ssiremote
asked on
2003 dc demote 2008 dc promote
first the topology. current dc is server 2003 . added a 2nd server with server 2008 as member server. ran the adpreps. all seemed good. dcpromoed the server 2008 .all seemed good. started demoting the 2003 to member server and thats where it went wrong. the 2003 server tells me that it is the las dc on domain and warns that "no other active directory domain controller for tha tdomain can be contacted" need help urgently. please help. thanks
ASKER
@spartan. only one server is a 2008. do you want me to run dcdiag on both the 2008 and 2003 servers?
This is normally an indication of incorrect DNS/Network config.
Run DCDIAG and check your network settings on both servers.
Make sure that the 2008 server is a GC AND that you have transfered ALL of the FSMO roles from 2003 server to 2008 server BEFORE you demote it.
Run DCDIAG and check your network settings on both servers.
Make sure that the 2008 server is a GC AND that you have transfered ALL of the FSMO roles from 2003 server to 2008 server BEFORE you demote it.
BUT
The question is.....Why demote it if you ONLY have the two domain controllers? You should NEVER run an AD environment with only ONE AD server. More importantly you should have at least two and BOTH should be GC's.
The question is.....Why demote it if you ONLY have the two domain controllers? You should NEVER run an AD environment with only ONE AD server. More importantly you should have at least two and BOTH should be GC's.
ASKER
now i have a bigger issue. the 2003 dc has a local ip of 192.168.1.1 . the 2008 lan dns had 192.168.1.1 in it. the 2008 server hasip 192.168.1.2. i manually changed the dns on 2008 to 192.168.1.2 and not the server is in a reboot loop . cant get back in to change the dns back. damn. sorry folks.
ASKER
@neilsr. the owner of the equioment insists that he have only 1 server. the 2003 server is 6 -7 years old and failing.
can you boot into safe mode and reset the ip? doesn't sound like an ip error though, usually with an ip error it comes up with an error, not reboot.
can you do a startup repair by going to advanced on F8? I have never had to use the advanced menu on startup for server 2008, but I would assume it is there.
can you do a startup repair by going to advanced on F8? I have never had to use the advanced menu on startup for server 2008, but I would assume it is there.
ASKER
it wont go past the ctrl-alt-del screen in any mode. trying last good configuration now. fingers crossed.
going into safemode would be before it boots into windows, when you get into the bios screen, start pressing F8 (thats the normal button, some models are different)
then you will see a menu that should let you into startup repair
then you will see a menu that should let you into startup repair
ASKER
last known configuration worked. running dcdiag now
ASKER
An error event occurred. EventID: 0xC0001B58
Time Generated: 09/08/2011 13:15:04
Event String:
The Allscripts Process Import Linking service failed to start due to
the following error:
An error event occurred. EventID: 0xC0001B58
Time Generated: 09/08/2011 13:15:19
Event String:
The Allscripts Process Messages service failed to start due to the f
ollowing error:
An error event occurred. EventID: 0x0000041E
Time Generated: 09/08/2011 13:15:22
Event String:
The processing of Group Policy failed. Windows could not obtain the
name of a domain controller. This could be caused by a name resolution failure.
Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0xC0001B58
Time Generated: 09/08/2011 13:15:34
Event String:
The Allscripts Process Scheduled Events service failed to start due
to the following error:
A warning event occurred. EventID: 0x00001696
Time Generated: 09/08/2011 13:15:37
Event String:
Dynamic registration or deregistration of one or more DNS records fa
iled with the following error:
An error event occurred. EventID: 0xC0001B81
Time Generated: 09/08/2011 13:15:37
Event String:
The msftesql service was unable to log on as CEFM-DOM\Amhs-services
with the currently configured password due to the following error:
An error event occurred. EventID: 0xC0001B58
Time Generated: 09/08/2011 13:15:37
Event String:
The SQL Server FullText Search (MSSQLSERVER) service failed to start
due to the following error:
An error event occurred. EventID: 0xC0001B81
Time Generated: 09/08/2011 13:15:38
Event String:
The MSSQLSERVER service was unable to log on as CEFM-DOM\Amhs-servic
es with the currently configured password due to the following error:
An error event occurred. EventID: 0xC0001B58
Time Generated: 09/08/2011 13:15:38
Event String:
The SQL Server (MSSQLSERVER) service failed to start due to the foll
owing error:
A warning event occurred. EventID: 0x80050004
Time Generated: 09/08/2011 13:18:10
Event String:
Broadcom BCM5709C: The network link is down. Check to make sure the
network cable is properly connected.
