Improve company productivity with a Business Account.Sign Up

x
?
Solved

Domain Controller upgrade failure - help needed to sort out the mess

Posted on 2016-07-17
4
Medium Priority
?
106 Views
Last Modified: 2016-07-20
We have 3 x DC's on site.  We are in the process of upgrading them all to 2012r2.

Yesterday I began with first one, a 2008r2 machine ("DC3") which I was doing an in-place upgrade to 2012r2 (yeah, I know that this was a mistake now).

This server does NOT have any FSMO roles.

Everything seemed to go fine with the in-place upgrade until I installed the 250+ Windows updates.  When I rebooted the server just hang on the loading screen.  I tried everything to get it going, but I had no luck.  After trying to fix boot records etc the machine was even trying to boot into its old 2008r2 OS.  Not good.

In the end I had to admit defeat and rebuild the machine from scratch.  I gave it the same name and IP address.

However, as I was not able to cleanly demote this DC I had to perform a metadata cleanup.

Once I had completed the metadata cleanup, I added the rebuilt DC to the domain and promoted it via the GUI.  I had a couple of snags regarding the GUI hanging on "Creating the NTDS settings object", but I was able to resolve it by following this fix:  

https://andernetwork.wordpress.com/2013/04/02/active-directory-2012-installation-stalls-at-the-creating-the-ntds-settings-object/ 

(in particular the comment by fulloutpullin)

So, everything appeared to complete OK, but I have some problems....

1.) If I look in AD sites and Services, the new DC is there but the NTDS settings are empty.
2.) If I open DNS on one of the other two DC's and try to add DC3 it fails.
3.) I cannot ping or RDP to DC3 (the firewall is off)

I need help to know what to do next!  

Should I attempt to fix the problem?
Should I demote DC3 again (hoping it does it cleanly), rebuild the server from scratch and start again with a different name and IP?
0
Comment
Question by:fieldj
  • 2
4 Comments
 

Author Comment

by:fieldj
ID: 41716328
I have been doing some research and wonder if I problem might be caused by the fact that I set the DNS settings on the NIC on DC3 as follows BEFORE configuring DNS...

Preferred  DNS Server XXX.XX.4.21 (this is DC3's own IP)
Second: XXX.XX.4.26 (DC1)
Third: XXX.XX.4.33 (DC2)
Fourth: 127.0.0.1

I am wondering if I have created a DNS 'island'?  (although the blogs etc I have read seem to suggest this is only an issue with Server 2003 and earlier).
0
 
LVL 20

Accepted Solution

by:
Mal Osborne earned 2000 total points
ID: 41716352
If this were me, I would rebuild the box from bare metal in a heartbeat. Patch it fully prior to making it a DC.

Although upgrading a DC is technically supported, I would advise strongly against it.  This path rarely fails, and is usually way easier and cleaner than upgrading.
0
 
LVL 27

Expert Comment

by:DrDave242
ID: 41719896
It wouldn't hurt to change the DNS settings so that it only uses the other two DCs for DNS until all of the issues are ironed out.

3.) I cannot ping or RDP to DC3 (the firewall is off)

The firewall service isn't stopped, is it? That causes all kinds of network-related issues in my experience.
0
 

Author Comment

by:fieldj
ID: 41720255
HI all,

Just to confirm I had to rip this up and start from the beginning again - with a different name for the DC.

Doe to the problems I had during setup, I also couldnt cleanly demote it so had to do a metacleanup again.

I think the DNS settings were certainly causing complications.
0

Featured Post

Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Native ability to set a user account password via AD GPO was removed because the passwords can be easily decrypted by any authenticated user in the domain. Microsoft recommends LAPS as a replacement and I have written an article that does something …
Fix RPC Server is unavailable Error in Exchange 2013, 2010, 2007, and 2003 Server. Different reason can such as network connectivity issue, name resolution issue, firewall, registry corruption that lead to RPC Server Unavailable error.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question