This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.
Course Of The Month
6 days, 4 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Restored Windows 2008 Domain Controller Cannot Communicate with Parent Domain
Posted on 2012-12-21
Hi,
I have a client with a parent domain and a child domain. The child domain only has a single DC that has been corrupted and is looking like it is unrecoverable (ticket created with Microsoft).
Unfortunately they only have a valid backup from 2 weeks ago, which was restored successfully yesterday evening. We can log onto the child domain successfully, but not onto the parent domain.
Are there any steps that I can run through to help repair the relationship between this child DC and the parent domain?
I have a client with a parent domain and a child domain. The child domain only has a single DC that has been corrupted and is looking like it is unrecoverable (ticket created with Microsoft).
Unfortunately they only have a valid backup from 2 weeks ago, which was restored successfully yesterday evening. We can log onto the child domain successfully, but not onto the parent domain.
Are there any steps that I can run through to help repair the relationship between this child DC and the parent domain?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2-
2
- +3
8 Comments
For the clarity of any solutions, let's name the domains as follows:
Parent domain: ParDom.local
Child Domain: ChilDom.local
Parent domain: ParDom.local
Child Domain: ChilDom.local
How did you restore? What sort of backup?
A Back up and restore of a domain controller is generally a total waste of time.
Never have a domain with only one DC. Your best resolution to a dead DC is always to kill it and build a new one. That of course is far far easier if you have multiple domain controllers in the domain.
A Back up and restore of a domain controller is generally a total waste of time.
Never have a domain with only one DC. Your best resolution to a dead DC is always to kill it and build a new one. That of course is far far easier if you have multiple domain controllers in the domain.
@Neilsr
Q: How did you restore? What sort of backup?
A: It was a Veeam backup and restore of the whole virtual machine.
@Venurajav
Q: You are not able to login parent domain, from the DC in child domain?
A: Correct, communication from parent-to-child and child-to-parent domain is failing. I can log on to the child domain.
Q: How did you restore? What sort of backup?
A: It was a Veeam backup and restore of the whole virtual machine.
@Venurajav
Q: You are not able to login parent domain, from the DC in child domain?
A: Correct, communication from parent-to-child and child-to-parent domain is failing. I can log on to the child domain.
Check the secure connections using nltest check dns records if proper also run dcdiag /q and post the results here
Veam backup of a DC is, to be honest, not a good idea. Active directory does an aweful lot that is time dependant, passwords automaticaly updated for machines in the background, communication between DC's in domains and forest, all time sensitive.
You have now got a DC that is 2 weeks older than everything else expects it to be. Not good.
You have now got a DC that is 2 weeks older than everything else expects it to be. Not good.
You can refer below link to reset the secure channel of child Dc however can you post the dcdiag /q and ipconfig /all details of parent and child DC to get the clear view of the issue.
The secure channel (SC) reset on domain controller
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/d7dbbf0c-7216-47e7-b0a9-efb413000c6f/
Also ensure that dns is set correctly for child domain as below.
DNS Design Options in a Multi-Domain Forest - How to create a Parent-Child DNS Delegation, and How to Configure DNS to create a new Tree in the Forest
http://msmvps.com/blogs/acefekay/archive/2010/10/01/dns-parent-child-dns-delegation-how-to-create-a-dns-delegation.aspx
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
Also, disable local windows firewall service, by default it is enabled in vista/windows 2008 and above. Check the network connectivity and latency.
Disable Windows Firewall: http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx
Active Directory and Active Directory Domain Services Port Requirements
http://technet.microsoft.com/en-us/library/dd772723%28WS.10%29.aspx
See this too.
The Sysvol and Netlogon Shares Are Missing After You Restore a Domain Controller from Backup:http://support.microsoft.com/kb/316790
Hope this helps
The secure channel (SC) reset on domain controller
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/d7dbbf0c-7216-47e7-b0a9-efb413000c6f/
Also ensure that dns is set correctly for child domain as below.
DNS Design Options in a Multi-Domain Forest - How to create a Parent-Child DNS Delegation, and How to Configure DNS to create a new Tree in the Forest
http://msmvps.com/blogs/acefekay/archive/2010/10/01/dns-parent-child-dns-delegation-how-to-create-a-dns-delegation.aspx
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
Also, disable local windows firewall service, by default it is enabled in vista/windows 2008 and above. Check the network connectivity and latency.
Disable Windows Firewall: http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx
Active Directory and Active Directory Domain Services Port Requirements
http://technet.microsoft.com/en-us/library/dd772723%28WS.10%29.aspx
See this too.
The Sysvol and Netlogon Shares Are Missing After You Restore a Domain Controller from Backup:http://support.microsoft.com/kb/316790
Hope this helps
Featured Post
On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention.
Multiple USB devices need t…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility.
Directly connect an external storage device such as a USB drive, or CD\DVD burner:
If the device is a USB drive, ensure i…
Suggested Courses
Course of the Month6 days, 4 hours left to enroll
705 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.