Jerry Thompson
asked on
Change Primary domain controller from a non-functioning server to a secondary functioning server
I have a primary domain controller that is broke and not bootable at the moment.
I have a secondary controller that is not configured properly.
Both servers have windows server 2008 standard, 32 bit. They are NOT the r2 version.
I thought running dcpromo would allow me to promote the server to a primary controller.
When I run dcpromo I get the following information:
1. Active Directory Domains Services Installation wizard: "This computer is already an active directory domain controller. You can use this wizard to uninstall active directory domain services on this server."
I don't really want to uninstall active directory, but when I click on active directory user and computers I get a message box that says:
2. "Naming information cannot be located because: The specified domain either does not exist or could not be contacted. Contact your system admin to verify that your domain is properly configured and is currently on line."
So it is looking to the non-working primary domain controller.
After clicking OK, AD opens but it is empty and has a red circle with an X thru the Active Directory users and Computers in the tree.
I was able export the active directory settings before the primary computer became unbootable.
I hoped to import the settings into this second server, but with it looking elsewhere for the information, I hesitate to try.
How do I get it to point to itself as the primary controller?
What else do I need to consider to set the server as the primary domain controller?
Thank you
I have a secondary controller that is not configured properly.
Both servers have windows server 2008 standard, 32 bit. They are NOT the r2 version.
I thought running dcpromo would allow me to promote the server to a primary controller.
When I run dcpromo I get the following information:
1. Active Directory Domains Services Installation wizard: "This computer is already an active directory domain controller. You can use this wizard to uninstall active directory domain services on this server."
I don't really want to uninstall active directory, but when I click on active directory user and computers I get a message box that says:
2. "Naming information cannot be located because: The specified domain either does not exist or could not be contacted. Contact your system admin to verify that your domain is properly configured and is currently on line."
So it is looking to the non-working primary domain controller.
After clicking OK, AD opens but it is empty and has a red circle with an X thru the Active Directory users and Computers in the tree.
I was able export the active directory settings before the primary computer became unbootable.
I hoped to import the settings into this second server, but with it looking elsewhere for the information, I hesitate to try.
How do I get it to point to itself as the primary controller?
What else do I need to consider to set the server as the primary domain controller?
Thank you
ASKER
The results were too long for the normal window, I could not select all and copy and get everything. I sent the output to a file. Here is what the file contents listed:
NOTE: ADC3 is the broke server.
-------------------------- ---------- ---------- ---------- ---------- ----
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = adc4
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\AD C4
Starting test: Connectivity
......................... ADC4 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\AD C4
Starting test: Advertising
Fatal Error:DsGetDcName (ADC4) call failed, error 1355
The Locator could not find the server.
......................... ADC4 failed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... ADC4 passed test FrsEvent
Starting test: DFSREvent
......................... ADC4 passed test DFSREvent
Starting test: SysVolCheck
......................... ADC4 passed test SysVolCheck
Starting test: KccEvent
......................... ADC4 passed test KccEvent
Starting test: KnowsOfRoleHolders
[ADC3] DsBindWithSpnEx() failed with error -2146893022,
The target principal name is incorrect..
Warning: ADC3 is the Schema Owner, but is not responding to DS RPC
Bind.
[ADC3] LDAP bind failed with error 8341,
A directory service error has occurred..
Warning: ADC3 is the Schema Owner, but is not responding to LDAP Bind.
Warning: ADC3 is the Domain Owner, but is not responding to DS RPC
Bind.
Warning: ADC3 is the Domain Owner, but is not responding to LDAP Bind.
Warning: ADC3 is the PDC Owner, but is not responding to DS RPC Bind.
Warning: ADC3 is the PDC Owner, but is not responding to LDAP Bind.
Warning: ADC3 is the Rid Owner, but is not responding to DS RPC Bind.
Warning: ADC3 is the Rid Owner, but is not responding to LDAP Bind.
Warning: ADC3 is the Infrastructure Update Owner, but is not
responding to DS RPC Bind.
Warning: ADC3 is the Infrastructure Update Owner, but is not
responding to LDAP Bind.
