Solved

DNS / AD failure on restored SBS 2008 Server

Posted on 2010-08-25
17
981 Views
Last Modified: 2012-05-10
Hi,

I have restored an SBS 2008 server to a new box using Microsoft's own SBS 2008 backup, and running a bare metal restore.

The restored PC does not have a functioning Active Directory (for example AD Users and Computers does not work.)

The problem would appear to be DNS related. The following error occurs in the DNS log shortly after booting:

The DNS server was unable to open zone fx.local in the Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.

Any ideas, or do you need more information?

Richard
0
Comment
Question by:rpm
  • 8
  • 3
  • 3
  • +2
17 Comments
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33520560
Make sure the ip settings are configured so that the server looks at itself for DNS as a first step.
Once that is done restart the server so that it registers all required records, then see what issues are outstanding.
0
 
LVL 1

Author Comment

by:rpm
ID: 33520592
Thanks for the very prompt response.

I have already tried this step.

Richard
0
 
LVL 2

Expert Comment

by:andrewjones1987
ID: 33520602
is this a dc??? if so, how many dc's do you have???
0
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33520608
And you are still unable to open AD users and computers? what message do yo get?
0
 
LVL 1

Author Comment

by:rpm
ID: 33520634
Yes, as SBS 2008 it is the primary DC. There is one other server, but I'm not sure if that is a DC too.

The other server isn't with me!
0
 
LVL 1

Author Comment

by:rpm
ID: 33520678
Opening ADUC gives:

Naming information cannot be located because:
The specified domain either does not exist or could not be contacted.
Contact your system administrator to verify that your domain is properly configured and is currently online.

Clicking OK opens ADUC with a cross on the top folder of the tree, and nothing to expand
0
 
LVL 2

Expert Comment

by:andrewjones1987
ID: 33520686
I believe that you problem lies with the SIDs on the DC, as hardware is now different from old server. Give me mo to have a think of best way forward :-)
0
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33520724
Have the DNS services started OK? does the DNS console look ok? (can it be opened)
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 1

Author Comment

by:rpm
ID: 33520743
Yes the DNS Server Service is running (and also restarts fine)

The DNS console looks fine to me
0
 
LVL 2

Expert Comment

by:andrewjones1987
ID: 33520760
Have you definately restored the "System State" part of the backup, as this contains AD.
See my initial thought was that you may have more than one dc, so what you could have done is transfer FSMO role to it, demote the broken one and then run dcpromo again to re-promote to dc, but you can't do that.

have a look through:
http://searchwindowsserver.techtarget.com/tip/0,289483,sid68_gci1052862_mem1,00.html
and
http://support.microsoft.com/default.aspx?scid=kb;en-us;263532

may be some help......I will continue to have a think :-)
0
 
LVL 1

Author Comment

by:rpm
ID: 33520816
It was a full system restore, so that superceeds the old system state!

The FSMOs were definatly on the server that I am restoring.

I'll try your links!
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33520908
I am going to preface this with "I have not actually done a bare metal restore using the windows utility to new hardware before (HIR)" but unless the indows HIR dows some magic I can't see why this would also not apply to your situation.

I have done some searches to try to prove that this DOES NOT apply to a Windows backup/restore to new hardware, but have not been able to find anything to cause me not to post this.

The info below relates to another disk image/restore application. But an image is an image isn't it?

When you did the bare metal restore did you boot into AD Restore mode before you booted into normal mode?

 but the procedure for other disk imaging software that I have used is to:
- ensure that the first boot after the restore is into AD Restore mode
- use DEVMGR_SHOW_NONPRESENT_DEVICES to remove the old NIC hardware
- ensure the network driver is loaded for the new NIC
- ensure the IP Address is set and DNS is pointing to itself
- then and only then boot normally.

Some more info here
http://blog.mpecsinc.ca/2008/02/sbs-shadowprotect-some-hardware.html

In my experience if the above is not done and the server is allowed to boot normally on the first boot (and it takes ages) AD gets killed.

Andy

0
 
LVL 1

Author Comment

by:rpm
ID: 33521004
That all sounds highly feasible ... I'll try a new restore and do as you suggested!

I'll need to watch closely as the server automatically boots at the end of the restore process!

Richard
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 33521751
For the record, the SBS restore is not intended for restore to new hardware. Generally you need to use applications like Acronis with universal restore mode, Storagecraft, or restore to a virtual instance. However, if the hardware is almost identical, and the drive and partition configurations are identical it should work, and with the SBS2008 restore you should not have to manually do a system state restore.

I would recommend running the SBS Best practices analyzer which will point out most configuration issues:
http://www.microsoft.com/downloads/details.aspx?familyid=86a1aa32-9814-484e-bd43-3e42aec7f731&displaylang=en
also run the "fix my network wizard" located in the SBS console under network | connectivity
0
 
LVL 1

Author Comment

by:rpm
ID: 34109925
This task was abandoned in failure! I don't believe a solution exists for my problem!
0
 
LVL 1

Author Closing Comment

by:rpm
ID: 34109933
It's not a solution but as this expert stated that what I was trying to do was not the intention of the system, that is the closest to the final outcome!
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34110962
Thanks rpm.
Cheers!
--Rob
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now