Can not log into server after promotion

[Texashiker]

Old server - windows 2003
New server - windows server 2008 r2

Primary domain controller went down (server 2003)
Tried to promote backup server to primary
Backup said it could not find DNS server,,, some other BS errors like that
During dcpromo, I set backup server to create new forest
Now I can not log into backup server locally
But, I can log into workstations

I was going to create a new forest, and give it the same name as the previous active directory domain.

Now, no matter what account I try to log into the server with, it keeps saying bad password. The same exact username and password that works on the workstation does not work while sitting in front of the server.

I am about at my whits end. I am about to reinstall the operating system, reinstall all of the programs, and restore data from backup.

The old server crashed, which was no big deal because it was going to be pulled from service in the near future anyway. But for some reason the backup server gave errors during the dcpromo.

 

[Chiefcrowe]

Maybe the backup server needs to be set up as a DNS server first?

is the old server the only DNS server you have? that could be why you're having issues...

 

[yinan]

You are screwed. There are no more BACKUP domain controllers, all DC's are essentially equal minus FSMO roles. You cannot promote a DC when all other DCs are offline.

You cannot just repromote and make a new domain without redoing everything, rejoining PCs to domain, recreating user accounts, etc.

Have fun

 

[Texashiker]

Have fun

Looks like I am going to spend most of tomorrow reinstalling server 2008 r2, reinstalling the needed software and restoring from backup.

Man, this pisses me off. Why cant microsoft make a server operating system that makes it easy to recover when the PDC goes down.

Good thing this is a small office.

One good thing, this gives me a good reason to finally pull the old server from the network.

 

[rasczak]

Looks like I am going to spend most of tomorrow reinstalling server 2008 r2, reinstalling the needed software and restoring from backup.

Man, this pisses me off. Why cant microsoft make a server operating system that makes it easy to recover when the PDC goes down.

Good thing this is a small office.

One good thing, this gives me a good reason to finally pull the old server from the network.

This is why you normally have two DC's not just one. in the event one goes down, the other takes over directory services and everything is transparent to the users.

good luck.

 

[Texashiker]

This is why you normally have two DC's not just one.

Before the old server went down, I tried to promote the new server and kept getting error messages.

This is a small doctors office that I do contract work for from time to time. Its a single doctor with 3 office employees. I will probably reinstall 2008 r2, bring it up as a DC, and take the old server out of the network. They do not have any patients friday afternoon, so I have friday evening and the weekend to get everything back up and running.

Here at my full time job we have 2 servers that share the DC roll. If the old server goes down, the new server takes over.

 

[yinan]

There really is no such thing as a true PDC anymore. I hate it when people use that term. It truly shows that they do not know what they are talking about.

 

[Texashiker]

There really is no such thing as a true PDC anymore. I hate it when people use that term. It truly shows that they do not know what they are talking about.

That is the way I learned it back in the NT4 days.

What else do you call the PDC? When running dcpromo, new server could not be promoted.

 

[yinan]

A Domain controller. All DCs are equal essentially now adays, with the exception of the FSMO role holders.

A lot has changed since the NT4 days.

 

[Texashiker]

A lot has changed since the NT4 days.

Yes it has.

But oh well, I still have to fix the problem. If anything, its a lesson learned.

I only work 1/2 a day on fridays at my full time job. After lunch the doctors office is going to be closed to patients. So I am going over there after lunch to start the reinstall of 2008 r2.

There are only 4 accounts in the active directory that will need to be created, and some medical records software to reinstall.

 

[Chiefcrowe]

are you going to set up 2 servers now?

p.s. this really sucks, what a bummer!

 

[dphantom]

Looks like I am going to spend most of tomorrow reinstalling server 2008 r2, reinstalling the needed software and restoring from backup.

Man, this pisses me off. Why cant microsoft make a server operating system that makes it easy to recover when the PDC goes down.

Good thing this is a small office.

One good thing, this gives me a good reason to finally pull the old server from the network.

