Solved

Domain Controller upgrade failure - help needed to sort out the mess

Posted on 2016-07-17
4
69 Views
Last Modified: 2016-07-20
We have 3 x DC's on site.  We are in the process of upgrading them all to 2012r2.

Yesterday I began with first one, a 2008r2 machine ("DC3") which I was doing an in-place upgrade to 2012r2 (yeah, I know that this was a mistake now).

This server does NOT have any FSMO roles.

Everything seemed to go fine with the in-place upgrade until I installed the 250+ Windows updates.  When I rebooted the server just hang on the loading screen.  I tried everything to get it going, but I had no luck.  After trying to fix boot records etc the machine was even trying to boot into its old 2008r2 OS.  Not good.

In the end I had to admit defeat and rebuild the machine from scratch.  I gave it the same name and IP address.

However, as I was not able to cleanly demote this DC I had to perform a metadata cleanup.

Once I had completed the metadata cleanup, I added the rebuilt DC to the domain and promoted it via the GUI.  I had a couple of snags regarding the GUI hanging on "Creating the NTDS settings object", but I was able to resolve it by following this fix:  

https://andernetwork.wordpress.com/2013/04/02/active-directory-2012-installation-stalls-at-the-creating-the-ntds-settings-object/ 

(in particular the comment by fulloutpullin)

So, everything appeared to complete OK, but I have some problems....

1.) If I look in AD sites and Services, the new DC is there but the NTDS settings are empty.
2.) If I open DNS on one of the other two DC's and try to add DC3 it fails.
3.) I cannot ping or RDP to DC3 (the firewall is off)

I need help to know what to do next!  

Should I attempt to fix the problem?
Should I demote DC3 again (hoping it does it cleanly), rebuild the server from scratch and start again with a different name and IP?
0
Comment
Question by:fieldj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 

Author Comment

by:fieldj
ID: 41716328
I have been doing some research and wonder if I problem might be caused by the fact that I set the DNS settings on the NIC on DC3 as follows BEFORE configuring DNS...

Preferred  DNS Server XXX.XX.4.21 (this is DC3's own IP)
Second: XXX.XX.4.26 (DC1)
Third: XXX.XX.4.33 (DC2)
Fourth: 127.0.0.1

I am wondering if I have created a DNS 'island'?  (although the blogs etc I have read seem to suggest this is only an issue with Server 2003 and earlier).
0
 
LVL 18

Accepted Solution

by:
Mal Osborne earned 500 total points
ID: 41716352
If this were me, I would rebuild the box from bare metal in a heartbeat. Patch it fully prior to making it a DC.

Although upgrading a DC is technically supported, I would advise strongly against it.  This path rarely fails, and is usually way easier and cleaner than upgrading.
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 41719896
It wouldn't hurt to change the DNS settings so that it only uses the other two DCs for DNS until all of the issues are ironed out.

3.) I cannot ping or RDP to DC3 (the firewall is off)

The firewall service isn't stopped, is it? That causes all kinds of network-related issues in my experience.
0
 

Author Comment

by:fieldj
ID: 41720255
HI all,

Just to confirm I had to rip this up and start from the beginning again - with a different name for the DC.

Doe to the problems I had during setup, I also couldnt cleanly demote it so had to do a metacleanup again.

I think the DNS settings were certainly causing complications.
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question