We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
COURSE of the MONTH
10 days, 12 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Restored Windows 2008 Domain Controller Cannot Communicate with Parent Domain
Posted on 2012-12-21
Hi,
I have a client with a parent domain and a child domain. The child domain only has a single DC that has been corrupted and is looking like it is unrecoverable (ticket created with Microsoft).
Unfortunately they only have a valid backup from 2 weeks ago, which was restored successfully yesterday evening. We can log onto the child domain successfully, but not onto the parent domain.
Are there any steps that I can run through to help repair the relationship between this child DC and the parent domain?
I have a client with a parent domain and a child domain. The child domain only has a single DC that has been corrupted and is looking like it is unrecoverable (ticket created with Microsoft).
Unfortunately they only have a valid backup from 2 weeks ago, which was restored successfully yesterday evening. We can log onto the child domain successfully, but not onto the parent domain.
Are there any steps that I can run through to help repair the relationship between this child DC and the parent domain?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2-
2
- +3
8 Comments
For the clarity of any solutions, let's name the domains as follows:
Parent domain: ParDom.local
Child Domain: ChilDom.local
Parent domain: ParDom.local
Child Domain: ChilDom.local
Active 7 days ago
How did you restore? What sort of backup?
A Back up and restore of a domain controller is generally a total waste of time.
Never have a domain with only one DC. Your best resolution to a dead DC is always to kill it and build a new one. That of course is far far easier if you have multiple domain controllers in the domain.
A Back up and restore of a domain controller is generally a total waste of time.
Never have a domain with only one DC. Your best resolution to a dead DC is always to kill it and build a new one. That of course is far far easier if you have multiple domain controllers in the domain.
@Neilsr
Q: How did you restore? What sort of backup?
A: It was a Veeam backup and restore of the whole virtual machine.
@Venurajav
Q: You are not able to login parent domain, from the DC in child domain?
A: Correct, communication from parent-to-child and child-to-parent domain is failing. I can log on to the child domain.
Q: How did you restore? What sort of backup?
A: It was a Veeam backup and restore of the whole virtual machine.
@Venurajav
Q: You are not able to login parent domain, from the DC in child domain?
A: Correct, communication from parent-to-child and child-to-parent domain is failing. I can log on to the child domain.
Check the secure connections using nltest check dns records if proper also run dcdiag /q and post the results here
Active 7 days ago
Veam backup of a DC is, to be honest, not a good idea. Active directory does an aweful lot that is time dependant, passwords automaticaly updated for machines in the background, communication between DC's in domains and forest, all time sensitive.
You have now got a DC that is 2 weeks older than everything else expects it to be. Not good.
You have now got a DC that is 2 weeks older than everything else expects it to be. Not good.
You can refer below link to reset the secure channel of child Dc however can you post the dcdiag /q and ipconfig /all details of parent and child DC to get the clear view of the issue.
The secure channel (SC) reset on domain controller
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/d7dbbf0c-7216-47e7-b0a9-efb413000c6f/
Also ensure that dns is set correctly for child domain as below.
DNS Design Options in a Multi-Domain Forest - How to create a Parent-Child DNS Delegation, and How to Configure DNS to create a new Tree in the Forest
http://msmvps.com/blogs/acefekay/archive/2010/10/01/dns-parent-child-dns-delegation-how-to-create-a-dns-delegation.aspx
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
Also, disable local windows firewall service, by default it is enabled in vista/windows 2008 and above. Check the network connectivity and latency.
Disable Windows Firewall: http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx
Active Directory and Active Directory Domain Services Port Requirements
http://technet.microsoft.com/en-us/library/dd772723%28WS.10%29.aspx
See this too.
The Sysvol and Netlogon Shares Are Missing After You Restore a Domain Controller from Backup:http://support.microsoft.com/kb/316790
Hope this helps
The secure channel (SC) reset on domain controller
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/d7dbbf0c-7216-47e7-b0a9-efb413000c6f/
Also ensure that dns is set correctly for child domain as below.
DNS Design Options in a Multi-Domain Forest - How to create a Parent-Child DNS Delegation, and How to Configure DNS to create a new Tree in the Forest
http://msmvps.com/blogs/acefekay/archive/2010/10/01/dns-parent-child-dns-delegation-how-to-create-a-dns-delegation.aspx
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
Also, disable local windows firewall service, by default it is enabled in vista/windows 2008 and above. Check the network connectivity and latency.
Disable Windows Firewall: http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx
Active Directory and Active Directory Domain Services Port Requirements
http://technet.microsoft.com/en-us/library/dd772723%28WS.10%29.aspx
See this too.
The Sysvol and Netlogon Shares Are Missing After You Restore a Domain Controller from Backup:http://support.microsoft.com/kb/316790
Hope this helps
Featured Post
![[eBook] Windows Nano Server](https://filedb.experts-exchange.com/files/public/2017/6/24/1329f749-2f43-4bd1-8413-3b5b5ab33fc6.png)
Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s
ManageEngine
webinar, where attendees received a comprehensive look at the ma…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed.
Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders.
Click on Start and then select Computer to view the available drives on the se…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses
Course of the Month10 days, 12 hours left to enroll
764 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.