Solved

How to replace domain controller that died

Posted on 2014-09-23
9
1,266 Views
Last Modified: 2014-09-27
My domain controller died and it held the FSMO and RID. This also my DHCP server.  Now I am getting bounce of DNS  error on the new DC server and secondary DC. Also, I am getting error when logging in remotely using the hostname (but not on IP address) and accessing a network shared drive.

Below are some of the error encounter.

"The server's clock is not synchronized with the primary domain clock"
"DNS lookup failure caused replication to fail"
"This directory server has not received replication information from a number of directory servers within the configured latency interval."
"Active Directory Domain Services could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory Domain Services from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources. "
0
Comment
Question by:tomfontanilla
  • 5
  • 4
9 Comments
 
LVL 11

Accepted Solution

by:
Ganesh Kumar A earned 500 total points
ID: 40339342
There are plenty of things you need to do, if you dont have backup you can still bring back the existing Addl. Domain controller converted as PDC (primary domain controller).

a) I have question are you have had dead and addl. DC in the same site?
b) What is the AD Windows Server version?

Let me explain, the primary domain controller is dead. It hosted DNS, DHCP, NTP roles thats why you are getting error. Now you need to convert the secondary (additional DC) to primary. Follow the below steps.

a) First sieze the role from addl. DC -  
b) Assign or transfer the foles to secondary DC - https://support.microsoft.com/kb/255504%20

c) Configure DHCP again or if you have DHCP backup restore. http://technet.microsoft.com/en-us/library/cc736344(v=ws.10).aspx

d) Set NTP server configuration : http://support.microsoft.com/kb/816042

e) Finally remove the dead server entry by : http://www.experts-exchange.com/Software/Server_Software/Active_Directory/A_677-How-to-Remove-a-Failed-Domain-Controller.html
0
 

Author Comment

by:tomfontanilla
ID: 40339596
Hi GaneshKumar Anand,


I tried this "a) First sieze the role from addl. DC -  
b) Assign or transfer the foles to secondary DC - https://support.microsoft.com/kb/255504%20
from another site when i was doing research, but did not work. I was getting an error not able to establish trust with the primary domain controller.
0
 

Author Comment

by:tomfontanilla
ID: 40339606
also, below recommendation wont work, because i don't have backup of the DHCP data from the dead domain controller.

c) Configure DHCP again or if you have DHCP backup restore. http://technet.microsoft.com/en-us/library/cc736344(v=ws.10).aspx
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 11

Expert Comment

by:Ganesh Kumar A
ID: 40339655
Do you have backup of AD which died?

Do you have any other DC's on the same site? Is it possible to bring back the original server hardware?

What is windows version?

Can you post the exact error when you try to sieze or transfer fsmo?
0
 

Author Comment

by:tomfontanilla
ID: 40339838
Do you have backup of AD which died? No

Do you have any other DC's on the same site? Is it possible to bring back the original server hardware? Yes, and NO

What is windows version? Windows 2008R2

Can you post the exact error when you try to sieze or transfer fsmo?

"Win32 error returned is 0x20af (The requested FSMO operation failed. The current FSMO role holder could not be contacted.)"
0
 
LVL 11

Expert Comment

by:Ganesh Kumar A
ID: 40339908
Try this command from second DC : c:\netdom query fsmo

This is an solution for the error you got while siezure of FSMO roles :
http://support.microsoft.com/kb/2001165
0
 

Author Comment

by:tomfontanilla
ID: 40340038
Hi GaneshKumar Anand,

I just tried this, expand all tress and i could not find  CN=System.

Please advise.
0
 
LVL 11

Expert Comment

by:Ganesh Kumar A
ID: 40340718
Please post the snapshot.

adsi.png
when you click start>run>adsiedit.msc you will see a window with default naming context, just click next you will get the adsi console like the attached snapshot.

Please come on chat for speedy resolution skype : ganeshkumar.anand
0
 

Author Closing Comment

by:tomfontanilla
ID: 40347975
Works!
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html) provided 218 attendees with a step-by-step guide for identifying Acti…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

774 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question