Solved

demote child domain and rejoin again

Posted on 2011-02-12
60
2,322 Views
Last Modified: 2012-05-11
Hi,

I need demote my child domain from parent domain, because I note very comunication error betweem them.

What is the best way to do it?
 
When I demote and rejoin the child, I need to configure all user, gpo, etc, again?

Best regards

André Bolinhas
0
Comment
Question by:abolinhas
  • 32
  • 27
60 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 34879238
You cannot "Demote" a domain from a forest all you can do is DELETE it.
What is the problem you are having? It may make more sense to find the problem.
0
 
LVL 9

Author Comment

by:abolinhas
ID: 34879295
Hi Neisr,

Thanks for you quick response.

1º - When try access to child trought ad user & computers console from parent domain. I get a access deny.
I'm loguin as domain admin
Check - http://itbyandrebolinhas.com/images/ad1.png


2º - My child domain are grey in DNS
Check -  http://itbyandrebolinhas.com/images/dns.png

3º - Check the output of dcdiag (from child)
C:\Users\Administrator>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = DC01
   * Identified AD Forest.
   [CHLD01] LDAP bind failed with error 1326,
   Logon failure: unknown user name or bad password..
   Got error while checking if the DC is using FRS or DFSR. Error:
   Logon failure: unknown user name or bad password.The VerifyReferences,
   FrsEvent and DfsrEvent tests might fail because of this error.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\DC01
      Starting test: Connectivity
         Message 0x621 not found.
         Got error while checking LDAP and RPC connectivity. Please check your
         firewall settings.
         ......................... DC01 failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\DC01
      Skipping all tests, because server DC01 is not responding to directory
      service requests.
0
 
LVL 9

Author Comment

by:abolinhas
ID: 34879663
Hi Neilsr:

Please ignore the last problem
"
3º - Check the output of dcdiag (from child)
C:\Users\Administrator>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = DC01
   * Identified AD Forest.
   [CHLD01] LDAP bind failed with error 1326,
   Logon failure: unknown user name or bad password..
   Got error while checking if the DC is using FRS or DFSR. Error:
   Logon failure: unknown user name or bad password.The VerifyReferences,
   FrsEvent and DfsrEvent tests might fail because of this error.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\DC01
      Starting test: Connectivity
         Message 0x621 not found.
         Got error while checking LDAP and RPC connectivity. Please check your
         firewall settings.
         ......................... DC01 failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\DC01
      Skipping all tests, because server DC01 is not responding to directory
      service requests.
"

I run dcdiag from parent and not from child, my mistake.

Test that I made from child


C:\Users\Administrator>netdom query fsmo
Schema master               DC01.florasul.lan
Domain naming master        DC01.florasul.lan
PDC                         CHLD01.evora01.florasul.lan
RID pool manager            CHLD01.evora01.florasul.lan
Infrastructure master       CHLD01.evora01.florasul.lan
The command completed successfully.



C:\Users\Administrator>repadmin /replsum
Replication Summary Start Time: 2011-02-12 18:01:29

Beginning data collection for replication summary, this may take awhile:
  .....


Source DSA          largest delta    fails/total %%   error
 CHLD01                    10m:02s    0 /   4    0
 DC01                      09m:45s    0 /   4    0


Destination DSA     largest delta    fails/total %%   error
 CHLD01                    09m:45s    0 /   4    0
 DC01                      10m:02s    0 /   4    0


dcdiag /v /c
   Running enterprise tests on : florasul.lan
      Starting test: DNS
         Test results for domain controllers:

            DC: CHLD01.evora01.florasul.lan
            Domain: evora01.florasul.lan


               TEST: Authentication (Auth)
                  Authentication test: Successfully completed

               TEST: Basic (Basc)
                  Error: No LDAP connectivity
                  The OS
                  Microsoft Windows Server 2008 R2 Standard  (Service Pack level
: 0.0)
                  is supported.
                  NETLOGON service is running
                  kdc service is running
                  DNSCACHE service is running
                  DNS service is running
                  DC is a DNS server
                  Network adapters information:
                  Adapter
                  [00000016] Intel(R) Advanced Network Services Virtual Adapter:


                     MAC address is 00:30:48:7D:0E:60
                     IP Address is static
                     IP address: 192.168.2.101
                     DNS servers:
                        127.0.0.1 (CHLD01) [Valid]
                        192.168.1.101 (<name unavailable>) [Valid]
                  No host records (A or AAAA) were found for this DC
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found prim
ary
                  Root zone on this DC/DNS server was not found

               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information:
                     208.67.220.220 (<name unavailable>) [Invalid]
                     208.67.222.222 (<name unavailable>) [Invalid]
                     Error: All forwarders in the forwarder list are invalid.
                  Root hint Information:
                     Name: a.root-servers.net. IP: 198.41.0.4 [Invalid]
                     Name: d.root-servers.net. IP: 128.8.10.90 [Invalid]
                     Name: f.root-servers.net. IP: 192.5.5.241 [Invalid]
                  Error: Both root hints and forwarders are not configured or
                  broken. Please make sure at least one of them works.

               TEST: Delegations (Del)
                  No delegations were found in this zone on this DNS server

               TEST: Dynamic update (Dyn)
                  Test record dcdiag-test-record added successfully in zone evor
a01.florasul.lan
                  Test record dcdiag-test-record deleted successfully in zone ev
ora01.florasul.lan

               TEST: Records registration (RReg)
                  Network Adapter
                  [00000016] Intel(R) Advanced Network Services Virtual Adapter:


                     Matching CNAME record found at DNS server 192.168.2.101:
                     93313e43-0c25-412f-8d4b-6a45ff2318f1._msdcs.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _ldap._tcp.evora01.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _ldap._tcp.66cd515e-8176-4bde-8f4d-236b50aad6ff.domains._ms
dcs.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _kerberos._tcp.dc._msdcs.evora01.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _ldap._tcp.dc._msdcs.evora01.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _kerberos._tcp.evora01.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _kerberos._udp.evora01.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _kpasswd._tcp.evora01.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _ldap._tcp.Default-First-Site-Name._sites.evora01.florasul.
lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.evo
ra01.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.evora01
.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _kerberos._tcp.Default-First-Site-Name._sites.evora01.flora
sul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _ldap._tcp.gc._msdcs.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _gc._tcp.Default-First-Site-Name._sites.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.florasu
l.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _ldap._tcp.pdc._msdcs.evora01.florasul.lan

                     Matching CNAME record found at DNS server 192.168.1.101:
                     93313e43-0c25-412f-8d4b-6a45ff2318f1._msdcs.florasul.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _ldap._tcp.evora01.florasul.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _ldap._tcp.66cd515e-8176-4bde-8f4d-236b50aad6ff.domains._ms
dcs.florasul.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _kerberos._tcp.dc._msdcs.evora01.florasul.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _ldap._tcp.dc._msdcs.evora01.florasul.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _kerberos._tcp.evora01.florasul.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _kerberos._udp.evora01.florasul.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _kpasswd._tcp.evora01.florasul.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _ldap._tcp.Default-First-Site-Name._sites.evora01.florasul.
lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.evo
ra01.florasul.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.evora01
.florasul.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _kerberos._tcp.Default-First-Site-Name._sites.evora01.flora
sul.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _ldap._tcp.gc._msdcs.florasul.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _gc._tcp.Default-First-Site-Name._sites.florasul.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.florasu
l.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _ldap._tcp.pdc._msdcs.evora01.florasul.lan

               Error: Record registrations cannot be found for all the network
               adapters

         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.florasul.lan. faile
d on the DNS server 128.8.10.90
               [Error details: 9003 (Type: Win32 - Description: DNS name does no
t exist.)]

            DNS server: 192.5.5.241 (f.root-servers.net.)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.florasul.lan. faile
d on the DNS server 192.5.5.241
               [Error details: 9003 (Type: Win32 - Description: DNS name does no
t exist.)]

            DNS server: 198.41.0.4 (a.root-servers.net.)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.florasul.lan. faile
d on the DNS server 198.41.0.4
               [Error details: 9003 (Type: Win32 - Description: DNS name does no
t exist.)]

            DNS server: 208.67.220.220 (<name unavailable>)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.florasul.lan. faile
d on the DNS server 208.67.220.220
               [Error details: 9003 (Type: Win32 - Description: DNS name does no
t exist.)]

            DNS server: 208.67.222.222 (<name unavailable>)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.florasul.lan. faile
d on the DNS server 208.67.222.222
               [Error details: 9003 (Type: Win32 - Description: DNS name does no
t exist.)]

