Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

can't demote Domain Controller

Posted on 2013-10-22
13
Medium Priority
?
3,418 Views
Last Modified: 2013-10-24
Hi @ all

We are currently migrating a Domain Controller from Windows Server 2008 SBS to Windows Server 2012. I successfully added the Windows Server 2012 as a domain Controller in my forest and moved all FSMO-roles over to the new server. Everything seams runnig fine since there aren't any errors or warnings in the eventlog. I also can successfully replicate between the two DCs. All required entrys in the DNS are available too and the DC is listed as domain controller, GC and DNS- server. The two DCs are set to use the new DNS-server as primary DNS-Server.

If I want to demote the old 2008SBS I get many errors telling me that there can't be contacted any domain controller in the specified domain and the specified domain is not available, and the dcpromo finishs without demoting the old server.

If I run a dcdiag I get different errors. (DCdiag in the attachments) dcdiag-NEW-Server-2012.txt

What could be the problem?

Thanks a lot for any help
0
Comment
Question by:ECOteam
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +4
13 Comments
 
LVL 27

Expert Comment

by:MAS
ID: 39590751
If you dont want the DC you could forcefully remove the DC by the command
"dcpromo /forceremoval"  and follow these to remove entries from DC
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
0
 
LVL 8

Expert Comment

by:piyushranusri
ID: 39590794
firstly i will suggest you to resolve the issue before doing demotion. I can see SERVER IS NOT RESPONDING, Unable to connect to the NETLOGON share! ,

check the net work connection first. because all the error is said in the text file is related to network issue.

restart the domain first and then run the dcdiag.
0
 
LVL 59

Expert Comment

by:Cliff Galiher
ID: 39590806
I would not recommend forcibly removing the old DC since both advertising and netlogons is failing. You could permanently break your domain.

Instead, configure the primary DNS server ON the new server to point to the old server, then reboot each server so hey both aren't down at the same time.

Finally, rerun dcdiag and replmon and look for problems. Once replication reports good AND there are no errors, you can switch the DNS server back.

The error 67 in your dcdiag makes me believe that the AD zone didn't finish replicating. Thus the failure to start netlogon, thus the failure to advertise, ultimately leading to the failure to demote. The above steps allows that to finish and resolve itself.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:ECOteam
ID: 39590997
@cgaliher:
I added the old server in the "forwarders" list of the DNS and the old server is listed as primary DNS-server in the NIC config now. Is it that, what you meant bevore? I rebooted both servers. I run repadmin and it shows me that all replications are finised without any errors.

If I try to demote the old server, it fails again...

I have no idea what to do next... any suggestions?

Thanks a lot for your help.
0
 
LVL 59

Expert Comment

by:Cliff Galiher
ID: 39591118
I never mentioned forwarders. That will only further complicate things. Make sure new server points to old and old points to new, then do dcdiags on BOTH. If you want more help, please post both ipconfigs (with /all) and both dcdiags.
0
 
LVL 9

Accepted Solution

by:
VirastaR earned 2000 total points
ID: 39591131
Hi,

From the DCDiag this what I understand....

Doing primary tests

   
   Testing server: Default-First-Site-Name\NEW-Server-2012

      Starting test: Advertising

         Warning: DsGetDcName returned information for

         \\old-sbs-server.my-domain.local, when we were trying to reach

         NEW-Server-2012.

        SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.

         ......................... NEW-Server-2012 failed test Advertising

      Starting test: FrsEvent

Check this..

server is not responding or is not considered suitable
http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_26265586.html

SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE ......................... ad2008R2 failed test Advertising
http://social.technet.microsoft.com/Forums/windowsserver/en-US/6713c55f-0bc5-4d74-a18b-b867ccc9d059/server-is-not-responding-or-is-not-considered-suitable-ad2008r2-failed?forum=winserverDS

Hope that helps :)
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 39592867
According to the following link it sounds like SBS likes to hold all of the FSMO roles since it is suppose to be a stand-alone DC.

1) Move all FSMO rolls to SBS, demote it than seize the FSMO rolls to your 2012 server

2) Force demote your SBS server than run a Metadata cleanup to make sure all references to your SBS server are gone.

http://community.spiceworks.com/topic/332670-windows-sbs-2008-to-server-2012-standard-migration-of-ad-and-exchange
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39595463
From the log it is clear that sysvol/netlogon share is missing on  NEW-Server-2012.I have seen the same case many times this happens when Win2008/2012 DC is introduced in win2003 network.Once 2008/12 DC is promoted the sysvol content are not replicated that is policies and script folder is not replicated to Win2008 DC.

Check the sysvol and netlogon share are available or not.Ran net share command to check the same.

Check the sysvol folder are the policies and script folder replicated or not.If it is not replicated you need to perfrom authorative and non authorative of sysvol folder to fix the same.

Assuming you have two DC Win2003 and Win2012.On 2003DC ran D4(auth restore) and on 2012DC ran D2(nonauth restore):Refer below link:http://support.microsoft.com/kb/290762

Take the backup of policies and script folder from 2003DC and copy the same to alternate location before you proceed.

Once done then you can proceed with demoting sbs server.
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 39595765
Did you upgrade your AD schema before adding your 2012 server to the domain?
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39595814
0
 

Author Comment

by:ECOteam
ID: 39596625
@virastar: Your first link provided helped me. Thanks a lot! Problem solved.
0
 

Author Closing Comment

by:ECOteam
ID: 39596626
@virastar: Your first link provided helped me. Thanks a lot! Problem solved.
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 39598889
So was the issue that your 2012 server was not fully promoted and/or the process did not complete successfully??
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question