Solved

Netlogin incorrect AD

Posted on 2014-04-02
12
537 Views
Last Modified: 2014-04-20
I  getting the following error. Does anyone know how to fix this?

Last Status Message:      Error detected in Windows Active Directory configuration. The Domain GUID {E62D9AE3-8490-4C97-8BA1-8D391A445D52} reported by Netlogon is incorrect. It should be equal to the Domain GUID {BD25D7DA-B35F-4240-B687-C0AC71DA8421} read directly from Active Directory. This Windows Active Directory issue must be fixed before this domain can be synced correctly. Please contact support for assistance.
0
Comment
Question by:WIZU2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +1
12 Comments
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 39972911
You should disjoin and rejoin the domain. This error most often occurs when a sysadmin chooses to build a new domain instead of migrating and chooses to use the same domain name. Since AD uses DNS, queries using that domain name succeed, but then attempting to establish a connection reveals that the domain has a new GUID because of the rebuild.
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39972923
Hi,

1. when did you start getting these errors ?
2. run DCDIAG /V and see the errors.
3. run \\domainname and see the sysvol share.
0
 

Author Comment

by:WIZU2
ID: 39972937
I migrated this domain from a 2003 SBS into a 2012/2008 DC environment. So your saying I would have to demote these DCs and then re-join them? Seems like there should be an easier way.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 39972954
How did you migrate?
0
 

Author Comment

by:WIZU2
ID: 39972982
I put a 2008 DC on network. Then demoted SBS and forced it to be a member server.
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 39973003
SBS doesn't support being a member server. Ao that'll be a problem. And did you join the 2008 machine to the SBS domain and let it fully replicate? Or did you just make it a new DC? If you didn't verify replication, that'll be another problem.

While you can take steps during a migration to make things easier, you are already beyond that point because of choices or steps made (forcing SBS to be a member serve is a BIG one of those choices.) Your looking at disjoining and rejoining, and removing SBS altogether.
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39973105
Now where your FSMO roles exists ?

If its already migrated to 2008 DC, then shutdown SBS server and check if you are able to logon to domain, domain controller and your application servers are working

Needless to mention that please point network card dns on all servers and 2008 DC also to 2008 domain controller only and check if it works

Mahesh.
0
 

Author Comment

by:WIZU2
ID: 39973571
Getting all kind of errors when I run dcdiag about not being able to process group policy and netlogon. There were no script or policy folders in the sysvol folder under domains. I think I need to run a non-authoritative restore.
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39973779
pls share the output so that we can suggest some solution.
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39974313
How many domain controllers do you have now

I guess only one

if you have only one DC, sysvol authoritative and non authoritative restore will not help as there is no data to restore since SBS server is already decommissioned.

What happened here is, you have promoted new 2008 ADC , you have not cross checked that sysvol is replicated or not and you have forcefully decommissioned SBS server
Now there is no GPOs in sysvol, am I correct ?

In that case I only seen two options
Shutdown 2008 ADC server 1st
Just make authoritative restore of AD system state on SBS server if you already have
Upon restoration check if FSMO roles are found on SBS, if not seize the same on SBS
Then remove 2008 ADC from active directory manually and remove any metadata for that

Format your 2008ADC in isolated network and promote it as ADC properly, check if everything is working and then transfer FSMO on to 2008 ADC and simply demote SBS

OR

If you don't have system state backup, you need to follow below article and rebuild sysvol from scratch on 2008 ADC
http://searchwindowsserver.techtarget.com/tip/How-to-rebuild-the-SYSVOL-tree-when-none-exists-in-Active-Directory

Mahesh.
0
 

Accepted Solution

by:
WIZU2 earned 0 total points
ID: 40002562
I copied the folders from the decommissioned SBS that were thin the sysvol\domains\ folder to the new server and did a non-authoritve restore and everything is working now.
0
 

Author Closing Comment

by:WIZU2
ID: 40011177
Because it fixed solution
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question