Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Bare metal restore of 2008r2 AD and DNS broke

Posted on 2011-09-12
4
Medium Priority
?
985 Views
Last Modified: 2012-05-12
I had a server crash and I did a bare metal restore of the VM.  It was my primary DC and DNS.  Now it keeps failing with error

2092 "This server is the owner of the following FSMO role, but does not consider it valid."

error 2087 "Active Directory could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources.
"


How do I fix the AD and DNS from messing up again?  How do I make it think its ok?
0
Comment
Question by:Mark_c
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 1500 total points
ID: 36526649
Did you have other DCs?   How did you do a bare metal restore on the VM?

If you have other DCs you can seize the roles to that one, cleanup the dead DC and then promote another one.

Thanks

Mike
0
 
LVL 1

Author Comment

by:Mark_c
ID: 36526882
The other DC running would keep killing it, I turned it off when the restore become live.  I used a Veeam backup of the DC.
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 36527477
Checked the DNS setting on the Server it should point to itself.If the public ip address is added in the NIC DNS setting remove the same and add to DNS forwarders if required.If 127.0.0.1 is entered as dns remove the same and add ip address.

Chech NIC binding the Nic which is online and has ip details should be in first order.If multiple NIC are present then disabled the unrequired NIC.

Disabled the firewall, update the NIC driver if it is not updated,many time the NIC driver is outdated if you perform BMR with third party solution.

Make sure the system time on both DC are sync.Check AD sites and services, make sure no dead or non-exsiting DC.

I have also seen many cases if you perform the BMR by third party soultion the server goes in USN rollback state.Check the event log in Directory service for event id 2095 if has occured then you need to demote and promote the DC followed by metadata cleanup.Also if the server is FSMO role holder you need to seize the role on other server.

Please post the dcdiag /q and repadmin /replsum log to analyse further of both DC.
0
 
LVL 1

Author Closing Comment

by:Mark_c
ID: 37028770
I just rebult them
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question