Re: Cannot restore DC in isolated Subnet for the purpose of creating test environment
From: jmwallace74 (jmwallace74_at_hotmail.com)
Date: 03/01/04
- Next message: Rob T: "Retiring an old server"
- Previous message: Max André Bündchen: "Re: Logon Script for Win9x"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 01 Mar 2004 05:32:17 -0800
What Steps did I follow? (For restoring).
0. To get a AD test environment setup in a seperated network we followed
these steps.
1. Took identical hardware and installed fresh copy of Windows 2000 on
it, as a stand alone server (Workgroup). Setup Server with C:(OS and
Sysvol), D:(NTDS data) and E:(NT DS Logs) partitions just as in
production.
2. Booted this server to AD Restore mode.
3. restored All C: and System state.
4. Rebooted server in regular mode.
At first boot notice the sysvol is not shared. I don't know why.
Production topology, The server we are trying to restore is root Domain
Controller server with running DNS, WINS, Global Catalog, Domain Naming
Master, Schema master, PDC Emulator, Infrastructure Master, RID master.
There are two other DC's in the Root Domain. They are all Global Catalogs
to avoid the Infrastructure Master conflict. This root domain is empty of
all except administration accounts. DNS and WINS is served from all Root
Domain Servers. We have one child domain with 3 Domain Controllers and
they are all Global catalogs too. 4 DC (2 from each domain) are in Site A
while, Site B has the other 2 DC's (1 each from each Domain). The server
we are restoring is is in Site A. We cannet restore a second DC server in
the test environment because of lack of identical hardware.
In an attempt to get this first DC server to work in the test
envoronment, I have deleted AD Server accounts that don't exist in the
Root Domain test environment (Only two others which are Domain
Controllers), Deleted and recreated the Root DNS Zone, to make sure only
the server restored is listed in DNS as a DC.
What did I do about the failed KCCEVENT?
The server being restored is a global catalog server and still reports
that it is in the test enviroment. What else should I be doing?
The reson we are setting up this non-connected network, is to test going
from Windows 2000 to Windows 2003 onthe AD controllers and going from
Exchange 5.5 to Exchange 2003. We are trying to duplicate our live
network in a test environment
Any ideas would be appreciated.
Thanks for your help.
"Al Mulnick" <amulnick_No_SPAM@ncDOTrr.com> wrote in
news:#WRbVvg$DHA.684@tk2msftngp13.phx.gbl:
> What steps did you follow?
> What is your production topology and what did you do about this:
> "failed test kccevent" ?
>
> No real reason to seize the roles from the perpspective that he owns
> them now anyway. But I don't see where the sysvol came up (may have
> missed it, I'm only one cup of coffee into it :) but having knowledge
> of the production topology would be useful here. Also, knowing if it
> ever came up fully would be useful.
>
> Al
>
>
>
>
> "jmwallace74" <jmwallace74@hotmail.com> wrote in message
> news:%2337A1QX$DHA.2180@TK2MSFTNGP09.phx.gbl...
>> "Al Mulnick" <amulnick_No_SPAM@ncDOTrr.com> wrote in
>> news:OwEkr1W$DHA.1288@TK2MSFTNGP10.phx.gbl:
>>
>> > "The problem is that
>> > the server does not believe it's a Domain Cintroller at all."
>> >
>> > Doesn't believe it's a DC?!? Why not? Could be that your DNS is
>> > different? Could be your restoration method (what steps did you
>> > take during the restore?)
>>
>>
>> Why it dosen't think its a DC would be the $64,000 question. Well, at
>> least it will not run the FSMO role PDC Emulator, which it had when
>> it was backed up.
>>
>> Here is the output from DCDIAG /V
>>
>> *****************************************
>> Domain Controller Diagnosis
>>
>> Performing initial setup:
>> * Verifying that the local machine OH01DC01, is a DC.
>> * Connecting to directory service on server OH01DC01.
>> * Collecting site info.
>> * Identifying all servers.
>> * Found 1 DC(s). Testing 1 of them.
>> Done gathering initial info.
>>
>> Doing initial required tests
>>
>> Testing server: OH01\OH01DC01
>> Starting test: Connectivity
>> * Active Directory LDAP Services Check
>> * Active Directory RPC Services Check
>> ......................... OH01DC01 passed test Connectivity
>>
>> Doing primary tests
>>
>> Testing server: OH01\OH01DC01
>> Starting test: Replications
>> * Replications Check
>> ......................... OH01DC01 passed test Replications
>> Test omitted by user request: Topology
>> Test omitted by user request: CutoffServers
>> Starting test: NCSecDesc
>> * Security Permissions Check for
>> CN=Schema,CN=Configuration,DC=relizon,DC=net
>> * Security Permissions Check for
>> CN=Configuration,DC=relizon,DC=net
>> * Security Permissions Check for
>> DC=relizon,DC=net
>> ......................... OH01DC01 passed test NCSecDesc
>> Starting test: NetLogons
>> * Network Logons Privileges Check
>> ......................... OH01DC01 passed test NetLogons
>> Starting test: Advertising
>> Fatal Error:DsGetDcName (OH01DC01) call failed, error 1355
>> The Locator could not find the server.