It is fairly easy to recover as long as you have good backups. You did have backups of your system state...right?

Microsoft Active Directory and the DCs are very solid. And anyone who has worked with Windows Server since NT days should also know that you cannot log into a DC locally.

 

[Nothinman]

There really is no such thing as a true PDC anymore. I hate it when people use that term. It truly shows that they do not know what they are talking about.

That really bothers me too. Even more when I see a DC named 'blah-pdc1' as if they think there might be more than one "primary"...

 

[spikespiegal]

Its a single doctor with 3 office employees

Why are you bothering with AD then? So you can bill them? Or, so in case the main server goes down everybody gets disrupted because DNS gets tossed. Oops. Lemme guess. It was a HP/ Compaq box with RAID 5 and the parity got corrupted like it always eventually does.

I'm not trying to be a d*ck, but trying to get you to think about the business needs. A small business with half a dozen employees typically doesn't need AD for same reason they don't need NDS (Novell) or a Unix cluster. Usually the main reason to push AD on a small business is because of the prolification of SBS and IT geeks pushing the requirement that all small businesses need their own effing Exchange box. Now with email going to cloud AD really is a frills option for small business with the main excuse being the owner can log on everywhere and sniff what his employees have been doing. Everybody shares each other's password, so what about GPO's again?

If they have an app that needs AD (not likely, but possible) then you've got some problems. I've migrated AD databases from boinked 2003 primary boxes to others the ugly way, but never 2003 to 2008. In any respect, I'd look at the actual business need for AD or go standalone.

NT4's domain model was really nothing more than an abstraction of the local security model, which was why it scaled so horribly (and was so easy for me to hack). AD is far tougher and has evolved nicely, but it presents a point of failure that you will have to adjust for. Who says the server your are building won't die a month from now and be in the same situation?

are you going to set up 2 servers now?

Hell, make it four. Then upgrade their UPS and everything else. They need new switches as well so they can be fully managed I love it when small businesses run a 2:1 ratio of employees to servers.

 

[GeekDrew]

Wow dude, calm the hell down. I don't know about this situation, but I've deployed domain controllers in 4-5 people offices because their security needs warranted it. Stop bitching about expenses regarding a situation you know nothing about.

 

[Emulex]

dude i've had compaq boxes that are 10 years old running raid-5 without corruption. not sure what you mean there but never had any problems with hp dl/ml servers raid-5 with proper bbwc

 

[Texashiker]

Why are you bothering with AD then? So you can bill them?

No bill, its pro bono work.

The way the medical software works, the workstations have to share printers, then the printers have to be installed on the server.

Having AD is more for streamlining permissions then anything else.

Oops. Lemme guess. It was a HP/ Compaq box with RAID 5 and the parity got corrupted like it always eventually does.

No.

Stop bitching about expenses regarding a situation you know nothing about.

Considering this is Pro Bono work, expenses are out of the equation.

 

[imagoon]

Looks like I am going to spend most of tomorrow reinstalling server 2008 r2, reinstalling the needed software and restoring from backup.

Man, this pisses me off. Why cant microsoft make a server operating system that makes it easy to recover when the PDC goes down.

Good thing this is a small office.

One good thing, this gives me a good reason to finally pull the old server from the network.

They do. Reinstall OS. Promote the machine. Boot in to AD recovery mode. Restore system state. Reboot. Congratulations, you just replaced the domain controller.

There is no primary any more only role holders. Even those can be seized on to any other DC on need. Also, once you have 2 or more DCs they load balance, they don't 'take over' for each other.

You can restore a system state on the original machine if it still boots. Also your "BS DNS issues" is likely the cause of your problems in the first place. If DNS is not configured correctly, Windows Domains will fail. IE only the DC's (or DNS servers) should ever send DNS requests to the web. Workstations should only have the DC's address and "DNS servers." If your 2003 server was down and was the only DC, the other one will never promote because it can't get a copy of the AD store.