Solved

can't demote Domain Controller

Posted on 2013-10-22
13
2,756 Views
Last Modified: 2013-10-24
Hi @ all

We are currently migrating a Domain Controller from Windows Server 2008 SBS to Windows Server 2012. I successfully added the Windows Server 2012 as a domain Controller in my forest and moved all FSMO-roles over to the new server. Everything seams runnig fine since there aren't any errors or warnings in the eventlog. I also can successfully replicate between the two DCs. All required entrys in the DNS are available too and the DC is listed as domain controller, GC and DNS- server. The two DCs are set to use the new DNS-server as primary DNS-Server.

If I want to demote the old 2008SBS I get many errors telling me that there can't be contacted any domain controller in the specified domain and the specified domain is not available, and the dcpromo finishs without demoting the old server.

If I run a dcdiag I get different errors. (DCdiag in the attachments) dcdiag-NEW-Server-2012.txt

What could be the problem?

Thanks a lot for any help
0
Comment
Question by:ECOteam
  • 3
  • 3
  • 2
  • +4
13 Comments
 
LVL 24

Expert Comment

by:-MAS
ID: 39590751
If you dont want the DC you could forcefully remove the DC by the command
"dcpromo /forceremoval"  and follow these to remove entries from DC
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
0
 
LVL 8

Expert Comment

by:piyushranusri
ID: 39590794
firstly i will suggest you to resolve the issue before doing demotion. I can see SERVER IS NOT RESPONDING, Unable to connect to the NETLOGON share! ,

check the net work connection first. because all the error is said in the text file is related to network issue.

restart the domain first and then run the dcdiag.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 39590806
I would not recommend forcibly removing the old DC since both advertising and netlogons is failing. You could permanently break your domain.

Instead, configure the primary DNS server ON the new server to point to the old server, then reboot each server so hey both aren't down at the same time.

Finally, rerun dcdiag and replmon and look for problems. Once replication reports good AND there are no errors, you can switch the DNS server back.

The error 67 in your dcdiag makes me believe that the AD zone didn't finish replicating. Thus the failure to start netlogon, thus the failure to advertise, ultimately leading to the failure to demote. The above steps allows that to finish and resolve itself.
0
 

Author Comment

by:ECOteam
ID: 39590997
@cgaliher:
I added the old server in the "forwarders" list of the DNS and the old server is listed as primary DNS-server in the NIC config now. Is it that, what you meant bevore? I rebooted both servers. I run repadmin and it shows me that all replications are finised without any errors.

If I try to demote the old server, it fails again...

I have no idea what to do next... any suggestions?

Thanks a lot for your help.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 39591118
I never mentioned forwarders. That will only further complicate things. Make sure new server points to old and old points to new, then do dcdiags on BOTH. If you want more help, please post both ipconfigs (with /all) and both dcdiags.
0
 
LVL 9

Accepted Solution

by:
VirastaR earned 500 total points
ID: 39591131
Hi,

From the DCDiag this what I understand....

Doing primary tests

   
   Testing server: Default-First-Site-Name\NEW-Server-2012

      Starting test: Advertising

         Warning: DsGetDcName returned information for

         \\old-sbs-server.my-domain.local, when we were trying to reach

         NEW-Server-2012.

        SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.

         ......................... NEW-Server-2012 failed test Advertising

      Starting test: FrsEvent

Check this..

server is not responding or is not considered suitable
http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_26265586.html

SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE ......................... ad2008R2 failed test Advertising
http://social.technet.microsoft.com/Forums/windowsserver/en-US/6713c55f-0bc5-4d74-a18b-b867ccc9d059/server-is-not-responding-or-is-not-considered-suitable-ad2008r2-failed?forum=winserverDS

Hope that helps :)
0
 
LVL 19

Expert Comment

by:compdigit44
ID: 39592867
According to the following link it sounds like SBS likes to hold all of the FSMO roles since it is suppose to be a stand-alone DC.

1) Move all FSMO rolls to SBS, demote it than seize the FSMO rolls to your 2012 server

2) Force demote your SBS server than run a Metadata cleanup to make sure all references to your SBS server are gone.

http://community.spiceworks.com/topic/332670-windows-sbs-2008-to-server-2012-standard-migration-of-ad-and-exchange
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39595463
From the log it is clear that sysvol/netlogon share is missing on  NEW-Server-2012.I have seen the same case many times this happens when Win2008/2012 DC is introduced in win2003 network.Once 2008/12 DC is promoted the sysvol content are not replicated that is policies and script folder is not replicated to Win2008 DC.

Check the sysvol and netlogon share are available or not.Ran net share command to check the same.

Check the sysvol folder are the policies and script folder replicated or not.If it is not replicated you need to perfrom authorative and non authorative of sysvol folder to fix the same.

Assuming you have two DC Win2003 and Win2012.On 2003DC ran D4(auth restore) and on 2012DC ran D2(nonauth restore):Refer below link:http://support.microsoft.com/kb/290762

Take the backup of policies and script folder from 2003DC and copy the same to alternate location before you proceed.

Once done then you can proceed with demoting sbs server.
0
 
LVL 19

Expert Comment

by:compdigit44
ID: 39595765
Did you upgrade your AD schema before adding your 2012 server to the domain?
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39595814
0
 

Author Comment

by:ECOteam
ID: 39596625
@virastar: Your first link provided helped me. Thanks a lot! Problem solved.
0
 

Author Closing Comment

by:ECOteam
ID: 39596626
@virastar: Your first link provided helped me. Thanks a lot! Problem solved.
0
 
LVL 19

Expert Comment

by:compdigit44
ID: 39598889
So was the issue that your 2012 server was not fully promoted and/or the process did not complete successfully??
0

Join & Write a Comment

Resolve DNS query failed errors for Exchange
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now