?
Solved

Branch office with Windows Server 2003 DC demotion fails

Posted on 2009-04-29
3
Medium Priority
?
371 Views
Last Modified: 2012-06-27
I am trying to demote a windows 2003 DC in a branch office and it is failig with this error:

The operation failed because: Active Directory could not configure the computer account SERVER$ on the remote domain controller firstolddc.domain.com. "Access is denied."

The server it is referring to is located in another branch office location.

I am using an enterprise admin account.  Also, I would like to avoid meta cleanup and demote this gracefully.
0
Comment
Question by:ohmErnie
  • 2
3 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 24264640
If you want to go through the trouble and try to get this working then this looks like that the issue is with DNS or a connection. Run a netdiag and post results.

Make sure that the DC is pointing to only internal DNS servers in it's TCP\IP properties.
0
 
LVL 1

Author Comment

by:ohmErnie
ID: 24269785
C:\>netdiag
.......................................
    Computer Name: branch
    DNS Host Name: branch.local.domain.com
    System info : Microsoft Windows Server 2003 R2 (Build 3790)
    Processor : x86 Family 6 Model 15 Stepping 6, GenuineIntel
    List of installed hotfixes :
        KB921503
        KB923561
        KB924667-v2
        KB925398_WMP64
        KB925876
        KB925902
        KB926122
        KB927891
        KB929123
        KB930178
        KB931784
        KB931836
        KB932168
        KB933360
        KB933566
        KB933566-IE7
        KB933729
        KB933854
        KB935839
        KB935840
        KB935966
        KB936021
        KB936357
        KB936782
        KB937143-IE7
        KB938127-IE7
        KB938464
        KB939653-IE7
        KB940122
        KB941202
        KB941568
        KB941569
        KB941644
        KB941672
        KB941693
        KB942615-IE7
        KB942763
        KB943055
        KB943460
        KB943484
        KB943485
        KB943729
        KB944533-IE7
        KB944653
        KB945553
        KB946026
        KB947864-IE7
        KB948496
        KB948590
        KB948881
        KB949014
        KB950759-IE7
        KB950760
        KB950762
        KB950974
        KB951066
        KB951072-v2
        KB951698
        KB951746
        KB951748
        KB952004
        KB952069
        KB952954
        KB953838-IE7
        KB953839
        KB954211
        KB954600
        KB955069
        KB955839
        KB956390-IE7
        KB956391
        KB956572
        KB956802
        KB956803
        KB956841
        KB957095
        KB957097
        KB958215-IE7
        KB958644
        KB958687
        KB958690
        KB959426
        KB960225
        KB960714-IE7
        KB960715
        KB960803
        KB961063
        KB961260-IE7
        KB961373
        KB963027-IE7
        KB967715
        Q147222

Netcard queries test . . . . . . . : Passed
 
Per interface results:
    Adapter : Local Area Connection
        Netcard queries test . . . : Passed
        Host Name. . . . . . . . . : branch
        IP Address . . . . . . . . : xx.xx.0.10
        Subnet Mask. . . . . . . . : 255.255.0.0
        Default Gateway. . . . . . : xx.xx.0.1
        Primary WINS Server. . . . : xxx.x.xxx.10
        Dns Servers. . . . . . . . : xx.xx.0.10

        AutoConfiguration results. . . . . . : Passed
        Default gateway test . . . : Passed
        NetBT name test. . . . . . : Passed
        WINS service test. . . . . : Passed

Global results:

Domain membership test . . . . . . : Passed

NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{50FD14FA-B27E-4844-8FB2-7B3E59353A1A}
    1 NetBt transport currently configured.

Autonet address test . . . . . . . : Passed

IP loopback ping test. . . . . . . : Passed

Default gateway test . . . . . . . : Passed

NetBT name test. . . . . . . . . . : Passed

Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Failed
    [WARNING] The DNS entries for this DC are not registered correctly on DNS se
rver 'xx.xx.0.10'. Please wait for 30 minutes for DNS server replication.
    [FATAL] No DNS servers have the DNS records for this DC registered.

Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{50FD14FA-B27E-4844-8FB2-7B3E59353A1A}
    The redir is bound to 1 NetBt transport.
    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{50FD14FA-B27E-4844-8FB2-7B3E59353A1A}
    The browser is bound to 1 NetBt transport.

DC discovery test. . . . . . . . . : Passed

DC list test . . . . . . . . . . . : Passed

Trust relationship test. . . . . . : Failed
    [FATAL] Secure channel to domain 'MYDOMAIN' is broken. [ERROR_NO_LOGON_SERVERS]

Kerberos test. . . . . . . . . . . : Passed

LDAP test. . . . . . . . . . . . . : Passed
    [WARNING] Failed to query SPN registration on DC 'maindc1.local.domain.com'.
    [WARNING] Failed to query SPN registration on DC 'maindc2.local.domain.com'.
    [WARNING] Failed to query SPN registration on DC 'remote.local.domain.com'.

Bindings test. . . . . . . . . . . : Passed

WAN configuration test . . . . . . : Skipped
    No active remote access connections.

Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
    Note: run "netsh ipsec dynamic show /?" for more detailed information

The command completed successfully
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 2000 total points
ID: 24269840
You are going to spend sometime trying to fix this issue just to demote the server. The quickest way is to dcpromo /forceremoval  then run a metadata cleanup. This is going to be the best way.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question