The directory service was unable to allocate a relative identifier

[vbjr]

#154120

Hello guys and girls,

I tried to join a workstation to a domain and it gave me the “The directory service was unable to allocate a relative identifier”

Now I have tried to create a new user in the domain and it gives me the same error message.

The setup:
1x Windows 2003 Domain Controller (DC + DHCP + DNS + Print Server + File Server)
1x Windows 2003 Exchange Server

Previous to this setup it used to be the same but it was a Windows 2000 environment which was migrated to the new Windows 2003 setup.
The migration was done following the MS articles of moving FSO’s and so forth.

When the migration was done the old servers were left on for 3 months and then switched off after that, the old servers are no longer available on the site.

The setup has been on purely 2k3 for around a year now and have not experienced any big problems.

Some useful info:
DCDIAG output:

---

Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests

Testing server: Default-First-Site-NameBF-DC
Starting test: Connectivity
……………………. BF-DC passed test Connectivity
Doing primary tests

Testing server: Default-First-Site-NameBF-DC
Starting test: Replications
[Replications Check,BF-DC] A recent replication attempt failed:
From BFMAIN to BF-DC
Naming Context: CN=Schema,CN=Configuration,DC=company,DC=co,DC=uk
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup failure.
The failure occurred at 2011-04-05 23:49:40.
The last success occurred at 2008-09-15 00:29:12.
22242 failures have occurred since the last success.
The guid-based DNS name f723ee2b-03b5-4990-97de-5c0ff9f343d2._msdcs.company.co.uk
is not registered on one or more DNS servers.
[BFMAIN] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
[Replications Check,BF-DC] A recent replication attempt failed:
From BFMAIN to BF-DC
Naming Context: CN=Configuration,DC=company,DC=co,DC=uk
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup failure.
The failure occurred at 2011-04-05 23:48:37.
The last success occurred at 2008-09-15 00:41:28.
23759 failures have occurred since the last success.
The guid-based DNS name f723ee2b-03b5-4990-97de-5c0ff9f343d2._msdcs.company.co.uk
is not registered on one or more DNS servers.
[Replications Check,BF-DC] A recent replication attempt failed:
From BFMAIN to BF-DC
Naming Context: DC=company,DC=co,DC=uk
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup failure.
The failure occurred at 2011-04-05 23:47:35.
The last success occurred at 2008-09-15 00:31:01.
22548 failures have occurred since the last success.
The guid-based DNS name f723ee2b-03b5-4990-97de-5c0ff9f343d2._msdcs.company.co.uk
is not registered on one or more DNS servers.
REPLICATION-RECEIVED LATENCY WARNING
BF-DC: Current time is 2011-04-06 00:34:25.
CN=Schema,CN=Configuration,DC=company,DC=co,DC=uk
Last replication recieved from BFMAIN at 2008-09-15 00:29:12.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
CN=Configuration,DC=company,DC=co,DC=uk
Last replication recieved from BFMAIN at 2008-09-15 00:41:28.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
DC=company,DC=co,DC=uk
Last replication recieved from BFMAIN at 2008-09-15 00:31:01.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
……………………. BF-DC passed test Replications
Starting test: NCSecDesc
……………………. BF-DC passed test NCSecDesc
Starting test: NetLogons
……………………. BF-DC passed test NetLogons
Starting test: Advertising
……………………. BF-DC passed test Advertising
Starting test: KnowsOfRoleHolders
……………………. BF-DC passed test KnowsOfRoleHolders
Starting test: RidManager
The DS has corrupt data: rIDPreviousAllocationPool value is not valid
No rids allocated — please check eventlog.
……………………. BF-DC failed test RidManager
Starting test: MachineAccount
……………………. BF-DC passed test MachineAccount
Starting test: Services
……………………. BF-DC passed test Services
Starting test: ObjectsReplicated
……………………. BF-DC passed test ObjectsReplicated
Starting test: frssysvol
……………………. BF-DC passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
……………………. BF-DC failed test frsevent
Starting test: kccevent
……………………. BF-DC passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0xC00003EA
Time Generated: 04/05/2011 23:45:34
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000410B
Time Generated: 04/05/2011 23:47:23
Event String: The request for a new account-identifier pool
An Error Event occured. EventID: 0xC0000073
Time Generated: 04/05/2011 23:47:51
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0001B5B
Time Generated: 04/05/2011 23:48:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000423
Time Generated: 04/05/2011 23:48:37
Event String: The DHCP service failed to see a directory server
An Error Event occured. EventID: 0xC0000036
Time Generated: 04/05/2011 23:48:48
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000036
Time Generated: 04/05/2011 23:48:48
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000423
Time Generated: 04/05/2011 23:49:01
Event String: The DHCP service failed to see a directory server
……………………. BF-DC failed test systemlog
Starting test: VerifyReferences
……………………. BF-DC passed test VerifyReferences

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
……………………. ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
……………………. ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
……………………. DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
……………………. DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
……………………. Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
……………………. Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
……………………. Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
……………………. Configuration passed test CheckSDRefDom

Running partition tests on : company
Starting test: CrossRefValidation
……………………. company passed test CrossRefValidation
Starting test: CheckSDRefDom
……………………. company passed test CheckSDRefDom

Running enterprise tests on : company.co.uk
Starting test: Intersite
……………………. company.co.uk passed test Intersite
Starting test: FsmoCheck
……………………. company.co.uk passed test FsmoCheck

I hope you are able to help, looking forward to ideas on how to resolve this.
Most of the information I have found (specially on the MS site) mainly advises to seize the RID role and so forth, but kinda afraid of doing this.

Im able to provide remote access to the server if needed be (if there are people here that are kind enough to help remotely :))

[Author]

Posts