• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 11385
  • Last Modified:

The server holding the PDC role is down.

We had a Win2K3 server, which was upgraded from NT4.0,  running Active Directory for our domain.  We installed a new Win2K3 server, joined it into the domain, transferred all FSMO roles to this new server, and made the new server the Global Catalog server with the intent of replacing the old server.  

A few months later, the old server had one of it's drives in a RAID5 to fail and we decided to migrate off that server.  We issued a DCPROMO to disjoin this server but were unable to get the process to complete (not sure on the error message since that was several weeks back).  After researching the problem and coming up with no solutions, we decided to do a forced DCPROMO /FORCEREMOVAL.  Before starting this process, we noticed that the replication was failing (probably why the DCPROMO failed in the first place) but weren't too concerned since this was the PDC (or so we thought!).

Anyway, after forcing the DCPROMO and shutting down the server, we started having issues with the domain becoming unavailable when we opened "Active Directory Users and Computers".  We fixed several issues with the DNS, including removing the old Win2K3 server from DNS (by the way we are using Active Directory Integrated DNS) which fixed several event log errors.  We had to recreate the NETLOGON and SYSVOL shares and were able to manually copy the contents of those folders off the old Win2K3 server (the contents remained after the forced DCPROMO).  

Now when we run the DCDIAG tool, we are getting an error:

Warning: DcGetDcName (GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName (TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.

The NETDIAG tool sheds some light on this with the message that the new Win2K3 server is acting as the PDCEmulator.  

By the time I discovered the errors, the local IT person had reused the old Win2K3 tapes in the new Win2K3 server, thus destroying any chances of restoring any backups (guess he's allowed a mistake since we were stupid enough to do a forced DCPROMO.....).

What we would like to do, if possible, is to copy any needed information that wasn't replicated from off the old Win2K3 server and then change this server from a PDCEmulator to the PDC.  Does anyone know if this is possible or perhaps someone has a suggestion as to what can be done.  We have around 30 PC's in this domain so although it's small enough to rebuild, we would obviously prefer to fix it.  Any help would be greatly appreciated.


 
0
eedwardswv
Asked:
eedwardswv
  • 4
  • 2
  • 2
1 Solution
 
Rant32Commented:
Are there any NT4 domain controllers left? What server do they believe is the PDC (the original, upgraded 2K3, or the one you moved the PDC FSMO role to?)

If there are not NT4 DCs, moving to Native mode removes the PDC emulator role altogether, but that change doesn't sound like a good idea right now until things settle down.

Have a look at http://support.microsoft.com/?kbid=316790
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Couple of points -

Active Directory does not have a PDC - EVERY domain controller is a DC.  In NT4, the PDC was the only writable copy of the user/computer database.  The BDC was just a backup copy, READ ONLY.  In Active Directory, EVERY domain controller has a writable copy and they synchronize.

The PDC emulator is one of 5 FSMO roles - you seem to know this, but yet you speak of a PDC - so your understanding of them seems flawed.

I suggest you read over this:
http://www.svrops.com/svrops/documents/fsmo.htm

Now, that said, it would appear that you didn't completely transfer all FSMO roles or the Global Catalog based on what your DCDIAG states.

Warning: DcGetDcName (GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.   <==== Global Catalog NOT FOUND!
Warning: DcGetDcName (TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.   <==== FSMO role "PDC Emulator" not found.

In this case, it would appear, you need to seize the PDC emulator role with your existing DC and
I believe this is all you need to do to recreate the global catalog server in Active Directory - note, this process can take a while and there's no progress bar.  You might try creating it today and tomorrow rebooting the server when you get in.  Then run DCDIAG again and see how things are.

http://support.microsoft.com/?kbid=313994
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Rant32, The PDCEmulator is present in Native Mode as well - it just no longer emulates an NT4 PDC.  Reference my link - and these specific functions still handled by the PDC emulator in a native domain:

*Password changes performed by other DCs in the domain are replicated preferentially to the PDC emulator first.
*Authentication failures that occur at a given DC in a domain because of an incorrect password are forwarded to the PDC emulator for validation before a bad password failure message is reported to the user.
*Account lockout is processed on the PDC emulator.
*Time synchronization for the domain.
*Group Policy changes are preferentially written to the PDC emulator.
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
Rant32Commented:
All true, didn't know why I wrote that. Mind needs updating.

Thanks.
0
 
eedwardswvAuthor Commented:
To answer Rant32:
Thanks for the post.  I'll check the KB article.

There are no NT4 DC's left.  The only server remaining in the domain is the new Win2K3.  The old upgraded Win2K3 server is still running but it was the one that a forced DCPROMO was ran on.  

Currently the domain functional level is: Windows Server 2003
and the forest functional level is: Windows 2000

To answer leew:
I do know that there is no PDC in Active Directory, only DC's.  I only used those terms because that's what the DCDIAG and NETDIAG tools referred to the servers with.  I'll checkout the article shortly.  Thanks for the link.

I did make certain that all 5 FSMO roles were transferred to the new Win2K3 server before performing the DCROMO /FORCEREMOVAL.  In fact I remember this because I did it numerous times just to make sure I wasn't missing something.  The GC was also confirmed to be the new Win2K3 server as well.  

You mentioned seizing the PDCEmulator role but the NETDIAG tool shows that this new Win2K3 server is the PDCEmulator.  Are you referring to using the NTDSUTIL to seize the role?  
0
 
Rant32Commented:
What I understand from http://support.microsoft.com/?kbid=316790 is that the problem that no GCs are available can be two-fold: either 1) none is configured in AD, or 2) the only DC in a domain configured as a GC does not accept the role, because it's looking for a authorative SYSVOL replica partner, and does not consider its own SYSVOL replica to be authorative.

You should not manually copy and create the SYSVOL and NETLOGON shares. The Netlogon service should do that automatically.

After using dcpromo /forceremoval there are also remains of the old domain controller in NTDS. Use NTDS metadata cleanup to remove leftovers:
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
0
 
eedwardswvAuthor Commented:
Rant32....you are my hero!!!!!

The Microsoft KB that you referenced was right on the money.  I have searched Google for days with every error I could find on the system but I didn't think to search on missing SYSVOL or NETSHARE because I recreated those myself.  

Apparently since the replication hadn't completed to the old Win2K3 server, the File Replication Service was trying to verify the SYSVOL state before these shares could be created on this new server.  Since I was unaware of that, I just helped the system along (or so I thought) by creating them myself.  I haven't been able to reboot this server in a while since it's in a production environment so I didn't see the FRS errors in the event viewer, which apparently only showed up when the service was first started.

I can't thank you enough for directing me to that article.  You are well deserving of the 500 points on this question.  You are a life saver.  

May God Bless You!!!!!!
0
 
Rant32Commented:
What can I say to that, that's great. This will make me sleep better, was just about to hit it ;-)

Actually I just looked for GC_SERVER_REQUIRED and followed the first link. How odd.

Thanks for the reward!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now