Re: Unable to decommission a Windows 2008 DC via dcpromo
- From: Haji <Haji@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 6 Jul 2009 05:57:01 -0700
When I built server1, I specified those locations. They were never moved.
Server1 has never been restored from backup.
As for the RID pool, how do I correct that?
"Meinolf Weber [MVP-DS]" wrote:
Hello Haji,.
Did you change the default locations to "d:\ad\sysvol\domain" and "d:\ad\sysvol\staging\domain"
on server1?
Was server1 ever restored from backup/image/snapshot(VM) without cleaning
the AD database before?
I am also a bit surprised about the difference of the RID pool between both
DCs, there is a really big difference which shouldn't be the case. Normally
they stick together.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
dcdiag from Server1, which is the old one:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine server1, is a Directory Server.
Home Server = server1
* Connecting to directory service on server server1.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling
ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=domain,DC=dns,L
DAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site
Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domai
n,DC=dns
Getting ISTG and options for the site
* Identifying all servers.
Calling
ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=domain,DC=dns,L
DAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS
Settings,CN=server1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=
Configuration,DC=domain,DC=dns
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS
Settings,CN=server2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=
Configuration,DC=domain,DC=dns
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\server1
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... server1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\server1
Starting test: Advertising
The DC server1 is advertising itself as a DC and having a DS.
The DC server1 is advertising as an LDAP server
The DC server1 is advertising as having a writeable directory
The DC server1 is advertising as a Key Distribution Center
The DC server1 is advertising as a time server
The DS server1 is advertising as a GC.
......................... server1 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours
after the
SYSVOL has been shared. Failing SYSVOL replication problems
may cause
Group Policy problems.
An Error Event occurred. EventID: 0xC00034F0
Time Generated: 07/04/2009 23:13:40
Event String:
The File Replication Service is unable to add this
computer to the following replica set:
"DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"
This could be caused by a number of problems such as:
-- an invalid root path,
-- a missing directory,
-- a missing disk volume,
-- a file system on the volume that does not support
NTFS 5.0
The information below may help to resolve the problem:
Computer DNS name is "server1.domain.dns"
Replica set member name is "server1"
Replica set root path is "d:\ad\sysvol\domain"
Replica staging directory path is
"d:\ad\sysvol\staging\domain"
Replica working directory path is "c:\windows\ntfrs\jet"
Windows error status code is
FRS error status code is FrsErrorMismatchedJournalId
Other event log messages may also help determine the
problem. Correct the problem and the service will attempt to restart
replication automatically at a later time.
An Error Event occurred. EventID: 0xC00034F3
Time Generated: 07/04/2009 23:13:40
Event String:
The File Replication Service is in an error state. Files
will not replicate to or from one or all of the replica sets on this
computer until the following recovery steps are performed:
Recovery Steps:
[1] The error state may clear itself if you stop and
restart the FRS service. This can be done by performing the following
in a command window:
net stop ntfrs
net start ntfrs
If this fails to clear up the problem then proceed as
follows.
[2] For Active Directory Domain Services Domain
Controllers that DO NOT host any DFS alternates or other replica sets
with replication enabled:
If there is at least one other Domain Controller in this
domain then restore the "system state" of this DC from backup (using
ntbackup or other backup-restore utility) and make it
non-authoritative.
If there are NO other Domain Controllers in this domain
then restore the "system state" of this DC from backup (using ntbackup
or other backup-restore utility) and choose the Advanced option which
marks the sysvols as primary.
If there are other Domain Controllers in this domain but
ALL of them have this event log message then restore one of them as
primary (data files from primary will replicate everywhere) and the
others as non-authoritative.
[3] For Active Directory Domain Services Domain
Controllers that host DFS alternates or other replica sets with
replication enabled:
(3-a) If the Dfs alternates on this DC do not have any
other replication partners then copy the data under that Dfs share to
a safe location.
(3-b) If this server is the only Active Directory Domain
Services Domain Controller for this domain then, before going to
(3-c), make sure this server does not have any inbound or outbound
connections to other servers that were formerly Domain Controllers for
this domain but are now off the net (and will never be coming back
online) or have been fresh installed without being demoted. To delete
connections use the Sites and Services snapin and look for
Sites->NAME_OF_SITE->Servers->NAME_OF_SERVER->NTDS
Settings->CONNECTIONS.
(3-c) Restore the "system state" of this DC from backup
(using ntbackup or other backup-restore utility) and make it
non-authoritative.
(3-d) Copy the data from step (3-a) above to the original
location after the sysvol share is published.
[4] For other Windows servers:
(4-a) If any of the DFS alternates or other replica sets
hosted by this server do not have any other replication partners then
copy the data under its share or replica tree root to a safe location.
(4-b) net stop ntfrs
(4-c) rd /s /q c:\windows\ntfrs\jet
(4-d) net start ntfrs
(4-e) Copy the data from step (4-a) above to the
original location after the service has initialized (5 minutes is a
safe waiting time).
Note: If this error message is in the eventlog of all the
members of a particular replica set then perform steps (4-a) and (4-e)
above on only one of the members.
......................... server1 failed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... server1 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... server1 passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the
last 15
minutes.
......................... server1 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=server2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=
Configuration,DC=domain,DC=dns
Role Domain Owner = CN=NTDS
Settings,CN=server2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=
Configuration,DC=domain,DC=dns
Role PDC Owner = CN=NTDS
Settings,CN=server2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=
Configuration,DC=domain,DC=dns
Role Rid Owner = CN=NTDS
Settings,CN=server2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=
Configuration,DC=domain,DC=dns
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=server2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=
Configuration,DC=domain,DC=dns
......................... server1 passed test
KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC server1 on DC server1.
* SPN found :LDAP/server1.domain.dns/domain.dns
* SPN found :LDAP/server1.domain.dns
* SPN found :LDAP/server1
* SPN found :LDAP/server1.domain.dns/domain
* SPN found
:LDAP/10054e4e-3786-4858-a745-5a3b299c2326._msdcs.domain.dns
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/10054e4e-3786-4858-a745-5a3b299c
2326/domain.dns
* SPN found :HOST/server1.domain.dns/domain.dns
* SPN found :HOST/server1.domain.dns
* SPN found :HOST/server1
* SPN found :HOST/server1.domain.dns/domain
* SPN found :GC/server1.domain.dns/domain.dns
......................... server1 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC server1.
The forest is not ready for RODC. Will skip checking ERODC
ACEs.
- Follow-Ups:
- Re: Unable to decommission a Windows 2008 DC via dcpromo
- From: Meinolf Weber [MVP-DS]
- Re: Unable to decommission a Windows 2008 DC via dcpromo
- References:
- Unable to decommission a Windows 2008 DC via dcpromo
- From: Haji
- Re: Unable to decommission a Windows 2008 DC via dcpromo
- From: Meinolf Weber [MVP-DS]
- Re: Unable to decommission a Windows 2008 DC via dcpromo
- From: Haji
- Re: Unable to decommission a Windows 2008 DC via dcpromo
- From: Meinolf Weber [MVP-DS]
- Unable to decommission a Windows 2008 DC via dcpromo
- Prev by Date: Re: Unable to decommission a Windows 2008 DC via dcpromo
- Next by Date: Re: Unable to decommission a Windows 2008 DC via dcpromo
- Previous by thread: Re: Unable to decommission a Windows 2008 DC via dcpromo
- Next by thread: Re: Unable to decommission a Windows 2008 DC via dcpromo
- Index(es):
Relevant Pages
|
