Error after Promoting new server 2012 R2 as Domain controller ?

Hi,

My newly promoted Server 2012 R2 is having a problem here:

this is the error after the reboot in the server manager when I clieck on the wizard.

---------------------------
Deployment Configuration
---------------------------
Error determining whether the target server is already a domain controller: The domain controller promotion completed, but the server is not advertising as a domain controller.
---------------------------
OK   
---------------------------

Open in new window


This is from the Event viewer:

Log Name:      Directory Service
Source:        Microsoft-Windows-ActiveDirectory_DomainService
Date:          27/02/2015 4:17:41 PM
Event ID:      1962
Task Category: DS RPC Client
Level:         Error
Keywords:      Classic
User:          ANONYMOUS LOGON
Computer:      NEWDC02.domain.com
Description:
Internal event: The local directory service received an exception from a remote procedure call (RPC) connection. Extended error information is not available. 
 
directory service: 
OLDDC01.domain.com 
 
Additional Data 
Error value: 
The handle is invalid. (6)

Open in new window


what can I do to resume its function as Domain Controller ?
LVL 11
Senior IT System EngineerIT ProfessionalAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Senior IT System EngineerIT ProfessionalAuthor Commented:
do you mean this one: http://support.microsoft.com/kb/555846

 
1.Use the following knowledgebase to remove common Domain Controller settings
 
           from the Active Directory.
 
          http://support.microsoft.com/kb/216498 
 
 
Note 1: : You may need to seize the FSMO to alternative Domain Controller
 
              Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
 
              http://support.microsoft.com/kb/255504
 
Note 2: You may need to configure a new authoritative timerver in the domain.
 
 
 
  2.  Remove old computer account by using "Active Directory Sites and Services" tool.
 
  3.  Remove old DNS and WINS records of the orphaned Domain Controller.
 
  4. Use "ADSIEdit" to remove old computer records from the Active Directory:
     
 
         a. OU=Domain Controllers,DC=domain,DC=local
 
         b. CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
 
         c. CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=domain,DC=local
               
   5. Force Active Directory replication by using "Repadmin.exe" tool:
 
      Using Repadmin.exe to troubleshoot Active Directory replication
 
      http://support.microsoft.com/kb/229896/
NVITEnd-user supportCommented:
Do you have another DC running?
DeadmanIT ConsultantCommented:
To resolve this issue, follow these steps:
Restart the server on which Active Directory could not be installed.
Use Dsa.msc or Dsac.exe on an existing domain controller to delete the failed server's computer account. (The domain controller will not yet be a domain controller object but only a member server.) Then, let Active Directory replication converge.
On the failed server, forcibly remove the server from the domain by using the System Properties Control Panel item or netdom.exe.
On the failed server, remove the Active Directory Domain Services (AD DS) role by using Server Manager or Uninstall-WindowsFeature.
Restart the failed server.
Install the AD DS role, and then try the promotion again. When you do this, make sure that you provide promotion credentials in the form "domain\user" or "user@domain.tld."

http://support.microsoft.com/kb/2737935
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Get the Guide
Senior IT System EngineerIT ProfessionalAuthor Commented:
Yes, I do have another DC up and running. it's the old WIn 2003 server
SreRajCommented:
Hi,

Please try running DCDiag on the newly installed Domain Controller and report for any errors.

Please verify DNS in installed and configured properly.
Senior IT System EngineerIT ProfessionalAuthor Commented:
How to verify the DNS if it is working ?

As at the moment the Primary DNS is still held by the OLDDC01 I'm not sure how to transfer the DNS role from WIndows 2003 to 2012 R2 yet.
SreRajCommented:
While installing DC you should have got the option to install DNS Server. Do you remember installing/skipping it.

You could also use DCDiag /test:dns command to test DNS Configuration.
Seth SimmonsSr. Systems AdministratorCommented:
How to verify the DNS if it is working ?

you can use nslookup against the 2012 server

I'm not sure how to transfer the DNS role from WIndows 2003 to 2012 R2 yet.

as i stated in your other question, DNS is replicated to the new domain controller after promotion; not transferred
Senior IT System EngineerIT ProfessionalAuthor Commented:
ah yes, so in this case the DNS server role is already installed and I can perform the NSLOOKUP command against the server.

so can I safely cutover the rest of my workstations to this newly build DC / DNS server as the primary static DNS IP address ?
NVITEnd-user supportCommented:
You could test several workstations by hard-coding their IP, DHCP, and DNS temporarily. If that works, then update it on the DHCP server.
Senior IT System EngineerIT ProfessionalAuthor Commented:
oh yes, you're right.

Do I have to transfer the DHCP server role as well to this newly build server to make sure that it is working assigning new IP and the DNS server ?
NVITEnd-user supportCommented:
You don't have to. Still, if you want, leave everything as is - at least for a few days. Just to make sure everything works. Then, when you get bored, you can mess with things again.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Senior IT System EngineerIT ProfessionalAuthor Commented:
Ok, so now after couple of days, the DCDIAG result showing as passed :-)

but when opening the Powershell ISE and then issueing the Get-ADDomainController command, returns the AD Schema Master DC server not itself ?

is that expected.
Seth SimmonsSr. Systems AdministratorCommented:
is that expected.

it could be
see example 14 at the bottom of the documentation (wouldn't hurt looking over the rest to understand all parameters)

Get-ADDomainController
https://technet.microsoft.com/en-us/library/ee617217.aspx?f=255&MSPPError=-2147217396
Senior IT System EngineerIT ProfessionalAuthor Commented:
Thanks Guys,
NVITEnd-user supportCommented:
I'm glad you got it working, ITSystemEngineer.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.