It is an honor to be featured in Gartner 2019 Magic Quadrant for Datacenter Backup and Recovery Solutions. Gartner’s MQ sets a high standard and earning a place on their grid is a great affirmation that Acronis is delivering on our mission to protect all data, apps, and systems.
Restored Windows 2008 Domain Controller Cannot Communicate with Parent Domain
Hi,
I have a client with a parent domain and a child domain. The child domain only has a single DC that has been corrupted and is looking like it is unrecoverable (ticket created with Microsoft).
Unfortunately they only have a valid backup from 2 weeks ago, which was restored successfully yesterday evening. We can log onto the child domain successfully, but not onto the parent domain.
Are there any steps that I can run through to help repair the relationship between this child DC and the parent domain?
I have a client with a parent domain and a child domain. The child domain only has a single DC that has been corrupted and is looking like it is unrecoverable (ticket created with Microsoft).
Unfortunately they only have a valid backup from 2 weeks ago, which was restored successfully yesterday evening. We can log onto the child domain successfully, but not onto the parent domain.
Are there any steps that I can run through to help repair the relationship between this child DC and the parent domain?
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
For the clarity of any solutions, let's name the domains as follows:
Parent domain: ParDom.local
Child Domain: ChilDom.local
Parent domain: ParDom.local
Child Domain: ChilDom.local
How did you restore? What sort of backup?
A Back up and restore of a domain controller is generally a total waste of time.
Never have a domain with only one DC. Your best resolution to a dead DC is always to kill it and build a new one. That of course is far far easier if you have multiple domain controllers in the domain.
A Back up and restore of a domain controller is generally a total waste of time.
Never have a domain with only one DC. Your best resolution to a dead DC is always to kill it and build a new one. That of course is far far easier if you have multiple domain controllers in the domain.
@Neilsr
Q: How did you restore? What sort of backup?
A: It was a Veeam backup and restore of the whole virtual machine.
@Venurajav
Q: You are not able to login parent domain, from the DC in child domain?
A: Correct, communication from parent-to-child and child-to-parent domain is failing. I can log on to the child domain.
Q: How did you restore? What sort of backup?
A: It was a Veeam backup and restore of the whole virtual machine.
@Venurajav
Q: You are not able to login parent domain, from the DC in child domain?
A: Correct, communication from parent-to-child and child-to-parent domain is failing. I can log on to the child domain.
Check the secure connections using nltest check dns records if proper also run dcdiag /q and post the results here
Veam backup of a DC is, to be honest, not a good idea. Active directory does an aweful lot that is time dependant, passwords automaticaly updated for machines in the background, communication between DC's in domains and forest, all time sensitive.
You have now got a DC that is 2 weeks older than everything else expects it to be. Not good.
You have now got a DC that is 2 weeks older than everything else expects it to be. Not good.
You can refer below link to reset the secure channel of child Dc however can you post the dcdiag /q and ipconfig /all details of parent and child DC to get the clear view of the issue.
The secure channel (SC) reset on domain controller
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/d7dbbf0c-7216-47e7-b0a9-efb413000c6f/
Also ensure that dns is set correctly for child domain as below.
DNS Design Options in a Multi-Domain Forest - How to create a Parent-Child DNS Delegation, and How to Configure DNS to create a new Tree in the Forest
http://msmvps.com/blogs/acefekay/archive/2010/10/01/dns-parent-child-dns-delegation-how-to-create-a-dns-delegation.aspx
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
Also, disable local windows firewall service, by default it is enabled in vista/windows 2008 and above. Check the network connectivity and latency.
Disable Windows Firewall: http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx
Active Directory and Active Directory Domain Services Port Requirements
http://technet.microsoft.com/en-us/library/dd772723%28WS.10%29.aspx
See this too.
The Sysvol and Netlogon Shares Are Missing After You Restore a Domain Controller from Backup:http://support.microsoft.com/kb/316790
Hope this helps
The secure channel (SC) reset on domain controller
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/d7dbbf0c-7216-47e7-b0a9-efb413000c6f/
Also ensure that dns is set correctly for child domain as below.
DNS Design Options in a Multi-Domain Forest - How to create a Parent-Child DNS Delegation, and How to Configure DNS to create a new Tree in the Forest
http://msmvps.com/blogs/acefekay/archive/2010/10/01/dns-parent-child-dns-delegation-how-to-create-a-dns-delegation.aspx
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
Also, disable local windows firewall service, by default it is enabled in vista/windows 2008 and above. Check the network connectivity and latency.
Disable Windows Firewall: http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx
Active Directory and Active Directory Domain Services Port Requirements
http://technet.microsoft.com/en-us/library/dd772723%28WS.10%29.aspx
See this too.
The Sysvol and Netlogon Shares Are Missing After You Restore a Domain Controller from Backup:http://support.microsoft.com/kb/316790
Hope this helps
Premium Content
You need an Expert Office subscription to comment.Start Free Trial