Solved

Windows 2008 Domain Controller AD Crash

Posted on 2016-10-24
11
49 Views
Last Modified: 2016-10-27
I have a W2k8 domain controller in a mostly 2012 domain controller network that is not working.  It will not communicate with the other domain controllers in the network.  When I go to Server Manager it shows me that ADDS, File Services, NPAS, and IIS are installed but they all have red X's.  When I run dcpromo on it it tells me:
failed to examine the Active Directory Forest. The error was ldap_search() failed, err=1. 000020EF:SvcErr: DSID-020A1144, problem 5012 (DIR_ERROR), data -1018
0
Comment
Question by:aclaus225
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 6

Assisted Solution

by:Niten Kumar
Niten Kumar earned 150 total points
ID: 41857796
If you really want to get that DC up an running then check event viewer logs.  It will better help you in figuring out the problem.  Is there any other services running on that domain controller?  If there is no other service running on that dc then best thing would be to demote the DC, force removal if need be. If force removal doesn't work you can shut down the dc and do metadata cleanup and reinstall the 2K8 machine and rebuild the DC.  Let me know what your options are.
0
 

Author Comment

by:aclaus225
ID: 41857807
I am attaching the system log from Event Viewer.
problems.csv
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 41857921
If this is not your area of expertise and you don't know how to examine logs or run DCDIAG, then you probably shouldn't be the one responsible for determining the problem.

Start with the event logs - don't post them - ANALYZE them - look for errors that are likely related.  Google.  Cross reference the event id at eventid.net. Run DCDIAG /C /E /V and start troubleshooting.  If this DC has been offline more than 2 months, it's likely tombstoned and permanently dead.  You'll need to remove it from AD as a failed DC and rebuild it.  DO NOT restore it.  Especially since you didn't know this stuff to begin with - restoring without understanding how to can destroy your AD.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:aclaus225
ID: 41857988
Thanks for the info. Sadly, I am a one-man shop, so even if things are not in my expertise I still have to fix them. This server has only been offline for 24 hours, not two months. I posted this because I googled the original error and found no responses to that error. I use Expert Exchange in the hopes that someone else has come across the error and has a solution.
0
 
LVL 26

Accepted Solution

by:
DrDave242 earned 350 total points
ID: 41858888
This is significant:

Error,10/24/2016 11:12:25 AM,Service Control Manager,7023,None,"The Netlogon service terminated with the following error:
A device attached to the system is not functioning."

The Netlogon service is very important on a domain controller, and it appears to be crashing on this one. If you open the Services console and try to start that service, does it give that same error or a different one?

There are also errors indicating registry hive corruption. Recovery of the corrupt hive was successful, but the existence of the corruption (and the fact that it's happened more than once) isn't a good sign. This may end with the OS on that DC being reinstalled from scratch.
0
 

Author Comment

by:aclaus225
ID: 41859132
You are probably correct.  On a reboot I cannot even get it to the home screen with Safe Mode.
0
 

Author Comment

by:aclaus225
ID: 41859531
This machine will not boot anymore.  What problems will I have if I install Windows again on this machine and name it the same as it was?
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 41859536
Since the server was a domain controller, you will need to perform a metadata cleanup to remove it from Active Directory. If you plan to give it the same name as before, this must be done before the rebuilt machine can be joined to the domain. (It also lets the other DCs know that this DC no longer exists, so the KCC can reconfigure the replication topology as needed.)
1
 

Author Comment

by:aclaus225
ID: 41859554
In this domain I have six machines that are GCs and then the one that failed is the only one labeled DC.  Are there additional steps besides the metadata cleanup because of that?
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 41859559
No, the metadata cleanup should suffice. There may be an empty container object with the server's name left behind in the Active Directory Sites and Services snap-in after the metadata cleanup completes. You can delete it if you want, but there's no need, especially if the server will be recreated with the same name and re-promoted as a DC.
0
 

Author Closing Comment

by:aclaus225
ID: 41862793
I ended up installing Windows 2012 r2 on the server just to get the data off the machine and not put it back in as a DC.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article runs through the process of deploying a single EXE application selectively to a group of user.
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question