A warning event occurred. EventID: 0xA004001B
Time Generated: 09/08/2011 13:18:12
Event String: Intel(R) Gigabit ET Dual Port Server Adapter
A warning event occurred. EventID: 0x80040020
Time Generated: 09/08/2011 13:18:14
Event String:
The driver detected that the device \Device\Harddisk0\DR0 has its wr
ite cache enabled. Data corruption may occur.
A warning event occurred. EventID: 0x80040020
Time Generated: 09/08/2011 13:18:14
Event String:
The driver detected that the device \Device\Harddisk0\DR0 has its wr
ite cache enabled. Data corruption may occur.
A warning event occurred. EventID: 0x80040020
Time Generated: 09/08/2011 13:18:14
Event String:
The driver detected that the device \Device\Harddisk0\DR0 has its wr
ite cache enabled. Data corruption may occur.
An error event occurred. EventID: 0x80001778
Time Generated: 09/08/2011 13:18:18
Event String:
The previous system shutdown at 1:15:24 PM on 9/8/2011 was unexpecte
d.
A warning event occurred. EventID: 0x8000001D
Time Generated: 09/08/2011 13:18:21
Event String:
The Key Distribution Center (KDC) cannot find a suitable certificate
to use for smart card logons, or the KDC certificate could not be verified. Sma
rt card logon may not function correctly if this problem is not resolved. To cor
rect this problem, either verify the existing KDC certificate using certutil.exe
or enroll for a new KDC certificate.
A warning event occurred. EventID: 0x00000C18
Time Generated: 09/08/2011 13:18:53
Event String:
The primary Domain Controller for this domain could not be located.
An error event occurred. EventID: 0xC0001B81
Time Generated: 09/08/2011 13:18:58
Event String:
The csimProcessJobScheduleServ ice service was unable to log on as CE
FM-DOM\AMHS-Services with the currently configured password due to the following
error:
An error event occurred. EventID: 0xC0001B58
Time Generated: 09/08/2011 13:15:04
Event String:
The Allscripts Process Import Linking service failed to start due to
the following error:
An error event occurred. EventID: 0xC0001B58
Time Generated: 09/08/2011 13:15:19
Event String:
The Allscripts Process Messages service failed to start due to the f
ollowing error:
An error event occurred. EventID: 0x0000041E
Time Generated: 09/08/2011 13:15:22
Event String:
The processing of Group Policy failed. Windows could not obtain the
name of a domain controller. This could be caused by a name resolution failure.
Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0xC0001B58
Time Generated: 09/08/2011 13:15:34
Event String:
The Allscripts Process Scheduled Events service failed to start due
to the following error:
A warning event occurred. EventID: 0x00001696
Time Generated: 09/08/2011 13:15:37
Event String:
Dynamic registration or deregistration of one or more DNS records fa
iled with the following error:
An error event occurred. EventID: 0xC0001B81
Time Generated: 09/08/2011 13:15:37
Event String:
The msftesql service was unable to log on as CEFM-DOM\Amhs-services
with the currently configured password due to the following error:
An error event occurred. EventID: 0xC0001B58
Time Generated: 09/08/2011 13:15:37
Event String:
The SQL Server FullText Search (MSSQLSERVER) service failed to start
due to the following error:
An error event occurred. EventID: 0xC0001B81
Time Generated: 09/08/2011 13:15:38
Event String:
The MSSQLSERVER service was unable to log on as CEFM-DOM\Amhs-servic
es with the currently configured password due to the following error:
An error event occurred. EventID: 0xC0001B58
Time Generated: 09/08/2011 13:15:38
Event String:
The SQL Server (MSSQLSERVER) service failed to start due to the foll
owing error:
A warning event occurred. EventID: 0x80050004
Time Generated: 09/08/2011 13:18:10
Event String:
Broadcom BCM5709C: The network link is down. Check to make sure the
network cable is properly connected.
A warning event occurred. EventID: 0xA004001B
Time Generated: 09/08/2011 13:18:12
Event String: Intel(R) Gigabit ET Dual Port Server Adapter
A warning event occurred. EventID: 0x80040020
Time Generated: 09/08/2011 13:18:14
Event String:
The driver detected that the device \Device\Harddisk0\DR0 has its wr
ite cache enabled. Data corruption may occur.
A warning event occurred. EventID: 0x80040020
Time Generated: 09/08/2011 13:18:14
Event String:
The driver detected that the device \Device\Harddisk0\DR0 has its wr
ite cache enabled. Data corruption may occur.
A warning event occurred. EventID: 0x80040020
Time Generated: 09/08/2011 13:18:14
Event String:
The driver detected that the device \Device\Harddisk0\DR0 has its wr
ite cache enabled. Data corruption may occur.
An error event occurred. EventID: 0x80001778
Time Generated: 09/08/2011 13:18:18
Event String:
The previous system shutdown at 1:15:24 PM on 9/8/2011 was unexpecte
d.
A warning event occurred. EventID: 0x8000001D
Time Generated: 09/08/2011 13:18:21
Event String:
The Key Distribution Center (KDC) cannot find a suitable certificate
to use for smart card logons, or the KDC certificate could not be verified. Sma
rt card logon may not function correctly if this problem is not resolved. To cor
rect this problem, either verify the existing KDC certificate using certutil.exe
or enroll for a new KDC certificate.
A warning event occurred. EventID: 0x00000C18
Time Generated: 09/08/2011 13:18:53
Event String:
The primary Domain Controller for this domain could not be located.
An error event occurred. EventID: 0xC0001B81
Time Generated: 09/08/2011 13:18:58
Event String:
The csimProcessJobScheduleServ
FM-DOM\AMHS-Services with the currently configured password due to the following
error:
An error event occurred. EventID: 0xC0001B58
"@neilsr. the owner of the equioment insists that he have only 1 server"
Then you should be advising him of the danger AND getting him to sign a waiver that sayd "You told him so".
When this one breaks and NOBODY can log in, it will be your fault, he will swear by it.
Then you should be advising him of the danger AND getting him to sign a waiver that sayd "You told him so".
When this one breaks and NOBODY can log in, it will be your fault, he will swear by it.
The DNS settings of the two servers should be:
Primary DNS: Points to self
Secondary DNS: Points to other server
This is why you could not boot and login correctly
Primary DNS: Points to self
Secondary DNS: Points to other server
This is why you could not boot and login correctly
you can only have 1 default gateway on your network
You are using multiple nics? Is this necessary?
If not, then disable one and only use one NIC for your network connection.
If not, then disable one and only use one NIC for your network connection.
ASKER
looked at fsmo roles. and found out that the only the schema role still pointing to the old server is the schema master. could that be causing the demote issue?
ASKER
yeah im using only the one nic. i had enabled the other ones while i was trying to get it to boot back up.
can you run ipconfig /all and paste results??
Conflicting gateways will create all sorts of connectivity issues.
Conflicting gateways will create all sorts of connectivity issues.
Ensure only one NIC is enabled. The error you have does not relate to the DNS settings i asked you to change.
Hi ssiremote,
To answer your question about schema master - yes,that would definately be 1 of the reasons. Please ensure that all FSMO roles have been transfered to the 2008 server.
You can follow steps detailed here - http://support.microsoft.com/kb/324801
Once that is done, please ensure both servers have dns roles installed and point primary DNS to new server and secondary DNS to old server.
Once you have confirmed all FSMO roles have been transferred, you should be able to successfully demote the 2003 server from AD roles.
