MoonLive
asked on
PDC is down and Second DC is not opening.
PDC is down but second DC is not opening. I tried to transfer the role by FSMO command line and successfully seize the role but the AD won't open.
Any help is helpful.
Any help is helpful.
What do you mean by "not opening," exactly? What errors are you seeing?
ASKER
Furthermore if you seized the roles you can NEVER bring the old DC back online. Seizing the roles was completely unnecessary and now you've made it impossible to restore the old system. Additionally, you say you seized the role? What role? There are FIVE!
And I agree with DrDave242 - What exactly is not opening? Screenshots? Any more information?
And I agree with DrDave242 - What exactly is not opening? Screenshots? Any more information?
Are you sure you're using Server 2008? That dialog looks a bit like 2012 to me.
Did you ever confirm your second DC was running properly? Is Sysvol and Netlogon shared on it...?
Did you ever confirm your second DC was running properly? Is Sysvol and Netlogon shared on it...?
ASKER
All five roles: Since the old one is down completely. I am trying to working on files. Another thing I didn't mention is the PDC was on 2008 Small business.
If you run net share on the functional DC, does it list the SYSVOL and NETLOGON shares in the output?
Also, like Lee W. said above, if you actually seized the FSMO roles, do not bring the crashed DC back online. You can boot it to WinRE or even to DSRM or normal mode disconnected from the network in order to copy any important data off of it, but it should never be brought back online without having its OS wiped and reinstalled.
Also, like Lee W. said above, if you actually seized the FSMO roles, do not bring the crashed DC back online. You can boot it to WinRE or even to DSRM or normal mode disconnected from the network in order to copy any important data off of it, but it should never be brought back online without having its OS wiped and reinstalled.
ASKER
That was my second question. it won't bring SYSVOL and NETLOGON shared folder.
That was my second question. it won't bring SYSVOL and NETLOGON shared folder.
This is a large part of the problem, and perhaps the entirety of it. SYSVOL replication has apparently never succeeded from the SBS 2008 DC to the newer one.
If both DCs were running, this wouldn't be too bad, but you're in an interesting situation now. There's no way to get SYSVOL to replicate without both DCs running, and there's no way to get both DCs running now that the FSMO roles have been seized. You're effectively in a single-DC environment.
The SYSVOL folder hierarchy contains Group Policy template files, logon/logoff/startup/shutd
ASKER
What a mess! I just transfer file offline from old dc sysvol folder to new (2012) sysvol folder. It seems that sysvol folder has information now. DNS service was installed at the same and DNS service is working.
Does this mean that the SYSVOL and NETLOGON shares are present on the new DC now?
ASKER
NO.
ASKER
Server "DC01" knows about 5 roles
Schema - CN=NTDS Settings,CN=DC01,CN=Server s,CN=Defau lt-First-S ite-Name,C N=Sites,CN =Configura tion,DC=do amin,DC=lo cal
Naming Master - CN=NTDS Settings,CN=DC01,CN=Server s,CN=Defau lt-First-S ite-Name,C N=Sites,CN =Configura tion,DC=do main,DC=lo cal
DC - CN=NTDS Settings,CN=DC01,CN=Server s,CN=Defau lt-First-S ite-Name,C N=Sites,CN =Configura tion,DC=do main,DC=lo cal
RID - CN=NTDS Settings,CN=DC01,CN=Server s,CN=Defau lt-First-S ite-Name,C N=Sites,CN =Configura tion,DC=do main,DC=lo cal
Infrastructure - CN=NTDS Settings,CN=DC01,CN=Server s,CN=Defau lt-First-S ite-Name,C N=Sites,CN =Configura tion,DC=do main,DC=lo cal
When i ran command to transfer the roles
DC01 is new one.
Schema - CN=NTDS Settings,CN=DC01,CN=Server
Naming Master - CN=NTDS Settings,CN=DC01,CN=Server
DC - CN=NTDS Settings,CN=DC01,CN=Server
RID - CN=NTDS Settings,CN=DC01,CN=Server
Infrastructure - CN=NTDS Settings,CN=DC01,CN=Server
When i ran command to transfer the roles
DC01 is new one.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I still haven't see the sysvol and netlogon shared yet. FRS event shows 13566, 13553, and 13554.
ASKER
SYSVOL has shown up as below:
Shared C:\Shared
SYSVOL C:\Windows\SYSVOL\sysvol Logon server share
Shared C:\Shared
SYSVOL C:\Windows\SYSVOL\sysvol Logon server share
That's progress. How about the NETLOGON share?
ASKER
Good news. Least the AD and Users Tools are opening now!
ASKER
NETLOGOn folder is still missing.
Is the Netlogon service running on that DC? If so, restart it and then check the System log for any relevant errors.
ASKER
The Netlogon service could not create server share C:\Windows\SYSVOL\sysvol\d omain.loca l\SCRIPTS. The following error occurred:
The system cannot find the file specified.
I restart the service and got above error.
The system cannot find the file specified.
I restart the service and got above error.
There must not be a Scripts folder at that location. Can you confirm whether one exists?
If there isn't one, and you can't get the the scripts folder from the old DC (or there wasn't one there either), you can simply create that folder at the specified location and restart the Netlogon service. This should result in the NETLOGON share being created, but it will be empty.
If there isn't one, and you can't get the the scripts folder from the old DC (or there wasn't one there either), you can simply create that folder at the specified location and restart the Netlogon service. This should result in the NETLOGON share being created, but it will be empty.
ASKER
THAT IT IS. IT HAS NETLOGON FOLDER SHOWED UP!
is it normal there is no contents?
is it normal there is no contents?
It's normal for the NETLOGON share (the Scripts folder) to be empty if you're not using any logon scripts (or logoff/startup/shutdown scripts, but logon scripts are by far the most common of these).
If you haven't already done so, now would be an excellent time to clean up the metadata of the dead domain controller and make sure that all domain-joined machines are using only the new DC for DNS.
Finally, this would also be a good time to consider migrating SYSVOL from FRS to DFSR. It's a simple process, and you'll thank yourself in the long run. Don't do this if you intend to bring SBS 2008 back into the environment, though.
If you haven't already done so, now would be an excellent time to clean up the metadata of the dead domain controller and make sure that all domain-joined machines are using only the new DC for DNS.
Finally, this would also be a good time to consider migrating SYSVOL from FRS to DFSR. It's a simple process, and you'll thank yourself in the long run. Don't do this if you intend to bring SBS 2008 back into the environment, though.
ASKER
it won't let me delete the old server. see the screenshot.
delete-error.PNG
delete-error.PNG
Are you attempting to delete it in AD Users and Computers or another console? ADU&C should be able to delete it. If not, there's always the ntdsutil method, described in that same article.
ASKER
Thank you! i believe everything good. I haven't deleted the old DC but it is not urgent for now. Thank you for your help!