Checking AD connection between Past and Present Domain Controllers

Boyderama
Boyderama used Ask the Experts™
on
Hello to all :)

Will try my best to explain. If I've missed anything then let me know.

2 Servers running Windows Server 2003 SP2. Server names are: \\DC1 and \\DC2.
They are Domain Controllers (no guessing there then! lol).

Configuration between the two was fine and (I think) still OK.

However, \\DC2 was reformatted and reinstalled with Windows Server 2003 SP2. This was done because there was a slight issue with another piece of software and it was easier to start all over again.

\\DC2 has been reinstalled with the same setup. Same name, IP address etc...

Before \\DC2 was reformatted and reinstalled no preparation was made to notify \\DC1. Would this have been necessary?
Personally, I think something should have been done to at least prepare for \\DC2 to go offline and be reinstalled.

Perhaps \\DC2 should have been demoted first?

I'm worried (any several warnings do show in the \\DC1 event log) that \\DC1 still has records pointing to the old \\DC2.

All appears ok and \\DC2 is working and replication seems to complete successfully but because of a few warning messages in \\DC1 I want to run any test possible to ensure nothing is amiss.

Any ideas or things to check for?

Here are a few event log errors on \\DC1

(Some of these errors occur only during boot up.)


---------------------------------------------------------------------------------------------------------


Event Type: Warning
Event Source: NTDS Replication
Event Category: DS RPC Client
Event ID: 2088
Date:  28/05/2007
Time:  15:21:27
User:  NT AUTHORITY\ANONYMOUS LOGON
Computer: DC1
Description:
Active Directory could not use DNS to resolve the IP address of the source domain controller listed below. To maintain the consistency of Security groups, group policy, users and computers and their passwords, Active Directory successfully replicated using the NetBIOS or fully qualified computer name of the source domain controller.
 
Invalid DNS configuration may be affecting other essential operations on member computers, domain controllers or application servers in this Active Directory forest, including logon authentication or access to network resources.
 
You should immediately resolve this DNS configuration error so that this domain controller can resolve the IP address of the source domain controller using DNS.
 
Alternate server name:
 DC2
Failing DNS host name:
 27b274ee-0c1c-48b5-b509-d1ce8b2f3952._msdcs.pgsplc.local
 
NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour period, even if more than 10 failures occur.  To log all individual failure events, set the following diagnostics registry value to 1:
 
Registry Path:
HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client



---------------------------------------------------------------------------------------------------------




Event Type: Warning
Event Source: NTDS Replication
Event Category: Replication
Event ID: 2092
Date:  28/05/2007
Time:  16:19:58
User:  NT AUTHORITY\ANONYMOUS LOGON
Computer: DC1
Description:

This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role.
 
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
 
FSMO Role: CN=Schema,CN=Configuration,DC=pgsplc,DC=local
 



---------------------------------------------------------------------------------------------------------





Event Type: Warning
Event Source: NTDS Replication
Event Category: Replication
Event ID: 2092
Date:  28/05/2007
Time:  16:19:58
User:  NT AUTHORITY\ANONYMOUS LOGON
Computer: DC1
Description:

This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role.
 
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
 
FSMO Role: CN=Partitions,CN=Configuration,DC=pgsplc,DC=local




---------------------------------------------------------------------------------------------------------






Event Type: Warning
Event Source: NTDS Replication
Event Category: Replication
Event ID: 2092
Date:  28/05/2007
Time:  16:19:58
User:  NT AUTHORITY\ANONYMOUS LOGON
Computer: DC1
Description:

This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role.
 
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
 
FSMO Role: CN=RID Manager$,CN=System,DC=pgsplc,DC=local






---------------------------------------------------------------------------------------------------------






Event Type: Warning
Event Source: NTDS Replication
Event Category: Replication
Event ID: 2092
Date:  28/05/2007
Time:  16:19:58
User:  NT AUTHORITY\ANONYMOUS LOGON
Computer: DC1
Description:

This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role.
 
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
 
FSMO Role: CN=Infrastructure,DC=pgsplc,DC=local





---------------------------------------------------------------------------------------------------------







Event Type: Warning
Event Source: NTDS Replication
Event Category: Replication
Event ID: 2092
Date:  28/05/2007
Time:  16:19:58
User:  NT AUTHORITY\ANONYMOUS LOGON
Computer: DC1
Description:

This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role.
 
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
 
FSMO Role: DC=pgsplc,DC=local
 



---------------------------------------------------------------------------------------------------------

Any help would be appreciated.

Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
If you did not demote DC2 before reformatting it, you need to perform a metadata cleanup on DC1 before you can re-introduce a DC with the same name into Active Directory as described here: http://support.microsoft.com/kb/216498

For future reference, you can gracefully demote a DC by running dcpromo to remove AD from that DC, being careful NOT to select the check-mark next to "This is the last DC in the domain."

Author

Commented:
Sorry for the delayed reply. I've yet to try the above due to a few problems which needed urgent attention.

I hope to get to work on the above sometime next week.

I do appreciate all your help and will let you know how I get on.

Thanks :)

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial