Medassurant
asked on
2008 Domain controller in 2003 environment. Renamed. Issues with replication, netlogons and services
After standing up a domain controller for an external site here at out headquarters, I deliverd it to a remote site and bound it to the new IPs there. There were network access issues, which I belive have been resolved, but they were in place during a critical point in the setup: I had to rename the domain controller to conform to our naming convention. Now we are experiencing issues with the DC. When I run a DCDiag it throw these 3 errors
========================== ========== ========== ===
Starting test: NetLogons
[NEWDCNAME] User credentials does not have permission to perform this operation. The account used for this test must have network logon privileges for this machine's domain.
......................... NEWDCNAME failed test NetLogons
========================== ========== ========== ========== ========== ==
Starting test: Replications
[Replications Check,NEWDCNAME] DsReplicaGetInfo(PENDING_O PS, NULL) failed, error 0x2105 "Replication access was denied."
......................... NEWDCNAME failed test Replications
========================== ========== ========== ========== ========== ==
Starting test: Services
Could not open NTDS Service on NEWDCNAME, error 0x5
"Access is denied."
......................... NEWDCNAME failed test Services
========================== ========== ========== ========== ========== ==
I have found one piece of info that is critical to the problem: inside ADSI under the Domain Controllers OU in the Domain Controller's CN=NEWDCNAME\CN=NTFRS\CN=D omain System Volume (classis nTFRSSubscriber) the following value is present:
fRSMemberReference CN=OLDDCNAME ,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=medas surant,DC= local
And I cannot edit the value. . . .well I can edit it, but when I try to save it the following error pops
Anyone have a good handle on how I can gracefully fix this situation? I'd rather not DCpromo remove and re-add it, if there is a cleaner way to do this.
==========================
Starting test: NetLogons
[NEWDCNAME] User credentials does not have permission to perform this operation. The account used for this test must have network logon privileges for this machine's domain.
......................... NEWDCNAME failed test NetLogons
==========================
Starting test: Replications
[Replications Check,NEWDCNAME] DsReplicaGetInfo(PENDING_O
......................... NEWDCNAME failed test Replications
==========================
Starting test: Services
Could not open NTDS Service on NEWDCNAME, error 0x5
"Access is denied."
......................... NEWDCNAME failed test Services
==========================
I have found one piece of info that is critical to the problem: inside ADSI under the Domain Controllers OU in the Domain Controller's CN=NEWDCNAME\CN=NTFRS\CN=D
fRSMemberReference CN=OLDDCNAME ,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=medas
And I cannot edit the value. . . .well I can edit it, but when I try to save it the following error pops
Anyone have a good handle on how I can gracefully fix this situation? I'd rather not DCpromo remove and re-add it, if there is a cleaner way to do this.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER