Solved

dcpromo failing Server 2008

Posted on 2013-11-22
8
459 Views
Last Modified: 2013-11-29
We have a branch office Server 2008.  its active directory was not replicating and eventually went to tombstone.  I assume users must have been authenticating over the site to site VPN to a main office DC.  

I rtied the registry fix to allow it to synch when out of date, but that did not work.

I eventually ran dcpromo /forceremoval, ran metadata cleanup, killed it out of DNS.  I still cannot run dcpromo, or join this to the domain.  At one point I changed its name and IP address and still couldnt join.

It currently is a stand alone server.  It has a secondary DNS zone for my domain, which works.  it has a good connection to the main DC, can ping the domain name and get a response from the main DC.  can ping the main DC by name and get a correct response.

On both functions I get to the name and password box, then get network path not found, or forest not available.
0
Comment
Question by:mathews2001
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 2
8 Comments
 

Author Comment

by:mathews2001
ID: 39669406
errors from Joining domain and dcpromo

dcpromo
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39670824
Please check below parameters

1.Check the dns setting shpuld point to online DC which is reachable and required port are open for AD communication,check the NIC binding and ensure multiple NIC is not configured.http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/

Active Directory Firewall Ports - Let's Try To Make This Simple
http://msmvps.com/blogs/acefekay/archive/2011/11/01/active-directory-firewall-ports-let-s-try-to-make-this-simple.aspx 

2.Please try disabling the windows firewall and Antivirus Application for a while on the Windows 2008 server and try.

3.This issue may occur if the TCP/IP NetBIOS Helper Service is not running on the client computer.
 http://www.chicagotech.net/pathnotfound.htm
 
Network Path Not Found" Error Message When You Try to Add Workstation to Domain:http://support.microsoft.com/kb/285182

4.Check the health of exisitnf dc too by dcdiag/q and repadmin /replsum
0
 

Author Comment

by:mathews2001
ID: 39672025
dns is pointing to a good DC and working.  even went old school and added hosts and lmhosts files at one point.

no AV for now

The VPNs are wide open between sites.

no local firewalls enabled

dcdiag is clean except for one frsevent message that I feel is minor
0
Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

 

Author Comment

by:mathews2001
ID: 39672029
Source DC           largest delta  fails/total  %%  error
AUSTIN               35m:32s    0 /  23    0
 east                 31m:36s    0 /  10    0
 maindc                  31m:41s    0 /  23    0
 HOUSTON              31m:41s    0 /  10    0
 TYLER            31m:37s    0 /  10    0
 west                 31m:37s    0 /   6    0


Destination DC    largest delta    fails/total  %%  error
 AUSTIN               31m:43s    0 /  23    0
 east                 35m:32s    0 /  10    0
 maindc              33m:58s    0 /  23    0
 HOUSTON              25m:08s    0 /  10    0
 TYLER             31m:01s    0 /  10    0
 west                 34m:40s    0 /   6    0
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39672041
Can you post the ipconfig /all details of the server you are promoting? what about the client computer can you try rejoining one of the client computer in site where you are promoting the server.
0
 

Author Comment

by:mathews2001
ID: 39673183
Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : domain.com
   Description . . . . . . . . . . . : Broadcom BCM5716C NetXtreme II Gig
 VBD Client)
   Physical Address. . . . . . . . . : B8-AC-6F-80-65-8D
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.0.8.11(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.0.8.1
   DNS Servers . . . . . . . . . . . : 10.0.9.10
                                       10.0.2.9
   NetBIOS over Tcpip. . . . . . . . : Enabled

the 2 DNS servers are the closest DC and the one at the main office.

they are reachable by ping. BUT I cannot browse them.  Sicne this server is not on the domain, I would expect to get a username/password box, then be able to see the shares on the 2 servers.  Instead I get the network lcoation cannot be reached.  

Going the other direction works.  from DC to this server.
0
 

Accepted Solution

by:
mathews2001 earned 0 total points
ID: 39673199
got it

Somehow Client for Microsoft Networks was removed from teh NIC during the dcpromo /forcemoval.  it was the last place I looked.

Also found a lanman registry key that was divergent from a working system.
0
 

Author Closing Comment

by:mathews2001
ID: 39684952
took me a while to get there
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
A hard and fast method for reducing Active Directory Administrators members.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question