Solved

Amateur Mistake

Posted on 2009-07-11
12
201 Views
Last Modified: 2012-05-07
So I promoted a windows 2003 server to a DC after demoting another in the same site, the old server contained DNS, DHCP, etc.  I forgot to point the new server's DNS to the primary controller, and then promoted it.  Now when I try to log in I get the following error:

The system could not log you on due to the following error:
The specified domain either does not exist or could not be contacted.


On the primary server, the DNS records still point to the old server.  Is there a way to demote the new server via the command line?  I can access the system using PSExec and running cmd.exe on it.

Thans in advance for you help!

Steve
0
Comment
Question by:jwwilliamsinc
  • 6
  • 3
  • 2
  • +1
12 Comments
 
LVL 15

Expert Comment

by:tntmax
ID: 24831891
The only way to demote is dcpromo. Were you able to join it to the same domain, or did you end up creating a new domain? Is it safe to assume that your DNS was AD integrated? Do you have any other DCs in this domain? What is holding the FSMO roles? What DNS records are still pointing to the other server? Are both servers named differently?
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24831905
You should also be able to access the system via DSRM mode
http://technet.microsoft.com/en-us/library/cc776568(WS.10).aspx
You specified that password during promotion.  You can change the DNS settings that way.
Thanks
Mike
0
 

Author Comment

by:jwwilliamsinc
ID: 24831917
Tntmax: There is 1 other DC in another site, and it is contactable.  DNS is AD integrated. The other DC is holding all FSMO roles.  After looking a little deeper in DNS, it is not actually pointing to either the demoted server or the newly promoted server in anything.  and the demoted and newly promoted servers are named differently.

mkline71:  I'll check that out, and report back.


Thanks for the quick response.
0
 

Author Comment

by:jwwilliamsinc
ID: 24831945
I guess I should mention that I do not have physical access to this server, it's in another state.
0
 
LVL 15

Assisted Solution

by:tntmax
tntmax earned 150 total points
ID: 24831985
What if you change DNS to point to the other DC? Did you enable zone tranfsers in DNS? What errors are you getting in the event logs?
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24832401
So at another state I'm guessing you can't dispatch a tech at that location.
With psexec and netsh you should be able to add a DNS address
http://www.petri.co.il/configure_tcp_ip_from_cmd.htm
That shows you how to configure a static IP for DNS using netsh use that in combination with psexec.
Thanks
Mike
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 4

Assisted Solution

by:GMorineau
GMorineau earned 100 total points
ID: 24832878
I think the most simple way is just "kill" this server and after that cleanup your AD.

Sorry, but you can take a lot of work hours to try to fix this error or past just 3 hours rebuliding this server.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 250 total points
ID: 24832925
I'm  guessing you don't have DRAC or iLO on the box
0
 

Author Comment

by:jwwilliamsinc
ID: 24835922
sorry for the delay getting back to you, I was having internet issues at the house.  I do have a drac on the server, so I could theoretically use that to get into ds restore mode.  
0
 

Author Comment

by:jwwilliamsinc
ID: 24835934
mkline71 I have already used psexec and netsh to assign the proper dns server, however it still won't let me log in.  When I promoted the server it was pointed at the old server so the primary DC didn't get the DNS updates that come with a dcpromo and therefore does not recognize the new dc as a real dc?
0
 

Author Comment

by:jwwilliamsinc
ID: 24835946
I was having difficulties with the drac card, but now for some reason it's working.  I was able to log in using that console.  Strange how mstsc /admin doesn't really connect to the console...I'll keep everyone updated.
0
 

Author Comment

by:jwwilliamsinc
ID: 24835966
after finally getting into the server, I had to do a dcpromo /forceremoval because the primary DC was not aware that the server is a DC...I'll do a re-promote later.

Thanks everyone for the input, I'll split the points among all of you.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

Resolve DNS query failed errors for Exchange
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now