Solved

Hyper V Domain Controller Problem

Posted on 2011-09-06
9
371 Views
Last Modified: 2012-05-12
Server 1 >  2003r2 - Domain Controller (FSMO roles)
Server 2>  2008R2 - SQL and Hyper V Host (member of 2003 domain)_
VM1 > 2003R2 Domain Controller

Server 1 Crashed.
VM1 was turned off because it was only used as  a part of NT-to- Active Directory Migration.
VM1 Turned now on.
Server 2> cannot log on to domain (account trust error)  ~ I can log on locally.
Same problem for desktops.
I saw a MS KB and on the desktops ~ fixed by logging on to local machine, unjoin domain and rejoin domain.
Server 1 will most likely not be replaced.

What will happen if the Server 2 is unjoined and rejoined to domain?
Note: this is the Hyper V host and  VM1 resides as a guest.

0
Comment
Question by:smschulz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 79

Accepted Solution

by:
arnold earned 500 total points
ID: 36492475
The problem is that the VM1 did not keep up to date with changes made on the DC.

You have to rejoin the 2008 server into the VM DC following the seizing of the roles by VM1 DC.
You can use the netdom command to refresh the computer account of the 2008 server in the DC.
To avoid the same thing in the future, you should have two DC, or make sure you have good regular and frequent backups of the systemstate.

Make sure to practice a restore of a DC to make sure you will be able to do it.

NETDOM.EXE /DOMAIN:mydomain MEMBER mycomputer /JOINDOMAIN
http://utools.com/help/UPromote/rejoin.asp
0
 

Author Comment

by:smschulz
ID: 36492742
So at minimum ~ all I need to do is seize the roles to the VM1 DC?
Then refresh the Host or unjoin/rejoin the Domain.
Then the same for any desktops.


0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 36492856
When was the last time VM1 DC was running? Are there any other DCs other than Server 1 and VM1? It is a bad idea to run VM1 as the only DC, and it is a really really bad idea to run VM1 on Server 2 when Server 2 is joined to the domain which is managed by VM1 which is hosted on Server 2, such that there will never be a domain controller available for Server 2 because the domain controller can't boot until Server 2 has booted. See the problem?

Best best is to resuurect Server 1, at least until you can get AD to replicate. Otherwise you will lose all sorts of AD changes such as account creation/deletion, password changes of both machines and users, and I image that it would be really bad for Exchange.
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 

Author Comment

by:smschulz
ID: 36493032
When was the last time VM1 DC was running?
It was down for 60~90 days
Are there any other DCs other than Server 1 and VM1?]
 No
It is a bad idea to run VM1 as the only DC, and it is a really really bad idea to run VM1 on Server 2 when Server 2 is joined to the domain which is managed by VM1 which is hosted on Server 2, such that there will never be a domain controller available for Server 2 because the domain controller can't boot until Server 2 has booted. See the problem?
I know but the original plan was to have the VM DC and another machine DC.
It just didn't happen for a variety of reasons.
Now the objective is to get back up ASAP then deal with the rebuilt Machine DC.
Minimize time down is the main thing now.
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 36493049
If you bring back up VM1 you are going to lose all AD changes since it was last running, 60-90 days. You will need to rejoin every machine to the domain. I would consider it a LAST resort. better work on repairing/restoring Server 1.

Do you have Exchange?
0
 
LVL 13

Expert Comment

by:Greg Hejl
ID: 36493125
it is also not recommended to run any services other than hyper v on a host.

especially SQL - if it's light use it can be a VM, if you have raid 10 with a minimum of 4 disks

DC's run very well as VM's and don't take up much resources.

0
 

Author Comment

by:smschulz
ID: 36493263
No exchange.
Not concerned about the ad changes as there is not much.
RAID 10 4 disks -yes
The VM will be just until a new machine can be built or as another DC
Only  SQL on the machine otherwise.
0
 
LVL 79

Expert Comment

by:arnold
ID: 36495588
If you do not have systemstate backups from the physical DC with more current data, you have little choice than to use netdom to rejoin the domain to the old VM DC after seizing FSMO roles. ntdsutil http://support.microsoft.com/kb/255504
Also make sure that the GC is checked for the VM DC (site and services, NTDS
http://technet.microsoft.com/en-us/library/cc758330%28WS.10%29.aspx


Presumably the SQL service account was not altered during the duration.

Make sure when you have the physical server restored that you do not repeat this issue by shutting down the VM DC.
0
 

Author Comment

by:smschulz
ID: 36499746
Note to all:
Seized the roles, cleaned up Metadata, unjoined the domain from local logon, rejoined the domain.
Removed old DC.
Everything is fine and working.
This will allow me some time to get the physical DC fixed/built.
It will come back online as new DC with different name.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction I've already written articles on how to set up a Hyper-V Cluster (http://www.experts-exchange.com/A_7910.html), and how we can benefit from Microsoft licensing grants within Hyper-V (http://www.experts-exchange.com/A_7831.html), but …
From Coral's  "So You Want To Play With Computers" Series A bit of background first, so this story will make a little sense. One day, probably because he needed a good laugh, Finagle hooked me up with a church to upgrade/run their Media Booth.…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question