Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Demoted DC Can't Reach Other DC's

Posted on 2013-05-24
18
Medium Priority
?
315 Views
Last Modified: 2013-06-17
We have a 2008R2 core server on our network which was tombstoned. The server had DNS and DHCP for the branch. My plan was to forcefully demote the DC (as it was not replicating due to tombstone), perform a metadata cleanup, and re-promote the DC (maintaining the DHCP and DNS server roles).

The server demoted gracefully. The DC was no longer in DNS or AD sites & services. However, after attempting to re-promote the DC, I seem to be having DNS issues on the DC. DNS was manually set to itself (as it was the DNS server for the site). Even after setting DNS to another DNS server in our domain and flushing/registering DNS, I can't seem to get it to see the other servers on the network. NSLookup times out.  I've checked AD Sites and Services and our inter-site transports are correct.  This subnet should be replicating from our headquarters.  I am using the fqdn (mydomain.local) when I try to re-add the server to the domain.

I'm able to ping other servers, I just can't reach them by hostname.  I am unable to telnet to another DNS server using port 53 because Server 2008 core does not have telnet.

I also tried disabling IPv6.  No luck.
0
Comment
Question by:rbsd176
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 3
  • 3
  • +1
18 Comments
 
LVL 20

Expert Comment

by:Peter Hutchison
ID: 39194582
Is there one network card in it? Check registry for any old entries (HLKM\System\CurrentControlSet\Services\Tcpip).

Does it have Windows Firewall enabled or User Access Control enabled?

Try resetting the network adapter to defaults using netsh command:
http://support.microsoft.com/kb/299357
0
 

Author Comment

by:rbsd176
ID: 39194594
UAC and Windows firewall are disabled.

If I reset the network adapter to defaults, will it remove the TCP/IP or DNS settings?  That would cause a problem because the server is at a remote branch.
0
 
LVL 9

Expert Comment

by:Mike Roe
ID: 39194621
To add telent

To install an optional feature

    At a command prompt, type:

    start /w ocsetup <featurename>

    Where featurename is the name of a feature from the following list:
        Failover Clustering: FailoverCluster-Core

        Network Load Balancing: NetworkLoadBalancingHeadlessServer

        Subsystem for UNIX-based applications: SUACore

        Multipath IO: MultipathIo

        Removable Storage: Microsoft-Windows-RemovableStorageManagementCore

        BitLocker Drive Encryption: BitLocker

    noteNote
    To install the remote administration tool for BitLocker, type the following at a command prompt:

    start /w ocsetup BitLocker-RemoteAdminTool

        Windows Server Backup: WindowsServerBackup

        Simple Network Management Protocol (SNMP): SNMP-SC

        Windows Internet Name Service (WINS): WINS-SC

        Telnet client: TelnetClient
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:rbsd176
ID: 39194636
I don't have server manager.  It's server core.  I can't connect remotely through server manager on another server because it needs a hostname.
0
 

Author Comment

by:rbsd176
ID: 39194646
Unfortunately I think this is a limitation of server core.  I receive the error "The specified Windows component could not be found: telentclient".
0
 
LVL 20

Expert Comment

by:Peter Hutchison
ID: 39194648
You can add a static entry to your DNS for the remote server with its hostname and ip address.
0
 

Author Comment

by:rbsd176
ID: 39194657
I tried adding a host record on the DC at our headquarters and using repadmin /syncall, it still can't reach any other DNS servers.
0
 

Author Comment

by:rbsd176
ID: 39194664
Just tried to reset TCP on the server using NETSH on a lab server.  This won't work because it's a remote server and it resetting TCP clears the IP settings.  Won't be able to get back in after it's reset.
0
 

Author Comment

by:rbsd176
ID: 39194726
My last option if I can't figure this out is to bring up a 2008 DC and DNS server at our HQ branch with IP settings for the remote branch, place the DNS server in the remote site in DNS through server manager, then ship the server to the branch.  I'm confident that with an active DNS server at the site, it will be able to add to the domain.  However, I would like to figure this out remotely if at all possible.
0
 
LVL 9

Expert Comment

by:Mike Roe
ID: 39194778
Did you make sure the telnet is spelled correctly..


The reply you sent you had it wrong
0
 
LVL 20

Expert Comment

by:Peter Hutchison
ID: 39194781
Did you figure out why it had stopped replicating in the first place. This could also be the reason why dns isn't working as well?
0
 

Author Comment

by:rbsd176
ID: 39195138
Yes I made sure telnet was spelled correctly.  The server was not replicating because there was another DC at the site that was not properly decommissioned.  It was just removed from the network, never demoted, etc.
0
 
LVL 79

Expert Comment

by:arnold
ID: 39196203
You can use netsh to replace the nameserver records. Alternatively, modify the zone access rights to allow non DC access to the AD zones.  Main issue is likely due to the fact that the server's machine account was tombstoned.
Netdom or use powershell to reset the machine password/account in the AD.
0
 

Author Comment

by:rbsd176
ID: 39201774
Set DNS primary/secondary to known good DNS server at another branch.  No luck.  Attempted to use netdom to reset the machine account and password.  The server is not on the domain, it's in a workgroup.  It cannot reset the machine account/password while in a workgroup.
0
 

Author Comment

by:rbsd176
ID: 39205947
Update: I'm able to access DNS management for the server using RSAT on a Windows 7 VM.  There seems to be some incompatibility between server manager for Windows 8 and Server 2008.  

Within DNS manager, on this server, there are no zones.  

Is it a good idea to export the zones from another DNS server on the network and import into DNS on that server?
0
 
LVL 79

Expert Comment

by:arnold
ID: 39205953
AD DNS zones are AD integrated.
0
 

Author Comment

by:rbsd176
ID: 39205993
Correct.  Remember that this server is not on a domain.  It's not receiving DNS updates from anywhere.  Now that I have discovered that all DNS zones were removed when the server was demoted, it won't be able to receive updated DNS from anywhere.

Simply, here is the issue:

- I demoted DC.  It was a DNS server for the branch.
- All DNS zones were removed.
- I need the DNS zones back so I can talk to other DNS servers.
0
 
LVL 79

Accepted Solution

by:
arnold earned 2000 total points
ID: 39206152
You can add a DNS server and setup up as a caching server.
I am unclear with what you are trying to do now and which system you are trying to do it with.
Make sure your DS server des not have a root (.) for which it is reflected as authoritative.

The properties of DNS server root tab, should reflected a-f.root-servers.net

You could take down the win2k8 system.
You would then restore the win2k3 system state from backup when it was a DC. This way you will restore the data and the win2k3 as a DC of an AD and should be back functional.

You can then while off network clear the AD setup in the win2k8 and start the process again, but this time make sure that the added DC is synchronized before proceeding with transitioning from one DC to another.
0

Featured Post

10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever had a hard drive that you can't boot into, but need to change the registry? Here is the solution! This article guides you through accessing and editing a registry of a non-primary drive. To read registry information on a non-prim…
Many admins will agree: WSUS is is a nice invention but using it on the client side when updating a newly installed computer is still time consuming as you have to do several reboots and furthermore, the procedure of installing updates, rebooting an…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question