rejoining a crashed Windows 2003 Enterprise DC/standalone root CA
- From: "Edward Ray" <ewray@xxxxxxxxxxxxxxxx>
- Date: Thu, 21 Jul 2005 20:20:05 -0700
I had an issue which caused one of my Windows 2003 DCs to crash. I have a
native Windows 2003 active directory domain/forest with three DCs, two in
the main site, one at a remote site connected via VPN tunnel (multi-T1). My
DCs were having trouble replicating (SRX050720606527). I was able to get
all but one of my DCs to replicate SYSVOL properly. One of my main site DCs
refused to replicate, and during the course of my repairs I inadvertently
blue screened the DC. It appears unrecoverable.
Assuming that I have to reinstall Windows 2003 on this machine and rejoin it
to the domain and promote it to a DC, I was concerned about what pitfalls I
have to be concerned about. This DC is also a standalone root CA, so I will
have to reinstall the OS in a different directory to preserve the root
certificates. The standalone root CA was originally installed on this
machine when it was already in the domain as a domain controller, so it has
some addition functionality that it normally would not have. It only issues
certificates to my enterprise subordinate CA (two-tier PKI infrastructure).
One of my questions is will I be able to keep these certificates and reuse
them when I get this system back on-line?
The failed DC has no FSMO roles, so no issues there. It is also a DFS
Server, but I have other machines that replicate in the DFS hierarchy. Once
the failed DC is back on-line, adding a DFS share should not be a problem;
it is on its own RAID-5 array separate from the OS.
Should I delete the DC from the OU or leave it?
Any other words of wisdom or advice would be appreciated.
Edward W. Ray
.
- Prev by Date: Re: Update Reboot Message goes to EVERYONE?
- Next by Date: Re: can WinNT server join W2003 domain?
- Previous by thread: can WinNT server join W2003 domain?
- Next by thread: FSMO Roles
- Index(es):
Relevant Pages
|
