Ask a question

Stefan Landstorfer

Critical Warning: FSMOCompliance: License Error

Hi All,

we migrated our SBS2011 Standard to Windows Server Essentials 2016 with your Migration Guide and all was fine till the end of the guide, no problems also DCDIAG /test:DNS /DNSALL /e /v all passed.

Now i have all two minutes the following message in the events:

Critical Warning: FSMOCompliance: License Error: The FSMO Role Check detected a condition in your environment that is out of compliance with the licensing policy. The Management Server must hold the primary domain controller and domain naming master Active Directory roles. Please move the Active Directory roles to the Management Server now.

How do i rectify this?

If I run NETDOM QUERY FSMO it all appears fine for all 5 roles.

Thank you very much for your answers.


  • FSMO
asked11/01/2018 13:10
74 views
Add Comment
Mariette Knap

Hello Stefan,

I have questions for you regarding the issue you have:

  1. Is the OS on your new server Windows Server Essentials 2016 or is it Standard with the Essentials Experience role installed;
  2. Is the old SBS still around?
Stefan Landstorfer

Hello many thanks for your answer :-) 

1. Its a real Windows Server Essentials 2016

2. The SBS was demoted like the Migration Guide and get a member and now it is Offline, only the new Server is Online


replied 11/01/2018 15:42
Mariette Knap

That is very strange and probably has nothing to do with the migration. Do you have other servers in your domain? Pls, run the following Powershell commands and copy the output in your answer.

Get-ADDomain
Get-ADForest

Did you complete the Essentials Configuration wizard?


replied 11/01/2018 16:06
Stefan Landstorfer

Hello Mariette,

yes, i completed the Wizard and i also did the "Migration Guide" 1to1 till the end and all was fine...
Here is the output (the Domain is "WINKLER.local", the name of the server is "pet330":

PS C:\Users\administrator.WINKLER> Get-ADDomain


AllowedDNSSuffixes                 : {}
ChildDomains                       : {}
ComputersContainer                 : OU=SBSComputers,OU=Computers,OU=MyBusiness,DC=winkler,DC=local
DeletedObjectsContainer            : CN=Deleted Objects,DC=winkler,DC=local
DistinguishedName                  : DC=winkler,DC=local
DNSRoot                            : winkler.local
DomainControllersContainer         : OU=Domain Controllers,DC=winkler,DC=local
DomainMode                         : Windows2008R2Domain
DomainSID                          : S-1-5-21-3832182282-2825546295-319575799
ForeignSecurityPrincipalsContainer : CN=ForeignSecurityPrincipals,DC=winkler,DC=local
Forest                             : winkler.local
InfrastructureMaster               : pet330.winkler.local
LastLogonReplicationInterval       :
LinkedGroupPolicyObjects           : {CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=POLICIES,CN=SYSTEM,DC=WINKLER,DC=LOC
                                     AL}
LostAndFoundContainer              : CN=LostAndFound,DC=winkler,DC=local
ManagedBy                          :
Name                               : winkler
NetBIOSName                        : WINKLER
ObjectClass                        : domainDNS
ObjectGUID                         : 4881668f-c446-4ee5-a721-eb777639c8f7
ParentDomain                       :
PDCEmulator                        : pet330.winkler.local
PublicKeyRequiredPasswordRolling   :
QuotasContainer                    : CN=NTDS Quotas,DC=winkler,DC=local
ReadOnlyReplicaDirectoryServers    : {}
ReplicaDirectoryServers            : {pet330.winkler.local}
RIDMaster                          : pet330.winkler.local
SubordinateReferences              : {DC=DomainDnsZones,DC=winkler,DC=local, DC=ForestDnsZones,DC=winkler,DC=local,
                                     CN=Configuration,DC=winkler,DC=local}
SystemsContainer                   : CN=System,DC=winkler,DC=local
UsersContainer                     : OU=SBSUsers,OU=Users,OU=MyBusiness,DC=winkler,DC=local

 

