DNS / AD failure on restored SBS 2008 Server

Hi,

I have restored an SBS 2008 server to a new box using Microsoft's own SBS 2008 backup, and running a bare metal restore.

The restored PC does not have a functioning Active Directory (for example AD Users and Computers does not work.)

The problem would appear to be DNS related. The following error occurs in the DNS log shortly after booting:

The DNS server was unable to open zone fx.local in the Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.

Any ideas, or do you need more information?

Richard
LVL 1
rpmAsked:
Who is Participating?
 
Rob WilliamsCommented:
For the record, the SBS restore is not intended for restore to new hardware. Generally you need to use applications like Acronis with universal restore mode, Storagecraft, or restore to a virtual instance. However, if the hardware is almost identical, and the drive and partition configurations are identical it should work, and with the SBS2008 restore you should not have to manually do a system state restore.

I would recommend running the SBS Best practices analyzer which will point out most configuration issues:
http://www.microsoft.com/downloads/details.aspx?familyid=86a1aa32-9814-484e-bd43-3e42aec7f731&displaylang=en
also run the "fix my network wizard" located in the SBS console under network | connectivity
0
 
Mike ThomasConsultantCommented:
Make sure the ip settings are configured so that the server looks at itself for DNS as a first step.
Once that is done restart the server so that it registers all required records, then see what issues are outstanding.
0
 
rpmAuthor Commented:
Thanks for the very prompt response.

I have already tried this step.

Richard
0
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

 
andrewjones1987Commented:
is this a dc??? if so, how many dc's do you have???
0
 
Mike ThomasConsultantCommented:
And you are still unable to open AD users and computers? what message do yo get?
0
 
rpmAuthor Commented:
Yes, as SBS 2008 it is the primary DC. There is one other server, but I'm not sure if that is a DC too.

The other server isn't with me!
0
 
rpmAuthor Commented:
Opening ADUC gives:

Naming information cannot be located because:
The specified domain either does not exist or could not be contacted.
Contact your system administrator to verify that your domain is properly configured and is currently online.

Clicking OK opens ADUC with a cross on the top folder of the tree, and nothing to expand
0
 
andrewjones1987Commented:
I believe that you problem lies with the SIDs on the DC, as hardware is now different from old server. Give me mo to have a think of best way forward :-)
0
 
Mike ThomasConsultantCommented:
Have the DNS services started OK? does the DNS console look ok? (can it be opened)
0
 
rpmAuthor Commented:
Yes the DNS Server Service is running (and also restarts fine)

The DNS console looks fine to me
0
 
andrewjones1987Commented:
Have you definately restored the "System State" part of the backup, as this contains AD.
See my initial thought was that you may have more than one dc, so what you could have done is transfer FSMO role to it, demote the broken one and then run dcpromo again to re-promote to dc, but you can't do that.

have a look through:
http://searchwindowsserver.techtarget.com/tip/0,289483,sid68_gci1052862_mem1,00.html
and
http://support.microsoft.com/default.aspx?scid=kb;en-us;263532

may be some help......I will continue to have a think :-)
0
 
rpmAuthor Commented:
It was a full system restore, so that superceeds the old system state!

The FSMOs were definatly on the server that I am restoring.

I'll try your links!
0
 
Andrew OakeleyConsultantCommented:
I am going to preface this with "I have not actually done a bare metal restore using the windows utility to new hardware before (HIR)" but unless the indows HIR dows some magic I can't see why this would also not apply to your situation.

I have done some searches to try to prove that this DOES NOT apply to a Windows backup/restore to new hardware, but have not been able to find anything to cause me not to post this.

The info below relates to another disk image/restore application. But an image is an image isn't it?

When you did the bare metal restore did you boot into AD Restore mode before you booted into normal mode?

 but the procedure for other disk imaging software that I have used is to:
- ensure that the first boot after the restore is into AD Restore mode
- use DEVMGR_SHOW_NONPRESENT_DEVICES to remove the old NIC hardware
- ensure the network driver is loaded for the new NIC
- ensure the IP Address is set and DNS is pointing to itself
- then and only then boot normally.

Some more info here
http://blog.mpecsinc.ca/2008/02/sbs-shadowprotect-some-hardware.html

In my experience if the above is not done and the server is allowed to boot normally on the first boot (and it takes ages) AD gets killed.

Andy

0
 
rpmAuthor Commented:
That all sounds highly feasible ... I'll try a new restore and do as you suggested!

I'll need to watch closely as the server automatically boots at the end of the restore process!

Richard
0
 
rpmAuthor Commented:
This task was abandoned in failure! I don't believe a solution exists for my problem!
0
 
rpmAuthor Commented:
It's not a solution but as this expert stated that what I was trying to do was not the intention of the system, that is the closest to the final outcome!
0
 
Rob WilliamsCommented:
Thanks rpm.
Cheers!
--Rob
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.