Solved

Demote old DC

Posted on 2011-02-17
45
1,134 Views
Last Modified: 2012-05-11
I'm trying to demote an old 2003 master Domain Controller with a new 2008 server.
I have successfully transferred all FSMO roles to the new DC. And temporary the new DC is a secondary DNS server.
My problem is that the SYSVOL  and NETLOGON share was not created when promoting the new DC.
I tried to edit the BurFlags but this only helped med create the SYVOL share, not NETLOGON.
The “SYSVOL\domain name” is empty.
I got a third domain controller on the same domain that has worked as a secondary domain controller for the master DC I’m trying to demote. And I discovered that the SYSVOL share was empty on that server to.
I have checked that all 3 servers are registered correctly in DNS. And all servers are listed in “Sites and Services”.
Now I’m stuck!
0
Comment
Question by:elit2007
  • 20
  • 18
  • 5
  • +2
45 Comments
 
LVL 27

Expert Comment

by:KenMcF
ID: 34915012
Can you post the results from DCDIAG and "repadmin /showrepl"
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 34915077
Is the SYSVOL populated on the "master" DC?

Did you set the Burflags to "D2" on the 2008 DC?

If SYSVOL is shared, but not NETLOGON on the 2008 DC, try this:

http://support.microsoft.com/kb/947022/en-us
0
 
LVL 1

Author Comment

by:elit2007
ID: 34915115
I tried to set Burflags to D4 on the new 2008 DC. This created a empty SYSVOL share but not NETLOGON.
Both SYSVOL and NETLOGON is working on the old master DC.
0
 
LVL 7

Assisted Solution

by:David_Hagerman
David_Hagerman earned 100 total points
ID: 34915126
First check that FRS is running in services. if not here is an link to resolve this issue.

http://support.microsoft.com/kb/327341

This seems to be a replication problem if the server sees itself as the only server on the domain then it won't create these folders

There could have been a problem when the new server created the junction points. Try to rebuild the sysvol from this article. Please note this is a last resort. I am sure we can fix the replication problem

http://support.microsoft.com/kb/315457/en-us

let us know
0
 
LVL 1

Author Comment

by:elit2007
ID: 34915146
Here's the output of repadmin /showrepl

DS1: old master DC
x3200: Old secondary DC
DSDC: New 2008 DC
Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\DSDC
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 8d9ee249-49d5-4ab0-b0a1-94aa3934975f
DSA invocationID: f64d8f3c-7231-4c15-aa61-8ea146654539

==== INBOUND NEIGHBORS ======================================

DC=DENTALSOR,DC=LOCAL
    Default-First-Site-Name\DS1 via RPC
        DSA object GUID: 28fa45b5-4470-46a3-92b8-0fb59c8d6faf
        Last attempt @ 2011-02-17 12:45:31 was successful.
    Default-First-Site-Name\X3200 via RPC
        DSA object GUID: f8e6b626-6cba-4bb2-ad49-88169125acd9
        Last attempt @ 2011-02-17 12:45:34 was successful.

CN=Configuration,DC=DENTALSOR,DC=LOCAL
    Default-First-Site-Name\DS1 via RPC
        DSA object GUID: 28fa45b5-4470-46a3-92b8-0fb59c8d6faf
        Last attempt @ 2011-02-17 12:08:08 was successful.
    Default-First-Site-Name\X3200 via RPC
        DSA object GUID: f8e6b626-6cba-4bb2-ad49-88169125acd9
        Last attempt @ 2011-02-17 12:37:22 was successful.

CN=Schema,CN=Configuration,DC=DENTALSOR,DC=LOCAL
    Default-First-Site-Name\DS1 via RPC
        DSA object GUID: 28fa45b5-4470-46a3-92b8-0fb59c8d6faf
        Last attempt @ 2011-02-17 11:47:15 was successful.
    Default-First-Site-Name\X3200 via RPC
        DSA object GUID: f8e6b626-6cba-4bb2-ad49-88169125acd9
        Last attempt @ 2011-02-17 11:47:15 was successful.

DC=DomainDnsZones,DC=DENTALSOR,DC=LOCAL
    Default-First-Site-Name\DS1 via RPC
        DSA object GUID: 28fa45b5-4470-46a3-92b8-0fb59c8d6faf
        Last attempt @ 2011-02-17 11:47:15 was successful.
    Default-First-Site-Name\X3200 via RPC
        DSA object GUID: f8e6b626-6cba-4bb2-ad49-88169125acd9
        Last attempt @ 2011-02-17 11:47:15 was successful.