            DNS server: 192.168.1.101 (<name unavailable>)
               All tests passed on this DNS server
               Name resolution is functional._ldap._tcp SRV record for the fores
t root domain is registered

            DNS server: 192.168.2.101 (CHLD01)
               All tests passed on this DNS server
               Name resolution is functional._ldap._tcp SRV record for the fores
t root domain is registered

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: evora01.florasul.lan
               CHLD01                       PASS FAIL FAIL PASS PASS FAIL n/a

         ......................... florasul.lan failed test DNS
      Starting test: LocatorCheck
         GC Name: \\CHLD01.evora01.florasul.lan
         Locator Flags: 0xe00031fd
         PDC Name: \\CHLD01.evora01.florasul.lan
         Locator Flags: 0xe00031fd
         Time Server Name: \\CHLD01.evora01.florasul.lan
         Locator Flags: 0xe00031fd
         Preferred Time Server Name: \\CHLD01.evora01.florasul.lan
         Locator Flags: 0xe00031fd
         KDC Name: \\CHLD01.evora01.florasul.lan
         Locator Flags: 0xe00031fd
         ......................... florasul.lan passed test LocatorCheck
      Starting test: FsmoCheck
         GC Name: \\CHLD01.evora01.florasul.lan
         Locator Flags: 0xe00031fd
         PDC Name: \\CHLD01.evora01.florasul.lan
         Locator Flags: 0xe00031fd
         Time Server Name: \\CHLD01.evora01.florasul.lan
         Locator Flags: 0xe00031fd
         Preferred Time Server Name: \\CHLD01.evora01.florasul.lan
         Locator Flags: 0xe00031fd
         KDC Name: \\CHLD01.evora01.florasul.lan
         Locator Flags: 0xe00031fd
         ......................... florasul.lan passed test FsmoCheck
      Starting test: Intersite
         Skipping site Default-First-Site-Name, this site is outside the scope
         provided by the command line arguments provided.
         ......................... florasul.lan passed test Intersite
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34880588
First thing you should not be using 127.0.0.1 put the actual IP address of the DC. Make sure you don't have external DNS servers listed in your TCP\IP properties it should onlhave internal DNS servers in the TCP\IP properties.

Run ipconfig /flushdns, ipconfig /registerdns, and dcdiag /fix.

Liek already stated above you can't demote child domain from root you must delete completely then restart everything configured before this is the only way if you want to move forward but do the above then see how things work before deletion of the domain
0
 
LVL 9

Author Comment

by:abolinhas
ID: 34880979
Hi dariusg

Done:

C:\Users\Administrator>dcdig /fix
'dcdig' is not recognized as an internal or external command,
operable program or batch file.

C:\Users\Administrator>dcdiag /fix

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = CHLD01
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\CHLD01
      Starting test: Connectivity
         Message 0x621 not found.
         Got error while checking LDAP and RPC connectivity. Please check your
         firewall settings.
         ......................... CHLD01 failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\CHLD01
      Skipping all tests, because server CHLD01 is not responding to directory
      service requests.


   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : evora01
      Starting test: CheckSDRefDom
         ......................... evora01 passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... evora01 passed test CrossRefValidation

   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running enterprise tests on : florasul.lan
      Starting test: LocatorCheck
         ......................... florasul.lan passed test LocatorCheck
      Starting test: Intersite
         ......................... florasul.lan passed test Intersite


Any more tests to do?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34883662
http://support.microsoft.com/kb/978387

http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/d5bebedd-bc3a-4b91-a053-7c04c78c2ec1/

This is a know issue on Windows 2008 Servers when using a team on a DC. There is an issue with dcdiag as well
0
 
LVL 9

Author Comment

by:abolinhas
ID: 34893115

Hi,

The hotfix don't solve my problem.

This is the common problem that I have to.
For example.

From parent domain I can ping the child domain by name.
But if I try access child by unc path by name like \\child01 I get a "You don't have permission to access to \\chld01", but if I try by IP \\xxx.xxx.xxx.xxx works very well.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34893498
Do you have a DNS suffix listed?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34893499
Can you remove network team? If you have one setup?
0
 
LVL 9

Author Comment

by:abolinhas
ID: 34896845
Hi dariusg,

What do you mean with dns suffix listed ?

"Can you remove network team?"
I will try avoid this, this is my last option, because the child is very far of me, about 400km, and do this remotely is very dangerous.

Best ragards

André Bolinhas
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34897611
If you look in your TCP\IP properties do you have dns suffix listed?
0
 
LVL 9

Author Comment

by:abolinhas
ID: 34899203
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34901985
Yes.
0
 
LVL 9

Author Comment

by:abolinhas
ID: 34902639
Yes, I have suffix in both dns (parent and child)

But still don't work
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34907931
Can you remove the team please?

