We help IT Professionals succeed at work.

Windows 2003 pdc (and gc) crashed, how to get other dc to authenicate network servers

400 Views
Last Modified: 2014-01-07
We have a very old windows 2003 network that we are in the process of upgrading.  However, our PDC crashed.  It also was the GC.  Now half of my users and servers can authenticate, but others can't access any network services.  The exchange 2003 server we have can't start the exchange services.  It gives us a Servier is not Operational error, which I looked up and is related to naming.  

We only have one additional dc.  I'm going to add another, but for right now, I have to get everyone operational.  Can I seize the roles, even though I only have one remaining dc?  I read to not seize them to the same server as the gc.  Right now, there is no gc.  Can I go ahead and seize them, and then add another dc afterwards and make it the GC.  Or do I have to have the GC right now?  Any advice would be greatly apprectiated.
Comment
Watch Question

Senior Network Consultant / Engineer
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Jeremy WeisingerSenior Network Consultant / Engineer
CERTIFIED EXPERT

Commented:
I should also note that the main issue with authentication and functionality is not having a GC available. The FSMO roles could be offline for a bit and no one would notice unless someone did a task that required one of the roles. The most notable would be changing a user password.
Will SzymkowskiSenior Solution Architect
CERTIFIED EXPERT
Most Valuable Expert 2015
Top Expert 2015
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Thanks, this is all very helpful.  Will the fact that the original dc with the roles and the gc crashed affect my ability to make the other dc a gc?  I just went into the sites and servers and selected gc for the remaining dc.  I can open the users and computers.  Is that all I need?  I'm still having trouble with my exchange server seeing the domain controller.
CERTIFIED EXPERT

Commented:
No... you can make it a GC without issue... but you also want to seize the roles so the remaining DC can take over as the master for each role.
CERTIFIED EXPERT

Commented:
And AFTER you have the roles and the GC sorted out, and have given enough time for the DC to realize the old machine is no longer there (See the link earlier about metadata cleanup). You'll want to reboot your exchange server so it can re-establish it's connection and start up properly.
Jeremy WeisingerSenior Network Consultant / Engineer
CERTIFIED EXPERT

Commented:
On the Exchange server make sure it's DNS is configured correctly and then reboot.
Will SzymkowskiSenior Solution Architect
CERTIFIED EXPERT
Most Valuable Expert 2015
Top Expert 2015

Commented:
Use the link below which illustrats exactly where to make this change in Sites and Services.

Exchange WILL NOT WORK if your GC is offline. Once you have enabled the additional DC as a GC you will probably need to reboot your Exchange server anyways. Make sure that your Exchange server is only pointing to the additional DC and remove the DNS entry for the old PDC that failed.

Promote DC to GC - http://support.microsoft.com/kb/296882

Will.

Author

Commented:
I have demoted the old server.  However, when we try to log the exchange server on after a reboot, i get the following errors:

I get an event id 1053 and a description of - Windows cannot determine the user or computer name.  

I also get a dnsapi error id 11166 which is described as the system not being able to register host (a) resource records (RR) for adapter.  

Any ideas?
Jeremy WeisingerSenior Network Consultant / Engineer
CERTIFIED EXPERT

Commented:
It sounds like it's pointing to the wrong DNS server. Is the working DC a DNS server too?

Author

Commented:
No, but I'm thinking of making it one.

Author

Commented:
Also, I have a lot of errors pertaining to opening the group policy.  When I go into the Domain Security Settings, it says it can't find the network path.
Will SzymkowskiSenior Solution Architect
CERTIFIED EXPERT
Most Valuable Expert 2015
Top Expert 2015

Commented:
You said you demoted the DC were you able to transfer the FSMO roles to the other DC first?

If the additional DC does have the FSMO roles and it's the only DC left in the environment you need to seize all of the roles to the DC that is still active. Also making this DC a GC as I suggested earlier. Your DC need to be A DNS server as well and have your clients and other server point to it for DNS.

Will.
Jeremy WeisingerSenior Network Consultant / Engineer
CERTIFIED EXPERT

Commented:
Will, TOHIT already made the DC a GC, at least according to this post.

TOHIT, do you have any DNS server in the environment or was it just the failed DC? If the failed DC is the only DNS server, then you need to install DNS. This is first priority since so much is dependent on it (Exchange, a lot of aspects of AD, authentication, etc). You then need to make sure all computers are pointed to the DC for DNS.

Once you have a GC (which I believe you already took care of) and a DNS server, that will get you back to 99% functional.

Author

Commented:
Thanks for all the help.  I found the main problem was that the dns server we were using temporarily had an incorrect entry for the dc I seized the roles with .  One last question.  I have now the dc running with the fsmo roles and as a gc, and I set up dns on it.  I am now bringing up another dc so that we have some backup.  I am also making it another dns server.  Should I also also make it a gc?  It is a single site, with about 240 users.  That will make two dc's, two dns's, and two gc's total.
Seth SimmonsLead Systems Administrator
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Jeremy WeisingerSenior Network Consultant / Engineer
CERTIFIED EXPERT

Commented:
Yes, make it a GC.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.