How to replace domain controller that died
My domain controller died and it held the FSMO and RID. This also my DHCP server. Now I am getting bounce of DNS error on the new DC server and secondary DC. Also, I am getting error when logging in remotely using the hostname (but not on IP address) and accessing a network shared drive.
Below are some of the error encounter.
"The server's clock is not synchronized with the primary domain clock"
"DNS lookup failure caused replication to fail"
"This directory server has not received replication information from a number of directory servers within the configured latency interval."
"Active Directory Domain Services could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory Domain Services from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources. "
Below are some of the error encounter.
"The server's clock is not synchronized with the primary domain clock"
"DNS lookup failure caused replication to fail"
"This directory server has not received replication information from a number of directory servers within the configured latency interval."
"Active Directory Domain Services could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory Domain Services from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources. "
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
also, below recommendation wont work, because i don't have backup of the DHCP data from the dead domain controller.
c) Configure DHCP again or if you have DHCP backup restore. http://technet.microsoft.com/en-us/library/cc736344(v=ws.10).aspx
c) Configure DHCP again or if you have DHCP backup restore. http://technet.microsoft.com/en-us/library/cc736344(v=ws.10).aspx
Do you have backup of AD which died?
Do you have any other DC's on the same site? Is it possible to bring back the original server hardware?
What is windows version?
Can you post the exact error when you try to sieze or transfer fsmo?
Do you have any other DC's on the same site? Is it possible to bring back the original server hardware?
What is windows version?
Can you post the exact error when you try to sieze or transfer fsmo?
ASKER
Do you have backup of AD which died? No
Do you have any other DC's on the same site? Is it possible to bring back the original server hardware? Yes, and NO
What is windows version? Windows 2008R2
Can you post the exact error when you try to sieze or transfer fsmo?
"Win32 error returned is 0x20af (The requested FSMO operation failed. The current FSMO role holder could not be contacted.)"
Do you have any other DC's on the same site? Is it possible to bring back the original server hardware? Yes, and NO
What is windows version? Windows 2008R2
Can you post the exact error when you try to sieze or transfer fsmo?
"Win32 error returned is 0x20af (The requested FSMO operation failed. The current FSMO role holder could not be contacted.)"
Try this command from second DC : c:\netdom query fsmo
This is an solution for the error you got while siezure of FSMO roles :
http://support.microsoft.com/kb/2001165
This is an solution for the error you got while siezure of FSMO roles :
http://support.microsoft.com/kb/2001165
ASKER
Hi GaneshKumar Anand,
I just tried this, expand all tress and i could not find CN=System.
Please advise.
I just tried this, expand all tress and i could not find CN=System.
Please advise.
Please post the snapshot.
when you click start>run>adsiedit.msc you will see a window with default naming context, just click next you will get the adsi console like the attached snapshot.
Please come on chat for speedy resolution skype : ganeshkumar.anand
when you click start>run>adsiedit.msc you will see a window with default naming context, just click next you will get the adsi console like the attached snapshot.
Please come on chat for speedy resolution skype : ganeshkumar.anand
ASKER
Works!
ASKER
I tried this "a) First sieze the role from addl. DC -
b) Assign or transfer the foles to secondary DC - https://support.microsoft.com/kb/255504%20"
from another site when i was doing research, but did not work. I was getting an error not able to establish trust with the primary domain controller.