Re: Receiving access denied accessing 2000 domain controller
- From: "John" <ClipperMiami@xxxxxxxxx>
- Date: 29 Jul 2006 15:22:25 -0700
Jorge:
Thanks very much, that did it! I was able to remove and reinstall AD on
the system and it APPEARS to be function almost normal. I'm still
having problems getting RRAS to authenticate VPN calls and there are
still some "odd" error messages in the log but it appears the worst of
it is "fixed"
It is interesting that for the most part the procedure was fairly
straightforward. Its a bit surprising that there isn't some single tool
or script that would accomplish all the steps in one automatic package
rather than "the crazy-quilt collection of this tool and that tool and
go here, delete this, enable that ..."
John
Jorge Silva wrote:
Hi
Inline
We have had a disk crash on our 2000 primary domain controller (AD) and
have recovered by using a previously mirrored disk of the system. This
mirror is about a week old (we broke the mirror for some testing).
Never do that AGAIN, the system has no way to check that was a restore using
this method.
USE ONLY SUPPORTED DEVICES AD AWARE TO RECOVER AD.
read this:
How to detect and recover from a USN rollback in Windows Server 2003
http://support.microsoft.com/?kbid=875495
How to detect and recover from a USN rollback in Windows 2000 Server
http://support.microsoft.com/kb/885875/en-us
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"John" <ClipperMiami@xxxxxxxxx> wrote in message
news:1154199589.890150.69250@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Further to this if we try to access this machine using "Run
\\machinename" we get an error
"Log on failure. The target account name is invalid"
The Event Logs refelct a variety of errors. In Directory Service there
are errors such as:
- The Directory Service consistency checker has noticed that 6
successive replication attempts with CN=NTDS
Settings,CN=LONDON,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=XXXXX,DC=YYY
have failed over a period of 21707 minutes. The connection object for
this server will be kept in place, and new temporary connections will
established to ensure that replication continues. The Directory Service
will continue to retry replication with CN=NTDS
Settings,CN=LONDON,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=XXXXX,DC=YYY;
once successful the temporary connection will be removed.
- The Active Directory database has been restored using an unsupported
restoration procedure."
- Outbound Replication disabled"
- Inbound Replication disabled"
- NTDS (296) The database engine has successfully completed recovery
steps.
- NTDS (296) The database engine is replaying log file
e:\WINNT\NTDS\edb.log.
We did NOT do anything to attempt to restore the AD database, merely
booted from the old mirrored drive.
John wrote:
We have had a disk crash on our 2000 primary domain controller (AD) and
have recovered by using a previously mirrored disk of the system. This
mirror is about a week old (we broke the mirror for some testing).
It appears that we were successful in using this in the domain but we
are now getting "Access Denied" on any other system in the network that
attempts to access resources on this machine. Before we get too far
along with this backup is there any way to recover from this problem?
Thanks
John
.
- Follow-Ups:
- References:
- Prev by Date: Re: R2 in-place upgrade bug ? ..HELP
- Next by Date: Re: 2nd DC and DHCP?
- Previous by thread: Re: Receiving access denied accessing 2000 domain controller
- Next by thread: Re: Receiving access denied accessing 2000 domain controller
- Index(es):
Relevant Pages
|
