Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 987
  • Last Modified:

Cannot remove old server.

Hi Experts,
I am currently having difficulties installing a new server into a domain. I have transferred all the roles successfully, but when I shut the old server down the new on takes 20 mins to load and the FQDN has changed from .local to .001 . It is also impossible to access group policy.

When the other server is connected and I access group policy, I get the message that a 'domain controller could not be found', but by choosing the option to use any available controller, I can access the policy.

I promoted the new server to be a GC but am scared to demote the old server even though the replication seems OK using Active Directory Replication Monitor. I am also worried to demote the old server using DCPROMO in case I can't promote it again. These problems have shattered my confidence.

DNS seems OK, and I have tried setting the DNS server on the NIC to both old, then new server with the same results.

Using 'netdom query fsmo' I get confirmation that the roles have gone over.

Any ideas to get a graceful demotion of the old server? Many Thanks.
0
pbodsw
Asked:
pbodsw
  • 6
  • 4
  • 3
  • +2
4 Solutions
 
infotraderCommented:
Is there a name conflict between the new server and another computer?  Usually I see the .001 as something that is forced onto the computer when a name conflict occur.

- Info
0
 
JamesDSCommented:
pbodsw
Use DCDIAG and NETDIAG, both in the resource kit and post the results here.

This is almost certainly DNS related, but lets see the outputs first to be sure.

Make sure your DNS zone is set to allow dynamic updates and that all machines are pointing to the SAME internall controlled DNS server.

DO NOT BE TEMPTED to use DCPROMO /FORCEREMOVE until we have diagnose the problem for you as it will leave a mess in the domain that you will have to cleanup using NTDSUTIL

Cheers

JamesDS
0
 
Pete LongTechnical ConsultantCommented:
--id be inclined to agree with infotrader

though james errs on the side of caution :) follow james advice
I personally would never use FORCEREMOVE

if you need to manually start removing things then I prefer ASDIedit - but thats a last resort
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
pbodswAuthor Commented:
I posted my question too early and tried to edit it, but it is now locked. Please ignore the .001 comment, the domain name has not changed.

Dcdiag tells me that a GC could not be contacted although the new server IS the GC. It also reveals that the machine holding the PDC role is down although the new machine IS the PDC. (I also get some replcation errors because the old server is disconnected)

I do not recall any errors when both machines are on. Dynamic updates are allowed. I have both machines listed in two DNS zones.
0
 
infotraderCommented:
How long has it been since you transfer the roles?  Some times it'd take a long time before all the roles are transferred.  Removing the DC prior to proper transfer might cause the exact propblem you are seeing.

- Info
0
 
SembeeCommented:
If you have the support tools installed on a server (and you should - I install them on all my servers) run the following command from a DOS prompt:

netdom query fsmo

This will tell you what the domain thinks is holding each of the roles.
If it is something that you don't want to have the role then you need to move it. If it will not move, go through the event logs with a fine toothcomb to see why the role will not move.
If it really comes to it, you will have seize the missing role.

Don't forget to update your DNS configuration.
I usually configure the domain controllers to point to themselves for primary and each other for secondary. Others will say different. The clients should be pointing at domain controllers only. If you are shutting one down, make sure that the primary is the one that is staying up.

Simon.
0
 
pbodswAuthor Commented:
Perhaps an hour, I only have half a dozen machines and users so I would have thought it would be quite quick.
0
 
pbodswAuthor Commented:
Thanks for the link Infotrader.

How can I sieze a role that is already supposedly transferred?
Should I try running DCpromo on the old machine?

Using ADSIedit, I noticed that the LDAP path was incorrect, pointing to the old server. I changed the path to the new server OK. Will see if this helps..
0
 
pbodswAuthor Commented:
The results of DCDIAG on the old server PF are:

H:\>dcdiag

DC Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial non skippeable tests

   Testing server: Default-First-Site\PF
      Starting test: Connectivity
         ......................... PF passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site\PF
      Starting test: Replications
         ......................... PF passed test Replications
      Starting test: NCSecDesc
         ......................... PF passed test NCSecDesc
      Starting test: NetLogons
         ......................... PF passed test NetLogons
      Starting test: Advertising
         ......................... PF passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... PF passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... PF passed test RidManager
      Starting test: MachineAccount
         ......................... PF passed test MachineAccount
      Starting test: Services
            SMTPSVC Service is stopped on [PF]
         ......................... PF failed test Services
      Starting test: ObjectsReplicated
         ......................... PF passed test ObjectsReplicated
      Starting test: frssysvol
         Error: No record of File Replication System, SYSVOL started.
         The Active Directory may be prevented from starting.
         ......................... PF passed test frssysvol
      Starting test: kccevent
         An Warning Event occured.  EventID: 0x80000679
            Time Generated: 08/13/2004   21:14:03
            Event String: The Inter-Site Messaging Service requested an
         An Error Event occured.  EventID: 0xC00005BA
            Time Generated: 08/13/2004   21:14:03
            Event String: The Inter-Site Messaging Service SMTP Transport
         An Warning Event occured.  EventID: 0x80000581
            Time Generated: 08/13/2004   21:14:03
            Event String: The Inter-Site Messaging Service SMTP Transport
         An Error Event occured.  EventID: 0xC000055D
            Time Generated: 08/13/2004   21:14:03
            Event String: The query for messages for service
         ......................... PF failed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0xC0002715
            Time Generated: 08/13/2004   20:30:49
            Event String: DCOM got error "%1058" attempting to start the
         An Error Event occured.  EventID: 0xC0002715
            Time Generated: 08/13/2004   21:00:49
            Event String: DCOM got error "%1058" attempting to start the
         An Error Event occured.  EventID: 0xC0002715
            Time Generated: 08/13/2004   21:09:09
            Event String: DCOM got error "%1058" attempting to start the
         An Error Event occured.  EventID: 0xC0002715
            Time Generated: 08/13/2004   21:14:03
            Event String: DCOM got error "%1058" attempting to start the
         ......................... PF failed test systemlog

