2003 R2 Domain issue.
Hello I have two Domain controller running 2003 R2 (yes I know I have to migrate, and I 'll do when I repair it).
today I meet "DC2" without free disk space, then I expand the disk (solved) but the problem is that the Domain controllers don't replicate to the other.
DC2 event log:
- Application : event Id 1030 source Userenv --> Windows can not query for the list of Group Policy objects
-System: event Id 4 source Kerberos --> kerberos client received an error .... the password is different ...
and a lot of events showing NTDS replication, DNS, ...
DC1 event log:
- Application : event Id 1030 source Userenv --> Windows can not query for the list of Group Policy objects
and a lot of events showing NTDS replication, DNS, ...
I have done a "dcpromo /force removed" in DC2 (because the kerveros event sound bad) , and in DC 1 seize the 5 roles, en the DNS by hand I cleaned all the DC2 items.
If I look in "user and Active Directory computers" I can see all the computers and user of the Active Directory.
But in the DC1 events I found:
- Application : event Id 1030 source Userenv --> Windows can not query for the list of Group Policy objects
-System: event Id 5774 source NETLOGON --> there has been an error in recording dynamic DNS registration:
"DomainDnsZones.CLIENT.loc
For computers and users to locate this domain controller, this record must register in DNS
I think the problem Is in the DNS server.
Can I repair the DNS server?
Thanks.
today I meet "DC2" without free disk space, then I expand the disk (solved) but the problem is that the Domain controllers don't replicate to the other.
DC2 event log:
- Application : event Id 1030 source Userenv --> Windows can not query for the list of Group Policy objects
-System: event Id 4 source Kerberos --> kerberos client received an error .... the password is different ...
and a lot of events showing NTDS replication, DNS, ...
DC1 event log:
- Application : event Id 1030 source Userenv --> Windows can not query for the list of Group Policy objects
and a lot of events showing NTDS replication, DNS, ...
I have done a "dcpromo /force removed" in DC2 (because the kerveros event sound bad) , and in DC 1 seize the 5 roles, en the DNS by hand I cleaned all the DC2 items.
If I look in "user and Active Directory computers" I can see all the computers and user of the Active Directory.
But in the DC1 events I found:
- Application : event Id 1030 source Userenv --> Windows can not query for the list of Group Policy objects
-System: event Id 5774 source NETLOGON --> there has been an error in recording dynamic DNS registration:
"DomainDnsZones.CLIENT.loc
For computers and users to locate this domain controller, this record must register in DNS
I think the problem Is in the DNS server.
Can I repair the DNS server?
Thanks.
ASKER
thanks, yes I know, actually I'm working with the DC1 and DC2 (restored from backup) and in another VM I have (without NET) DC1 as unique domain controller.
I'll send you the log.
I'll send you the log.
ASKER
ASKER
If you prefer I can stop DC1 and DC2 and start the new DC1 (alone as Domain controller) and send the logs form it.
Really my idea is leave a 2003 R2 DC and attach a new 2012 DC to the system, pass all the roles to the new 2012 DC and then shut down the old 2003 R2.
Thanks.
Really my idea is leave a 2003 R2 DC and attach a new 2012 DC to the system, pass all the roles to the new 2012 DC and then shut down the old 2003 R2.
Thanks.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The server DC2 is named 3DC y rewrite it in the logs to make easier for you.
All the server are VM, after trying to shut down DC2 and because DC1 didn't goes fine, I renamed the DC1's VHD and restored the DC1 and DC2, so now I can use both DC1 DC2 and the new alone DC1.
I think may be is better work with the alone DC1, and try repair the DNS.
I'll review the DNS configuration but I don't know much about DNS records.
I don't understand Why do you want to repromote DC2, I prefer attach a new 2012 server.
Thanks
All the server are VM, after trying to shut down DC2 and because DC1 didn't goes fine, I renamed the DC1's VHD and restored the DC1 and DC2, so now I can use both DC1 DC2 and the new alone DC1.