DC=ForestDnsZones,DC=DENTALSOR,DC=LOCAL
    Default-First-Site-Name\DS1 via RPC
        DSA object GUID: 28fa45b5-4470-46a3-92b8-0fb59c8d6faf
        Last attempt @ 2011-02-17 11:47:15 was successful.
    Default-First-Site-Name\X3200 via RPC
        DSA object GUID: f8e6b626-6cba-4bb2-ad49-88169125acd9
        Last attempt @ 2011-02-17 11:47:15 was successful.

Open in new window

0
 
LVL 1

Author Comment

by:elit2007
ID: 34915176
FRS is running on all three servers
0
 
LVL 1

Author Comment

by:elit2007
ID: 34915250
Mmm , It looks like there is references to an old offline (failed) domain controller with the name DSX3200.
I don’t know if this is creating trouble ?

See the results of dcdiag
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\administrator.DENTALSOR>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = DSDC
   * Identified AD Forest.
   Ldap search capabality attribute search failed on server DSX3200, return
   value = 81
   Got error while checking if the DC is using FRS or DFSR. Error:
   Win32 Error 81The VerifyReferences, FrsEvent and DfsrEvent tests might fail
   because of this error.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\DSDC
      Starting test: Connectivity
         ......................... DSDC passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\DSDC
      Starting test: Advertising
         ......................... DSDC passed test Advertising
      Starting test: FrsEvent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... DSDC passed test FrsEvent
      Starting test: DFSREvent
         ......................... DSDC passed test DFSREvent
      Starting test: SysVolCheck
         ......................... DSDC passed test SysVolCheck
      Starting test: KccEvent
         ......................... DSDC passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... DSDC passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... DSDC passed test MachineAccount
      Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=ForestDnsZones,DC=DENTALSOR,DC=LOCAL
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=DomainDnsZones,DC=DENTALSOR,DC=LOCAL
         ......................... DSDC failed test NCSecDesc
      Starting test: NetLogons
         Unable to connect to the NETLOGON share! (\\DSDC\netlogon)
         [DSDC] An net use or LsaPolicy operation failed with error 67,
         The network name cannot be found..
         ......................... DSDC failed test NetLogons
      Starting test: ObjectsReplicated
         ......................... DSDC passed test ObjectsReplicated
      Starting test: Replications
         REPLICATION-RECEIVED LATENCY WARNING
         DSDC:  Current time is 2011-02-17 12:59:09.
            CN=Schema,CN=Configuration,DC=DENTALSOR,DC=LOCAL
               Last replication received from DSX3200 at
          2008-06-04 08:59:42
               WARNING:  This latency is over the Tombstone Lifetime of 60
         days!
            CN=Configuration,DC=DENTALSOR,DC=LOCAL
               Last replication received from DSX3200 at
          2008-06-04 09:09:33
               WARNING:  This latency is over the Tombstone Lifetime of 60
         days!
            DC=DENTALSOR,DC=LOCAL
               Last replication received from DSX3200 at
          2008-06-04 09:37:29
               WARNING:  This latency is over the Tombstone Lifetime of 60
         days!
         ......................... DSDC passed test Replications
      Starting test: RidManager
         ......................... DSDC passed test RidManager
      Starting test: Services
         ......................... DSDC passed test Services
      Starting test: SystemLog
         ......................... DSDC passed test SystemLog
      Starting test: VerifyReferences
         ......................... DSDC passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : DENTALSOR
      Starting test: CheckSDRefDom
         ......................... DENTALSOR passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DENTALSOR passed test CrossRefValidation

   Running enterprise tests on : DENTALSOR.LOCAL
      Starting test: LocatorCheck
         ......................... DENTALSOR.LOCAL passed test LocatorCheck
      Starting test: Intersite
         ......................... DENTALSOR.LOCAL passed test Intersite

C:\Users\administrator.DENTALSOR>

Open in new window

0
 
LVL 21

Expert Comment

by:snusgubben
ID: 34915279
Orphan DCs will cause problems. Clean it out: http://www.petri.co.il/delete_failed_dcs_from_ad.htm

You should never set the Burflags to D4 on a DC that has an empty SYSVOL. This tells this DC that its authoritative for the SYSVOL replica. You should have set the flag to D2.
0
 
LVL 1

Author Comment

by:elit2007
ID: 34915449
Okey, now I have cleaned up my domain and removed the offline DC. I sat the flag to D2 on the new server and restartet FRS service. But still no netlogon share and sysvol is empty.
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 34915459
Is sysvol and netlogon shared on your other DCs?

