Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 542
  • Last Modified:

DC on VMware virtual machine not working properly

I had a Windows 2000 server running AD on its own hardware. Since the server was having hardware issues I created a virtual machine on a VMware ESX 3.5 server. After shutting down the hardware server I enabled the VM. Everything seemed to be working as usual. We have two AD servers locally and two at a remote location.

However, it seems replication has not been working since the move, which was about a month ago. When trying to force replication through AD Site and Services, I get the error "The RPC server is unavailable" and "The DSA operation is unable to proceed because of a DNS lookup failure."

I have verified that the appropriate DNS entries are located on both DNS servers on both DCs. All other network connectivity is working properly. Does moving a DC to a VM cause this issue? Is it possible to run dcpromo to remove AD and reinstall? Can I recreate the roles on the working server since this one has no connectivity AD-wise?

0
johnbelanger
Asked:
johnbelanger
1 Solution
 
murphyleiCommented:
I am thinking this may be a FSMO role issue.  Did you virtualize the old server? Or do a new install? What process did you use to make it virtual?
0
 
ryder0707Commented:
Try to P2V using cold cloning method, it is much more reliable, try this first before anything else
I had P2V several DCs before, hot cloning normally gives strange errors especially due to inconsistency in AD DB
If you dont have other services/application running on the DC, you dont have to P2V if you dont want to, just create a VM then dcpromo a fresh new DC and let it replicate normally
To fx your problem, you can try the following
Stop the DC(VM) & remove from disk, power on the physical DC, dcpromo it to demote it as member server, at this point you can rename it if you want
Create a new VM, with the same name as physical server(if you've renamed the physical server earlier)
Install Windows, setup DNS & dcpromo it as additional DC for your network
0
 
AwinishCommented:
Did you verify nslookup is able to resolve host to IP & Vice versa for dc's?
Configuirng ADC using dcpromotion on VM is not an issue but using image or 3rd party software to create DC on VM is not recommended or supported by MS. It leads to problem like usn roll back,netlogon pause etc issue on dc's.
Yes,you can demote & promote the dc gracefully as well as forcefull,but if its forcefully run metadata cleanup to remove the records then only promote to ADC.
Lastly, roles can be transferred from one dc to another if other dc is going to retire or taken for maintenance purpose.
If FSMO role holder dc is crashed,you have to seize the roles & you can't bring the server online withour performing metadata cleanup of seized role DC.
If you try to bring,there will be lot of issue & conflict which might not allow dc's to work properly.
References:
http://www.petri.co.il/seizing_fsmo_roles.htm 
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
johnbelangerAuthor Commented:
I created the VM using P2V from the ESX console, so it was hot cloned. The issue now is that the original hardware DC is not available due to the original hardware issue that caused me to create the VM in the first place.

I also believe this is partly an FSMO issue. I tried changing roles using the Operations Masters option in AD Users and Computers, but  under Operations Master is just says ERROR. I think what I need to do at this point is pretend the VM DC doesn't exist anymore and treat it as a DC that has died. Can I use dcpromo to establish the proper roles on the remaining DC? At that point I will set up a fresh VM and promote that to a DC, but I think I need to clear up any remnants of the old one before I can do that, correct?
0
 
CitySecCommented:
What roles did this server hold?  You probably should have stopped the netlogon service on the physical machine before doing a P2V of the machine.  I've done this with a DC and mitigated the replication issues.  Have you tried using the ntdsutil to transfer roles to the other DC(s)?  Otherwise, you'll have to seize the roles which will forcefully transfer the roles to the remaining DC(s)?

Yes, there will be a few maintenance tasks associated with Active Directory that you will have to perform to clean things up a bit.
0
 
johnbelangerAuthor Commented:
The site referenced also had information on cleaning up the metadata.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now