PS C:\Users\administrator.WINKLER> Get-ADForest


ApplicationPartitions : {DC=DomainDnsZones,DC=winkler,DC=local, DC=ForestDnsZones,DC=winkler,DC=local}
CrossForestReferences : {}
DomainNamingMaster    : pet330.winkler.local
Domains               : {winkler.local}
ForestMode            : Windows2008R2Forest
GlobalCatalogs        : {pet330.winkler.local}
Name                  : winkler.local
PartitionsContainer   : CN=Partitions,CN=Configuration,DC=winkler,DC=local
RootDomain            : winkler.local
SchemaMaster          : pet330.winkler.local
Sites                 : {Default-First-Site-Name}
SPNSuffixes           : {}
UPNSuffixes           : {}

 


replied 11/01/2018 20:05
Stefan Landstorfer

I forgot to mention, there is still an old database server in the domain "Windows Server 2003 R2", but only as a member ... and acts as a file server, VPN / RAS server, print server and application server ... the next week an application will be transferred to the new server, then this old server will also be switched off ...


replied 11/01/2018 20:58
Mariette Knap

OK, can you also post the output of:

Get-ADDomainController

 


replied 11/02/2018 04:24
Stefan Landstorfer
PS C:\Users\administrator.WINKLER> Get-ADDomainController


ComputerObjectDN           : CN=PET330,OU=Domain Controllers,DC=winkler,DC=local
DefaultPartition           : DC=winkler,DC=local
Domain                     : winkler.local
Enabled                    : True
Forest                     : winkler.local
HostName                   : pet330.winkler.local
InvocationId               : bd4e94a9-72fe-4296-8f9d-3fd8837f7504
IPv4Address                : 192.168.10.11
IPv6Address                : fd00::90a7:797b:d021:38e0
IsGlobalCatalog            : True
IsReadOnly                 : False
LdapPort                   : 389
Name                       : PET330
NTDSSettingsObjectDN       : CN=NTDS Settings,CN=PET330,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration
                             ,DC=winkler,DC=local
OperatingSystem            : Windows Server 2016 Essentials
OperatingSystemHotfix      :
OperatingSystemServicePack :
OperatingSystemVersion     : 10.0 (14393)
OperationMasterRoles       : {SchemaMaster, DomainNamingMaster, PDCEmulator, RIDMaster...}
Partitions                 : {DC=ForestDnsZones,DC=winkler,DC=local, DC=DomainDnsZones,DC=winkler,DC=local,
                             CN=Schema,CN=Configuration,DC=winkler,DC=local, CN=Configuration,DC=winkler,DC=local...}
ServerObjectDN             : CN=PET330,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=winkler,DC=lo
                             cal
ServerObjectGuid           : 1e59a22f-df9b-4fa2-8594-0e0a7c4d7db8
Site                       : Default-First-Site-Name
SslPort                    : 636

 


replied 11/02/2018 06:12
Mariette Knap

Do you have any other errors in the Event logs?


replied 11/02/2018 06:34
Mariette Knap

I think I know what the problem is. Can you check two issues:

  1. Type a net share from an elevated command prompt and confirm that you see an SYSVOL and NETLOGON share;
  2. Open Group Policy Management and look in the Container and check if you see the Default Domain and Default Domain Controller Policy.

replied 11/02/2018 06:53
Stefan Landstorfer

How can I upload a picture? Tried it, does not work somehow ... do you have a E-Mail Adress where i can send?

The pictures are same like yours...I have these entries...


replied 11/02/2018 10:37
Stefan Landstorfer

Here are the links to the pictures on my server...


replied 11/02/2018 10:38
Mariette Knap

No problem, I looked at the screenshots and they seem ok. Any error in the event logs?


replied 11/02/2018 11:09
Last Activity 11/02/2018 19:28

1 Answer(s)

  • Mariette Knap
    Add Comment
    Stefan Landstorfer

    Thank you very much, i'm very happy;
    Very competent and friendly service, I can only recommend :-)


    Reply
    replied 11/02/2018 16:56
Add an Answer