Did you check the SysvolReady bit on the Win2008 DC?
0
 
LVL 1

Author Comment

by:elit2007
ID: 34915516
Yes SYVOL and NETLOGON is shared on the old master DC and reachable from the new 2008 DC.
No, have not checked SysvolReady bit.
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 34915530
0
 
LVL 1

Author Comment

by:elit2007
ID: 34915542
Didn't help with the SysvolReady trick.
I got this warning message in event log.
File Replication Service is initializing the system volume with data from another domain controller. Computer DSDC cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL. 
 
To check for the SYSVOL share, at the command prompt, type: 
net share 
 
When File Replication Service completes the initialization process, the SYSVOL share will appear. 
 
The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers.

Open in new window

0
 
LVL 1

Author Comment

by:elit2007
ID: 34915574
This is my DCDIAG status right now.
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\administrator.DENTALSOR>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = DSDC
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\DSDC
      Starting test: Connectivity
         ......................... DSDC passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\DSDC
      Starting test: Advertising
         ......................... DSDC passed test Advertising
      Starting test: FrsEvent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... DSDC passed test FrsEvent
      Starting test: DFSREvent
         ......................... DSDC passed test DFSREvent
      Starting test: SysVolCheck
         ......................... DSDC passed test SysVolCheck
      Starting test: KccEvent
         ......................... DSDC passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... DSDC passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... DSDC passed test MachineAccount
      Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=ForestDnsZones,DC=DENTALSOR,DC=LOCAL
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=DomainDnsZones,DC=DENTALSOR,DC=LOCAL
         ......................... DSDC failed test NCSecDesc
      Starting test: NetLogons
         Unable to connect to the NETLOGON share! (\\DSDC\netlogon)
         [DSDC] An net use or LsaPolicy operation failed with error 67,
         The network name cannot be found..
         ......................... DSDC failed test NetLogons
      Starting test: ObjectsReplicated
         ......................... DSDC passed test ObjectsReplicated
      Starting test: Replications
         ......................... DSDC passed test Replications
      Starting test: RidManager
         ......................... DSDC passed test RidManager
      Starting test: Services
         ......................... DSDC passed test Services
      Starting test: SystemLog
         A warning event occurred.  EventID: 0x8000001D
            Time Generated: 02/17/2011   13:17:10
            Event String:
            The Key Distribution Center (KDC) cannot find a suitable certificate
 to use for smart card logons, or the KDC certificate could not be verified. Sma
rt card logon may not function correctly if this problem is not resolved. To cor
rect this problem, either verify the existing KDC certificate using certutil.exe
 or enroll for a new KDC certificate.
         ......................... DSDC passed test SystemLog
      Starting test: VerifyReferences
         ......................... DSDC passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : DENTALSOR
      Starting test: CheckSDRefDom
         ......................... DENTALSOR passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DENTALSOR passed test CrossRefValidation

   Running enterprise tests on : DENTALSOR.LOCAL
      Starting test: LocatorCheck
         ......................... DENTALSOR.LOCAL passed test LocatorCheck
      Starting test: Intersite
         ......................... DENTALSOR.LOCAL passed test Intersite

C:\Users\administrator.DENTALSOR>

Open in new window

0
 
LVL 21

Expert Comment

by:snusgubben
ID: 34915596
Can you run: dcdiag /v /c /f:dcdiag.txt

attach the logfile
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 34915597
*run it on the 2008 server
0
 
LVL 1

Author Comment

by:elit2007
ID: 34915769
Here you go :)
dcdiag.txt
0
 
LVL 7

Expert Comment

by:David_Hagerman
ID: 34915935
There are three steps in the txt file that is already pointing you in the right direction, Can you try them and let us know the outcome.
[1] FRS can not correctly resolve the DNS name ds1.DENTALSOR.LOCAL from this computer.
[2] FRS is not running on ds1.DENTALSOR.LOCAL.
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
0
 
LVL 7

Expert Comment

by:David_Hagerman
ID: 34916023
Here is an article to clean up the metadata from the old server

http://www.petri.co.il/delete_failed_dcs_from_ad.htm
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 34916057
1. DS1: old master DC -> SYSVOL and NETLOGON shared. Correct? (run "net share" to verify)

2. x3200: Old secondary DC -> If #1 is ok and sysvol/netlogon is not shared? Stop ntfrs > Set Burflags = D2 (hex) > Start ntfrs. cmd -> verify if they are shared

