Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

DC down, DC up again.

Posted on 2010-08-14
6
Medium Priority
?
467 Views
Last Modified: 2012-06-27
2 DCs. Master fails. I seized the FSMO roles to the second DC. Worked great. Cleaned up Metadata. I rebuilt DNS from scratch on new Master and DHCP.

After tinkering with the failed DC I got it to boot. I turned off DNS and DHCP on the "bad" server. I want this sever up a few more days so I can pull other service configs and some file shares off before I format and reinstall as a DC again.

It is interfearing with the GC. when I try to add a computer to the domain, it shows up under the ADUC of the bad DC and not the Good one. i tryied to rebuild the connections to allow replication. When I force replication it says "replication completed" but the new WS does not show up in the "Good" dc, only the "bad" one.

I checked the Metadata and the PDC roles on both servers and they both point to the "Good" server.

When i ping the domain.local from the Workstations it returns the IP of the Bad DC. flushdns did not fix it.

I want to put the bad DC into a member server role so that it will stop interfearing with the GC long enough to xcopy some files off of it and then format the raid. Keep in mind DCPROMO does not work, and ntdsutil does not see the bad DC.
0
Comment
Question by:stephenwyles
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 2000 total points
ID: 33436985
If seizing FSMO-roles, the old DC holding FSMOs shall not be online as DC again until it has been demoted and cleaned up.
Use dcpromo/forceremoval on the bad DC and cleanup metadata before getting it back as DC again.
0
 

Author Comment

by:stephenwyles
ID: 33437043
This appears to be working, it got further than the normal "dcpromo" attempt. I will keep you posted.
0
 

Author Comment

by:stephenwyles
ID: 33437170
It appears to have worked... one problem. When it finished, it said it successfully removed AD from the computer... Restart Now or Restart Later?

That's a problem. I do not want to restart this server in the fear of it not coming back up. I feel as though it is on "life support" and if I shut it down it may never start back up. I need windows to restart so that I can continue to get the service config settings off of it.

Anyway to manually restart the individual services in order to clear the AD info from the server without actually restarting it?
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 27

Expert Comment

by:Steve
ID: 33439837
in a situation where a bad DC is interfering you're best option is to disconnect it from the network.
In this way, you can have the bad DC running and copy files or access it as required without it affeecting the existing domain. BY design, while the server is connected and thinks it is a DC, it will try to perform DC tasks and cause problems.

0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33440401
After FSMO seizing old DC shouldn't be connected to the network. You have to reinstall OS first and then promote it to the domain controller again. If you do not proceed that way you can have problems with PDC.
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 33440621
The reboot is necessary to finish the removing of the DC role.
With the metadata cleanup on the good DC, it is not longer recognized as DC in the domain, but still beleaved it's a DC until used dcpromo/forceremoval to force it into member server role.
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question