2008 Domain controller in 2003 environment. Renamed. Issues with replication, netlogons and services

After standing up a domain controller for an external site here at out headquarters, I deliverd it to a remote site and bound it to the new IPs there.  There were network access issues, which I belive have been resolved, but they were in place during a critical point in the setup:  I had to rename the domain controller to conform to our naming convention.  Now we are experiencing issues with the DC.  When I run a DCDiag it throw these 3 errors

Starting test: NetLogons
         [NEWDCNAME] User credentials does not have permission to perform this operation. The account used for this test must have network logon privileges for this machine's domain.
         ......................... NEWDCNAME failed test NetLogons
Starting test: Replications
         [Replications Check,NEWDCNAME] DsReplicaGetInfo(PENDING_OPS, NULL) failed, error 0x2105 "Replication access was denied."
         ......................... NEWDCNAME failed test Replications
Starting test: Services
         Could not open NTDS Service on NEWDCNAME, error 0x5
            "Access is denied."
         ......................... NEWDCNAME failed test Services

I have found one piece of info that is critical to the problem: inside ADSI under the Domain Controllers OU in the Domain Controller's CN=NEWDCNAME\CN=NTFRS\CN=Domain System Volume (classis  nTFRSSubscriber) the following value is present:

fRSMemberReference  CN=OLDDCNAME ,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=medassurant,DC=local

And I cannot edit the value. . . .well I can edit it, but when I try to save it the following error pops

Anyone have a good handle on how I can gracefully fix this situation?  I'd rather not DCpromo remove and re-add it, if there is a cleaner way to do this.

Who is Participating?
Darius GhassemCommented:
Did you go through these steps to rename the Domain Controller?


If you didn't then what I recommend is demoting this server. Run metadata cleanup to make sure all lingering objects from failed DC are removed. Once you have done this you can proceed with the repromotion
MedassurantAuthor Commented:
We actually found adding an IPv6 Binding again to the nic spurred replication. Strange but true.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.