To answer your question about schema master - yes,that would definately be 1 of the reasons. Please ensure that all FSMO roles have been transfered to the 2008 server.
You can follow steps detailed here - http://support.microsoft.com/kb/324801
Once that is done, please ensure both servers have dns roles installed and point primary DNS to new server and secondary DNS to old server.
Once you have confirmed all FSMO roles have been transferred, you should be able to successfully demote the 2003 server from AD roles.
in reference to the multiple default gateway error message - you are getting it as other nics have another gateway defined. If you have the other nics unplugged or not used, you shouldnt worry about it, as its a warning message. This does come up when you have multiple NIC's and no teaming setup.
ASKER
This is what i get during the role transfer
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator>ntd sutil
ntdsutil: roles
fsmo maintenance: connections
server connections: connect to server dbserver.cefm-dom.local
Binding to dbserver.cefm-dom.local ...
Connected to dbserver.cefm-dom.local using credentials of locally logged on user
.
server connections: q
fsmo maintenance: transfer schema master
ldap_modify_sW error 0x34(52 (Unavailable).
Ldap extended error message is 000020AF: SvcErr: DSID-032103CB, problem 5002 (UN
AVAILABLE), data 3
Win32 error returned is 0x20af(The requested FSMO operation failed. The current
FSMO holder could not be contacted.)
)
Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Server "dbserver.cefm-dom.local" knows about 5 roles
Schema - CN=NTDS Settings,CN=CEFM-HMO,CN=Se rvers,CN=D efault-Fir st-Site-Na me,CN=S
ites,CN=Configuration,DC=C EFM-DOM,DC =local
Domain - CN=NTDS Settings,CN=DBSERVER,CN=Se rvers,CN=D efault-Fir st-Site-Na me,CN=S
ites,CN=Configuration,DC=C EFM-DOM,DC =local
PDC - CN=NTDS Settings,CN=DBSERVER,CN=Se rvers,CN=D efault-Fir st-Site-Na me,CN=Site
s,CN=Configuration,DC=CEFM -DOM,DC=lo cal
RID - CN=NTDS Settings,CN=DBSERVER,CN=Se rvers,CN=D efault-Fir st-Site-Na me,CN=Site
s,CN=Configuration,DC=CEFM -DOM,DC=lo cal
Infrastructure - CN=NTDS Settings,CN=DBSERVER,CN=Se rvers,CN=D efault-Fir st-Site-N
ame,CN=Sites,CN=Configurat ion,DC=CEF M-DOM,DC=l ocal
fsmo maintenance:
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator>ntd
ntdsutil: roles
fsmo maintenance: connections
server connections: connect to server dbserver.cefm-dom.local
Binding to dbserver.cefm-dom.local ...
Connected to dbserver.cefm-dom.local using credentials of locally logged on user
.
server connections: q
fsmo maintenance: transfer schema master
ldap_modify_sW error 0x34(52 (Unavailable).
Ldap extended error message is 000020AF: SvcErr: DSID-032103CB, problem 5002 (UN
AVAILABLE), data 3
Win32 error returned is 0x20af(The requested FSMO operation failed. The current
FSMO holder could not be contacted.)
)
Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Server "dbserver.cefm-dom.local" knows about 5 roles
Schema - CN=NTDS Settings,CN=CEFM-HMO,CN=Se
ites,CN=Configuration,DC=C
Domain - CN=NTDS Settings,CN=DBSERVER,CN=Se
ites,CN=Configuration,DC=C
PDC - CN=NTDS Settings,CN=DBSERVER,CN=Se
s,CN=Configuration,DC=CEFM
RID - CN=NTDS Settings,CN=DBSERVER,CN=Se
s,CN=Configuration,DC=CEFM
Infrastructure - CN=NTDS Settings,CN=DBSERVER,CN=Se
ame,CN=Sites,CN=Configurat
fsmo maintenance:
I did state right at the beining....
"Make sure that the 2008 server is a GC AND that you have transfered ALL of the FSMO roles from 2003 server to 2008 server BEFORE you demote it."
