jericpaulson
asked on
Windows Server 2003 AD Directory Services Restore Mode
Attempting to restore W2K3 Domain Controller after failure. Was able to replicate AD prior to failure. Succesfully (to a point) used Automated System Recovery to restore System State.
Server than reboots and errors out on Rebuilding AD Indices (or something close) error is lsass.exe and wants to boot into Directory Services Restore Mode (DSRM). Boot into DSRM, when attempting to log on with Administrator and the DSRM password message pops: "cannot locate domain."
This DC is physically located in the US and is a Child of a domain where the parent is in the UK. All servers W2k3.
Bandwith is a T1 between sites.
I have been told by "higher ups" that the distance between the sites does not matter.
Question are: Could the distance between child and parent be an issue?
is there a specific port that uses DSRM? (Since AD was replicating the correct ports are open for that)
Is there any way around this issue short of a rebuild?
Server than reboots and errors out on Rebuilding AD Indices (or something close) error is lsass.exe and wants to boot into Directory Services Restore Mode (DSRM). Boot into DSRM, when attempting to log on with Administrator and the DSRM password message pops: "cannot locate domain."
This DC is physically located in the US and is a Child of a domain where the parent is in the UK. All servers W2k3.
Bandwith is a T1 between sites.
I have been told by "higher ups" that the distance between the sites does not matter.
Question are: Could the distance between child and parent be an issue?
is there a specific port that uses DSRM? (Since AD was replicating the correct ports are open for that)
Is there any way around this issue short of a rebuild?
Does following this article correct your issue?
http://support.microsoft.com/default.aspx?scid=kb;en-us;258062
It should do the trick - read it carefully - you're going to be working with important files.
Advise.
http://support.microsoft.com/default.aspx?scid=kb;en-us;258062
It should do the trick - read it carefully - you're going to be working with important files.
Advise.
ASKER
Thank you both for your feedback
WeHe - The name used for the DSRM is Administrator. The password was set during dcpromo.
My limited understanding of DSRM is that AD is not running on the box and the log on is trying to connect with the Domain that it was joined to. During the dcpromo this machine was added as a DC in a child domain in an existing Domain etc. So in this instance during the sign in the DSRM user/password is trying to contact the parent. The "Log On to" option is the parent domain or workgroup. Both options come back "Cannot Locate Domain"
Netman66- Article will prove to be helpful once I am on the machine booted into DSRM. My issue is that I cannot get past the log on portion, please see above.
WeHe - The name used for the DSRM is Administrator. The password was set during dcpromo.
My limited understanding of DSRM is that AD is not running on the box and the log on is trying to connect with the Domain that it was joined to. During the dcpromo this machine was added as a DC in a child domain in an existing Domain etc. So in this instance during the sign in the DSRM user/password is trying to contact the parent. The "Log On to" option is the parent domain or workgroup. Both options come back "Cannot Locate Domain"
Netman66- Article will prove to be helpful once I am on the machine booted into DSRM. My issue is that I cannot get past the log on portion, please see above.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Netman66- If DSRM stored in SAM than would need to log onto the local machine with the DSRM user and Password yes?
Will be trying later this afternoon at 4pm EST. WIll let you know.
Thank you again.
Will be trying later this afternoon at 4pm EST. WIll let you know.
Thank you again.
Yes.
ASKER
Netman66 thank you that got me in.
Glad to assist.
it's the password you set while dcpromo'ing.
but i would do the following to keep downtime short:
install a plain w2k3 + hotfixes you had.
install backup software.
restore the hole DC. All drives + Systemstate.
Reboot the DC and wait untill AD Replication has done it's work.
as soon as netlogon service is started, it should be back in business again.