,CN={671AFF97-BB39-49C5-8177-768D86A9CC26}

Period of time (minutes):

54491

0 Kudos