"Make sure that the 2008 server is a GC AND that you have transfered ALL of the FSMO roles from 2003 server to 2008 server BEFORE you demote it."
ASKER
i did check when you advised. the 2008 server is a gc. somehow all roles had transferred but the schema master. when i tried to move the schema master i get the error that i had previously posted.
To transfer Schema Master Roles:
Register Schmmgmt.dll
Click Start, and then click Run.
Type regsvr32 schmmgmt.dll in the Open box, and then click OK.
Click OK when you receive the message that the operation succeeded.
Transfer the Schema Master Role
Click Start, click Run, type mmc in the Open box, and then click OK.
On the File, menu click Add/Remove Snap-in.
Click Add.
Click Active Directory Schema, click Add, click Close, and then click OK.
In the console tree, right-click Active Directory Schema, and then click Change Domain Controller.
Click Specify Name, type the name of the domain controller that will be the new role holder, and then click OK.
In the console tree, right-click Active Directory Schema, and then click Operations Master.
Click Change.
Click OK to confirm that you want to transfer the role, and then click Close.
------
Use the primary DNS as the old server and follow above steps
Register Schmmgmt.dll
Click Start, and then click Run.
Type regsvr32 schmmgmt.dll in the Open box, and then click OK.
Click OK when you receive the message that the operation succeeded.
Transfer the Schema Master Role
Click Start, click Run, type mmc in the Open box, and then click OK.
On the File, menu click Add/Remove Snap-in.
Click Add.
Click Active Directory Schema, click Add, click Close, and then click OK.
In the console tree, right-click Active Directory Schema, and then click Change Domain Controller.
Click Specify Name, type the name of the domain controller that will be the new role holder, and then click OK.
In the console tree, right-click Active Directory Schema, and then click Operations Master.
Click Change.
Click OK to confirm that you want to transfer the role, and then click Close.
------
Use the primary DNS as the old server and follow above steps
What is server CEFM-HMO ? Your 2003 server?
ASKER
that is correct nielsr
From your 2008 server can you ping CEFM-HMO ?
ASKER
yes i can and i can use admin shares
ASKER
"point primary DNS to new server and secondary DNS to old server"
is this correct . i currently have is as nielsr had advised " Primary DNS: Points to self
Secondary DNS: Points to other server"
is this correct . i currently have is as nielsr had advised " Primary DNS: Points to self
Secondary DNS: Points to other server"
ASKER
ok so after multiple tries i got the schema master role transferred too. am rebooting both servers. will keep you guys apprised. thanks
So long as both servers had DNS role installed and upto date it shouldnt matter what way round you have the DNS servers except it will slow boot times down.
ASKER
ALL ROLES TRASFERRED successfully . dns server roles running on both . but during demote on server 2003 i still get the box indicating that this dc is the last controller for this domain is unchecked. however o other active directory domain controllers for domain can be contacted. do u wish to proceed?
Yes, as neilsr mentioned as long as both servers have DNS installed. Once you have rebooted the server, check through the steps to see that the roles have been migrated, after which you should be able to demote.
ASKER
so even if the msg says that no other active directory domains can be contacted i should go ahead with the demote?
Try and perofrm a manual replication between the 2 DC's and try agian
Sorry I just read the message throughly! It is prompting you to confirm if this is the LAST domain controller. If you levae that option UNCHECKED, it means this is NOT the last DC
The messag eis saying that it is able to communicate to other DC's which is fine.
Just make sure before you proceeed, that the option is UNCHECKED.
You should only check that option if it is the last DC, otherwise proceed with it unchecked and it will reboot as a normal member server of the domain
The messag eis saying that it is able to communicate to other DC's which is fine.
Just make sure before you proceeed, that the option is UNCHECKED.
You should only check that option if it is the last DC, otherwise proceed with it unchecked and it will reboot as a normal member server of the domain
Just thought Ill paste the points of demoting here too.
Removing a domain controller by using the Windows interface
You can use the Active Directory Domain Services Installation Wizard to remove a domain controller from an existing domain.
Administrative credentials
To perform this procedure, you must be a member of the Domain Admins group in the domain.
