RE: DCpromo issue. Health check on AD and group policy.
- From: Meinolf Weber [MVP-DS] <meiweb(nospam)@gmx.de>
- Date: Mon, 29 Jun 2009 05:48:00 +0000 (UTC)
Hello Garry,
really a good information about your solution to such a kind of problem. And with 200 DCs, yes it's a lot of work when you can't find a way like you did.
I also had the thoughts about a problem with removing and reinstalling, that was my reason to ask the OP about the way he did it in detail. Maybe we will get an answer.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Hi Meinholf and Hello IT Team Queensbridge.bham.sch.ukGUID>> way is complex, just guid's burnt into you retinas if manually
Since Repadmin was not looking great to say the least, check FRS and
AD evt logs on the other intrastire DC's for failures creating
connection objects with NED. Presuming that NED was recently promo'd
out and in again (I'm really hoping)
I have a recollection of this issue after I removed a DC via DCPROMO
and within 20minutes I DCpromo'd the new Hardware in as the exact same
name. What happened then was GUID/CNAMES in DNS were 100% right for
the new DC, but every DC whether Intra or Intersite that was a direct
replication partner with the he renewed DC simply would not allow the
new DC to create new inbound connection objects (You can't even via
manual methods). Every DC that was a replication partner of the DC
before removing it obviously continued repl via KCC auto generated
connection objects to another preferred bridge head. I eventually
found nothing on the internet to help, but what I did do next was user
repadmin /expertuser switch and users the following cowboy trick (Int
the LAB first, managed to replicate exact problem luckily):
/delrepsto <Naming Context> <DC> <Reps-To DC> <Reps-To DC GUID>
Examples:
Naming Context <DC=TESTDOM,DC=LOCAL >
<DC> done at each DC that was a pervious repl partner
<repsto dc> this will most definitely be NED in every run of the
commands on
each old partners. And check intrasite DC's FRS/AD eventlogs on each
DC to
see if their is an issue showing the old GUID/CNAME in the events.
This GUID
will be the buid use supply for <Reps-To DC GUID>
Now I scripted this as the forest has over 200 DC's and due to lack of
RAM / perf on most DC's, KCC was not autogening connection obj's. 90 %
of the dc's used this DC as a bridgehead (Manually set seince we were
still on 2000 AD and it's hidden agenda, we had switched KCC &ISTG off
and every connection object was manual (This is how I know that not
even a manual obj creation helps to trick).
To add to my missery, when I spotted the errors after the new DC's
promo. I dcpromo'd out again and then there were now 2 wrong outdated
GUID to remove. I don't think the /delrepsto <Naming Context> <DC>
<Reps-To DC> <Reps-To DC
GUID>> done.
GUID>>
But you are small, so if this pie in the sky theory is write, each DC
Intrasite show hhave some eventlogs, hopefully showing the antiquated
GUID's. Since each other site had one or more DC's, only one is
generally in need of attention, the Bridgehead which KCC selects. KCC
does the KCC thing every 15 minutes and will auto gen the new "true"
connetion objects at those intervals,
Also, who's the RID master, is he UP?
Root Cause Analysis of my issue, A bit of a thumb suck, I has just
arrived at the clients site and I have never seen the monetuos amount
of linger objects in AD, maybe that cintributed, I douted that, I then
thought through a personally created issue, I took the HDD's out of
the old DC and added them to the new server so as to mirrow the OS and
current configs and then promoted it in with 20mins. By this stage,
the mirrors had completed sync and pulled the old hdd's out. You may
think this is menial, but in my VM labs, I often promo one out then
straigh back in, and have noticed similar issues eventing. Apparently
the now member server keeps it AD settings and what you should do is
promo it 1st into another new dummy.junk domain and promo it out and
reboot. All the "so called" domain history is now gone from registry
etc. I do not know what exacts around documented around that issue,
maybe some of the MVP can comment/ drill me/thrill me
Regards
Garry Starck
MCITP Enterprise Administrator, MCTS AD, MCSE 2003 Messaging, MCDBA
"Meinolf Weber [MVP-DS]" wrote:
Hello IT Team Queensbridge.bham.sch.uk
ITTeamQueensbridgebhamschukdiscussions.microsoft.com,
Also do not forget the other questions and outputs, especially when
the other output is to big to post use the dcdiag /v /c on each DC
separate and also netdiag /v.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Hi
We have 2 DNS servers (bart and NED), Bart is the primary DNS server
and is the first DC in the domain. NED is the DC which isn't
replicating but is also a DNS server.
Please find ipconfig /all outputs from both servers
BART
indows IP Configuration
Host Name . . . . . . . . . . . . : bart
Primary Dns Suffix . . . . . . . : QUEENSBRIDGE.PRI
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : QUEENSBRIDGE.PRI
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 CT Network
Connection
Physical Address. . . . . . . . . : 00-11-2F-63-BC-9B
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.122.84.51
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 10.122.84.50
DNS Servers . . . . . . . . . . . : 10.122.84.51
10.122.84.58
NED
Windows IP Configuration
Host Name . . . . . . . . . . . . : ned
Primary Dns Suffix . . . . . . . : QUEENSBRIDGE.PRI
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : QUEENSBRIDGE.PRI
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8169/8110 Family
Gigabit Ethernet NIC
Physical Address. . . . . . . . . : 00-0F-B5-09-A5-2C
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.122.84.58
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 10.122.84.50
DNS Servers . . . . . . . . . . . : 10.122.84.51
.
- References:
- RE: DCpromo issue. Health check on AD and group policy.
- From: Garry Starck-MCITP Enterprise Admin
- RE: DCpromo issue. Health check on AD and group policy.
- Prev by Date: Re: WSUS question
- Next by Date: Global Catalog Server 2003/2008
- Previous by thread: Re: DCpromo issue. Health check on AD and group policy.
- Next by thread: Getting acctinfo2.dll
- Index(es):
Relevant Pages
|
