Solved

Amateur Mistake

Posted on 2009-07-11
12
207 Views
Last Modified: 2012-05-07
So I promoted a windows 2003 server to a DC after demoting another in the same site, the old server contained DNS, DHCP, etc.  I forgot to point the new server's DNS to the primary controller, and then promoted it.  Now when I try to log in I get the following error:

The system could not log you on due to the following error:
The specified domain either does not exist or could not be contacted.


On the primary server, the DNS records still point to the old server.  Is there a way to demote the new server via the command line?  I can access the system using PSExec and running cmd.exe on it.

Thans in advance for you help!

Steve
0
Comment
Question by:jwwilliamsinc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 2
  • +1
12 Comments
 
LVL 15

Expert Comment

by:tntmax
ID: 24831891
The only way to demote is dcpromo. Were you able to join it to the same domain, or did you end up creating a new domain? Is it safe to assume that your DNS was AD integrated? Do you have any other DCs in this domain? What is holding the FSMO roles? What DNS records are still pointing to the other server? Are both servers named differently?
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24831905
You should also be able to access the system via DSRM mode
http://technet.microsoft.com/en-us/library/cc776568(WS.10).aspx
You specified that password during promotion.  You can change the DNS settings that way.
Thanks
Mike
0
 

Author Comment

by:jwwilliamsinc
ID: 24831917
Tntmax: There is 1 other DC in another site, and it is contactable.  DNS is AD integrated. The other DC is holding all FSMO roles.  After looking a little deeper in DNS, it is not actually pointing to either the demoted server or the newly promoted server in anything.  and the demoted and newly promoted servers are named differently.

mkline71:  I'll check that out, and report back.


Thanks for the quick response.
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:jwwilliamsinc
ID: 24831945
I guess I should mention that I do not have physical access to this server, it's in another state.
0
 
LVL 15

Assisted Solution

by:tntmax
tntmax earned 150 total points
ID: 24831985
What if you change DNS to point to the other DC? Did you enable zone tranfsers in DNS? What errors are you getting in the event logs?
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24832401
So at another state I'm guessing you can't dispatch a tech at that location.
With psexec and netsh you should be able to add a DNS address
http://www.petri.co.il/configure_tcp_ip_from_cmd.htm
That shows you how to configure a static IP for DNS using netsh use that in combination with psexec.
Thanks
Mike
0
 
LVL 4

Assisted Solution

by:GMorineau
GMorineau earned 100 total points
ID: 24832878
I think the most simple way is just "kill" this server and after that cleanup your AD.

Sorry, but you can take a lot of work hours to try to fix this error or past just 3 hours rebuliding this server.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 250 total points
ID: 24832925
I'm  guessing you don't have DRAC or iLO on the box
0
 

Author Comment

by:jwwilliamsinc
ID: 24835922
sorry for the delay getting back to you, I was having internet issues at the house.  I do have a drac on the server, so I could theoretically use that to get into ds restore mode.  
0
 

Author Comment

by:jwwilliamsinc
ID: 24835934
mkline71 I have already used psexec and netsh to assign the proper dns server, however it still won't let me log in.  When I promoted the server it was pointed at the old server so the primary DC didn't get the DNS updates that come with a dcpromo and therefore does not recognize the new dc as a real dc?
0
 

Author Comment

by:jwwilliamsinc
ID: 24835946
I was having difficulties with the drac card, but now for some reason it's working.  I was able to log in using that console.  Strange how mstsc /admin doesn't really connect to the console...I'll keep everyone updated.
0
 

Author Comment

by:jwwilliamsinc
ID: 24835966
after finally getting into the server, I had to do a dcpromo /forceremoval because the primary DC was not aware that the server is a DC...I'll do a re-promote later.

Thanks everyone for the input, I'll split the points among all of you.
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question