3. DSDC: New 2008 DC: If #2 is ok.  Stop ntfrs > Set Burflags = D2 (hex) > Start ntfrs. cmd -> verify if they are shared

You got FRS event:

13508: Indicates RPC connectivity problems, but this is likely due to 13562. (AD replication is working, so RPC connectivity is ok)
13562 is indicating missing FRS attributes/objects
13565 indicates non-authoritative restore in progress. (Burflags = D2)
0
 
LVL 1

Author Comment

by:elit2007
ID: 34916065
[1] When running a ping test from DSCS against DS1.DENTALSOR.LOCAL it resolves the correct IP address.
[2] In DS1 I assume this is the service called "File Replication" on DSDC and x3200 it's called "File Replication Service". "File Replication" is running on DS1.
[3] Don't know how to check this?

Also found this error message on DS1 under File Replication Service log:


The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR. 
 
 Replica set name is    : "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" 
 Replica root path is   : "e:\windows\sysvol\domain" 
 Replica root volume is : "\\.\E:" 
 A Replica set hits JRNL_WRAP_ERROR when the record that it is trying to read from the NTFS USN journal is not found.  This can occur because of one of the following reasons. 
 
 [1] Volume "\\.\E:" has been formatted. 
 [2] The NTFS USN journal on volume "\\.\E:" has been deleted. 
 [3] The NTFS USN journal on volume "\\.\E:" has been truncated. Chkdsk can truncate the journal if it finds corrupt entries at the end of the journal. 
 [4] File Replication Service was not running on this computer for a long time. 
 [5] File Replication Service could not keep up with the rate of Disk IO activity on "\\.\E:". 
 Setting the "Enable Journal Wrap Automatic Restore" registry parameter to 1 will cause the following recovery steps to be taken to automatically recover from this error state. 
 [1] At the first poll, which will occur in 5 minutes, this computer will be deleted from the replica set. If you do not want to wait 5 minutes, then run "net stop ntfrs" followed by "net start ntfrs" to restart the File Replication Service. 
 [2] At the poll following the deletion this computer will be re-added to the replica set. The re-addition will trigger a full tree sync for the replica set. 
 
WARNING: During the recovery process data in the replica tree may be unavailable. You should reset the registry parameter described above to 0 to prevent automatic recovery from making the data unexpectedly unavailable if this error condition occurs again. 
 
To change this registry parameter, run regedit. 
 
Click on Start, Run and type regedit. 
 
Expand HKEY_LOCAL_MACHINE. 
Click down the key path: 
   "System\CurrentControlSet\Services\NtFrs\Parameters" 
Double click on the value name 
   "Enable Journal Wrap Automatic Restore" 
and update the value. 
 
If the value name is not present you may add it with the New->DWORD Value function under the Edit Menu item. Type the value name exactly as shown above.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Open in new window

0
 
LVL 21

Expert Comment

by:snusgubben
ID: 34916088
If DS1 is in Journal Wrap, you need to fix that first :)

Is  "x3200" sharing netlogon/sysvol?

0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 1

Author Comment

by:elit2007
ID: 34916230
x3200 is not sharing netlogon/syvol. Not after setting the  Burflags to D2 either.
How do I fix DS1 Journal Wrap?
0
 
LVL 21

Accepted Solution

by:
snusgubben earned 400 total points
ID: 34916318
Normally to fix JW you set the Burflags to D2, and this DC will rejoin the replica set and pull SYSVOL content from a replica partner.
The solution provided in the Event log, is for post Win2000 SP2.

You are in a situation where you don't have a good replica member. The problem is that if you set it to D2 (or enable "Enable Journal Wrap Automatic Restore") this DC *might* get stuck in a seeding state.

What ever you do, you should make a backup of your GPOs and scripts.
0
 
LVL 7

Expert Comment

by:David_Hagerman
ID: 34916332
Click on Start, Run and type regedit.
 
Expand HKEY_LOCAL_MACHINE.
Click down the key path:
   "System\CurrentControlSet\Services\NtFrs\Parameters"
Double click on the value name
   "Enable Journal Wrap Automatic Restore"
and update the value.
0
 
LVL 1

Author Comment

by:elit2007
ID: 34921205
hey hey :) Setting "Enable Journal Wrap Automatic Restore" to value 1 and then restart FRS service solved my problem with SYSVOL share on all three domain servers :) Now only the NETLOGON share is missing on x3200 and DSDC.
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 34921437
Did you try setting the Burflags = "D2" (hex) on x3200 and DSDC after you got out of the Journal wrap?
0
 
LVL 7

Expert Comment

by:David_Hagerman
ID: 34923896
be sure to re-check snusgubben earlier post to fix this issue

http://support.microsoft.com/kb/947022/en-us
0
 
LVL 1

Expert Comment

by:tigran_p
ID: 34930772
have you made the new domain controller a Global Catalog as well?
0
 
LVL 1

Author Comment

by:elit2007
ID: 34933053
Thank's :-)  Netlogon is now working after trying snusgubbens suggestion after first fixing SYVOL.
Yes the new DC also got the Global Catalaog. So now I think the only remaining thing is to make DSDC the master DNS server. And then demote the old master DC. The x3200 server is also running Exchange server. Do i have to do anything else than changing DNS address on the NIC on that server?
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 34933348
If you have AD integrated DNS, you don't have a "master" for the DNS zone. All are multi masters.

If x3200 is also hosting DNS, you can either use itself or a partner as primary DNS on the NIC.

FYI if you can host Exchange on a dedicated server you should do that. Exchange on a DC is not recomended (though it will work)
0
 
LVL 1

Author Comment

by:elit2007
ID: 34934078
How will I know if I got AD integrated DNS?

I changed the NIC's DNS  on x3200 (Exchange server), DSCS as primary and x3200 as secondary DNS.
Now DS1 is down again (there's a reason why I want to demote this server ;-)  )   and the Exchange server now complains about this. Are there any settings in Exchange that points to a preferred domain controller that I have to change?
Or will this relation automatically disappear when i demote (dcpromo) DS1?
Event Type:	Error
Event Source:	MSExchangeAL
Event Category:	LDAP Operations 
Event ID:	8026
Date:		19.02.2011
Time:		19:02:10
User:		N/A
Computer:	X3200
Description:
LDAP Bind was unsuccessful on directory ds1.DENTALSOR.LOCAL for distinguished name ''. Directory returned error:[0x51] Server Down.    

For more information, click http://www.microsoft.com/contentredirect.asp.

Open in new window

0
 
LVL 21

Expert Comment

by:snusgubben
ID: 34934638
Open the DNS management consol, right click the domain zone and you will see if it's AD integrated.

As long as you have Exchange installed on a DC, it will never use any other global catalog than itself. I would then make x3200 to point to itself as primary DNS, and DSCS as secondary (if both these are hosting DNS)
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 34934641
* right click -> Properties -> General tab
0
 
LVL 1

Author Comment

by:elit2007
ID: 34934682
Status: zone never loaded
Type: Secondary
"Replication:Not an Active Directory-integrated zone" is greyed out.
0
 
LVL 1

Author Comment

by:elit2007
ID: 34934718
What about the MSExchangeAL error message? Why is it complaining about the communication against DS1 when you say that it will only use it self if x3200 is also a DC?
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 34936456
You should make the domain zone AD integrated.

x3200 will use the DNS server you set on the NIC, but it will only use the "local" GC. (you lose the redundency for that part)
0
 
LVL 1

Author Comment

by:elit2007
ID: 34951793
Now I made DS1 AD integrated. How do I do this for x3200 and DSDC? The alternative is greyed out on teh other two servers.
I waited to see if replacation will do this but the status for both X3200 and DSDC is still "Secondary"
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 34952812
You have to set them as Name Servers on the domain zone. Open DNS mng consol on DS1:

- Properties on the forward lookup zone (domain.com)
- Allow Dynamic updates -> Secure only
- Add the two others as NS's in the Name Servers tab
- "Zone Transfers" -> Allow zone transfers
0
 
LVL 1

Author Comment

by:elit2007
ID: 34953583
Sorry, doesn't seem to help.
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 34954313
You could try to remove the DNS role from the two other DCs, and re-add  DNS.

http://support.microsoft.com/kb/198437
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 34954321
Just make sure both points to DS1 as the preferred DNS (on the NIC)
0
 
LVL 1

Author Comment

by:elit2007
ID: 34955089
You're the man snusgubben! Worked perfectly removing and re-add the DNS roles. Now all servers are AD-integrated.
So I suppose this is the right time for closing this thread. Thanks for exact and learning full answers and for don’t losing you’re patience. :-) Now I will try to demote DS1 and hope I don’t have to reopen this thread :-)
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 34955112
If you don't feel to happy about the task of yours, I would remove DNS and the GC from it and turn it off for a week.

If no issues, fire it up and demote it.
0
 
LVL 1

Author Comment

by:elit2007
ID: 34955145
Okey, I will do that :-)
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now