jonas-p
asked on
Two domain controllers in error
I'm having trouble with my DC's.
In the organization i have two domain controllers (DC1 and DC2).
The problem is that dc2 controller is in error.
I can't delete this DC because it can't connect to dc1.
If i call the function: change directory server. I can do this at dc1, then i select dc1 and this works.
When i try this for dc2, i get the same error dc1 can be find.
How do i reconnect them again? Fix up the dc system?
Thanks
In the organization i have two domain controllers (DC1 and DC2).
The problem is that dc2 controller is in error.
I can't delete this DC because it can't connect to dc1.
If i call the function: change directory server. I can do this at dc1, then i select dc1 and this works.
When i try this for dc2, i get the same error dc1 can be find.
How do i reconnect them again? Fix up the dc system?
Thanks
ASKER
When i try to do the first step: forceremoval, i get following error:
The operation failed because:
DFS replication: the target principal name is incorrect.
"The target principal name is incorrect."
Regards.
As the message you recieved is "The target principal name is incorrect",this indicates that the secure channel between the DC's are broken hence the replication is occuring.
1. Stop the Key Distribution Center (KDC) service on Server2. To do so, open
a Command Prompt, type net stop KDC, and press Enter.
2. Load Kerbtray.exe. You can do so by clicking Start, clicking Run, and
then typing c:\program files\resource kit\kerbtray.exe and pressing Enter.
You should see a little green ticket icon in your system tray in the lower
right corner of your desktop.
3. Purge the ticket cache on Server2, right-click the green ticket icon in
your system tray, and then click Purge Tickets. You should receive a
confirmation that your ticket cache was purged. Click OK.
4. Reset the Server domain controller account password on Server1 (the PDC
emulator).
To do so, open a command prompt and type: netdom /resetpwd /server:server2
/userd:domain.com\administ
5. Synchronize the domain. To do so, open a command prompt, type repadmin
/syncall, and then press Enter.
6. Start the KDC service on Server2. To do so, open a command prompt, type
net start KDC, and press Enter. This completes the process, and the domain
controllers should be replicating success-fully now.
Note:You need to have atleast 2 DC in the network for redendancy.I personally would not recommeend to demote the existing DC.
1. Stop the Key Distribution Center (KDC) service on Server2. To do so, open
a Command Prompt, type net stop KDC, and press Enter.
2. Load Kerbtray.exe. You can do so by clicking Start, clicking Run, and
then typing c:\program files\resource kit\kerbtray.exe and pressing Enter.
You should see a little green ticket icon in your system tray in the lower
right corner of your desktop.
3. Purge the ticket cache on Server2, right-click the green ticket icon in
your system tray, and then click Purge Tickets. You should receive a
confirmation that your ticket cache was purged. Click OK.
4. Reset the Server domain controller account password on Server1 (the PDC
emulator).
To do so, open a command prompt and type: netdom /resetpwd /server:server2
/userd:domain.com\administ
5. Synchronize the domain. To do so, open a command prompt, type repadmin
/syncall, and then press Enter.
6. Start the KDC service on Server2. To do so, open a command prompt, type
net start KDC, and press Enter. This completes the process, and the domain
controllers should be replicating success-fully now.
Note:You need to have atleast 2 DC in the network for redendancy.I personally would not recommeend to demote the existing DC.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
HI,
Thanks for the information. To reply:
1, done
2, can't find it on windows server 2008 r2 (is this an important step?)
3, i try this:
netdom resetpwd /server:dc2.domain.com /userd:domain.com\administ
but it give always a syntax error can find what i'm doing wrong.
Please help.
Thanks for the information. To reply:
1, done
2, can't find it on windows server 2008 r2 (is this an important step?)
3, i try this:
netdom resetpwd /server:dc2.domain.com /userd:domain.com\administ
but it give always a syntax error can find what i'm doing wrong.
Please help.
ASKER
.
Without knowing the errors
You can foricbally remove DC2 dcpromo /forceremoval great blog here on it http://kpytko.wordpress.com/2011/08/30/decommissioning-broken-domain-controller/
You would then run a metadata cleanup of that dead DC (do this on DC1) http://www.petri.co.il/delete_failed_dcs_from_ad.htm
Then add it back and rejoin the domain.
If there are network/port issues you will need those fixed before adding it back. (has to be able to connect)
Thanks
Mike