Solved

Domain Controller upgrade failure - help needed to sort out the mess

Posted on 2016-07-17
4
71 Views
Last Modified: 2016-07-20
We have 3 x DC's on site.  We are in the process of upgrading them all to 2012r2.

Yesterday I began with first one, a 2008r2 machine ("DC3") which I was doing an in-place upgrade to 2012r2 (yeah, I know that this was a mistake now).

This server does NOT have any FSMO roles.

Everything seemed to go fine with the in-place upgrade until I installed the 250+ Windows updates.  When I rebooted the server just hang on the loading screen.  I tried everything to get it going, but I had no luck.  After trying to fix boot records etc the machine was even trying to boot into its old 2008r2 OS.  Not good.

In the end I had to admit defeat and rebuild the machine from scratch.  I gave it the same name and IP address.

However, as I was not able to cleanly demote this DC I had to perform a metadata cleanup.

Once I had completed the metadata cleanup, I added the rebuilt DC to the domain and promoted it via the GUI.  I had a couple of snags regarding the GUI hanging on "Creating the NTDS settings object", but I was able to resolve it by following this fix:  

https://andernetwork.wordpress.com/2013/04/02/active-directory-2012-installation-stalls-at-the-creating-the-ntds-settings-object/ 

(in particular the comment by fulloutpullin)

So, everything appeared to complete OK, but I have some problems....

1.) If I look in AD sites and Services, the new DC is there but the NTDS settings are empty.
2.) If I open DNS on one of the other two DC's and try to add DC3 it fails.
3.) I cannot ping or RDP to DC3 (the firewall is off)

I need help to know what to do next!  

Should I attempt to fix the problem?
Should I demote DC3 again (hoping it does it cleanly), rebuild the server from scratch and start again with a different name and IP?
0
Comment
Question by:fieldj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 

Author Comment

by:fieldj
ID: 41716328
I have been doing some research and wonder if I problem might be caused by the fact that I set the DNS settings on the NIC on DC3 as follows BEFORE configuring DNS...

Preferred  DNS Server XXX.XX.4.21 (this is DC3's own IP)
Second: XXX.XX.4.26 (DC1)
Third: XXX.XX.4.33 (DC2)
Fourth: 127.0.0.1

I am wondering if I have created a DNS 'island'?  (although the blogs etc I have read seem to suggest this is only an issue with Server 2003 and earlier).
0
 
LVL 18

Accepted Solution

by:
Mal Osborne earned 500 total points
ID: 41716352
If this were me, I would rebuild the box from bare metal in a heartbeat. Patch it fully prior to making it a DC.

Although upgrading a DC is technically supported, I would advise strongly against it.  This path rarely fails, and is usually way easier and cleaner than upgrading.
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 41719896
It wouldn't hurt to change the DNS settings so that it only uses the other two DCs for DNS until all of the issues are ironed out.

3.) I cannot ping or RDP to DC3 (the firewall is off)

The firewall service isn't stopped, is it? That causes all kinds of network-related issues in my experience.
0
 

Author Comment

by:fieldj
ID: 41720255
HI all,

Just to confirm I had to rip this up and start from the beginning again - with a different name for the DC.

Doe to the problems I had during setup, I also couldnt cleanly demote it so had to do a metacleanup again.

I think the DNS settings were certainly causing complications.
0

Featured Post

Enroll in June's Course of the Month

June’s Course of the Month is now available! Experts Exchange’s Premium Members, Team Accounts, and Qualified Experts have access to a complimentary course each month as part of their membership—an extra way to sharpen your skills and increase training.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question