Solved

Some PCs unable to login to a 2003 domain. One server may have tombstoned?

Posted on 2013-11-13
4
222 Views
Last Modified: 2013-11-18
Hi,

I have three domain controlers all running 2003

Some PCs are able to login without an issue but some cannot.

One DC was offline for over 60 days so I think it has now tombstoned. This DC has no roles and is not hosting any critial applications. I have NTDS replication in the event viewer (one is event ID 2042)

I'm tempted to demote the problematic DC in the short term to get the users back online as soon as possible. Would this sort this issue?

Is it as easy as DCPROMO and follow the wizard or is there anything else I can try? And can I demote a dc via remote desktop?. The DC in question is a virtual server on ESXI.
0
Comment
Question by:APC_40
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 500 total points
ID: 39646953
Event ID 2042 indicates server has has not replicated with its partner for longer than a tombstone lifetime.Demote/promote should fix the issue.

You cannot demote the faulty DC gracefully you need to do forcefull removal.You need to ran dcpromo/force removal and then run matadata cleanup on other DC(healthy) to remove the instance of faulty DC from AD database and DNS.If faulty DC is fsmo role holder server the you need to seize the FSMO role on other DC.

Once done you can promote the Server back as ADC.Also configure authorative time server role on PDC role holder server.

Reference link
Forcefull removal of DC: http://support.microsoft.com/kb/332199
Metadata cleanup: http://www.petri.co.il/delete_failed_dcs_from_ad.htm
Seize FSMO role: http://www.petri.co.il/seizing_fsmo_roles.htm
Authorative time server: http://support.microsoft.com/kb/816042
0
 

Author Comment

by:APC_40
ID: 39647231
I went straght to metadatacleanupp and did not use the force removal - will this cause issues? The DC appears to be gone though.

I have two DCs  - do I have to run metadatacleanup twice from each DC to cleanup the bad DC?
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39647282
You have to run metadata cleanup only once to remove the instances of faulty server the other DC will replicate and remove the instances of faulty server no need to run on all DC.

On the faulty server excute dcpromo/force  to remove the AD.
0
 

Author Closing Comment

by:APC_40
ID: 39656058
Excellent answer - thanks
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hallo! I guess almost every Windows Administrator must have got stumped with this question "Where does WINDOWS store a users cached credentials? Every user who had once logged onto a Server/Desktop while it was connected to the domain could sti…
The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question