sysvol replication failing on w2k3 dc because of another replicating domain controller that died abrubptly
I am getting gpo and frs event errors on our domain controller because of another replicated domain controller that went down abruptly quite a while ago. In order to remove it, I accidently followed Windows 2008 instructions and removed it first from the active directory users and computers/domain controllers console. I realized that mistake and then switched to the correct instructions and tried to run the ntsdutil.exe to clean up the metadata for the dead server. This errors out, like it doesn't recognize the server name. Running a dcdiag on our current domain controller indicates that replication is still failing to this non existent server. The article below describes part of my problem, with the 1030 and 1058 errors, and the next article is the technet instructions on running the ntsdutil on w2k3. I'm hoping to get some help here, as I don't want to guess and poke around our one and only domain controller too much. I know, I should have a second one. After I get through this that will be a priority.
https://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/A_1073-Diagnosing-and-repairing-Events-1030-and-1058.html?sfQueryTermInfo=1+10+1058+30
http://technet.microsoft.com/en-us/library/cc736378(WS.10).aspx
https://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/A_1073-Diagnosing-and-repairing-Events-1030-and-1058.html?sfQueryTermInfo=1+10+1058+30
http://technet.microsoft.com/en-us/library/cc736378(WS.10).aspx
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
keley, i think those are the instructions i need to use the ntdsutil properly. i'm going to wait until later in the day to execute it just in case. i have a full backup of the ad. thank you very much.
wish, thanks for the detailed instructions. if the ntdsutil fails again tonight i'll follow up with you. and regardless, i think i'll checkout your blog.
wish, thanks for the detailed instructions. if the ntdsutil fails again tonight i'll follow up with you. and regardless, i think i'll checkout your blog.
ASKER
I wasn't running the ntsdutil.exe utility properly, based on instructions from microsoft technet, but the instructions provided here set me straight and i was able to remove the data from the long ago dead server. no more group policy event errors and gpo's appear to be applying beautifully. thank you.
remove all the traces of removed DC manually & the place required to be looked upon is especially from all the sub folder inside _msdcs folder in DNS, name server tab, server object from NTDS in ADSS, host records from DNS. Remove the server object from ADSIEDIT.MSC using below link. Remove the FRS object from following link of old DC.
http://support.microsoft.com/kb/216498
Did you make the new server as DNS, if yes, did you change DNS on new DC to point itself as a DNS server in the NIC as well as you have to change point on all the clients or server to new DC as DNS server for name resolution else authentication will fail.
http://awinish.wordpress.com/2011/03/08/dns-recommendations-from-microsoft/
Most important point, did you configure new DC as an Authoritative time server post transferring FSMO role if old server has & you did transfer , as you new PDC has to be time server in domain as well as others new to follow the domain time hierarchy. Time server is not transferred automatic & you need to make new server as PDC as an authoritative time server to prevent authentication fail.
http://support.microsoft.com/kb/816042
Configure new DC as GC as well.