APC_40
asked on
Cannot demote a DC using DCPROMO - 'Logon failure: the target account name is invalid.
Hi,
I have a urgent need to demote a 2003 DC server. The server was offline for over 60 days and it appears to have tombstoned. The server was offline and due to a network issue and now users are having issues logging in to their workstations, etc
The server has no roles attached to it and is not a GK server. I'm getting replication issues on my good DC.
The error I receive is - The operation failed because:
Managing the network session with ****.local failed.
'Logon failure. The target account name is incorrect.
How do I demote this server?
I have a urgent need to demote a 2003 DC server. The server was offline for over 60 days and it appears to have tombstoned. The server was offline and due to a network issue and now users are having issues logging in to their workstations, etc
The server has no roles attached to it and is not a GK server. I'm getting replication issues on my good DC.
The error I receive is - The operation failed because:
Managing the network session with ****.local failed.
'Logon failure. The target account name is incorrect.
How do I demote this server?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok I've deleted the DC using the metadata cleanup and it's been removed from DNS. Only 2 DCs are now in AD. I did not DCPROMO /force, i deleted the server through meta data cleanup
Unfortunately I logged on to a few PCs and some allowed access but others did not as before. I don't understand why sometimes I can logon to a PC but others i can't . The message when trying to logon states 'a domain controller could not be found, etc...'
There was still an issue that when a users password was changed in AD and they were forced to change it, it never asked for them to change it.
Any further guidance?
Unfortunately I logged on to a few PCs and some allowed access but others did not as before. I don't understand why sometimes I can logon to a PC but others i can't . The message when trying to logon states 'a domain controller could not be found, etc...'
There was still an issue that when a users password was changed in AD and they were forced to change it, it never asked for them to change it.
Any further guidance?
Run this and post results
@echo off
echo "Starting NetDiag on SERVER" >>c:\util\dclogx.txt
netdiag >>dclogx.txt
echo "Starting DCDiag on SERVER" >>c:\util\dclogx.txt
dcdiag >>dclogx.txt
dcdiag /test:registerindns /dnsdomain:FQDN>>dclogx.tx
dcdiag /c /v >>dclogx.txt
dcdiag /test:dns >>dclogx.txt
browstat status -v our >>dclogx.txt
echo "Who owns FSMO Roles" >>dclogx.txt
NTDSUTIL roles Connections "Connect to server SERVER" Quit "select Operation Target" "List roles for connected server" Quit Quit Quit >>dclogx.txt
EXIT
Lets check your AD and DNS
@echo off
echo "Starting NetDiag on SERVER" >>c:\util\dclogx.txt
netdiag >>dclogx.txt
echo "Starting DCDiag on SERVER" >>c:\util\dclogx.txt
dcdiag >>dclogx.txt
dcdiag /test:registerindns /dnsdomain:FQDN>>dclogx.tx
dcdiag /c /v >>dclogx.txt
dcdiag /test:dns >>dclogx.txt
browstat status -v our >>dclogx.txt
echo "Who owns FSMO Roles" >>dclogx.txt
NTDSUTIL roles Connections "Connect to server SERVER" Quit "select Operation Target" "List roles for connected server" Quit Quit Quit >>dclogx.txt
EXIT
Lets check your AD and DNS
ASKER
Cleared the DC using metadatacleanup - cheers all.
ASKER
Event ID - 2042 -
Source NTDS replication.
Description - It has neen too long since this machine last replicated with the named source machine. The time between replicatins with this source has excedded the tombstone lifetime. The source machine may still have copies of object that have been deleted.
On the 'bad' DC -
Error event ID 1864 -
The local domain controller has not recently received replication information from a number of domain controllers. The count of domain controllers is shown, divided in to the following intervals.
More thatn 24hrs
2
More thatn a week
2
More than a month
2
More than two months
2
More than a lifetime
2
Tombstone lifetime Days
60