Solved

How to replace domain controller that died

Posted on 2014-09-23
9
1,390 Views
Last Modified: 2014-09-27
My domain controller died and it held the FSMO and RID. This also my DHCP server.  Now I am getting bounce of DNS  error on the new DC server and secondary DC. Also, I am getting error when logging in remotely using the hostname (but not on IP address) and accessing a network shared drive.

Below are some of the error encounter.

"The server's clock is not synchronized with the primary domain clock"
"DNS lookup failure caused replication to fail"
"This directory server has not received replication information from a number of directory servers within the configured latency interval."
"Active Directory Domain Services could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory Domain Services from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources. "
0
Comment
Question by:tomfontanilla
  • 5
  • 4
9 Comments
 
LVL 11

Accepted Solution

by:
Ganesh Kumar A earned 500 total points
ID: 40339342
There are plenty of things you need to do, if you dont have backup you can still bring back the existing Addl. Domain controller converted as PDC (primary domain controller).

a) I have question are you have had dead and addl. DC in the same site?
b) What is the AD Windows Server version?

Let me explain, the primary domain controller is dead. It hosted DNS, DHCP, NTP roles thats why you are getting error. Now you need to convert the secondary (additional DC) to primary. Follow the below steps.

a) First sieze the role from addl. DC -  
b) Assign or transfer the foles to secondary DC - https://support.microsoft.com/kb/255504%20

c) Configure DHCP again or if you have DHCP backup restore. http://technet.microsoft.com/en-us/library/cc736344(v=ws.10).aspx

d) Set NTP server configuration : http://support.microsoft.com/kb/816042

e) Finally remove the dead server entry by : http://www.experts-exchange.com/Software/Server_Software/Active_Directory/A_677-How-to-Remove-a-Failed-Domain-Controller.html
0
 

Author Comment

by:tomfontanilla
ID: 40339596
Hi GaneshKumar Anand,


I tried this "a) First sieze the role from addl. DC -  
b) Assign or transfer the foles to secondary DC - https://support.microsoft.com/kb/255504%20
from another site when i was doing research, but did not work. I was getting an error not able to establish trust with the primary domain controller.
0
 

Author Comment

by:tomfontanilla
ID: 40339606
also, below recommendation wont work, because i don't have backup of the DHCP data from the dead domain controller.

c) Configure DHCP again or if you have DHCP backup restore. http://technet.microsoft.com/en-us/library/cc736344(v=ws.10).aspx
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 11

Expert Comment

by:Ganesh Kumar A
ID: 40339655
Do you have backup of AD which died?

Do you have any other DC's on the same site? Is it possible to bring back the original server hardware?

What is windows version?

Can you post the exact error when you try to sieze or transfer fsmo?
0
 

Author Comment

by:tomfontanilla
ID: 40339838
Do you have backup of AD which died? No

Do you have any other DC's on the same site? Is it possible to bring back the original server hardware? Yes, and NO

What is windows version? Windows 2008R2

Can you post the exact error when you try to sieze or transfer fsmo?

"Win32 error returned is 0x20af (The requested FSMO operation failed. The current FSMO role holder could not be contacted.)"
0
 
LVL 11

Expert Comment

by:Ganesh Kumar A
ID: 40339908
Try this command from second DC : c:\netdom query fsmo

This is an solution for the error you got while siezure of FSMO roles :
http://support.microsoft.com/kb/2001165
0
 

Author Comment

by:tomfontanilla
ID: 40340038
Hi GaneshKumar Anand,

I just tried this, expand all tress and i could not find  CN=System.

Please advise.
0
 
LVL 11

Expert Comment

by:Ganesh Kumar A
ID: 40340718
Please post the snapshot.

adsi.png
when you click start>run>adsiedit.msc you will see a window with default naming context, just click next you will get the adsi console like the attached snapshot.

Please come on chat for speedy resolution skype : ganeshkumar.anand
0
 

Author Closing Comment

by:tomfontanilla
ID: 40347975
Works!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question