Solved

Cannot remove old server.

Posted on 2004-08-13
16
974 Views
Last Modified: 2008-01-09
Hi Experts,
I am currently having difficulties installing a new server into a domain. I have transferred all the roles successfully, but when I shut the old server down the new on takes 20 mins to load and the FQDN has changed from .local to .001 . It is also impossible to access group policy.

When the other server is connected and I access group policy, I get the message that a 'domain controller could not be found', but by choosing the option to use any available controller, I can access the policy.

I promoted the new server to be a GC but am scared to demote the old server even though the replication seems OK using Active Directory Replication Monitor. I am also worried to demote the old server using DCPROMO in case I can't promote it again. These problems have shattered my confidence.

DNS seems OK, and I have tried setting the DNS server on the NIC to both old, then new server with the same results.

Using 'netdom query fsmo' I get confirmation that the roles have gone over.

Any ideas to get a graceful demotion of the old server? Many Thanks.
0
Comment
Question by:pbodsw
  • 6
  • 4
  • 3
  • +2
16 Comments
 
LVL 11

Expert Comment

by:infotrader
ID: 11795778
Is there a name conflict between the new server and another computer?  Usually I see the .001 as something that is forced onto the computer when a name conflict occur.

- Info
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 11795785
pbodsw
Use DCDIAG and NETDIAG, both in the resource kit and post the results here.

This is almost certainly DNS related, but lets see the outputs first to be sure.

Make sure your DNS zone is set to allow dynamic updates and that all machines are pointing to the SAME internall controlled DNS server.

DO NOT BE TEMPTED to use DCPROMO /FORCEREMOVE until we have diagnose the problem for you as it will leave a mess in the domain that you will have to cleanup using NTDSUTIL

Cheers

JamesDS
0
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 50 total points
ID: 11795908
--id be inclined to agree with infotrader

though james errs on the side of caution :) follow james advice
I personally would never use FORCEREMOVE

if you need to manually start removing things then I prefer ASDIedit - but thats a last resort
0
 

Author Comment

by:pbodsw
ID: 11795939
I posted my question too early and tried to edit it, but it is now locked. Please ignore the .001 comment, the domain name has not changed.

Dcdiag tells me that a GC could not be contacted although the new server IS the GC. It also reveals that the machine holding the PDC role is down although the new machine IS the PDC. (I also get some replcation errors because the old server is disconnected)

I do not recall any errors when both machines are on. Dynamic updates are allowed. I have both machines listed in two DNS zones.
0
 
LVL 11

Expert Comment

by:infotrader
ID: 11796105
How long has it been since you transfer the roles?  Some times it'd take a long time before all the roles are transferred.  Removing the DC prior to proper transfer might cause the exact propblem you are seeing.

- Info
0
 
LVL 104

Assisted Solution

by:Sembee
Sembee earned 50 total points
ID: 11796151
If you have the support tools installed on a server (and you should - I install them on all my servers) run the following command from a DOS prompt:

netdom query fsmo

This will tell you what the domain thinks is holding each of the roles.
If it is something that you don't want to have the role then you need to move it. If it will not move, go through the event logs with a fine toothcomb to see why the role will not move.
If it really comes to it, you will have seize the missing role.

Don't forget to update your DNS configuration.
I usually configure the domain controllers to point to themselves for primary and each other for secondary. Others will say different. The clients should be pointing at domain controllers only. If you are shutting one down, make sure that the primary is the one that is staying up.

Simon.
0
 

Author Comment

by:pbodsw
ID: 11796152
Perhaps an hour, I only have half a dozen machines and users so I would have thought it would be quite quick.
0
 
LVL 11

Assisted Solution

by:infotrader
infotrader earned 100 total points
ID: 11796193
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:pbodsw
ID: 11796474
Thanks for the link Infotrader.

How can I sieze a role that is already supposedly transferred?
Should I try running DCpromo on the old machine?

