Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 505
  • Last Modified:

DCPromo fails, Join domain fails (2003 domain) (2008 DC)

Hello All,

This may be a bit difficult question. I am attempting to create a test network that properly resembles production.

2003 functional level

I promoted a server(2008R2) to dc on production, then removed it from the network. Set it up as the only dc on a test network, then seized all FSMO roles. I have no problem authenticating and DNS properly resolves, the issue is attempting to join machines to the domain. ldp.exe shows port 389 is open and can see the domain. The firewall is turned off. Schema is set to version 47(2008R2). IPv6 is enabled.

Any further relevant information just ask.
0
Mheller
Asked:
Mheller
  • 3
  • 2
  • 2
  • +1
1 Solution
 
snusgubbenCommented:
What error do you get when trying to join?

Anything in a dcdiag?
0
 
Adam BrownSr Solutions ArchitectCommented:
Did you make that DC a Global Catalog before moving it off the network?
0
 
MhellerAuthor Commented:
Yes, it is a GC!

The error:

DNS was successfully queried for the service location (SRV) resource record to locate domain.com
The query was for the SRV record _ldap.tcp.dc.msdcs.domain.com
follwoing domain controllers were identified by the query:
server01.domain.com

However no domain controllers could be contacted.

Note:

I have checked DNS multiple times, I have no issues pinging via hostname or ip address.

IP Address is static!
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
IntegrityOfficeCommented:
If you type net share at the cmd prompt on the server can you see sysvol?, if not it is not working as a DC in its own right and no PCs will join the domain. You should have some errors in event viewer too.
0
 
MhellerAuthor Commented:
No, I do not see sysvol. What wiould the next steps be to resolve this?
0
 
Adam BrownSr Solutions ArchitectCommented:
You'll pretty much have to start over. Sounds like sysvol didn't get replicated to that DC while it was on the network. Since you seized the roles on it while off the network, it can't go back on the production network.
0
 
IntegrityOfficeCommented:
Check event viewer on the server see if you can find some clues in there that you can either google or pop back in here, it may be fixable but the acbrown2010's advice might have to stand.
0
 
MhellerAuthor Commented:
thanks all for the help but it looks like the game is over! It looks as though everything had successfully replicated but with all the issues I am having a fresh install would probably help develop more accurate testing results.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now