......................... ADC4 failed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... ADC4 passed test MachineAccount
Starting test: NCSecDesc
......................... ADC4 passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\ADC4\netlogon)
[ADC4] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... ADC4 failed test NetLogons
Starting test: ObjectsReplicated
......................... ADC4 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,ADC4] A recent replication attempt failed:
From ADC3 to ADC4
Naming Context: DC=ForestDnsZones,DC=LCS,D C=org
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2015-03-27 09:55:42.
The last success occurred at 2015-03-26 10:55:41.
23 failures have occurred since the last success.
[Replications Check,ADC4] A recent replication attempt failed:
From ADC3 to ADC4
Naming Context: DC=DomainDnsZones,DC=LCS,D C=org
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2015-03-27 09:55:42.
The last success occurred at 2015-03-26 10:55:41.
23 failures have occurred since the last success.
[Replications Check,ADC4] A recent replication attempt failed:
From ADC3 to ADC4
Naming Context: CN=Schema,CN=Configuration ,DC=LCS,DC =org
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2015-03-27 09:55:42.
The last success occurred at 2015-03-26 10:55:41.
23 failures have occurred since the last success.
[Replications Check,ADC4] A recent replication attempt failed:
From ADC3 to ADC4
Naming Context: CN=Configuration,DC=LCS,DC =org
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2015-03-27 09:55:42.
The last success occurred at 2015-03-26 10:55:41.
23 failures have occurred since the last success.
[Replications Check,ADC4] A recent replication attempt failed:
From ADC3 to ADC4
Naming Context: DC=LCS,DC=org
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2015-03-27 09:55:41.
The last success occurred at 2015-03-26 10:55:41.
23 failures have occurred since the last success.
......................... ADC4 failed test Replications
Starting test: RidManager
......................... ADC4 failed test RidManager
Starting test: Services
......................... ADC4 passed test Services
Starting test: SystemLog
An Error Event occurred. EventID: 0xC0002719
Time Generated: 03/27/2015 08:57:22
Event String:
DCOM was unable to communicate with the computer 208.67.220.220 using any of the configured protocols.
An Error Event occurred. EventID: 0xC0002719
Time Generated: 03/27/2015 08:57:44
Event String:
DCOM was unable to communicate with the computer 208.67.222.222 using any of the configured protocols.
An Error Event occurred. EventID: 0x40000004
Time Generated: 03/27/2015 08:59:07
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server adc4$. The target name used was LDAP/27d1ebe1-7c79-4a74-83 e8-8de5ad4 6fd16._msd cs.LCS.org . This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (LCS.ORG) is different from the client domain (LCS.ORG), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An Error Event occurred. EventID: 0x40000004
Time Generated: 03/27/2015 08:59:07
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server adc4$. The target name used was ldap/adc3.LCS.org. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (LCS.ORG) is different from the client domain (LCS.ORG), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 03/27/2015 08:59:13
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 03/27/2015 09:04:13
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 03/27/2015 09:09:13
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 03/27/2015 09:14:13
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 03/27/2015 09:19:13
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 03/27/2015 09:24:13
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 03/27/2015 09:27:56
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 03/27/2015 09:29:13
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly.
An Warning Event occurred. EventID: 0x825A0018
Time Generated: 03/27/2015 09:31:48
Event String:
Time Provider NtpClient: No valid response has been received from domain controller adc3.LCS.org after 8 attempts to contact it. This domain controller will be discarded as a time source and NtpClient will attempt to discover a new domain controller from which to synchronize. The error was: The client fails authenticating a response with a bad signature.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 03/27/2015 09:34:13
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 03/27/2015 09:39:13
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x40000004
Time Generated: 03/27/2015 09:41:54
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server adc4$. The target name used was cifs/adc3.lcs.org. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (LCS.ORG) is different from the client domain (LCS.ORG), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 03/27/2015 09:44:13
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x40000004
Time Generated: 03/27/2015 09:45:51
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server adc4$. The target name used was LCS\ADC3$. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (LCS.ORG) is different from the client domain (LCS.ORG), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An Error Event occurred. EventID: 0x40000004
Time Generated: 03/27/2015 09:45:51
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server adc4$. The target name used was adc3$. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (LCS.ORG) is different from the client domain (LCS.ORG), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An Warning Event occurred. EventID: 0x825A0081
Time Generated: 03/27/2015 09:46:49
Event String:
NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 30 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)
An Error Event occurred. EventID: 0x0000041E
Time Generated: 03/27/2015 09:49:13
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 03/27/2015 09:54:13
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x40000004
Time Generated: 03/27/2015 09:55:41
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server adc4$. The target name used was E3514235-4B06-11D1-AB04-00 C04FC2DCD2 /27d1ebe1- 7c79-4a74- 83e8-8de5a d46fd16/LC S.org@LCS. org. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (LCS.ORG) is different from the client domain (LCS.ORG), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
......................... ADC4 failed test SystemLog
Starting test: VerifyReferences
......................... ADC4 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : LCS
Starting test: CheckSDRefDom
......................... LCS passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... LCS passed test CrossRefValidation
Running enterprise tests on : LCS.org
Starting test: LocatorCheck
Warning: DcGetDcName(GC_SERVER_REQU IRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERV ER_PREFERR ED) call failed, error
1355
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... LCS.org failed test LocatorCheck
Starting test: Intersite
......................... LCS.org passed test Intersite
-------------------------- ---------- ---------- ---------- ---------- --------
Please let me know if there is anything else.