I think may be is better work with the alone DC1, and try repair the DNS.
I'll review the DNS configuration but I don't know much about DNS records.
I don't understand Why do you want to repromote DC2, I prefer attach a new 2012 server.
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello Footech.
The backup and restore was made with servers stopped (so I think it's alright)
I will to depromote one DC and leave only one as DC (at the momento) but I don't know what server is better keep running as DC.
Can you help me? Reading the logs what is the best candidate? or Is better use the tool replmon to force the replication?
Thanks for your help.
The backup and restore was made with servers stopped (so I think it's alright)
I will to depromote one DC and leave only one as DC (at the momento) but I don't know what server is better keep running as DC.
Can you help me? Reading the logs what is the best candidate? or Is better use the tool replmon to force the replication?
Thanks for your help.
I would say it's better to demote DC2 because it hasn't had a successful inbound replication with DC1 since January.
With that said, please make up your mind which you want to work on: the standalone DC or the currently connected one.
With that said, please make up your mind which you want to work on: the standalone DC or the currently connected one.
ASKER
I took the VMs and I'll do the tests in myserver.
I'll post the resoults.
Thanks
I'll post the resoults.
Thanks
ASKER
Hello,
I do the following:
In dc2 dcpromo /forceremoval
dc2 shutdown definitely
In dc1 (named DC)
seize all roles
metadatacleanup
with adsiedit.msc
configuration --> CN=Sites--> CN=servers -->delete entry CN=DC2
run dcdiag and dcdiag /dns:test
and send the files to you.
in the dns I can see many entrys pointing to DC2, but At the momento I don't delete it or change the value DC2 for DC.
Thanks
dcdiag.txt
dcdiag-dns.txt
I do the following:
In dc2 dcpromo /forceremoval
dc2 shutdown definitely
In dc1 (named DC)
seize all roles
metadatacleanup
with adsiedit.msc
configuration --> CN=Sites--> CN=servers -->delete entry CN=DC2
run dcdiag and dcdiag /dns:test
and send the files to you.
in the dns I can see many entrys pointing to DC2, but At the momento I don't delete it or change the value DC2 for DC.
Thanks
dcdiag.txt
dcdiag-dns.txt
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I don't know how to try start the netlogon service, I can't see in the services.
Thanks.
Have I to perform your link?
Thanks again for your patience.
Thanks.
Have I to perform your link?
Thanks again for your patience.
ASKER
Ok I do it, and in the event Files Replication Service I get three event:
1.-
Id 13501 the Files Replication Service is starting.
2.-
Id 135212
Warning The files replication service has detected a disk write cache in the unit containing c:\windows\ntfrs\jet in the computer DC. It possible ......
3.-
Id 13516
The Files Replication Service no longer prevents that DC computer be a Domain Controller. ..
But If I do dcdiag /v in the services paragraph I get NETLOGON services is paused on DC.
also in the event viewer I get an NTDS general event 1126 and NTDS general event 2103.
May be the server is in a USB rollback....
Please tell me your opinion to try to recover the Domain from the the other server.
Thanks again
1.-
Id 13501 the Files Replication Service is starting.
2.-
Id 135212
Warning The files replication service has detected a disk write cache in the unit containing c:\windows\ntfrs\jet in the computer DC. It possible ......
3.-
Id 13516
The Files Replication Service no longer prevents that DC computer be a Domain Controller. ..
But If I do dcdiag /v in the services paragraph I get NETLOGON services is paused on DC.
also in the event viewer I get an NTDS general event 1126 and NTDS general event 2103.
May be the server is in a USB rollback....
Please tell me your opinion to try to recover the Domain from the the other server.
Thanks again
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
yes I did the authoritative restore,
And after your last orders it seem to run correctly.
Many thanks.
And after your last orders it seem to run correctly.
Many thanks.
Glad to hear it.
Run the following and post back.
dcdiag /v
dcdiag /v /test:dns