troubleshooting Question

After restoring a VM of a domain controller nobody can log on to domain

Avatar of ttrus
ttrus asked on
Windows 2000Active DirectoryMicrosoft Server OS
6 Comments1 Solution1328 ViewsLast Modified:
This is a very tough one that has me baffled but I will try to explain it as best as possible.  I have two domain controller that are both Server 2000.  One dc is on an esxi box and has been running fine for a couple years.  The second domain controller was on a physical box two days ago but the backplane controller died and the server was so old we could not locate a new part.  Fortunately we have an image of the server from the night before on an external USB drive so I did a p2v of that image and was able to get the server back online without reinstalling the OS or any software.   Everything looked good at first until I noticed that ntfrs was started but refused to replicate.

After some research online it seems I was in a USN rollback scenario so I followed the instructions to set burflags and restart NTFRS but it didnt work.  The issue is that the DC doesnt appear that it knows its in a rollback situation and it appears that neither dc will talk to each other.

I attached a netdiag -v output netdiag.txt that indicates dns issues however I have tried all sorts of stuff including syncing the start of authority revision number and even recreating the zones by taking out of active directory and making primary and then putting them back.  Seting burflags didnt help nor did this didnt fix a thing.

If I try to browse from the newly virtualized machine to the other dc it says: Logon failure: the target account name is incorrect.   Fortunately the users at our company were able to  log in the next day without an issue but by this afternoon the situation officially wreaked havoc on the workstations to where nobody can log on.  To work around this i got our important users logged into a local workstation account and mapped drives to resources but no domain functionality works anymore despite having two domain controllers.  Any advice on how to assist would be greatly appreciated. As it stands now I am looking at a gigantic rebuild task if nobody can figure this out.  I appreciate any help and know this will take a serious active directory guru to figure out.  I am out of all ideals so I am turning it over to the experts
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 6 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 6 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros