Guest athos_01 Posted March 20, 2008 Posted March 20, 2008 I am the tech person for a small k-12 school. Above average experience, but have gotten myself into a big situation. I have a small domain of windows 2003 servers. One server I have had running for several years, but started flaking out. I removed all of it's roles to another DC, except Global Catalog. I added another machine as GC and just left it that way. Now what has happened is that the original server has had major issues, so far as not even being able to log into it, so I assumed everything was gone, so I took it offline never to be returned. If I couldn't log into it, I couldn't demote it so I tried to go through ASDI Edit and removed the server manually from the domain. Everything should be good. not so good. What I find out is that nobody can see the other global catalog server. The tick is there, it shows in DNS as being a GC, if I remove the tick, it removes itself through DNS, so I know that DNS is working, but nobody can use it as a GC. I have another DC that I tried to do this with as well, and it does the same thing. If I run DCDiag on the GC server, it comes out with no problems, if I run it on another server that isn't the GC, it shows that it can't find the GC. Only way I was able to get people logging back into the network and my Exchange server to work again was to turn on the old machine, eventually it registered itself back into DNS as a DC and GC and people were able to log in and exchange came back up. But... Since I manually removed it from the domain, there are no NTDS settings so it isn't replicating and isn't completely visible as a Domain controller even though it is handling logon and logoff requests. I tried doing dcdiag /fix hoping it might, but didn't fix anything. I thought that I could bring up another server as a DC and hope that it would promote as a GC as if the other two had problems and a clean one wouldn't, but I get an error on promotion that it can't create settings on remote DC, being the one that I can't do anything with. I would really like it if somebody could hlep me out. I really do not want to have to rebuild an entire domain, and I do not have any good backups of the bad DC. Being a small school district funding is no there for professional help nor doing things the correct way. Any help would be greatly appreciated.
Guest Meinolf Weber Posted March 20, 2008 Posted March 20, 2008 Re: Major help needed Hello athos_01, Please post an unedited ipconfig /all from all DC/DNS servers. Also run dcdiag /v, netdiag /v and replmon on all DC's. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > I am the tech person for a small k-12 school. Above average > experience, but have gotten myself into a big situation. > > I have a small domain of windows 2003 servers. One server I have had > running for several years, but started flaking out. I removed all of > it's roles to another DC, except Global Catalog. I added another > machine as GC and just left it that way. Now what has happened is > that the original server has had major issues, so far as not even > being able to log into it, so I assumed everything was gone, so I took > it offline never to be returned. If I couldn't log into it, I > couldn't demote it so I tried to go through ASDI Edit and removed the > server manually from the domain. Everything should be good. not so > good. > > What I find out is that nobody can see the other global catalog > server. The tick is there, it shows in DNS as being a GC, if I remove > the tick, it removes itself through DNS, so I know that DNS is > working, but nobody can use it as a GC. I have another DC that I > tried to do this with as well, and it does the same thing. If I run > DCDiag on the GC server, it comes out with no problems, if I run it on > another server that isn't the GC, it shows that it can't find the GC. > > Only way I was able to get people logging back into the network and my > Exchange server to work again was to turn on the old machine, > eventually it registered itself back into DNS as a DC and GC and > people were able to log in and exchange came back up. But... Since I > manually removed it from the domain, there are no NTDS settings so it > isn't replicating and isn't completely visible as a Domain controller > even though it is handling logon and logoff requests. I tried doing > dcdiag /fix hoping it might, but didn't fix anything. I thought that > I could bring up another server as a DC and hope that it would promote > as a GC as if the other two had problems and a clean one wouldn't, but > I get an error on promotion that it can't create settings on remote > DC, being the one that I can't do anything with. > > I would really like it if somebody could hlep me out. I really do not > want to have to rebuild an entire domain, and I do not have any good > backups of the bad DC. Being a small school district funding is no > there for professional help nor doing things the correct way. Any > help would be greatly appreciated. >
Guest athos_01 Posted March 20, 2008 Posted March 20, 2008 Re: Major help needed On Mar 20, 9:15 am, Meinolf Weber <meiweb(nospam)@gmx.de> wrote: > Hello athos_01, > > Please post an unedited ipconfig /all from all DC/DNS servers. Also run dcdiag > /v, netdiag /v and replmon on all DC's. > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!!http://www.blakjak.demon.co.uk/mul_crss.htm > > > > > I am the tech person for a small k-12 school. Above average > > experience, but have gotten myself into a big situation. > > > I have a small domain of windows 2003 servers. One server I have had > > running for several years, but started flaking out. I removed all of > > it's roles to another DC, except Global Catalog. I added another > > machine as GC and just left it that way. Now what has happened is > > that the original server has had major issues, so far as not even > > being able to log into it, so I assumed everything was gone, so I took > > it offline never to be returned. If I couldn't log into it, I > > couldn't demote it so I tried to go through ASDI Edit and removed the > > server manually from the domain. Everything should be good. not so > > good. > > > What I find out is that nobody can see the other global catalog > > server. The tick is there, it shows in DNS as being a GC, if I remove > > the tick, it removes itself through DNS, so I know that DNS is > > working, but nobody can use it as a GC. I have another DC that I > > tried to do this with as well, and it does the same thing. If I run > > DCDiag on the GC server, it comes out with no problems, if I run it on > > another server that isn't the GC, it shows that it can't find the GC. > > > Only way I was able to get people logging back into the network and my > > Exchange server to work again was to turn on the old machine, > > eventually it registered itself back into DNS as a DC and GC and > > people were able to log in and exchange came back up. But... Since I > > manually removed it from the domain, there are no NTDS settings so it > > isn't replicating and isn't completely visible as a Domain controller > > even though it is handling logon and logoff requests. I tried doing > > dcdiag /fix hoping it might, but didn't fix anything. I thought that > > I could bring up another server as a DC and hope that it would promote > > as a GC as if the other two had problems and a clean one wouldn't, but > > I get an error on promotion that it can't create settings on remote > > DC, being the one that I can't do anything with. > > > I would really like it if somebody could hlep me out. I really do not > > want to have to rebuild an entire domain, and I do not have any good > > backups of the bad DC. Being a small school district funding is no > > there for professional help nor doing things the correct way. Any > > help would be greatly appreciated.