DC Issues after Changing Hyper-V Host
Recently, one of our Hyper-Visor hosts crashed. This machine hosted a 2012 r2 Primary Domain controller. We pulled the image of the client from the bad machine and loaded it onto another host, and have since had issues.
There are two domain controllers in this forest. DC2 is the primary and holds all FSMO roles. BDC1 is the secondary. DC2's dns points to itself first and BDC1 as secondary. BDC1's DNS points to DC2 first and itself as secondary.
When DC2 was brought back online on the new host, we assigned the old IP address to the new virtual NIC (which produced the usual error; another device already has this address) We ignored the error. Then we went into the device manager and removed the old virtual NIC.
We are having all kinds of problems.
Error 2092 for replication (Server owns the PDC role but does not consider it valid)
Error 1058 for Group Policy (can't read the SYSVOL share)
Error 1126 for Global Catalog (AD domain service unable to establish a connection with the global catalog)
Cannot access group policy objects or active directory objects.
diag.txt
There are two domain controllers in this forest. DC2 is the primary and holds all FSMO roles. BDC1 is the secondary. DC2's dns points to itself first and BDC1 as secondary. BDC1's DNS points to DC2 first and itself as secondary.
When DC2 was brought back online on the new host, we assigned the old IP address to the new virtual NIC (which produced the usual error; another device already has this address) We ignored the error. Then we went into the device manager and removed the old virtual NIC.
We are having all kinds of problems.
Error 2092 for replication (Server owns the PDC role but does not consider it valid)
Error 1058 for Group Policy (can't read the SYSVOL share)
Error 1126 for Global Catalog (AD domain service unable to establish a connection with the global catalog)
Cannot access group policy objects or active directory objects.
diag.txt
Have more details on how the VM files were moved would be helpful but we need to address the AD issues now.
1) Make sure you environment did not experience a USN rollback:https://support.microsoft.com/en-us/help/875495/how-to-detect-and-recover-from-a-usn-rollback-in-windows-server-2003,-windows-server-2008,-and-windows-server-2008-r2
2) Double check you DNS setting then try to demote the problem DC then promoto it agin
1) Make sure you environment did not experience a USN rollback:https://support.microsoft.com/en-us/help/875495/how-to-detect-and-recover-from-a-usn-rollback-in-windows-server-2003,-windows-server-2008,-and-windows-server-2008-r2
2) Double check you DNS setting then try to demote the problem DC then promoto it agin
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
NTDSUtil needs to be used to clean up references to the previous DC, along with Sites & Services, ADUC, and DNS. Seizing may come back to bite later on. BTDT
ASKER
Best solution
Was the VM imported or just the VHDX files moved over and a new VM set up?
If you can grab the original configuration files, I suggest shutting down what you have now, put the configuration and current VHDX files together and run an import. Hyper-V will make things identical that way.
Or, use the original VHDX files and sync any data changes from the up to date ones.