Please run command prompt  as admin as well
0
 
LVL 9

Author Comment

by:abolinhas
ID: 34911878
Hi Darius,

I change team mode to fail over only (instead of load balancig + fail over).

Now I can access to chld via unc path by name \\chld.

Now I just need to fix this
http://itbyandrebolinhas.com/images/ad1.png
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34912318
Are you using the correct username and password? Are you using Domain Admin from the child Domain?
0
 
LVL 9

Author Comment

by:abolinhas
ID: 34912498
no, on child I use the child admin user and pass.

From child to parent this http://itbyandrebolinhas.com/images/ad1.png work fine.

0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34916979
Can you access resources from the other domain?
0
 
LVL 9

Author Comment

by:abolinhas
ID: 34917089
From child I can access to all resources on parent domain.

From parent I can not access to all resources on child.

0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34917231
Do you have DNS zone for child domain in your HQ DNS server?
0
 
LVL 9

Author Comment

by:abolinhas
ID: 34917458
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34918060
Seems like you don't have your delegated DNS zone for the child listed in the parent. You need to have this zone in the HQ DNS so it can resolve child domain's addresses
0
 
LVL 9

Author Comment

by:abolinhas
ID: 34918107
I create a new delagation on parent but the folder still grey
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34918564
You should have zone listed.
0
 
LVL 9

Author Comment

by:abolinhas
ID: 34918698
You means this
http://itbyandrebolinhas.com/images/dns3.png
?

If so, this should be a primary or a secondary zone ?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34918759
Yes, create the zone for the child domain you should have it stored in AD
0
 
LVL 9

Author Comment

by:abolinhas
ID: 34918976
So it is a primary zone.

On the next board, what is the option that I need choose?
http://itbyandrebolinhas.com/images/dns4.png
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34919077
Hold on go to your child DNS server go to the properties of that zone do you have replication setup to replicate to whole forest?
0
 
LVL 9

Author Comment

by:abolinhas
ID: 34919187
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34919215
On zone transfers what do you have
0
 
LVL 9

Author Comment

by:abolinhas
ID: 34919222
Hi Dariusq,

Please ignore the last comment

Parent replication:
http://itbyandrebolinhas.com/images/dns6.png

Child replication
http://itbyandrebolinhas.com/images/dns7.png
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34919313
Change the child zone to replicate to all of DC in forest. Then don't worry about creating the zone in parent it should replicate to parent now.
0
 
LVL 9

Author Comment

by:abolinhas
ID: 34919420
Ok, the child already repicate the zone to parent domain.

But still get access denied
http://itbyandrebolinhas.com/images/ad1.png
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34920664
Run dcdiag /fix

Post dcdiag
0
 
LVL 9

Author Comment

by:abolinhas
ID: 34920772
From parent:

C:\Users\Administrator>dcdiag /fix

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = DC01
   * Identified AD Forest.
   [CHLD01] LDAP bind failed with error 1326,
   Logon failure: unknown user name or bad password..
   Got error while checking if the DC is using FRS or DFSR. Error:
   Logon failure: unknown user name or bad password.The VerifyReferences,
   FrsEvent and DfsrEvent tests might fail because of this error.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\DC01
      Starting test: Connectivity
         ......................... DC01 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\DC01
      Starting test: Advertising
         ......................... DC01 passed test Advertising
      Starting test: FrsEvent
         ......................... DC01 passed test FrsEvent
      Starting test: DFSREvent
         ......................... DC01 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... DC01 passed test SysVolCheck
      Starting test: KccEvent
         ......................... DC01 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... DC01 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... DC01 passed test MachineAccount
      Starting test: NCSecDesc
         ......................... DC01 passed test NCSecDesc
      Starting test: NetLogons
         ......................... DC01 passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... DC01 passed test ObjectsReplicated
      Starting test: Replications
         ......................... DC01 passed test Replications
      Starting test: RidManager
         ......................... DC01 passed test RidManager
      Starting test: Services
         ......................... DC01 passed test Services
      Starting test: SystemLog
         A warning event occurred.  EventID: 0x8000000E
            Time Generated: 02/17/2011   20:21:44
            Event String:
            The password stored in Credential Manager is invalid. This might be
caused by the user changing the password from this computer or a different comp
ter. To resolve this error, open Credential Manager in Control Panel, and reent
r the password for the credential FLORASUL\vanessa.paulo.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 02/17/2011   20:21:44
            Event String:
            Driver EPSON SX125 Series required for printer EPSON SX125 Series i
 unknown. Contact the administrator to install the driver before you log in aga
n.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 02/17/2011   20:21:45
            Event String:
            Driver PDFCreator required for printer PDFCreator is unknown. Conta
t the administrator to install the driver before you log in again.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 02/17/2011   20:21:48
            Event String:
            Driver Adobe PDF Converter required for printer Adobe PDF is unknow
. Contact the administrator to install the driver before you log in again.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 02/17/2011   20:21:48
            Event String:
            Driver PDF995 Printer Driver required for printer PDF995 is unknown
 Contact the administrator to install the driver before you log in again.
         An error event occurred.  EventID: 0xC0002719
            Time Generated: 02/17/2011   20:23:25
            Event String:
            DCOM was unable to communicate with the computer 208.67.220.220 usi
g any of the configured protocols.
         An error event occurred.  EventID: 0xC0002719
            Time Generated: 02/17/2011   20:23:46
            Event String:
            DCOM was unable to communicate with the computer 208.67.222.222 usi
g any of the configured protocols.
         An error event occurred.  EventID: 0x0000042E
            Time Generated: 02/17/2011   21:04:55
            Event String:
            Iashlpr initialization failed: The DHCP service was unable to acces
 path specified for the audit log.
         ......................... DC01 failed test SystemLog
      Starting test: VerifyReferences
         ......................... DC01 passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : florasul
      Starting test: CheckSDRefDom
         ......................... florasul passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... florasul passed test CrossRefValidation

