Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.
Restored Windows 2008 Domain Controller Cannot Communicate with Parent Domain
Hi,
I have a client with a parent domain and a child domain. The child domain only has a single DC that has been corrupted and is looking like it is unrecoverable (ticket created with Microsoft).
Unfortunately they only have a valid backup from 2 weeks ago, which was restored successfully yesterday evening. We can log onto the child domain successfully, but not onto the parent domain.
Are there any steps that I can run through to help repair the relationship between this child DC and the parent domain?
I have a client with a parent domain and a child domain. The child domain only has a single DC that has been corrupted and is looking like it is unrecoverable (ticket created with Microsoft).
Unfortunately they only have a valid backup from 2 weeks ago, which was restored successfully yesterday evening. We can log onto the child domain successfully, but not onto the parent domain.
Are there any steps that I can run through to help repair the relationship between this child DC and the parent domain?
Asked:
Who is Participating?
For the clarity of any solutions, let's name the domains as follows:
Parent domain: ParDom.local
Child Domain: ChilDom.local
Parent domain: ParDom.local
Child Domain: ChilDom.local
How did you restore? What sort of backup?
A Back up and restore of a domain controller is generally a total waste of time.
Never have a domain with only one DC. Your best resolution to a dead DC is always to kill it and build a new one. That of course is far far easier if you have multiple domain controllers in the domain.
A Back up and restore of a domain controller is generally a total waste of time.
Never have a domain with only one DC. Your best resolution to a dead DC is always to kill it and build a new one. That of course is far far easier if you have multiple domain controllers in the domain.
@Neilsr
Q: How did you restore? What sort of backup?
A: It was a Veeam backup and restore of the whole virtual machine.
@Venurajav
Q: You are not able to login parent domain, from the DC in child domain?
A: Correct, communication from parent-to-child and child-to-parent domain is failing. I can log on to the child domain.
Q: How did you restore? What sort of backup?
A: It was a Veeam backup and restore of the whole virtual machine.
@Venurajav
Q: You are not able to login parent domain, from the DC in child domain?
A: Correct, communication from parent-to-child and child-to-parent domain is failing. I can log on to the child domain.
Check the secure connections using nltest check dns records if proper also run dcdiag /q and post the results here
Veam backup of a DC is, to be honest, not a good idea. Active directory does an aweful lot that is time dependant, passwords automaticaly updated for machines in the background, communication between DC's in domains and forest, all time sensitive.
You have now got a DC that is 2 weeks older than everything else expects it to be. Not good.
You have now got a DC that is 2 weeks older than everything else expects it to be. Not good.
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
All Courses
From novice to tech pro — start learning today.
-
Course of the Month11 days, 9 hours left to enrollMonitoring and Operating a Private Cloud with System Center 2012 R2 273 lessons
The secure channel (SC) reset on domain controller
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/d7dbbf0c-7216-47e7-b0a9-efb413000c6f/
Also ensure that dns is set correctly for child domain as below.
DNS Design Options in a Multi-Domain Forest - How to create a Parent-Child DNS Delegation, and How to Configure DNS to create a new Tree in the Forest
http://msmvps.com/blogs/acefekay/archive/2010/10/01/dns-parent-child-dns-delegation-how-to-create-a-dns-delegation.aspx
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
Also, disable local windows firewall service, by default it is enabled in vista/windows 2008 and above. Check the network connectivity and latency.
Disable Windows Firewall: http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx
Active Directory and Active Directory Domain Services Port Requirements
http://technet.microsoft.com/en-us/library/dd772723%28WS.10%29.aspx
See this too.
The Sysvol and Netlogon Shares Are Missing After You Restore a Domain Controller from Backup:http://support.microsoft.com/kb/316790
Hope this helps