RMGS
asked on
Authentication fails when turning of a Domain Controller with no fsmo roles
Hi I was wondering if you could help.
I am trying to take a ghost image of one of my domain controllers (1 of 5) which has no fsmo roles and is no longer a Global Catalog server. I thought because it has no roles and is not a GC. My users would be able to authenticate against AD and use Outlook Web App.
The only things I can think of is that users shared profile and home directories are on that server. Would that matter?
My question is can I take that server down for upgrading without users being affected?
Thanks in Advanced.
I am trying to take a ghost image of one of my domain controllers (1 of 5) which has no fsmo roles and is no longer a Global Catalog server. I thought because it has no roles and is not a GC. My users would be able to authenticate against AD and use Outlook Web App.
The only things I can think of is that users shared profile and home directories are on that server. Would that matter?
My question is can I take that server down for upgrading without users being affected?
Thanks in Advanced.
ASKER
Krzysztof,
I have run the command and it did come up with the following errors:
Warning: DC1 is not advertising as a time server.
......................... DC1 failed test Advertising
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 02/23/2011 09:12:21
(Event String could not be retrieved)
......................... DC1 failed test frsevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x00000457
Time Generated: 02/23/2011 14:25:33
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/23/2011 14:25:34
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/23/2011 14:25:34
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/23/2011 14:25:36
(Event String could not be retrieved)
......................... DC1 failed test systemlog
I believe the above errors are just notifications and not very big issues but I still cannot shutdown the server without disruptions to my users.
Do you have any other suggestions?
I have run the command and it did come up with the following errors:
Warning: DC1 is not advertising as a time server.
......................... DC1 failed test Advertising
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 02/23/2011 09:12:21
(Event String could not be retrieved)
......................... DC1 failed test frsevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x00000457
Time Generated: 02/23/2011 14:25:33
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/23/2011 14:25:34
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/23/2011 14:25:34
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/23/2011 14:25:36
(Event String could not be retrieved)
......................... DC1 failed test systemlog
I believe the above errors are just notifications and not very big issues but I still cannot shutdown the server without disruptions to my users.
Do you have any other suggestions?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The reason why users could not authenticate is because:-
1. User profiles were kept on that DC
2. Also DC was a DNS server.
Once I moved profiles and added another DNS server. All was fine.
1. User profiles were kept on that DC
2. Also DC was a DNS server.
Once I moved profiles and added another DNS server. All was fine.
Before DC shut down, run on it
dcdiag /v
and review output to check if there is no errors. If so, then fixed them first
Regards,
Krzysztof