   Running enterprise tests on : florasul.lan
      Starting test: LocatorCheck
         ......................... florasul.lan passed test LocatorCheck
      Starting test: Intersite
         ......................... florasul.lan passed test Intersite



From child
C:\Users\Administrator>dcdiag /fix

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = CHLD01
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\CHLD01
      Starting test: Connectivity
         ......................... CHLD01 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\CHLD01
      Starting test: Advertising
         ......................... CHLD01 passed test Advertising
      Starting test: FrsEvent
         ......................... CHLD01 passed test FrsEvent
      Starting test: DFSREvent
         ......................... CHLD01 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... CHLD01 passed test SysVolCheck
      Starting test: KccEvent
         ......................... CHLD01 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... CHLD01 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... CHLD01 passed test MachineAccount
      Starting test: NCSecDesc
         ......................... CHLD01 passed test NCSecDesc
      Starting test: NetLogons
         ......................... CHLD01 passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... CHLD01 passed test ObjectsReplicated
      Starting test: Replications
         ......................... CHLD01 passed test Replications
      Starting test: RidManager
         ......................... CHLD01 passed test RidManager
      Starting test: Services
         ......................... CHLD01 passed test Services
      Starting test: SystemLog
         An error event occurred.  EventID: 0x00000457
            Time Generated: 02/17/2011   21:17:26
            Event String:
            Driver EPSON SX125 Series required for printer EPSON SX125 Series is
 unknown. Contact the administrator to install the driver before you log in agai
n.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 02/17/2011   21:17:26
            Event String:
            Driver Adobe PDF Converter required for printer Adobe PDF is unknown
. Contact the administrator to install the driver before you log in again.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 02/17/2011   21:17:30
            Event String:
            Driver PDF995 Printer Driver required for printer PDF995 is unknown.
 Contact the administrator to install the driver before you log in again.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 02/17/2011   21:17:30
            Event String:
            Driver PDFCreator required for printer PDFCreator is unknown. Contac
t the administrator to install the driver before you log in again.
         ......................... CHLD01 failed test SystemLog
      Starting test: VerifyReferences
         ......................... CHLD01 passed test VerifyReferences


   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : evora01
      Starting test: CheckSDRefDom
         ......................... evora01 passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... evora01 passed test CrossRefValidation

   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running enterprise tests on : florasul.lan
      Starting test: LocatorCheck
         ......................... florasul.lan passed test LocatorCheck
      Starting test: Intersite
         ......................... florasul.lan passed test Intersite
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34922260
Still points to a network team issue.
0
 
LVL 9

Author Comment

by:abolinhas
ID: 34922652
ok, if there is no more options to testing, I'll try disable the team remotely

Thanks
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34925884
No more from me right now
0
 
LVL 9

Author Comment

by:abolinhas
ID: 34925923
Hi dariusq

I already remove the team, reboot the server and run dcdiag /fix.