- Hide quoted text - > > - Show quoted text - ***BAD DC Windows IP Configuration Host Name . . . . . . . . . . . . : mhsfour Primary Dns Suffix . . . . . . . : msd.marceline.k12.mo.us Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : msd.marceline.k12.mo.us marceline.k12.mo.us k12.mo.us mo.us Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C905C-TX) Physical Address. . . . . . . . . : 00-50-DA-84-4A-E7 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.0.50 Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 192.168.0.1 Primary WINS Server . . . . . . . : 192.168.0.1 ****DC 2 Windows IP Configuration Host Name . . . . . . . . . . . . : mhssix Primary Dns Suffix . . . . . . . : msd.marceline.k12.mo.us Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : msd.marceline.k12.mo.us marceline.k12.mo.us Ethernet adapter VMware Network Adapter VMnet8: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8 Physical Address. . . . . . . . . : 00-50-56-C0-00-08 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 172.16.88.1 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : Ethernet adapter VMware Network Adapter VMnet1: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1 Physical Address. . . . . . . . . : 00-50-56-C0-00-01 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 172.16.100.1 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® PRO/1000 PM Network Connection Physical Address. . . . . . . . . : 00-13-20-8F-2E-D0 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.0.12 Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 192.168.0.1 Primary WINS Server . . . . . . . : 192.168.0.1 ****DC 3 Windows IP Configuration Host Name . . . . . . . . . . . . : msd1 Primary Dns Suffix . . . . . . . : msd.marceline.k12.mo.us Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : msd.marceline.k12.mo.us marceline.k12.mo.us k12.mo.us mo.us Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® PRO/1000 MT Network Connection Physical Address. . . . . . . . . : 00-0B-DB-57-88-9D DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.0.3 Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 192.168.0.1 Primary WINS Server . . . . . . . : 192.168.0.1 Ethernet adapter Local Area Connection 2: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC Physical Address. . . . . . . . . : 00-40-33-E2-95-4E DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 204.185.x.x Subnet Mask . . . . . . . . . . . : 255.255.255.0 IP Address. . . . . . . . . . . . : 204.185.x.x Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 204.185.x.x DNS Servers . . . . . . . . . . . : 192.168.0.1 ****DNS / Firewall Server Windows IP Configuration Host Name . . . . . . . . . . . . : mhstwo Primary Dns Suffix . . . . . . . : msd.marceline.k12.mo.us Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : Yes WINS Proxy Enabled. . . . . . . . : Yes DNS Suffix Search List. . . . . . : msd.marceline.k12.mo.us marceline.k12.mo.us k12.mo.us mo.us PPP adapter RAS Server (Dial In) Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface Physical Address. . . . . . . . . : 00-53-45-00-00-00 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.0.96 Subnet Mask . . . . . . . . . . . : 255.255.255.255 Default Gateway . . . . . . . . . : Ethernet adapter Internal: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® PRO/1000 XT Server Adapter Physical Address. . . . . . . . . : 00-0E-0C-7F-27-BE DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.0.1 Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : 192.168.0.1 Ethernet adapter External: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® PRO/1000 MT Network Connection Physical Address. . . . . . . . . : 00-C0-9F-39-AB-9F DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 204.185.x.x Subnet Mask . . . . . . . . . . . : 255.255.255.0 IP Address. . . . . . . . . . . . : 204.185.x.x Subnet Mask . . . . . . . . . . . : 255.255.255.0 IP Address. . . . . . . . . . . . : 204.185.x.x Subnet Mask . . . . . . . . . . . : 255.255.255.0 IP Address. . . . . . . . . . . . : 204.185.x.x Subnet Mask . . . . . . . . . . . : 255.255.255.0 IP Address. . . . . . . . . . . . : 204.185.x.x Subnet Mask . . . . . . . . . . . : 255.255.255.0 IP Address. . . . . . . . . . . . : 204.185.x.x Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 204.185.x.x NetBIOS over Tcpip. . . . . . . . : Disabled