Jerry
NOTE: ADC3 is the broke server.
--------------------------
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = adc4
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\AD
Starting test: Connectivity
......................... ADC4 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\AD
Starting test: Advertising
Fatal Error:DsGetDcName (ADC4) call failed, error 1355
The Locator could not find the server.
......................... ADC4 failed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... ADC4 passed test FrsEvent
Starting test: DFSREvent
......................... ADC4 passed test DFSREvent
Starting test: SysVolCheck
......................... ADC4 passed test SysVolCheck
Starting test: KccEvent
......................... ADC4 passed test KccEvent
Starting test: KnowsOfRoleHolders
[ADC3] DsBindWithSpnEx() failed with error -2146893022,
The target principal name is incorrect..
Warning: ADC3 is the Schema Owner, but is not responding to DS RPC
Bind.
[ADC3] LDAP bind failed with error 8341,
A directory service error has occurred..
Warning: ADC3 is the Schema Owner, but is not responding to LDAP Bind.
Warning: ADC3 is the Domain Owner, but is not responding to DS RPC
Bind.
Warning: ADC3 is the Domain Owner, but is not responding to LDAP Bind.
Warning: ADC3 is the PDC Owner, but is not responding to DS RPC Bind.
Warning: ADC3 is the PDC Owner, but is not responding to LDAP Bind.
Warning: ADC3 is the Rid Owner, but is not responding to DS RPC Bind.
Warning: ADC3 is the Rid Owner, but is not responding to LDAP Bind.
Warning: ADC3 is the Infrastructure Update Owner, but is not
responding to DS RPC Bind.
Warning: ADC3 is the Infrastructure Update Owner, but is not
responding to LDAP Bind.
......................... ADC4 failed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... ADC4 passed test MachineAccount
Starting test: NCSecDesc
......................... ADC4 passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\ADC4\netlogon)
[ADC4] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... ADC4 failed test NetLogons
Starting test: ObjectsReplicated
......................... ADC4 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,ADC4] A recent replication attempt failed:
From ADC3 to ADC4
Naming Context: DC=ForestDnsZones,DC=LCS,D
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2015-03-27 09:55:42.
The last success occurred at 2015-03-26 10:55:41.
23 failures have occurred since the last success.
[Replications Check,ADC4] A recent replication attempt failed:
From ADC3 to ADC4
Naming Context: DC=DomainDnsZones,DC=LCS,D
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2015-03-27 09:55:42.
The last success occurred at 2015-03-26 10:55:41.
23 failures have occurred since the last success.
[Replications Check,ADC4] A recent replication attempt failed:
From ADC3 to ADC4
Naming Context: CN=Schema,CN=Configuration
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2015-03-27 09:55:42.
The last success occurred at 2015-03-26 10:55:41.
23 failures have occurred since the last success.
[Replications Check,ADC4] A recent replication attempt failed:
From ADC3 to ADC4
Naming Context: CN=Configuration,DC=LCS,DC
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2015-03-27 09:55:42.
The last success occurred at 2015-03-26 10:55:41.
23 failures have occurred since the last success.
[Replications Check,ADC4] A recent replication attempt failed:
From ADC3 to ADC4
Naming Context: DC=LCS,DC=org
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2015-03-27 09:55:41.
The last success occurred at 2015-03-26 10:55:41.