Using ADSIedit, I noticed that the LDAP path was incorrect, pointing to the old server. I changed the path to the new server OK. Will see if this helps..
0
 

Author Comment

by:pbodsw
ID: 11796837
The results of DCDIAG on the old server PF are:

H:\>dcdiag

DC Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial non skippeable tests

   Testing server: Default-First-Site\PF
      Starting test: Connectivity
         ......................... PF passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site\PF
      Starting test: Replications
         ......................... PF passed test Replications
      Starting test: NCSecDesc
         ......................... PF passed test NCSecDesc
      Starting test: NetLogons
         ......................... PF passed test NetLogons
      Starting test: Advertising
         ......................... PF passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... PF passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... PF passed test RidManager
      Starting test: MachineAccount
         ......................... PF passed test MachineAccount
      Starting test: Services
            SMTPSVC Service is stopped on [PF]
         ......................... PF failed test Services
      Starting test: ObjectsReplicated
         ......................... PF passed test ObjectsReplicated
      Starting test: frssysvol
         Error: No record of File Replication System, SYSVOL started.
         The Active Directory may be prevented from starting.
         ......................... PF passed test frssysvol
      Starting test: kccevent
         An Warning Event occured.  EventID: 0x80000679
            Time Generated: 08/13/2004   21:14:03
            Event String: The Inter-Site Messaging Service requested an
         An Error Event occured.  EventID: 0xC00005BA
            Time Generated: 08/13/2004   21:14:03
            Event String: The Inter-Site Messaging Service SMTP Transport
         An Warning Event occured.  EventID: 0x80000581
            Time Generated: 08/13/2004   21:14:03
            Event String: The Inter-Site Messaging Service SMTP Transport
         An Error Event occured.  EventID: 0xC000055D
            Time Generated: 08/13/2004   21:14:03
            Event String: The query for messages for service
         ......................... PF failed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0xC0002715
            Time Generated: 08/13/2004   20:30:49
            Event String: DCOM got error "%1058" attempting to start the
         An Error Event occured.  EventID: 0xC0002715
            Time Generated: 08/13/2004   21:00:49
            Event String: DCOM got error "%1058" attempting to start the
         An Error Event occured.  EventID: 0xC0002715
            Time Generated: 08/13/2004   21:09:09
            Event String: DCOM got error "%1058" attempting to start the
         An Error Event occured.  EventID: 0xC0002715
            Time Generated: 08/13/2004   21:14:03
            Event String: DCOM got error "%1058" attempting to start the
         ......................... PF failed test systemlog

   Running enterprise tests on : pfltd.local
      Starting test: Intersite
         ......................... pfltd.local passed test Intersite
      Starting test: FsmoCheck
         ......................... pfltd.local passed test FsmoCheck

H:\>
 The results on the new server PFSRV are:

