By Joseph Yedid
In my last post, I described how I decommissioned a Domain Controller (DC). Soon after I decommissioned that DC, I started noticing some errors cropping up in my Operations Manager (OpsMan) console.
Here is one of the OpsMan errors that I was seeing:
AD Replication Monitoring : encountered a runtime error.
Failed to obtain the InfrastructureMaster using a well known GUID.
The error returned was: ‘Failed to get the ‘fSMORoleOwner’ attribute from the object
The error returned was: ‘There is no such object on the server.’ (0x80072030)’ (0x80072030)
I found it curious that this should be coming up! Looking at the error, it would seem that there is some confusion as to who the FSMO role owner is for the infrastructure role. In doing some research, I came across this knowledge base article.
Turns out, there is a GPO section that pertains to a GPO alert in OpsMan that I was also getting. However, even after I fixed the GPO issue, I was still getting the FSMO role owner error.
The More Information section of the article suggested that I take a look in ADSIEdit in order to determine the role owner.
Examining the CN=Infrastructure attribute in ADSIEdit, I discovered that the FSMORoleOwner was pointing to another old decommissioned DC! Why didn’t that update a long time ago?
Now I was stuck. I didn’t know how to resolve this problem, so I posted a question in the TechNet forums.
The proposed solution was to seize the infrastructure role. Before undertaking that task, I checked the NTDSutil on my primary DC to see the role owners. Everything pointed to the correct DC. Interesting.
I then re-checked ADSIEdit. The CN=Infrastructure attribute updated itself, somehow. I cleared OpsMan of the error/warning, but the error/warning came back. Something was still amiss here. I decided that seizing the infrastructure role was a bit too forceful.
I needed to do a bit more research and ended up finding a script that addressed my exact issue.
From the looks of it, the script resets the infrastructure attribute domain and forest wide. Once I ran the script, all of my OpsMan errors and related warnings disappeared. Success! Here’s the link to the script.