Unable to remove Win DC from AD. Getting errors 1865, 1311 in event viewer
Unable to remove DC from AD. Getting errors 1865, 1311. I think I have an old DC in the AD that is long gone and dead, never to return. I can rename and move it, but I can not delete it, nor, can I get rid of it's settings. I have tried to use ntdsutil to remove it but I get errors doing that too (I will try an attach a PDF showing this). For now, I have created a temp Site for this and moved the DEC into it, but how do I get my servers to stop looking for it?
Notes:
1. I am a native 2003 AD, one domain, one forest, lots of DCs... This old DC was probably a 2K DC back when my domain was 2K native. Probably it failed, and I created a new DC and named it the same name as the old DC (long since killed off and replaced by a new named DC)
2. The NTDS settings assigned to this defunc DC look like this in the properties:
NTDS Settings CNF:f33ac6c8-a4ca-40cd-948
3. When I run NTDSUTIL on the DC that holds all of the major FSMO roles, I select a site, the domain, and the server. I have tried to not set the naming context, and also to set the naming context to be the configuration, but when I tell NTDSUTIL to remove the server, I get the following:
Transferring/seizing FSMO roles off the selected server.
LDAP error 0X20(32 (no such object).
Ldap extended error message is 0000208D: NameErr: DSID-031001CD, Problem 2001 (NO_OBJECT), data 0, best match of: 'CN=POSKILLME,cn=SERVERS,c
WIN32 ERROR RETURNED 0x208D(DIRECTORY OBJECT NOT FOUND.)
)
Unable to determine the domain hosted by the DC (5). Please use the connection menu to specify it.
Removing FRS metadata for the selected server.
Unable to find server reference on "CN=POSKILLME,cn=SERVERS,c
LDAP Error 0x5e(94 (no result present in message).
)
The attempt to remove the FRS settings on CN=POSKILLME,cn=SERVERS,cn
metadata cleanup is continuing.
DsRemoveDsServerW error 0X20e3(The DSA object could not be found.)
Any help would be highly appreciated!
Notes:
1. I am a native 2003 AD, one domain, one forest, lots of DCs... This old DC was probably a 2K DC back when my domain was 2K native. Probably it failed, and I created a new DC and named it the same name as the old DC (long since killed off and replaced by a new named DC)
2. The NTDS settings assigned to this defunc DC look like this in the properties:
NTDS Settings CNF:f33ac6c8-a4ca-40cd-948
3. When I run NTDSUTIL on the DC that holds all of the major FSMO roles, I select a site, the domain, and the server. I have tried to not set the naming context, and also to set the naming context to be the configuration, but when I tell NTDSUTIL to remove the server, I get the following:
Transferring/seizing FSMO roles off the selected server.
LDAP error 0X20(32 (no such object).
Ldap extended error message is 0000208D: NameErr: DSID-031001CD, Problem 2001 (NO_OBJECT), data 0, best match of: 'CN=POSKILLME,cn=SERVERS,c
WIN32 ERROR RETURNED 0x208D(DIRECTORY OBJECT NOT FOUND.)
)
Unable to determine the domain hosted by the DC (5). Please use the connection menu to specify it.
Removing FRS metadata for the selected server.
Unable to find server reference on "CN=POSKILLME,cn=SERVERS,c
LDAP Error 0x5e(94 (no result present in message).
)
The attempt to remove the FRS settings on CN=POSKILLME,cn=SERVERS,cn
metadata cleanup is continuing.
DsRemoveDsServerW error 0X20e3(The DSA object could not be found.)
Any help would be highly appreciated!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Reusing the Name before properly cleaning up AD is your problem.
If this new server is a DC, then DCPROMO it to demote it. After, unjoin the domain.
Delete all references to it from ADUC, DNS, DHCP and AD (using the article).
Wait at least one replication cycle (the longer, the better).
Re-run DCPROMO on the new server and bring it back into the Domain.
The issue is that the new server is being referenced by the OLD data lingering in AD - this is obviously not desired.
If this new server is a DC, then DCPROMO it to demote it. After, unjoin the domain.
Delete all references to it from ADUC, DNS, DHCP and AD (using the article).
Wait at least one replication cycle (the longer, the better).
Re-run DCPROMO on the new server and bring it back into the Domain.
The issue is that the new server is being referenced by the OLD data lingering in AD - this is obviously not desired.
ASKER
I thought the same thing and I have tried this already too. :(
The old stuff just won't go away.
The old stuff just won't go away.
How long are you waiting before you attempt to reuse the name? You need sufficient time for replication to remove and cleanup all your changes completely on all DCs before you start over.
ASKER
I gave it at least an hour (had lunch) and also forced replication across all server links.
ASKER
Hi all - some time has passed and I have worked on this more, but have not had any success in killing this from AD sites and services (and I still see errors in the error logs where my stupid servers are trying to communicate with this server...).
I have totally killed any conflicting servers, cleaned the DNS, followed the article again including trying different naming contexts and still get the same results. I have tried the opperation by binding to several different DCs in my domain. The old DC still shows in sites and services and will not go away. If I look at properties in AD sites and services, It has a DNS alias: F33AC6C8-A4CA-40CD-9484-44
Any help in using ADSIEDIT would be appreciated...
I have totally killed any conflicting servers, cleaned the DNS, followed the article again including trying different naming contexts and still get the same results. I have tried the opperation by binding to several different DCs in my domain. The old DC still shows in sites and services and will not go away. If I look at properties in AD sites and services, It has a DNS alias: F33AC6C8-A4CA-40CD-9484-44
Any help in using ADSIEDIT would be appreciated...
ASKER
Hmmm. I did not see the 2 paragraphs at the bottom of the article about ADSI. I used ADSI and found the references and removed them. So far, no error notices for replication. I will report back tomorrow.
ASKER
I user ADSI Edit to access the AD. I searched for and removed all offending AD entries. Not for the faint of heart - thank you Jay-jay70.
ASKER
1. I noticed that when I selected the server prior to trying to delete it, it showed the new name that was given to it, but it also listed the DNS name of the replacement DC with the old FDQN
2. I HAVE reused the old IP and NAME of the old server that I replaced (this was easier at the time that coving all of the computers in that building to change drive mappings, client/server settings,...). Prior to building the replacement server, I did kill all records in DNS,... that I could, but the server listing that I want to kill I could not kill at the time.
3. II looked at the DNS, and ADUC, there are no records for the old server anywhere including the site that I have placed the old POS server... Looking at SItes/Domains tool, the site that I created to place the defunct server exists, the server shows with wierdly named NTDS DSA object showing it to be a DC...
I appreciate the suggestions - What should be my next step?