23 failures have occurred since the last success.
......................... ADC4 failed test Replications
Starting test: RidManager
......................... ADC4 failed test RidManager
Starting test: Services
......................... ADC4 passed test Services
Starting test: SystemLog
An Error Event occurred. EventID: 0xC0002719
Time Generated: 03/27/2015 08:57:22
Event String:
DCOM was unable to communicate with the computer 208.67.220.220 using any of the configured protocols.
An Error Event occurred. EventID: 0xC0002719
Time Generated: 03/27/2015 08:57:44
Event String:
DCOM was unable to communicate with the computer 208.67.222.222 using any of the configured protocols.
An Error Event occurred. EventID: 0x40000004
Time Generated: 03/27/2015 08:59:07
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server adc4$. The target name used was LDAP/27d1ebe1-7c79-4a74-83
An Error Event occurred. EventID: 0x40000004
Time Generated: 03/27/2015 08:59:07
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server adc4$. The target name used was ldap/adc3.LCS.org. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (LCS.ORG) is different from the client domain (LCS.ORG), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 03/27/2015 08:59:13
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 03/27/2015 09:04:13
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 03/27/2015 09:09:13
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 03/27/2015 09:14:13
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 03/27/2015 09:19:13
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 03/27/2015 09:24:13
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 03/27/2015 09:27:56
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 03/27/2015 09:29:13
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly.
An Warning Event occurred. EventID: 0x825A0018
Time Generated: 03/27/2015 09:31:48
Event String:
Time Provider NtpClient: No valid response has been received from domain controller adc3.LCS.org after 8 attempts to contact it. This domain controller will be discarded as a time source and NtpClient will attempt to discover a new domain controller from which to synchronize. The error was: The client fails authenticating a response with a bad signature.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 03/27/2015 09:34:13
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 03/27/2015 09:39:13
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x40000004
Time Generated: 03/27/2015 09:41:54
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server adc4$. The target name used was cifs/adc3.lcs.org. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (LCS.ORG) is different from the client domain (LCS.ORG), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 03/27/2015 09:44:13
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x40000004
Time Generated: 03/27/2015 09:45:51
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server adc4$. The target name used was LCS\ADC3$. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (LCS.ORG) is different from the client domain (LCS.ORG), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An Error Event occurred. EventID: 0x40000004
Time Generated: 03/27/2015 09:45:51
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server adc4$. The target name used was adc3$. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (LCS.ORG) is different from the client domain (LCS.ORG), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An Warning Event occurred. EventID: 0x825A0081
Time Generated: 03/27/2015 09:46:49
Event String:
NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 30 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)
An Error Event occurred. EventID: 0x0000041E
Time Generated: 03/27/2015 09:49:13
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 03/27/2015 09:54:13
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x40000004
Time Generated: 03/27/2015 09:55:41
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server adc4$. The target name used was E3514235-4B06-11D1-AB04-00
......................... ADC4 failed test SystemLog
Starting test: VerifyReferences
......................... ADC4 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : LCS
Starting test: CheckSDRefDom
......................... LCS passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... LCS passed test CrossRefValidation
Running enterprise tests on : LCS.org
Starting test: LocatorCheck
Warning: DcGetDcName(GC_SERVER_REQU
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERV
1355
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... LCS.org failed test LocatorCheck
Starting test: Intersite
......................... LCS.org passed test Intersite
--------------------------
Please let me know if there is anything else.
Jerry
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Using CSVDE I exported the settings into a .csv file.
Do you recall the command line you used for CSVDE?
-saige-
-saige-
ASKER
CSVDE -f adusers.csv
ASKER
I looked at the file afterwords and it seemed like it had all the information.
Well the good news is that you do potentially have all the relevant information to recreate the objects in the online DC's database. The bad news is that CSVDE does not set passwords.
But we may be in better shape than I first thought. If you run CSVDE -f [give a new filename] on the online server, do you have the same number of records?
-saige-
But we may be in better shape than I first thought. If you run CSVDE -f [give a new filename] on the online server, do you have the same number of records?
-saige-
ASKER
They are similar:
Rows: Export file = 1709, ADC4 = 1703
Columns: Export File = Col A- Col HK, ADC4 = Col. A - Col. HG
But I suspect the information on ADC4 is likely out of date.