To remove a domain controller by using the Windows interface
Click Start, click Run, type dcpromo, and then press ENTER.
On the Welcome to the Active Directory Domain Services Installation Wizard page, click Next.
If the domain controller is a global catalog server, a message appears to warn you about the effect of removing a global catalog server from the environment. Click OK to continue.
On the Delete the Domain page, make no selection, and then click Next.
If the domain controller has application directory partitions, on the Application Directory Partitions page, view the application directory partitions in the list, and then remove or retain application directory partitions, as follows:
If you do not want to retain any application directory partitions that are stored on the domain controller, click Next.
If you want to retain an application directory partition that an application has created on the domain controller, use the application that created the partition to remove it, and then click Refresh to update the list.
If the Confirm Deletion page appears, select the option to delete all application directory partitions on the domain controller, and then click Next.
On the Remove DNS Delegation page, verify that the Delete the DNS delegations pointing to this server check box is selected, and then click Next.
If necessary, enter administrative credentials for the server that hosts the DNS zones that contain the DNS delegation for this server, and then click OK.
On the Administrator Password page, type and confirm a secure password for the local Administrator account, and then click Next.
On the Summary page, to save the settings that you selected to an answer file that you can use to automate subsequent operations in Active Directory Domain Services (AD DS), click Export settings. Type a name for your answer file, and then click Save. Review your selections, and then click Next to remove AD DS.
On the Completing the Active Directory Domain Services Installation Wizard page, click Finish.
You can either select the Reboot on completion check box to have the server restart automatically or you can restart the server to complete the AD DS removal when you are prompted to do so.
Open Server Manager. Click Start, point to Administrative Tools, and then click Server Manager.
In Roles Summary, click Remove Roles.
If necessary, review the information on the Before You Begin page, and then click Next.
On the Remove Server Roles page, clear the Active Directory Domain Services check box, and then click Next.
On the Confirm Removal Selections page, click Remove.
On the Removal Results page, click Close, and then click Yes to restart the server.
Removing a domain controller by using the Windows interface
You can use the Active Directory Domain Services Installation Wizard to remove a domain controller from an existing domain.
Administrative credentials
To perform this procedure, you must be a member of the Domain Admins group in the domain.
To remove a domain controller by using the Windows interface
Click Start, click Run, type dcpromo, and then press ENTER.
On the Welcome to the Active Directory Domain Services Installation Wizard page, click Next.
If the domain controller is a global catalog server, a message appears to warn you about the effect of removing a global catalog server from the environment. Click OK to continue.
On the Delete the Domain page, make no selection, and then click Next.
If the domain controller has application directory partitions, on the Application Directory Partitions page, view the application directory partitions in the list, and then remove or retain application directory partitions, as follows:
If you do not want to retain any application directory partitions that are stored on the domain controller, click Next.
If you want to retain an application directory partition that an application has created on the domain controller, use the application that created the partition to remove it, and then click Refresh to update the list.
If the Confirm Deletion page appears, select the option to delete all application directory partitions on the domain controller, and then click Next.
On the Remove DNS Delegation page, verify that the Delete the DNS delegations pointing to this server check box is selected, and then click Next.
If necessary, enter administrative credentials for the server that hosts the DNS zones that contain the DNS delegation for this server, and then click OK.
On the Administrator Password page, type and confirm a secure password for the local Administrator account, and then click Next.
On the Summary page, to save the settings that you selected to an answer file that you can use to automate subsequent operations in Active Directory Domain Services (AD DS), click Export settings. Type a name for your answer file, and then click Save. Review your selections, and then click Next to remove AD DS.
On the Completing the Active Directory Domain Services Installation Wizard page, click Finish.
You can either select the Reboot on completion check box to have the server restart automatically or you can restart the server to complete the AD DS removal when you are prompted to do so.
Open Server Manager. Click Start, point to Administrative Tools, and then click Server Manager.
In Roles Summary, click Remove Roles.
If necessary, review the information on the Before You Begin page, and then click Next.
On the Remove Server Roles page, clear the Active Directory Domain Services check box, and then click Next.