>> ......................... OH01DC01 failed test Advertising
>> Starting test: KnowsOfRoleHolders
>> Role Schema Owner = CN=NTDS
>> Settings,CN=OH01DC01,CN=Servers,CN=OH01,CN=Sites,CN=Configuration,DC=r
>> eli zon,DC=net
>> Role Domain Owner = CN=NTDS
>> Settings,CN=OH01DC01,CN=Servers,CN=OH01,CN=Sites,CN=Configuration,DC=r
>> eli zon,DC=net
>> Role PDC Owner = CN=NTDS
>> Settings,CN=OH01DC01,CN=Servers,CN=OH01,CN=Sites,CN=Configuration,DC=r
>> eli zon,DC=net
>> Role Rid Owner = CN=NTDS
>> Settings,CN=OH01DC01,CN=Servers,CN=OH01,CN=Sites,CN=Configuration,DC=r
>> eli zon,DC=net
>> Role Infrastructure Update Owner = CN=NTDS
>> Settings,CN=OH01DC01,CN=Servers,CN=OH01,CN=Sites,CN=Configuration,DC=r
>> eli zon,DC=net
>> ......................... OH01DC01 passed test
>> KnowsOfRoleHolders
>> Starting test: RidManager
>> * Available RID Pool for the Domain is 3606 to 1073741823
>> * OH01DC01.relizon.net is the RID Master
>> * DsBind with RID Master was successful
>> * rIDAllocationPool is 3106 to 3605
>> * rIDNextRID: 3107
>> * rIDPreviousAllocationPool is 3106 to 3605
>> ......................... OH01DC01 passed test RidManager
>> Starting test: MachineAccount
>> * SPN found :LDAP/OH01DC01.relizon.net/relizon.net
>> * SPN found :LDAP/OH01DC01.relizon.net
>> * SPN found :LDAP/OH01DC01
>> * SPN found :LDAP/OH01DC01.relizon.net/RZNET
>> * SPN found :LDAP/5e725537-79c7-4438-a8ce-774ae6d2e63f.
>> _msdcs.relizon.net
>> * SPN found
>> :E3514235-4B06-11D1-AB04-00C04FC2DCD2/5e725537-79c7-
>> 4438-a8ce-774ae6d2e63f/relizon.net
>> * SPN found :HOST/OH01DC01.relizon.net/relizon.net
>> * SPN found :HOST/OH01DC01.relizon.net
>> * SPN found :HOST/OH01DC01
>> * SPN found :HOST/OH01DC01.relizon.net/RZNET
>> * SPN found :GC/OH01DC01.relizon.net/relizon.net
>> ......................... OH01DC01 passed test
>> MachineAccount
>> Starting test: Services
>> * Checking Service: Dnscache
>> * Checking Service: NtFrs
>> * Checking Service: IsmServ
>> * Checking Service: kdc
>> * Checking Service: SamSs
>> * Checking Service: LanmanServer
>> * Checking Service: LanmanWorkstation
>> * Checking Service: RpcSs
>> * Checking Service: RPCLOCATOR
>> * Checking Service: w32time
>> * Checking Service: TrkWks
>> * Checking Service: TrkSvr
>> * Checking Service: NETLOGON
>> ......................... OH01DC01 passed test Services
>> Test omitted by user request: OutboundSecureChannels
>> Starting test: ObjectsReplicated
>> OH01DC01 is in domain DC=relizon,DC=net
>> Checking for CN=OH01DC01,OU=Domain
>> Controllers,DC=relizon,DC=net
>> in domain DC=relizon,DC=net on 1 servers
>> Object is up-to-date on all servers.
>> Checking for CN=NTDS
>> Settings,CN=OH01DC01,CN=Servers,CN=OH01,CN=Sites,CN=Configuration,DC=r
>> eli zon,DC=net in domain CN=Configuration,DC=relizon,DC=net on 1
>> servers
>> Object is up-to-date on all servers.
>> ......................... OH01DC01 passed test
>> ObjectsReplicated
>> Starting test: frssysvol
>> * The File Replication Service Event log test
>> Error: No record of File Replication System, SYSVOL started.
>> The Active Directory may be prevented from starting.
>> There are errors after the SYSVOL has been shared.
>> The SYSVOL can prevent the AD from starting.
>> An Warning Event occured. EventID: 0x800034FE
>> Time Generated: 02/27/2004 15:17:33
>> Event String: File Replication Service is scanning the
>> data
>> in
>>
>> the system volume. Computer OH01DC01 cannot
>>
>> become a domain controller until this process is
>>
>> complete. The system volume will then be shared
>>
>> as SYSVOL.
>>
>>
>>
>> To check for the SYSVOL share, at the command
>>
>> prompt, type:
>>
>> net share
>>
>>
>>
>> When File Replication Service completes the
>>
>> scanning process, the SYSVOL share will appear.
>>
>>
>>
>> The initialization of the system volume can take
>>
>> some time. The time is dependent on the amount of
>>
>> data in the system volume.
>> ......................... OH01DC01 passed test frssysvol
>> Starting test: kccevent
>> * The KCC Event log test
>> An Error Event occured. EventID: 0xC0000466
>> Time Generated: 02/27/2004 15:43:26
>> Event String: Unable to establish connection with global
>>
>> catalog.
>> An Information Event occured. EventID: 0x40000617
>> Time Generated: 02/27/2004 15:46:33
>> (Event String could not be retrieved)
>> An Information Event occured. EventID: 0x4000062A
>> Time Generated: 02/27/2004 15:46:33
>> (Event String could not be retrieved)
>> An Information Event occured. EventID: 0x40000456
>> Time Generated: 02/27/2004 15:46:33
>> (Event String could not be retrieved)
>> An Error Event occured. EventID: 0xC0000466
>> Time Generated: 02/27/2004 15:46:33
>> Event String: Unable to establish connection with global
>>
>> catalog.
>> ......................... OH01DC01 failed test kccevent
>> Starting test: systemlog
>> * The System Event log test
>> Found no errors in System Event log in the last 60 minutes.
>> ......................... OH01DC01 passed test systemlog
>>
>> Running enterprise tests on : relizon.net
>> Starting test: Intersite
>> Skipping site Default-First-Site-Name, this site is outside
>> the
>> scope
>>
>> provided by the command line arguments provided.
>> Skipping site OH01, this site is outside the scope provided
>> by
>> the
>>
>> command line arguments provided.
>> ......................... relizon.net passed test Intersite
>> Starting test: FsmoCheck
>> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error
>> 1355 A Global Catalog Server could not be located - All GC's
>> are
>> down.
>> PDC Name: \\OH01DC01.relizon.net
>> Locator Flags: 0xe00001f9
>> Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
>> A Time Server could not be located.
>> The server holding the PDC role is down.
>> Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call
>> failed,
>> error 1355
>> A Good Time Server could not be located.
>> Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
>> A KDC could not be located - All the KDCs are down.
>> ......................... relizon.net failed test FsmoCheck
>> *********************************************************************
>>
>>
>> >
>> >
>> > There's a restoration document available from Microsoft. Have you
>> > read it?
>> >
>> >
>> Yes we have. We have tried the Microsoft backup and restore Link
>> here:
>>
>> http://support.microsoft.com/default.aspx?scid=kb;EN-US;240363
>>
>>
>> and the CA restore (We run Brightstore) See at this link:
>>
>> http://support.cai.com/techbases/basb9/basb9_1004.html
>>
>>
>>
>>
>>
>> >
>> > "jmwallace74" <jmwallace74@hotmail.com> wrote in message
>> > news:%23SJqo3U$DHA.3256@TK2MSFTNGP09.phx.gbl...
>> >> I have been trying to restore our root domain controller(Windows
>> >> 2000) in
>> > a
>> >> totally isolated network. The network has no connection to our
>> >> production network or even the internet. The reason we want to do
>> >> this is for testing purposes, while having an exact copy of our
>> >> domain(s).
>> >>
>> >> We transfered all 5 forest and domain FSMO roles to this one
>> >> server backed it up, and then restored it to identical hardware in
>> >> this isolated
>> > network.
>> >> The server will come up and I can login as a user that is combined
>> >> Enterprise, Domain, and Schema master administrators. We use
>> >> Brightstore 9 and have followed CA's instructions for restoring a
>> >> DC. The problem is
>> > that
>> >> the server does not belive it's a Domain Cintroller at all. So we
>> >> cannot add other DC's or run DC Promo or add servers to the domin
>> >> in the test enviroment. I can create accounts(users and computers)
>> >> as the system has the RID master FSMO role as well as all others,
>> >> including Schema master, Domain naming master, Rid master, PDC
>> >> Emulater and Infrastructure master. The server bein restored is a
>> >> Global Catalog server as well. Other
>> > symptons
>> >> are the sysvol and netlogon folder do not get automatically
>> >> shared. the user and computers and Sites tools do not initially
>> >> run correctly until I point then to the server name, and then they
>> >> seem to function correctly. The server is a DNS server, WINS
>> >> server and DHCP server in production as well as in the test
>> >> enviroment. The server has its same IP address as in production
>> >> network. On server startup the Directory Service log files do say
>> >> that it is unable to contact a Global catalog server even though
>> >> this server is one.
>> >>
>> >> Anyone have any ideas????
>> >>
>> >>
>> >>
>> >>
>> >> --
>> >> John Wallace
>> >> jmwallace74@hotmail.com
>> >> http://www.jmwallace.net
>> >
>> >
>>
>>
>>
>> --
>> John Wallace
>> jmwallace74@hotmail.com
>> http://www.jmwallace.net
>
>
>
-- John Wallace jmwallace74@hotmail.com http://www.jmwallace.net
- Next message: Rob T: "Retiring an old server"
- Previous message: Max André Bündchen: "Re: Logon Script for Win9x"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
