Member_2_6573473
asked on
Adding back a demoted domain controller to the domain
I have 2 DCs. I demoted a domain controller 2012 server, which had FMSO roles prior the seizing. I moved the FMSO to the secondary server. I used the force option to demote it as it wasn't working properly with soft demotion. The server is now in a workgroup. If I try to join the server back to the domain, it comes up with an error. I have tried this on a seperate test server and managed to join the domain fine. I can ping the working DC fine on the demoted server and vica versa. Any ideas what I can do?
It says that the AD DC could not be contacted.
Here is the extra information it provides.
Note: This information is intended for a network administrator. If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.tx
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "mydomain.local":
The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)
he query was for the SRV record for _ldap._tcp.dc._msdcs.ad.ar
Common causes of this error include the following:
- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:
It says that the AD DC could not be contacted.
Here is the extra information it provides.
Note: This information is intended for a network administrator. If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.tx
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "mydomain.local":
The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)
he query was for the SRV record for _ldap._tcp.dc._msdcs.ad.ar
Common causes of this error include the following:
- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:
masnrock
Did you make sure that DNS on that server was pointing to the correct IP address? (Which should be the DC that you had take over the FSMO roles)
You need to remove metadata of the old server from. Your server in production
You need to make sure the new server which you are reprinting has the ip of current dc as primary DNS server in TCP ip settings of the new server
Make sure there are no errors in dcdiag /q ..If there are..You need to clear them first.
You should be able to ping both servers from each other
Check after disabling firewall and antivirus incase you are not able to ping.
You need to make sure the new server which you are reprinting has the ip of current dc as primary DNS server in TCP ip settings of the new server
Make sure there are no errors in dcdiag /q ..If there are..You need to clear them first.
You should be able to ping both servers from each other
Check after disabling firewall and antivirus incase you are not able to ping.
You may also check if _msdcs zone exist on current dns server and have all the required records
I would check the _msdcs zone (or subdomain) and make sure there aren't any records there which reference your old DC. Typically these need to be manually removed after a forced demotion. Also remove any in the <yourdomain> zone which say "same as parent" and point to the IP of the demoted DC.
ASKER
I have confirmed the DNS primary is pointing at the DC. I can ping both ways fine. I have deleted a few DNS entries but still can't join. Any other ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Tried points suggested but didn't work.