H:\>dcdiag

DC Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial non skippeable tests

   Testing server: Default-First-Site\PFSRV
      Starting test: Connectivity
         ......................... PFSRV passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site\PFSRV
      Starting test: Replications
         ......................... PFSRV passed test Replications
      Starting test: NCSecDesc
         ......................... PFSRV passed test NCSecDesc
      Starting test: NetLogons
         ......................... PFSRV passed test NetLogons
      Starting test: Advertising
         Warning: DsGetDcName returned information for \\pf.pfltd.local, when we
 were trying to reach PFSRV.
         Server is not responding or is not considered suitable.
         ......................... PFSRV failed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... PFSRV passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... PFSRV passed test RidManager
      Starting test: MachineAccount
         ......................... PFSRV passed test MachineAccount
      Starting test: Services
         ......................... PFSRV passed test Services
      Starting test: ObjectsReplicated
         ......................... PFSRV passed test ObjectsReplicated
      Starting test: frssysvol
         Error: No record of File Replication System, SYSVOL started.
         The Active Directory may be prevented from starting.
         There are errors after the SYSVOL has been shared.
         The SYSVOL can prevent the AD from starting.
         ......................... PFSRV passed test frssysvol
      Starting test: kccevent
         ......................... PFSRV passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0xC0001B65
            Time Generated: 08/13/2004   21:17:00
            Event String: Logon attempt with current password failed with
         An Error Event occured.  EventID: 0xC0001B58
            Time Generated: 08/13/2004   21:17:00
            Event String: The Windows Media Monitor Service service failed
         An Error Event occured.  EventID: 0xC0001B65
            Time Generated: 08/13/2004   21:17:00
            Event String: Logon attempt with current password failed with
         An Error Event occured.  EventID: 0xC0001B58
            Time Generated: 08/13/2004   21:17:00
            Event String: The Windows Media Station Service service failed
         An Error Event occured.  EventID: 0xC0001B59
            Time Generated: 08/13/2004   21:17:08
            Event String: The Windows Media Program Service service depends
         An Error Event occured.  EventID: 0xC0001B65
            Time Generated: 08/13/2004   21:17:08
            Event String: Logon attempt with current password failed with
         An Error Event occured.  EventID: 0xC0001B58
            Time Generated: 08/13/2004   21:17:08
            Event String: The Windows Media Unicast Service service failed
         ......................... PFSRV failed test systemlog

   Running enterprise tests on : pfltd.local
      Starting test: Intersite
         ......................... pfltd.local passed test Intersite
      Starting test: FsmoCheck
         ......................... pfltd.local passed test FsmoCheck

H:\>


Thanks.
0
 

Author Comment

by:pbodsw
ID: 11797564
When I tried to run dcpromo on the old machine, The message 'domain could not be contacted' came up.
0
 
LVL 16

Accepted Solution

by:
JamesDS earned 300 total points
ID: 11799049
pbodsw
Ok, this has got to be DNS.

Make sure that ALL DCs are pointing to the same internally controlled DNS Server and that it hosts a DNS Zone for your AD.
Check that the DNS server service is only listening on one IP Address (DNS Snapin, server properties)
Look in the AD zone on the DNS server you are using and make sure that the zone is set to allow dynamic updates and that _MSDCS entries are present, if not go to each DC and do this:

IPCONFIG /FLUSHDNS
NET STOP NETLOGON
NET START NETLOGON

Retry your DCPromo on the old DC

Cheers

JamesDS
0
 

Author Comment

by:pbodsw
ID: 11809127
Thanks for everyone who assisted with this problem. I have tried to be as fair as possible with the points, although a definite solution to this problem will never be known due to the fact that I am going to create an entirely new domain, DNS, DHCP etc. I will use a different name to avoid conflicts.

 Having so few users, it will not take so long to sort out the profiles. I will demote the old server as the last machine in the old domain and join it as an new domain member to get the data over. In fact it should be still be available to use on the same network path until I get around to it.

 I am not familiar enough with DNS yet to spot a wrong configuration (eg, took me a while to discover that the period or root entry was preventing me from using the forwarders tab), I hope a new install will do the trick and be quickest.

 I believe one problem may have started because in haste, I transferred the Schema before I made a global catalogue available on the new machine, but all the roles appeared to go over OK though using netdom query.

Finally, I don't understand the warning message below came up with DCDIAG on the new server:

Warning: DsGetDcName returned information for \\pf.pfltd.local, when we
 were trying to reach PFSRV.
         Server is not responding or is not considered suitable.


Thanks guys.

0
 
LVL 16

Expert Comment

by:JamesDS
ID: 11809205
pbodsw
Glad to help, thanks for the points

Cheers

JamesDS
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11814329
ThanQ
0
 
LVL 11

Expert Comment

by:infotrader
ID: 11814350
thx
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I have never ceased to be amazed how many problems you can encounter on a fresh install of a Windows operating system.  This is certainly case in point& Unable to complete ANY MSI installation.  This means Windows Updates are failing and I can't …
by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now