Solved

I need some help decommissioning a tombstoned Exchange server - getting all kinds of AD errors

Posted on 2014-01-15
7
613 Views
Last Modified: 2014-01-15
Hi all,

So I migrated from Exchange 2007 to Exchange 2013, and everything went well. I shut off the 07 server once everything was done to be sure there were no connections to the old server and test new server functionality on its own.

I left the old server off for quite awhile, about 3 months.
Today I booted it up to remove Exchange 07 and demote it from being a DC, etc.. and am getting all sorts of Active Directory errors - I think due to the tombstone time frame.

I need some help working through this to be sure AD stays in good shape, and safely decommission the old server. Anyone feel up to this?
0
Comment
Question by:CoSmismgr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
7 Comments
 
LVL 5

Author Comment

by:CoSmismgr
ID: 39783586
When I attempt to open AD Users & Computers on the old server I get:
 "Naming information cannot be located because: The target principal name is incorrect."


When I attempt uninstall E2K7 (Remove Mailbox, Client Access, Hub Transport and Mgmt Tools) I get the following:

Summary: 3 item(s). 0 succeeded, 3 failed.
Elapsed time: 00:00:44


Mailbox Role Prerequisites
Failed

Error:
You must be a member of the 'Exchange Organization Administrators' or 'Enterprise Administrators' group to continue.
Recommended Action: http://go.microsoft.com/fwlink/?linkid=30939&l=en&v=ExBPA.12&id=1d750594-9222-44d7-8f80-45e522e889e6

Error:
Setup encountered a problem while validating the state of Active Directory: An Active Directory error 0x8007203B occurred while searching for domain controllers in domain ci.soldotna.ak.us.local: A local error has occurred.


Error:
The clustered mailbox server removal cannot continue: Unexpected error [0xCC55F834] while executing command 'set-ClusterPassiveNodeDefaults -InstallMode:uninstall -DomainController:'' -ActiveCmsUninstall:('false' -eq 'true') -whatif'.

Error:
Cannot find at least one global catalog server running Windows Server 2003 Service Pack 1 or later in the local Active Directory site.
Recommended Action: http://go.microsoft.com/fwlink/?linkid=30939&l=en&v=ExBPA.12&id=67aca4a0-bc3f-4f8f-8297-b13e0d347942

Elapsed Time: 00:00:39


Client Access Role Prerequisites
Failed

Error:
Setup encountered a problem while validating the state of Active Directory: An Active Directory error 0x8007203B occurred while searching for domain controllers in domain ci.soldotna.ak.us.local: A local error has occurred.


Error:
Cannot find at least one global catalog server running Windows Server 2003 Service Pack 1 or later in the local Active Directory site.
Recommended Action: http://go.microsoft.com/fwlink/?linkid=30939&l=en&v=ExBPA.12&id=67aca4a0-bc3f-4f8f-8297-b13e0d347942

Elapsed Time: 00:00:02


Hub Transport Role Prerequisites
Failed

Error:
Setup encountered a problem while validating the state of Active Directory: An Active Directory error 0x8007203B occurred while searching for domain controllers in domain ci.soldotna.ak.us.local: A local error has occurred.


Error:
Cannot find at least one global catalog server running Windows Server 2003 Service Pack 1 or later in the local Active Directory site.
Recommended Action: http://go.microsoft.com/fwlink/?linkid=30939&l=en&v=ExBPA.12&id=67aca4a0-bc3f-4f8f-8297-b13e0d347942

Elapsed Time: 00:00:02
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39783588
Did you remove Exchange before running DCPROMO on it?
As it was a domain controller you shouldn't have left it off for so long.

Rebooting other domain controllers and Exchange servers should go someway to sorting out the mess.
If Exchange wasn't removed, I would also do that as Exchange on a DC causes interesting problems with other Exchange servers.

Simon.
0
 
LVL 5

Author Comment

by:CoSmismgr
ID: 39783606
I haven't run DCPROMO on it yet. I realize I shouldn't have left it off for so long, but nothing I can do about that now :/

I will reboot other domain controllers and the new exchange server this evening and report back tomorrow.
0
Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 39783784
I would recommend doing the following...
- Power off the old DC/Exchagne 2007 server

Is your FSMO holder a DC the is in a good clean state? if so proceed...

Run the following command on your Good working DC

netdom query fsmo
Make sure that the old DC (that has been powered off does not hold any FSMO roles)

If the above is true and the tombstoned DC does hold ANY FSMO roles make sure that you Seize the roles to a working DC.

Seize FSMO Roles

If your old DC does not hold any FSMO roles proceed below...
- Perform Metadata cleanup Metadata cleanup
- Open Sites and Services, Delete any Computer objects for this old DC
- Open DNS Manager under the _msdcs folder and delete any SRV records that are present in GC\DC\Kerberos\LDAP\etc

Exchange Part
Once your DC has been cleaned up you will need to use ADSIEdit to remove Exchange.

Remove Exchange 2007 using ADSIEdit.msc

Will.
0
 
LVL 5

Author Comment

by:CoSmismgr
ID: 39783820
Will, I will do this since it can be done without waiting for the reboots. I will post back with any issues.
0
 
LVL 5

Author Comment

by:CoSmismgr
ID: 39783968
Will, that was the perfect way to do it! Thank you so much
0
 
LVL 5

Author Closing Comment

by:CoSmismgr
ID: 39783971
Very accurate, and precise directions. No problems at all performing what I needed to do.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question