But the problem stiil
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34925981
Do you have team at HQ as well?
0
 
LVL 9

Author Comment

by:abolinhas
ID: 34926019
I remove the team in both servers
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34926217
Is there a firewall between the two?
0
 
LVL 9

Author Comment

by:abolinhas
ID: 34926255
no
0
 
LVL 9

Author Comment

by:abolinhas
ID: 34926308
the server are connected trough a vpn ipsec
0
 
LVL 9

Author Comment

by:abolinhas
ID: 34926794
I get a 500 Internal error
0
 
LVL 9

Author Comment

by:abolinhas
ID: 34926808
Please ignore the last comment.

"I get a 500 Internal error"
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34927306
Could be that ports are open properly on VPN
0
 
LVL 9

Author Comment

by:abolinhas
ID: 34927393
what ports?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34927420
0
 
LVL 9

Author Comment

by:abolinhas
ID: 34927777
I have the ports open.
The parent detects the child online, but when I do "OK", I get uknow user or bad password

http://itbyandrebolinhas.com/images/dc_ad.png
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34927806
Can you go Run \\Domaincontroller
0
 
LVL 9

Author Comment

by:abolinhas
ID: 34927859
yap, in both directions
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34928032
Authentication is working fine. Something is wrong with connecting to the server. Are you using Domain Admin password from child to add to console? Are you using Enterprise Admin?
0
 
LVL 9

Author Comment

by:abolinhas
ID: 34928038
yes, I'm enterprise admin and I'm log with enterprise account
0
 
LVL 9

Author Comment

by:abolinhas
ID: 34928222
I found this error on dcdiag (on parent)

 [CHLD01] LDAP bind failed with error 1326,
 Logon failure: unknown user name or bad password..
 Got error while checking if the DC is using FRS or DFSR. Error:
 Logon failure: unknown user name or bad password.The VerifyReferences,
 FrsEvent and DfsrEvent tests might fail because of this error.
 * Found 2 DC(s). Testing 1 of them.
 Done gathering initial info.
0
 
LVL 9

Author Comment

by:abolinhas
ID: 34928263
And in child I get this
         The DC CHLD01 is advertising as having a writeable directory
         The DC CHLD01 is advertising as a Key Distribution Center
         The DC CHLD01 is advertising as a time server
         The DS CHLD01 is advertising as a GC.
         ......................... CHLD01 passed test Advertising
      Starting test: CheckSecurityError
         * Dr Auth:  Beginning security errors check!
         Found KDC CHLD01 for domain evora01.florasul.lan in site Default-First-
Site-Name
         Checking machine account for DC CHLD01 on DC CHLD01.
         * SPN found :LDAP/CHLD01.evora01.florasul.lan/evora01.florasul.lan
         * SPN found :LDAP/CHLD01.evora01.florasul.lan
         * SPN found :LDAP/CHLD01
         * SPN found :LDAP/CHLD01.evora01.florasul.lan/EVORA01
         * SPN found :LDAP/93313e43-0c25-412f-8d4b-6a45ff2318f1._msdcs.florasul.
lan
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/93313e43-0c25-412f-8d
4b-6a45ff2318f1/evora01.florasul.lan
         * SPN found :HOST/CHLD01.evora01.florasul.lan/evora01.florasul.lan
         * SPN found :HOST/CHLD01.evora01.florasul.lan
         * SPN found :HOST/CHLD01
         * SPN found :HOST/CHLD01.evora01.florasul.lan/EVORA01
         * SPN found :GC/CHLD01.evora01.florasul.lan/florasul.lan
         [CHLD01] No security related replication errors were found on this DC!
          To target the connection to a specific source DC use
         /ReplSource:<DC>.
         ......................... CHLD01 passed test CheckSecurityError
      Starting test: CutoffServers
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 500 total points
ID: 34928784
0
 
LVL 9

Author Closing Comment

by:abolinhas
ID: 34930126
Finally FIXED :)

Your link don't solve my problem but help me a lot to understand my problem and fixed.

So, is fair assign you the points.

To fix the problem, I did the following steps:

1º On parent domain go to control panel.
2º Find Credential Manager inside User account.
3º In Credential Manager, search for any entries that pointing to child domain and deleted.

Dariusq many many thanks for your help.

Best regards

André Bolinhas
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34930360
You know I swore I put a link on before that said to do this but I guess I didn't paste it in glad it is working. We fixed some other issues as well.

Thanks again
0

Join & Write a Comment

Suggested Solutions

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now