On the Confirm Removal Selections page, click Remove.
On the Removal Results page, click Close, and then click Yes to restart the server.
ASKER
problem is it says that it says this "however o other active directory domain controllers for domain can be contacted. do u wish to proceed?"
ASKER
o = no
The new server has the DNS? Try using the new server as primary DNS and try again?
ASKER
the new server has its own ip as primary dns and old servers ip as alternate. the old server has its own ip as primary and new server ip as alternate
ASKER
The new server has the DNS? Try using the new server as primary DNS and try again? i did not understand this.
On the Old Server, setup the new server as primary DNS and keep local host as secondary DNS.
ASKER
changed as advised. rebooting now
Did you get that prompt again?
ASKER
waiting for reboot. i will run the dcpromo in just a bit and let u know.
ASKER
yes same prompt . see attached screenshot
Untitled1.jpg
Untitled1.jpg
what about using adsi edit?
ASKER
no joy so far. switching primary dns on both to old server ip and rebooting. any ideas?
ASKER
no joy yet. any help ?
ASKER
i get this on the server 2003 that im trying to demote
Event Type: Warning
Event Source: NTDS Replication
Event Category: DS RPC Client
Event ID: 2088
Date: 9/8/2011
Time: 6:01:59 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: CEFM-HMO
Description:
Active Directory could not use DNS to resolve the IP address of the source domain controller listed below. To maintain the consistency of Security groups, group policy, users and computers and their passwords, Active Directory successfully replicated using the NetBIOS or fully qualified computer name of the source domain controller.
Invalid DNS configuration may be affecting other essential operations on member computers, domain controllers or application servers in this Active Directory forest, including logon authentication or access to network resources.
You should immediately resolve this DNS configuration error so that this domain controller can resolve the IP address of the source domain controller using DNS.
Alternate server name:
DBSERVER
Failing DNS host name:
8b3c9615-02bb-4fd5-aef2-be 94756dd686 ._msdcs.CE FM-DOM.loc al
Event Type: Warning
Event Source: NTDS Replication
Event Category: DS RPC Client
Event ID: 2088
Date: 9/8/2011
Time: 6:01:59 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: CEFM-HMO
Description:
Active Directory could not use DNS to resolve the IP address of the source domain controller listed below. To maintain the consistency of Security groups, group policy, users and computers and their passwords, Active Directory successfully replicated using the NetBIOS or fully qualified computer name of the source domain controller.
Invalid DNS configuration may be affecting other essential operations on member computers, domain controllers or application servers in this Active Directory forest, including logon authentication or access to network resources.
You should immediately resolve this DNS configuration error so that this domain controller can resolve the IP address of the source domain controller using DNS.
Alternate server name:
DBSERVER
Failing DNS host name:
8b3c9615-02bb-4fd5-aef2-be
open dns
navigate to _msdcs.cefm-dom.local
look for that server guid number, look at the server name look it up in domain dns and make sure the IP reflects the actual IP address of the server.
also run DCDIAG /fix
the DCDIAG /test:dns
post results please
navigate to _msdcs.cefm-dom.local
look for that server guid number, look at the server name look it up in domain dns and make sure the IP reflects the actual IP address of the server.
also run DCDIAG /fix
the DCDIAG /test:dns
post results please
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
too many variables. something is very wrong . going to try luck with ms tech support before taking the leap and redoing the dc.
This really looks like a failed DCPROMO.
And should be treated as such.
Recommendations are roll back to your previous known state, i.e. get your 2K3 Server to be the only DC on the network and ensure that it is in a healthy state.
Updated comments for this and other post can be found in https://www.experts-exchange.com/questions/27298994/demote-2003-dc.html
And should be treated as such.
Recommendations are roll back to your previous known state, i.e. get your 2K3 Server to be the only DC on the network and ensure that it is in a healthy state.
Updated comments for this and other post can be found in https://www.experts-exchange.com/questions/27298994/demote-2003-dc.html
http://technet.microsoft.com/en-us/library/cc731968(WS.10).aspx