Solved

How to replace domain controller that died

Posted on 2014-09-23
9
1,159 Views
Last Modified: 2014-09-27
My domain controller died and it held the FSMO and RID. This also my DHCP server.  Now I am getting bounce of DNS  error on the new DC server and secondary DC. Also, I am getting error when logging in remotely using the hostname (but not on IP address) and accessing a network shared drive.

Below are some of the error encounter.

"The server's clock is not synchronized with the primary domain clock"
"DNS lookup failure caused replication to fail"
"This directory server has not received replication information from a number of directory servers within the configured latency interval."
"Active Directory Domain Services could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory Domain Services from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources. "
0
Comment
Question by:tomfontanilla
  • 5
  • 4
9 Comments
 
LVL 10

Accepted Solution

by:
Ganesh Kumar A earned 500 total points
Comment Utility
There are plenty of things you need to do, if you dont have backup you can still bring back the existing Addl. Domain controller converted as PDC (primary domain controller).

a) I have question are you have had dead and addl. DC in the same site?
b) What is the AD Windows Server version?

Let me explain, the primary domain controller is dead. It hosted DNS, DHCP, NTP roles thats why you are getting error. Now you need to convert the secondary (additional DC) to primary. Follow the below steps.

a) First sieze the role from addl. DC -  
b) Assign or transfer the foles to secondary DC - https://support.microsoft.com/kb/255504%20

c) Configure DHCP again or if you have DHCP backup restore. http://technet.microsoft.com/en-us/library/cc736344(v=ws.10).aspx

d) Set NTP server configuration : http://support.microsoft.com/kb/816042

e) Finally remove the dead server entry by : http://www.experts-exchange.com/Software/Server_Software/Active_Directory/A_677-How-to-Remove-a-Failed-Domain-Controller.html
0
 

Author Comment

by:tomfontanilla
Comment Utility
Hi GaneshKumar Anand,


I tried this "a) First sieze the role from addl. DC -  
b) Assign or transfer the foles to secondary DC - https://support.microsoft.com/kb/255504%20"
from another site when i was doing research, but did not work. I was getting an error not able to establish trust with the primary domain controller.
0
 

Author Comment

by:tomfontanilla
Comment Utility
also, below recommendation wont work, because i don't have backup of the DHCP data from the dead domain controller.

c) Configure DHCP again or if you have DHCP backup restore. http://technet.microsoft.com/en-us/library/cc736344(v=ws.10).aspx
0
 
LVL 10

Expert Comment

by:Ganesh Kumar A
Comment Utility
Do you have backup of AD which died?

Do you have any other DC's on the same site? Is it possible to bring back the original server hardware?

What is windows version?

Can you post the exact error when you try to sieze or transfer fsmo?
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:tomfontanilla
Comment Utility
Do you have backup of AD which died? No

Do you have any other DC's on the same site? Is it possible to bring back the original server hardware? Yes, and NO

What is windows version? Windows 2008R2

Can you post the exact error when you try to sieze or transfer fsmo?

"Win32 error returned is 0x20af (The requested FSMO operation failed. The current FSMO role holder could not be contacted.)"
0
 
LVL 10

Expert Comment

by:Ganesh Kumar A
Comment Utility
Try this command from second DC : c:\netdom query fsmo

This is an solution for the error you got while siezure of FSMO roles :
http://support.microsoft.com/kb/2001165
0
 

Author Comment

by:tomfontanilla
Comment Utility
Hi GaneshKumar Anand,

I just tried this, expand all tress and i could not find  CN=System.

Please advise.
0
 
LVL 10

Expert Comment

by:Ganesh Kumar A
Comment Utility
Please post the snapshot.

adsi.png
when you click start>run>adsiedit.msc you will see a window with default naming context, just click next you will get the adsi console like the attached snapshot.

Please come on chat for speedy resolution skype : ganeshkumar.anand
0
 

Author Closing Comment

by:tomfontanilla
Comment Utility
Works!
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
AD FSMO Issues 14 62
Add win 10 group policy templates to domain 3 24
Published Certificates in AD 2 12
ACTIVE DIRECTORY 3 26
I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now