Guest Drumgod Posted March 20, 2008 Posted March 20, 2008 Re: Major help needed I would reccomed that you use the NTDSUTIL to remove the old DC/GC from your active directory, and then use the NTDSUTIL to promote the new DC as a GC server. Also agree with the previous post. Run NETDIAG /FIX, also run DCDIAG /FIX (on both servers if you can) Drum on .. .. . . . "athos_01" wrote: > On Mar 20, 9:15 am, Meinolf Weber <meiweb(nospam)@gmx.de> wrote: > > Hello athos_01, > > > > Please post an unedited ipconfig /all from all DC/DNS servers. Also run dcdiag > > /v, netdiag /v and replmon on all DC's. > > > > Best regards > > > > Meinolf Weber > > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > > no rights. > > ** Please do NOT email, only reply to Newsgroups > > ** HELP us help YOU!!!http://www.blakjak.demon.co.uk/mul_crss.htm > > > > > > > > > I am the tech person for a small k-12 school. Above average > > > experience, but have gotten myself into a big situation. > > > > > I have a small domain of windows 2003 servers. One server I have had > > > running for several years, but started flaking out. I removed all of > > > it's roles to another DC, except Global Catalog. I added another > > > machine as GC and just left it that way. Now what has happened is > > > that the original server has had major issues, so far as not even > > > being able to log into it, so I assumed everything was gone, so I took > > > it offline never to be returned. If I couldn't log into it, I > > > couldn't demote it so I tried to go through ASDI Edit and removed the > > > server manually from the domain. Everything should be good. not so > > > good. > > > > > What I find out is that nobody can see the other global catalog > > > server. The tick is there, it shows in DNS as being a GC, if I remove > > > the tick, it removes itself through DNS, so I know that DNS is > > > working, but nobody can use it as a GC. I have another DC that I > > > tried to do this with as well, and it does the same thing. If I run > > > DCDiag on the GC server, it comes out with no problems, if I run it on > > > another server that isn't the GC, it shows that it can't find the GC. > > > > > Only way I was able to get people logging back into the network and my > > > Exchange server to work again was to turn on the old machine, > > > eventually it registered itself back into DNS as a DC and GC and > > > people were able to log in and exchange came back up. But... Since I > > > manually removed it from the domain, there are no NTDS settings so it > > > isn't replicating and isn't completely visible as a Domain controller > > > even though it is handling logon and logoff requests. I tried doing > > > dcdiag /fix hoping it might, but didn't fix anything. I thought that > > > I could bring up another server as a DC and hope that it would promote > > > as a GC as if the other two had problems and a clean one wouldn't, but > > > I get an error on promotion that it can't create settings on remote > > > DC, being the one that I can't do anything with. > > > > > I would really like it if somebody could hlep me out. I really do not > > > want to have to rebuild an entire domain, and I do not have any good > > > backups of the bad DC. Being a small school district funding is no > > > there for professional help nor doing things the correct way. Any > > > help would be greatly appreciated.- Hide quoted text - > > > > - Show quoted text - > > ***BAD DC > > Windows IP Configuration > > > > Host Name . . . . . . . . . . . . : mhsfour > > Primary Dns Suffix . . . . . . . : msd.marceline.k12.mo.us > > Node Type . . . . . . . . . . . . : Hybrid > > IP Routing Enabled. . . . . . . . : No > > WINS Proxy Enabled. . . . . . . . : No > > DNS Suffix Search List. . . . . . : msd.marceline.k12.mo.us > > marceline.k12.mo.us > > k12.mo.us > > mo.us > > > > Ethernet adapter Local Area Connection: > > > > Connection-specific DNS Suffix . : > > Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI > For Complete PC Management NIC (3C905C-TX) > > Physical Address. . . . . . . . . : 00-50-DA-84-4A-E7 > > DHCP Enabled. . . . . . . . . . . : No > > IP Address. . . . . . . . . . . . : 192.168.0.50 > > Subnet Mask . . . . . . . . . . . : 255.255.0.0 > > Default Gateway . . . . . . . . . : 192.168.0.1 > > DNS Servers . . . . . . . . . . . : 192.168.0.1 > > Primary WINS Server . . . . . . . : 192.168.0.1 > > ****DC 2 > > > Windows IP Configuration > > > > Host Name . . . . . . . . . . . . : mhssix > > Primary Dns Suffix . . . . . . . : msd.marceline.k12.mo.us > > Node Type . . . . . . . . . . . . : Hybrid > > IP Routing Enabled. . . . . . . . : No > > WINS Proxy Enabled. . . . . . . . : No > > DNS Suffix Search