Re: Sorting out a FUBARed domain

In the trace look for a failure to find something. From what you described, you will most likely either see a DNS call that comes back as unknown or an attempt to contact a machine that isn't responded to.


--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm

============================================================================
Do not read this worthless blog entry on
Defending Security Infrastructures http://blog.joeware.net/2006/07/11/445/
I'm serious, you will learn absolutely nothing about
Defending Security Infrastructures.
============================================================================

o2ws6ta wrote:
What kind of stuff am I looking for in DNS and WINS? I don't see any references to the old-domain stuff. I went through all of the DNS _msdcs type stuff and it all correctly referenes the single DC with no refrences to anything else. What kind of stuff would I look for while sniffing the promotion attempt?


"Joe Richards [MVP]" wrote:

It doesn't actually sound FUBAR to me yet. You have a disjoint namespace which is fully supported and fine and you may have some name resolution issues. I would look over DNS and WINS carefully and clean up anything that is incorrect. Then try the promo again. If it fails, get a network sniff of the attempt and the failure should be fairly obvious in the trace.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm

============================================================================
Do not read this worthless blog entry on
Defending Security Infrastructures http://blog.joeware.net/2006/07/11/445/
I'm serious, you will learn absolutely nothing about
Defending Security Infrastructures.
============================================================================

o2ws6ta wrote:
Background: This windows 2000 domain has always been managed by UNIX admins. I am trying to straighten it out. We currently have one domain controller that is also does file, print, virus etc. This is a very old machine that is still actually the upgraded NT4.0 domain controller back in 2001. The OS has many issues and everything is a bit off. Obviously I need to get off the current DC. I am looking for some people to give me some ideas and bounce ideas off also. So let me know if anyone has some ideas on this stuff.

To begin with there seems to be a conflict in domain names. In just about all cases the domain is referenced as "peak.com" For instance you join computers to the "peak.com" domain. However, when logging in as a user, the "peak.com" domain does not exist in the log on to box. I get the "Domain" and "old-domain" domains in the log on to box at logon and peak is not referenced at all. In AD users and computers the domain is referenced as peak.com. When I try to connect to the "domain" domain in the users and computers it can't find it, and all of the accounts are actually in the peak.com domain. This domain name disconnect seems very strange to me, and I really have no idea where the "old-domain" is coming from. Possibly related to this issues is in the domains and trusts it is listed as peak.com but has external trusts that that point to peak.com (it's own domain name).

Anyway, I have tried promoting a new DC and it won't let me basically because it says it cannot contact all domain controllers. Which is funny because there is only one and the unix guys tell me there has always just been one. I cannot find any references to any other DC's like one was just turned off and not demoted. When I run dcdiag on the dc everything passes except for the following test:

Starting test: systemlog
An Error Event occured. EventID: 0x8000003E
Time Generated: 07/13/2006 13:51:05
(Event String could not be retrieved)
......................... HOSS failed test systemlog

Anyway, hopefully someone has some pointers for me in this mess.
.

Relevant Pages

  • Re: UNC access failure: Logon Failure: The target account name is
    ... > which the ethernet cable was connected, deleted any references in DNS ... > and AD and swapped between being in a Workgroup and joining my domain ...
    (microsoft.public.win2000.dns)
  • Re: DNS Nightmare - Cant create forward zone
    ... DNS problem is soved? ... Upon rebooting the ... I have followed your instructions and removed any references to ... tmpserver - I will reboot it twice shortly. ...
    (microsoft.public.win2000.active_directory)
  • CACertFileName: Chicken or Egg?
    ... I'd like to remove all DNS references from CA certificates, such that the AIA ... CA server’s certificate has already been published (including the DNS ...
    (microsoft.public.windows.server.security)
  • Re: DNS Trouble
    ... If you moved your dns data have you removed all references to the old dns ... AD or DNS services in your dns domain. ... I got a new server and ...
    (microsoft.public.windows.server.dns)