   Running enterprise tests on : pfltd.local
      Starting test: Intersite
         ......................... pfltd.local passed test Intersite
      Starting test: FsmoCheck
         ......................... pfltd.local passed test FsmoCheck

H:\>
 The results on the new server PFSRV are:

H:\>dcdiag

DC Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial non skippeable tests

   Testing server: Default-First-Site\PFSRV
      Starting test: Connectivity
         ......................... PFSRV passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site\PFSRV
      Starting test: Replications
         ......................... PFSRV passed test Replications
      Starting test: NCSecDesc
         ......................... PFSRV passed test NCSecDesc
      Starting test: NetLogons
         ......................... PFSRV passed test NetLogons
      Starting test: Advertising
         Warning: DsGetDcName returned information for \\pf.pfltd.local, when we
 were trying to reach PFSRV.
         Server is not responding or is not considered suitable.
         ......................... PFSRV failed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... PFSRV passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... PFSRV passed test RidManager
      Starting test: MachineAccount
         ......................... PFSRV passed test MachineAccount
      Starting test: Services
         ......................... PFSRV passed test Services
      Starting test: ObjectsReplicated
         ......................... PFSRV passed test ObjectsReplicated
      Starting test: frssysvol
         Error: No record of File Replication System, SYSVOL started.
         The Active Directory may be prevented from starting.
         There are errors after the SYSVOL has been shared.
         The SYSVOL can prevent the AD from starting.
         ......................... PFSRV passed test frssysvol
      Starting test: kccevent
         ......................... PFSRV passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0xC0001B65
            Time Generated: 08/13/2004   21:17:00
            Event String: Logon attempt with current password failed with
         An Error Event occured.  EventID: 0xC0001B58
            Time Generated: 08/13/2004   21:17:00
            Event String: The Windows Media Monitor Service service failed
         An Error Event occured.  EventID: 0xC0001B65
            Time Generated: 08/13/2004   21:17:00
            Event String: Logon attempt with current password failed with
         An Error Event occured.  EventID: 0xC0001B58
            Time Generated: 08/13/2004   21:17:00
            Event String: The Windows Media Station Service service failed
         An Error Event occured.  EventID: 0xC0001B59
            Time Generated: 08/13/2004   21:17:08
            Event String: The Windows Media Program Service service depends
         An Error Event occured.  EventID: 0xC0001B65
            Time Generated: 08/13/2004   21:17:08
            Event String: Logon attempt with current password failed with
         An Error Event occured.  EventID: 0xC0001B58
            Time Generated: 08/13/2004   21:17:08
            Event String: The Windows Media Unicast Service service failed
         ......................... PFSRV failed test systemlog

   Running enterprise tests on : pfltd.local
      Starting test: Intersite
         ......................... pfltd.local passed test Intersite
      Starting test: FsmoCheck
         ......................... pfltd.local passed test FsmoCheck

H:\>


Thanks.
0
 
pbodswAuthor Commented:
When I tried to run dcpromo on the old machine, The message 'domain could not be contacted' came up.
0
 
JamesDSCommented:
pbodsw
Ok, this has got to be DNS.

Make sure that ALL DCs are pointing to the same internally controlled DNS Server and that it hosts a DNS Zone for your AD.
Check that the DNS server service is only listening on one IP Address (DNS Snapin, server properties)
Look in the AD zone on the DNS server you are using and make sure that the zone is set to allow dynamic updates and that _MSDCS entries are present, if not go to each DC and do this:

IPCONFIG /FLUSHDNS
NET STOP NETLOGON
NET START NETLOGON

Retry your DCPromo on the old DC

Cheers

JamesDS
0
 
pbodswAuthor Commented:
Thanks for everyone who assisted with this problem. I have tried to be as fair as possible with the points, although a definite solution to this problem will never be known due to the fact that I am going to create an entirely new domain, DNS, DHCP etc. I will use a different name to avoid conflicts.

 Having so few users, it will not take so long to sort out the profiles. I will demote the old server as the last machine in the old domain and join it as an new domain member to get the data over. In fact it should be still be available to use on the same network path until I get around to it.

 I am not familiar enough with DNS yet to spot a wrong configuration (eg, took me a while to discover that the period or root entry was preventing me from using the forwarders tab), I hope a new install will do the trick and be quickest.

 I believe one problem may have started because in haste, I transferred the Schema before I made a global catalogue available on the new machine, but all the roles appeared to go over OK though using netdom query.

Finally, I don't understand the warning message below came up with DCDIAG on the new server:

Warning: DsGetDcName returned information for \\pf.pfltd.local, when we
 were trying to reach PFSRV.
         Server is not responding or is not considered suitable.


Thanks guys.

0
 
JamesDSCommented:
pbodsw
Glad to help, thanks for the points

Cheers

JamesDS
0
 
Pete LongTechnical ConsultantCommented:
ThanQ
0
 
infotraderCommented:
thx
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 4
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now