Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Hyper V Domain Controller Problem

Posted on 2011-09-06
9
Medium Priority
?
375 Views
Last Modified: 2012-05-12
Server 1 >  2003r2 - Domain Controller (FSMO roles)
Server 2>  2008R2 - SQL and Hyper V Host (member of 2003 domain)_
VM1 > 2003R2 Domain Controller

Server 1 Crashed.
VM1 was turned off because it was only used as  a part of NT-to- Active Directory Migration.
VM1 Turned now on.
Server 2> cannot log on to domain (account trust error)  ~ I can log on locally.
Same problem for desktops.
I saw a MS KB and on the desktops ~ fixed by logging on to local machine, unjoin domain and rejoin domain.
Server 1 will most likely not be replaced.

What will happen if the Server 2 is unjoined and rejoined to domain?
Note: this is the Hyper V host and  VM1 resides as a guest.

0
Comment
Question by:smschulz
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 80

Accepted Solution

by:
arnold earned 2000 total points
ID: 36492475
The problem is that the VM1 did not keep up to date with changes made on the DC.

You have to rejoin the 2008 server into the VM DC following the seizing of the roles by VM1 DC.
You can use the netdom command to refresh the computer account of the 2008 server in the DC.
To avoid the same thing in the future, you should have two DC, or make sure you have good regular and frequent backups of the systemstate.

Make sure to practice a restore of a DC to make sure you will be able to do it.

NETDOM.EXE /DOMAIN:mydomain MEMBER mycomputer /JOINDOMAIN
http://utools.com/help/UPromote/rejoin.asp
0
 

Author Comment

by:smschulz
ID: 36492742
So at minimum ~ all I need to do is seize the roles to the VM1 DC?
Then refresh the Host or unjoin/rejoin the Domain.
Then the same for any desktops.


0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 36492856
When was the last time VM1 DC was running? Are there any other DCs other than Server 1 and VM1? It is a bad idea to run VM1 as the only DC, and it is a really really bad idea to run VM1 on Server 2 when Server 2 is joined to the domain which is managed by VM1 which is hosted on Server 2, such that there will never be a domain controller available for Server 2 because the domain controller can't boot until Server 2 has booted. See the problem?

Best best is to resuurect Server 1, at least until you can get AD to replicate. Otherwise you will lose all sorts of AD changes such as account creation/deletion, password changes of both machines and users, and I image that it would be really bad for Exchange.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:smschulz
ID: 36493032
When was the last time VM1 DC was running?
It was down for 60~90 days
Are there any other DCs other than Server 1 and VM1?]
 No
It is a bad idea to run VM1 as the only DC, and it is a really really bad idea to run VM1 on Server 2 when Server 2 is joined to the domain which is managed by VM1 which is hosted on Server 2, such that there will never be a domain controller available for Server 2 because the domain controller can't boot until Server 2 has booted. See the problem?
I know but the original plan was to have the VM DC and another machine DC.
It just didn't happen for a variety of reasons.
Now the objective is to get back up ASAP then deal with the rebuilt Machine DC.
Minimize time down is the main thing now.
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 36493049
If you bring back up VM1 you are going to lose all AD changes since it was last running, 60-90 days. You will need to rejoin every machine to the domain. I would consider it a LAST resort. better work on repairing/restoring Server 1.

Do you have Exchange?
0
 
LVL 13

Expert Comment

by:Greg Hejl
ID: 36493125
it is also not recommended to run any services other than hyper v on a host.

especially SQL - if it's light use it can be a VM, if you have raid 10 with a minimum of 4 disks

DC's run very well as VM's and don't take up much resources.

0
 

Author Comment

by:smschulz
ID: 36493263
No exchange.
Not concerned about the ad changes as there is not much.
RAID 10 4 disks -yes
The VM will be just until a new machine can be built or as another DC
Only  SQL on the machine otherwise.
0
 
LVL 80

Expert Comment

by:arnold
ID: 36495588
If you do not have systemstate backups from the physical DC with more current data, you have little choice than to use netdom to rejoin the domain to the old VM DC after seizing FSMO roles. ntdsutil http://support.microsoft.com/kb/255504
Also make sure that the GC is checked for the VM DC (site and services, NTDS
http://technet.microsoft.com/en-us/library/cc758330%28WS.10%29.aspx


Presumably the SQL service account was not altered during the duration.

Make sure when you have the physical server restored that you do not repeat this issue by shutting down the VM DC.
0
 

Author Comment

by:smschulz
ID: 36499746
Note to all:
Seized the roles, cleaned up Metadata, unjoined the domain from local logon, rejoined the domain.
Removed old DC.
Everything is fine and working.
This will allow me some time to get the physical DC fixed/built.
It will come back online as new DC with different name.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
Nowadays, Virtual Machines are used equally by small and large scale organizations. However the issue is that VMDK files are also prone to corruption. So, in this article we are looking at how to recover VMDK files from hard disk of host operating s…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question