Solved

DC down, DC up again.

Posted on 2010-08-14
6
408 Views
Last Modified: 2012-06-27
2 DCs. Master fails. I seized the FSMO roles to the second DC. Worked great. Cleaned up Metadata. I rebuilt DNS from scratch on new Master and DHCP.

After tinkering with the failed DC I got it to boot. I turned off DNS and DHCP on the "bad" server. I want this sever up a few more days so I can pull other service configs and some file shares off before I format and reinstall as a DC again.

It is interfearing with the GC. when I try to add a computer to the domain, it shows up under the ADUC of the bad DC and not the Good one. i tryied to rebuild the connections to allow replication. When I force replication it says "replication completed" but the new WS does not show up in the "Good" dc, only the "bad" one.

I checked the Metadata and the PDC roles on both servers and they both point to the "Good" server.

When i ping the domain.local from the Workstations it returns the IP of the Bad DC. flushdns did not fix it.

I want to put the bad DC into a member server role so that it will stop interfearing with the GC long enough to xcopy some files off of it and then format the raid. Keep in mind DCPROMO does not work, and ntdsutil does not see the bad DC.
0
Comment
Question by:stephenwyles
6 Comments
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 500 total points
ID: 33436985
If seizing FSMO-roles, the old DC holding FSMOs shall not be online as DC again until it has been demoted and cleaned up.
Use dcpromo/forceremoval on the bad DC and cleanup metadata before getting it back as DC again.
0
 

Author Comment

by:stephenwyles
ID: 33437043
This appears to be working, it got further than the normal "dcpromo" attempt. I will keep you posted.
0
 

Author Comment

by:stephenwyles
ID: 33437170
It appears to have worked... one problem. When it finished, it said it successfully removed AD from the computer... Restart Now or Restart Later?

That's a problem. I do not want to restart this server in the fear of it not coming back up. I feel as though it is on "life support" and if I shut it down it may never start back up. I need windows to restart so that I can continue to get the service config settings off of it.

Anyway to manually restart the individual services in order to clear the AD info from the server without actually restarting it?
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 27

Expert Comment

by:Steve
ID: 33439837
in a situation where a bad DC is interfering you're best option is to disconnect it from the network.
In this way, you can have the bad DC running and copy files or access it as required without it affeecting the existing domain. BY design, while the server is connected and thinks it is a DC, it will try to perform DC tasks and cause problems.

0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33440401
After FSMO seizing old DC shouldn't be connected to the network. You have to reinstall OS first and then promote it to the domain controller again. If you do not proceed that way you can have problems with PDC.
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 33440621
The reboot is necessary to finish the removing of the DC role.
With the metadata cleanup on the good DC, it is not longer recognized as DC in the domain, but still beleaved it's a DC until used dcpromo/forceremoval to force it into member server role.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now