[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Netlogin incorrect AD

Posted on 2014-04-02
12
Medium Priority
?
590 Views
Last Modified: 2014-04-20
I  getting the following error. Does anyone know how to fix this?

Last Status Message:      Error detected in Windows Active Directory configuration. The Domain GUID {E62D9AE3-8490-4C97-8BA1-8D391A445D52} reported by Netlogon is incorrect. It should be equal to the Domain GUID {BD25D7DA-B35F-4240-B687-C0AC71DA8421} read directly from Active Directory. This Windows Active Directory issue must be fixed before this domain can be synced correctly. Please contact support for assistance.
0
Comment
Question by:WIZU2
  • 5
  • 3
  • 2
  • +1
12 Comments
 
LVL 61

Expert Comment

by:Cliff Galiher
ID: 39972911
You should disjoin and rejoin the domain. This error most often occurs when a sysadmin chooses to build a new domain instead of migrating and chooses to use the same domain name. Since AD uses DNS, queries using that domain name succeed, but then attempting to establish a connection reveals that the domain has a new GUID because of the rebuild.
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39972923
Hi,

1. when did you start getting these errors ?
2. run DCDIAG /V and see the errors.
3. run \\domainname and see the sysvol share.
0
 

Author Comment

by:WIZU2
ID: 39972937
I migrated this domain from a 2003 SBS into a 2012/2008 DC environment. So your saying I would have to demote these DCs and then re-join them? Seems like there should be an easier way.
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
LVL 61

Expert Comment

by:Cliff Galiher
ID: 39972954
How did you migrate?
0
 

Author Comment

by:WIZU2
ID: 39972982
I put a 2008 DC on network. Then demoted SBS and forced it to be a member server.
0
 
LVL 61

Expert Comment

by:Cliff Galiher
ID: 39973003
SBS doesn't support being a member server. Ao that'll be a problem. And did you join the 2008 machine to the SBS domain and let it fully replicate? Or did you just make it a new DC? If you didn't verify replication, that'll be another problem.

While you can take steps during a migration to make things easier, you are already beyond that point because of choices or steps made (forcing SBS to be a member serve is a BIG one of those choices.) Your looking at disjoining and rejoining, and removing SBS altogether.
0
 
LVL 39

Expert Comment

by:Mahesh
ID: 39973105
Now where your FSMO roles exists ?

If its already migrated to 2008 DC, then shutdown SBS server and check if you are able to logon to domain, domain controller and your application servers are working

Needless to mention that please point network card dns on all servers and 2008 DC also to 2008 domain controller only and check if it works

Mahesh.
0
 

Author Comment

by:WIZU2
ID: 39973571
Getting all kind of errors when I run dcdiag about not being able to process group policy and netlogon. There were no script or policy folders in the sysvol folder under domains. I think I need to run a non-authoritative restore.
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39973779
pls share the output so that we can suggest some solution.
0
 
LVL 39

Expert Comment

by:Mahesh
ID: 39974313
How many domain controllers do you have now

I guess only one

if you have only one DC, sysvol authoritative and non authoritative restore will not help as there is no data to restore since SBS server is already decommissioned.

What happened here is, you have promoted new 2008 ADC , you have not cross checked that sysvol is replicated or not and you have forcefully decommissioned SBS server
Now there is no GPOs in sysvol, am I correct ?

In that case I only seen two options
Shutdown 2008 ADC server 1st
Just make authoritative restore of AD system state on SBS server if you already have
Upon restoration check if FSMO roles are found on SBS, if not seize the same on SBS
Then remove 2008 ADC from active directory manually and remove any metadata for that

Format your 2008ADC in isolated network and promote it as ADC properly, check if everything is working and then transfer FSMO on to 2008 ADC and simply demote SBS

OR

If you don't have system state backup, you need to follow below article and rebuild sysvol from scratch on 2008 ADC
http://searchwindowsserver.techtarget.com/tip/How-to-rebuild-the-SYSVOL-tree-when-none-exists-in-Active-Directory

Mahesh.
0
 

Accepted Solution

by:
WIZU2 earned 0 total points
ID: 40002562
I copied the folders from the decommissioned SBS that were thin the sysvol\domains\ folder to the new server and did a non-authoritve restore and everything is working now.
0
 

Author Closing Comment

by:WIZU2
ID: 40011177
Because it fixed solution
0

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

612 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question