Thank you for your responsiveness. I really appreciate it.
Jerlo
Rows: Export file = 1709, ADC4 = 1703
Columns: Export File = Col A- Col HK, ADC4 = Col. A - Col. HG
But I suspect the information on ADC4 is likely out of date.
Thank you for your responsiveness. I really appreciate it.
Jerlo
Yes, it does appear out of date. Ok, so first, lets do an Authoritative Restore of the FRS database.
http:/Q_28591065.html#a40532465
Just perform the first three steps outlined as you only have one DC.
Also, is the original DC ever going to come back online?
-saige-
http:/Q_28591065.html#a40532465
Just perform the first three steps outlined as you only have one DC.
Also, is the original DC ever going to come back online?
-saige-
ASKER
Done.
Yes, I think it will be back on line after a complete wipe. I am trying to re-install the OS and then restore from a backup but I had a raid 5, I have removed the drives and added a single 1 TB drive and it is not recognizing the new drive. I suspect the raid 5 controller is affecting that.
Regardless, Yes, I think I will be re-adding the original server, but the timing is highly questionable at this point.
Yes, I think it will be back on line after a complete wipe. I am trying to re-install the OS and then restore from a backup but I had a raid 5, I have removed the drives and added a single 1 TB drive and it is not recognizing the new drive. I suspect the raid 5 controller is affecting that.
Regardless, Yes, I think I will be re-adding the original server, but the timing is highly questionable at this point.
Ok. Then what you want to do now is seize the FSMO roles and then perform a metadata cleanup so that you can remove the old server.
Seizing the FSMO roles
How to remove data in Active Directory after an unsuccessful domain controller demotion
Once you do this, rerun a DCDIAG and post the results so that we can compare.
-saige-
Seizing the FSMO roles
How to remove data in Active Directory after an unsuccessful domain controller demotion
Once you do this, rerun a DCDIAG and post the results so that we can compare.
-saige-
ASKER
Saige,
I appreciate all your help today and I intend to follow through. The reason for this post is to let you know I am done for today. Other obligations call. I hope to seize the roles tomorrow. I will post the dcdiag as soon as available.
Thank you.
I appreciate all your help today and I intend to follow through. The reason for this post is to let you know I am done for today. Other obligations call. I hope to seize the roles tomorrow. I will post the dcdiag as soon as available.
Thank you.
Not a problem. Keep me posted.
-saige-
-saige-
ASKER
Hi Saige,
Sorry for the long delay and silence for the last several days.
The server you were helping me is about 17 years old. The server that got corrupted is about 8 years old. I had already intended to purchase a new server this summer, but decided I did not want to tackle purchasing and setting up a brand new server.
I got to the point where it really bothered me to get this ancient server set up, then get the newer one running and then reverse the process to make the newer one the primary server again.
I shifted my efforts on getting the corrupted server working again. Sadly after several attempts at restoring the server from backups, I gave up. I basically wiped and have been rebuilding the server. New drive, new OS install, import user data using csvde and ldifde and now I am putting back the user created files. It is almost to the point where it will be useable again.
The ancient server is not likely properly configured to be a part of this domain.
I think I am going to to finish the restoration of the newer server, close this ticket later, and create a new ticket when I am ready to join the ancient one to the domain properly.
I really appreciated your willingness to help and your concise and accurate instructions.
Sorry for the long delay and silence for the last several days.
The server you were helping me is about 17 years old. The server that got corrupted is about 8 years old. I had already intended to purchase a new server this summer, but decided I did not want to tackle purchasing and setting up a brand new server.
I got to the point where it really bothered me to get this ancient server set up, then get the newer one running and then reverse the process to make the newer one the primary server again.
I shifted my efforts on getting the corrupted server working again. Sadly after several attempts at restoring the server from backups, I gave up. I basically wiped and have been rebuilding the server. New drive, new OS install, import user data using csvde and ldifde and now I am putting back the user created files. It is almost to the point where it will be useable again.
The ancient server is not likely properly configured to be a part of this domain.
I think I am going to to finish the restoration of the newer server, close this ticket later, and create a new ticket when I am ready to join the ancient one to the domain properly.
I really appreciated your willingness to help and your concise and accurate instructions.
ASKER
Thanks again for all the help.
Jerlo
Jerlo
-saige-