Re: How to recover from DC without GC?
- From: "Per Hagstrom" <per.hagstrom@xxxxxxxxxxxxxx>
- Date: Mon, 29 Jan 2007 10:36:27 -0600
Paul,
OK, got it. I do have the whole structure still there. All the Active
Directory users and computers are still there. Only thing missing are the
Group Polices I think. So that isn't too bad. I can redo those without too
much hassle.
Well... except for the NETLOGON problem... hmm... seems to be needing files
from the SYSVOL folder, is there any way I can "reset" NETLOGON back to
default or something?
Thanks again for all your help! :)
/ Per
"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:ObC8Fv6QHHA.1208@xxxxxxxxxxxxxxxxxxxxxxx
You can't get back any of your old files, but you should still be able to
rebuild the structure. The only way you get back your old stuff is
through a restore from backup.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
"Per Hagstrom" <per.hagstrom@xxxxxxxxxxxxxx> wrote in message
news:uQ4lL$1QHHA.4404@xxxxxxxxxxxxxxxxxxxxxxx
Paul,
If I'm reading the article right, it sounds like it's required to have
all the files in the SYSVOL folder though? Since this DC doesn't have any
files in the SYSVOL folder, I guess there is no way I can get that
content back, or? (maybe I'm not understanding it right?)
/ Per
"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:eV1RQuyQHHA.4260@xxxxxxxxxxxxxxxxxxxxxxx
You should go and rebuild the folder structure and junction points
http://support.microsoft.com/kb/315457/en-us
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
"Per Hagstrom" <per.hagstrom@xxxxxxxxxxxxxx> wrote in message
news:u0srtImQHHA.3304@xxxxxxxxxxxxxxxxxxxxxxx
Paul,
Yes, I did have the error about not being able to become a DC.
Followed your second link, since this is the only running DC (first one
failed with non accessible HD anymore), after running the D4 parameter,
the FRS started up fine, and now is actually sharing it's SYSVOL! Yay!
:)
Only problem now when running DCDIAG is NETLOGON problem. Seems to have
to do with that the SYSVOL is completely empty on files, the tree
structure of all the folders is there, but contains no files what so
ever...! :(
Opened the GP editor, and all the policies are all empty. The system
knows the structure and I can still "browse" to the different policies
but when opening them in edit mode, nothing is set.
I guess I lost all the files in the SYSVOL folder, and probably won't
be able to get that back now, since the only other DC's HD is
inaccessible?
Many thanks for all your help!
/ Per
"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:uNrp9E9OHHA.3872@xxxxxxxxxxxxxxxxxxxxxxx
If the sysvol can't be shared then the DC won't be able to service as
a DC (Nor a GC).
If there is more than one dc in your domain you can just do a
non-authoritative restore on your DC
http://support.microsoft.com/?id=840674
If this is the only DC in your domain then you will have to do a
manual rebuild of the sysvol.
http://support.microsoft.com/kb/315457/
If you go through your event logs I'm betting you will find an error
sayng something like sysvol is preventing this machine from becoming a
dc.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
"Per Hagstrom" <per.hagstrom@xxxxxxxxxxxxxx> wrote in message
news:epwZBb5OHHA.3268@xxxxxxxxxxxxxxxxxxxxxxx
Update:
Already seized all the FSMO roles. Made it GC. Tried to run the
metadata cleanup, but can't find the crashed server, it seems like
it's already gone. I think when I took ownership of the FSMO roles
before, I somehow followed some instructions on how to completely get
rid of the old DC. So guess the cleanup is already taken care of.
However, running DCdiag gives me one problem. Here is the capture of
the problem:
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error
1355
A Global Catalog Server could not be located - All GC's are
down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed,
error 1355
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... Domain.com failed test FsmoCheck
Everything else passed fine. Seems like it's having trouble becoming
a GC? Also if I open A.D. Users and Computers, and try to open a
Group Policy, it also gives me an error about not being able to find
the DC for GP operations. Also saw an error in the event log about
SYSVOL having trouble getting created/shared...
Any ideas what to try next?
Many thanks for all your help!! :)
/ Per
"Herb Martin" <news@xxxxxxxxxxxxxx> wrote in message
news:Occ4YefOHHA.3900@xxxxxxxxxxxxxxxxxxxxxxx
"Per Hagstrom" <per.hagstrom@xxxxxxxxxxxxxx> wrote in message
news:eBQmxYfOHHA.4172@xxxxxxxxxxxxxxxxxxxxxxx
OK, the reason I asked was when I first tried to promote it and
make it GC, it complained it couldn't find the "domain", the DNS
didn't work, A.D didn't work and so on... but now after waiting a
while, it had actually recreated itself somehow... !
Only problem now is when I tried to join a new server to become
another DC, it complained again about domain not found... strange..
maybe that's part of the metadata cleanup?
You've got DNS problems. DNS is the MAIN cause of both
authentication
and replication issues in Windows AD domains, and authentication
PLUS
replication is required for DCPromo (authenticate you the admin, and
replicate
the new DC etc.)
The new server must use STRICTLY the DNS server that knows (how to
find)
the DNS zone which supports AD.
So must the existing DC and all other domain machines on the NIC->IP
properties.
You zone must be dynamic. The DC must be registered and it should
be able
to pass a full DCDiag (support tools from server CDRom). Save text
to a file
and search for FAIL and WARN.
Fix those or post the unedited text from both DC and "new server"
output
of: "IPconfig /all >file.txt" as well as DCDiag you did above:
--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)
.
- Follow-Ups:
- Re: How to recover from DC without GC?
- From: Herb Martin
- Re: How to recover from DC without GC?
- References:
- How to recover from DC without GC?
- From: Per Hagstrom
- Re: How to recover from DC without GC?
- From: Jorge Silva
- Re: How to recover from DC without GC?
- From: Per Hagstrom
- Re: How to recover from DC without GC?
- From: Herb Martin
- Re: How to recover from DC without GC?
- From: Per Hagstrom
- Re: How to recover from DC without GC?
- From: Paul Bergson [MVP-DS]
- Re: How to recover from DC without GC?
- From: Per Hagstrom
- Re: How to recover from DC without GC?
- From: Paul Bergson [MVP-DS]
- Re: How to recover from DC without GC?
- From: Per Hagstrom
- Re: How to recover from DC without GC?
- From: Paul Bergson [MVP-DS]
- How to recover from DC without GC?
- Prev by Date: Replication partner issue - seeking advice
- Next by Date: Re: access to a nondomain share
- Previous by thread: Re: How to recover from DC without GC?
- Next by thread: Re: How to recover from DC without GC?
- Index(es):
Relevant Pages
|