List. . . . . . : msd.marceline.k12.mo.us > > marceline.k12.mo.us > > > > Ethernet adapter VMware Network Adapter VMnet8: > > > > Connection-specific DNS Suffix . : > > Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter > for VMnet8 > > Physical Address. . . . . . . . . : 00-50-56-C0-00-08 > > DHCP Enabled. . . . . . . . . . . : No > > IP Address. . . . . . . . . . . . : 172.16.88.1 > > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > > Default Gateway . . . . . . . . . : > > > > Ethernet adapter VMware Network Adapter VMnet1: > > > > Connection-specific DNS Suffix . : > > Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter > for VMnet1 > > Physical Address. . . . . . . . . : 00-50-56-C0-00-01 > > DHCP Enabled. . . . . . . . . . . : No > > IP Address. . . . . . . . . . . . : 172.16.100.1 > > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > > Default Gateway . . . . . . . . . : > > > > Ethernet adapter Local Area Connection: > > > > Connection-specific DNS Suffix . : > > Description . . . . . . . . . . . : Intel® PRO/1000 PM Network > Connection > > Physical Address. . . . . . . . . : 00-13-20-8F-2E-D0 > > DHCP Enabled. . . . . . . . . . . : No > > IP Address. . . . . . . . . . . . : 192.168.0.12 > > Subnet Mask . . . . . . . . . . . : 255.255.0.0 > > Default Gateway . . . . . . . . . : 192.168.0.1 > > DNS Servers . . . . . . . . . . . : 192.168.0.1 > > Primary WINS Server . . . . . . . : 192.168.0.1 > > ****DC 3 > > Windows IP Configuration > > > > Host Name . . . . . . . . . . . . : msd1 > > Primary Dns Suffix . . . . . . . : msd.marceline.k12.mo.us > > Node Type . . . . . . . . . . . . : Hybrid > > IP Routing Enabled. . . . . . . . : No > > WINS Proxy Enabled. . . . . . . . : No > > DNS Suffix Search List. . . . . . : msd.marceline.k12.mo.us > > marceline.k12.mo.us > > k12.mo.us > > mo.us > > > > Ethernet adapter Local Area Connection: > > > > Connection-specific DNS Suffix . : > > Description . . . . . . . . . . . : Intel® PRO/1000 MT Network > Connection > > Physical Address. . . . . . . . . : 00-0B-DB-57-88-9D > > DHCP Enabled. . . . . . . . . . . : No > > IP Address. . . . . . . . . . . . : 192.168.0.3 > > Subnet Mask . . . . . . . . . . . : 255.255.0.0 > > Default Gateway . . . . . . . . . : 192.168.0.1 > > DNS Servers . . . . . . . . . . . : 192.168.0.1 > > Primary WINS Server . . . . . . . : 192.168.0.1 > > > > Ethernet adapter Local Area Connection 2: > > > > Connection-specific DNS Suffix . : > > Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast > Ethernet NIC > > Physical Address. . . . . . . . . : 00-40-33-E2-95-4E > > DHCP Enabled. . . . . . . . . . . : No > > IP Address. . . . . . . . . . . . : 204.185.x.x > > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > > IP Address. . . . . . . . . . . . : 204.185.x.x > > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > > Default Gateway . . . . . . . . . : 204.185.x.x > > DNS Servers . . . . . . . . . . . : 192.168.0.1 > > > ****DNS / Firewall Server > > Windows IP Configuration > > > > Host Name . . . . . . . . . . . . : mhstwo > > Primary Dns Suffix . . . . . . . : msd.marceline.k12.mo.us > > Node Type . . . . . . . . . . . . : Unknown > > IP Routing Enabled. . . . . . . . : Yes > > WINS Proxy Enabled. . . . . . . . : Yes > > DNS Suffix Search List. . . . . . : msd.marceline.k12.mo.us > > marceline.k12.mo.us > > k12.mo.us > > mo.us > > > > PPP adapter RAS Server (Dial In) Interface:
Guest athos_01 Posted March 20, 2008 Posted March 20, 2008 Re: Major help needed I appreciate all the help. If I could figure out why other machines cannot see other global catalog servers, I think my problem would be solved. I could turn off the bad DC and use ASDIEdit to remove all instances of it. But I cannot figure out why even if DNS shows that other machines are a GC, nobody can use them. If I run dcdiag on any dc that is configured to be a gc, it finds it's self, otherwise it can't find one. If I can't figure that out, I at least need to figure out how I can get my old DC back to replicating. Currently the domain controller is shown as disabled, and I can't enable it. It has no NTDS records as well. Thank you for any help you can provide. I did run both utilities, didn't help, but thanks.
Recommended Posts