Link to home
Start Free TrialLog in
Avatar of eelmazovski
eelmazovski

asked on

after demoting DC, can't contact domain controller

Computers on domain dont get connected to shares or printers automatically (can be mapped manually).
active directory is configured improperly somewhere and its not recognizing 2k3 DC "a" as the DC since the original 2k DC was demoted  (I swear I followed all appropriate steps  by transfering FSMO roles and seizing the them on the old DC).  The AD is visible and running.  However, it's not being acknowledged that 2k3 DC "a" as the primary DC.  I thought it might be because its 2k3, but its running in mixed mode which means it can play with 2k servers.  I checked the following:
-srv records on the dns server (which is not a DC) and appears that all the neccessary entries exist
     _msdcs
     _sites
     _tcp
     _udp
-nslookup, set type=all,  Type _ldap._tcp.dc._msdcs.(Domain_Name) and responded with the right ip addresses
-ran netdiag and notice this error message: "the system volume has not been completely replicated to the local machine. this machine is not working properly as a dc".

Appears that the old 2k DC was holding on to something and it didn't properly transfer over.  I don't know what i missed; i thought all i had to do was transfer FSMO roles, seize the old one, and demote..as soon as i demoted, "can't contact domain controller".  
Avatar of Brian Pierce
Brian Pierce
Flag of United Kingdom of Great Britain and Northern Ireland image
I'm a bit confused since you talk of transfering the FSMO roles then seizing the them - if you did a clean transfer, then there is no need to seize.

Did yoi make the new server a Global Catalog Server ?  To make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand, Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Did you install DNS on the new server and configure you clients to use the new server for their DNS server ?
Avatar of eelmazovski
eelmazovski

ASKER

Yes, I made the new server a GC following those steps.  I didn't make the new server the dns server. there's a 2k server that handles that for us.  As far as i know, that dns is running fine.
Avatar of Brian Pierce
Brian Pierce
Flag of United Kingdom of Great Britain and Northern Ireland image
Is there any special reason that you are not using AD integrated DNS on the domain controllers, it makes far more sence to use Active Directory Integrated DNS in most cases, its much more efficient, less troublesome and secure.

I assume the Old DC is not functioning anymore - did you do a DCPROMO on it to remove Active Directory from it?
Avatar of eelmazovski
eelmazovski

ASKER

thanks for the quick response. the dns has been setup on that server since the begininng of time and it wasn't changed by the previous admin..yes, i ran the dcpromo on the original dc and it apparently ran succesfully; the AD isn't no longer there on that server.  as soon as that was successful, computers are failing "to contact domain controller".  the 2k3 dc is not being picked up by the network and i'm worried that the domain settings were damaged during this demoting process. i can access shares by entering the paths whether by name or ip (it will prompt me for a user id and password), i can get on the web, i can print to network servers; so, dhcp is working, dns apparently is working; sysvol directory exists; ...i don't know, first time i encountered an AD issue on this level and it's very frustrating.
Avatar of eelmazovski
eelmazovski

ASKER

I tried setting up another server as a DC and receive the message: "An Active Directory domain controller for the domain my.domain could not be contacted.  Ensure that the DNS name is typed correctly.  if the domain is correct then click details for troubleshooting information."  i do that and it lists common causes:
-Host (A) records that map the domain controller to its IP addresses are missing or contain incorrect addresses.
-Domain controllers registered in DNS are not connected to the network or are not running.
It's definetly not the second cause because it's online; it can be accessed by other workstations including the server.  pls help
ASKER CERTIFIED SOLUTION
Avatar of eelmazovski
eelmazovski
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial