Re: How to recover from DC without GC?

Paul,

If I'm reading the article right, it sounds like it's required to have all
the files in the SYSVOL folder though? Since this DC doesn't have any files
in the SYSVOL folder, I guess there is no way I can get that content back,
or? (maybe I'm not understanding it right?)

/ Per


"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:eV1RQuyQHHA.4260@xxxxxxxxxxxxxxxxxxxxxxx
You should go and rebuild the folder structure and junction points

http://support.microsoft.com/kb/315457/en-us

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.

"Per Hagstrom" <per.hagstrom@xxxxxxxxxxxxxx> wrote in message
news:u0srtImQHHA.3304@xxxxxxxxxxxxxxxxxxxxxxx
Paul,

Yes, I did have the error about not being able to become a DC.
Followed your second link, since this is the only running DC (first one
failed with non accessible HD anymore), after running the D4 parameter,
the FRS started up fine, and now is actually sharing it's SYSVOL! Yay! :)
Only problem now when running DCDIAG is NETLOGON problem. Seems to have
to do with that the SYSVOL is completely empty on files, the tree
structure of all the folders is there, but contains no files what so
ever...! :(
Opened the GP editor, and all the policies are all empty. The system
knows the structure and I can still "browse" to the different policies
but when opening them in edit mode, nothing is set.

I guess I lost all the files in the SYSVOL folder, and probably won't be
able to get that back now, since the only other DC's HD is inaccessible?

Many thanks for all your help!

/ Per


"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:uNrp9E9OHHA.3872@xxxxxxxxxxxxxxxxxxxxxxx
If the sysvol can't be shared then the DC won't be able to service as a
DC (Nor a GC).

If there is more than one dc in your domain you can just do a
non-authoritative restore on your DC
http://support.microsoft.com/?id=840674

If this is the only DC in your domain then you will have to do a manual
rebuild of the sysvol.
http://support.microsoft.com/kb/315457/

If you go through your event logs I'm betting you will find an error
sayng something like sysvol is preventing this machine from becoming a
dc.

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.

"Per Hagstrom" <per.hagstrom@xxxxxxxxxxxxxx> wrote in message
news:epwZBb5OHHA.3268@xxxxxxxxxxxxxxxxxxxxxxx
Update:

Already seized all the FSMO roles. Made it GC. Tried to run the
metadata cleanup, but can't find the crashed server, it seems like it's
already gone. I think when I took ownership of the FSMO roles before, I
somehow followed some instructions on how to completely get rid of the
old DC. So guess the cleanup is already taken care of.
However, running DCdiag gives me one problem. Here is the capture of
the problem:

Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error
1355
A Global Catalog Server could not be located - All GC's are
down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed,
error 1355
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... Domain.com failed test FsmoCheck

Everything else passed fine. Seems like it's having trouble becoming a
GC? Also if I open A.D. Users and Computers, and try to open a Group
Policy, it also gives me an error about not being able to find the DC
for GP operations. Also saw an error in the event log about SYSVOL
having trouble getting created/shared...

Any ideas what to try next?

Many thanks for all your help!! :)

/ Per



"Herb Martin" <news@xxxxxxxxxxxxxx> wrote in message
news:Occ4YefOHHA.3900@xxxxxxxxxxxxxxxxxxxxxxx

"Per Hagstrom" <per.hagstrom@xxxxxxxxxxxxxx> wrote in message
news:eBQmxYfOHHA.4172@xxxxxxxxxxxxxxxxxxxxxxx
OK, the reason I asked was when I first tried to promote it and make
it GC, it complained it couldn't find the "domain", the DNS didn't
work, A.D didn't work and so on... but now after waiting a while, it
had actually recreated itself somehow... !

Only problem now is when I tried to join a new server to become
another DC, it complained again about domain not found... strange..
maybe that's part of the metadata cleanup?

You've got DNS problems. DNS is the MAIN cause of both authentication
and replication issues in Windows AD domains, and authentication PLUS
replication is required for DCPromo (authenticate you the admin, and
replicate
the new DC etc.)

The new server must use STRICTLY the DNS server that knows (how to
find)
the DNS zone which supports AD.

So must the existing DC and all other domain machines on the NIC->IP
properties.

You zone must be dynamic. The DC must be registered and it should be
able
to pass a full DCDiag (support tools from server CDRom). Save text to
a file
and search for FAIL and WARN.

Fix those or post the unedited text from both DC and "new server"
output
of: "IPconfig /all >file.txt" as well as DCDiag you did above:


--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)











.

Relevant Pages

  • Re: EventID 1030 & 1058 after Desaster Recovery Restore
    ... Make sure that the antivirus is not scanning the sysvol folder. ... > contains the domain's group policy objects, ... > On Windows Server 2003, the Everyone group should have the Read & Execute ...
    (microsoft.public.windows.server.sbs)
  • Re: Event 1058 gpt.ini file access denied
    ... I'm also wondering if FRS is working properly, as when I look in SYSVOL, I can see some files in serv9's, that I cant see in the PDC, serv1. ... So I'm thinking of demoting serv9, then promoting serv8 (currently has a very lightly used SQL server on it, single NIC). ... I guess serv9 is updating DNS to point to itself. ...
    (microsoft.public.windows.server.general)
  • RE: Group Policy processing aborted error message in Event Application log
    ... >Subject: RE: Group Policy processing aborted error message in Event ... >825763 How to configure Internet access in Windows Small Business Server ... Make sure that the antivirus is not scanning the sysvol folder. ...
    (microsoft.public.windows.server.sbs)
  • Re: Event 1058 gpt.ini file access denied
    ... Check that the sysvol and netlogon folder exist on srv9 and you can access them locally. ... I started to see the same error start to happen on serv1 too. ... I guess serv9 is updating DNS to point to itself. ... Serv1 is a bot strange for you wrote an old SBS server, ...
    (microsoft.public.windows.server.general)
  • RE: Peterborough FRS problem
    ... Checked this morning for the newest GPOs in the server local copy of sysvol, ... Connection-specific DNS Suffix. ... SYSVOL and these journal wrap still occur, then try to increase the NTFS ... Monitor the File Replication Service Event Logs for events: ...
    (microsoft.public.windows.server.active_directory)
Loading