• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Win2k prim. server dead, backup server not performing

S

Schoolies

Senior member
EDIT: Everything works fine now. For those that were curious. I removed DNS and DHCP from the backup server, rebooted, and everything seemed to work fine.

I have two Windows 2000 Servers, one primary one backup server. Before my primary server crashed (hard drive failure), I transferred the three roles: RID, PDC and Infrastructure. to my backup server. However, before I was able to demote my primary server, of course, the hard drive failed. So I've been battling getting my backup server to act appropriately.

The Problem:I have a new hard drive for my primary server and I'm trying to dcpromo it back to a server. But when I run dcpromo it says the the domain is not an active directory domain or the domain controller could not be found for that domain.

I found that in Active Directory Users and Computers, in Domain Controllers, my dead server (DOC) was still listed. So I tried to delete it but it told me "the DSA Object could not be deleted". I found a link on Google on how to get rid of it:
Google Link
It says to use the ntdsutil.exe, I tried that but could not connect to DOC. So then it told me to use the AdsiEdit.exe tool. I used that and was able to remove DOC from Active Directory Users and Computers. However, in Active Directory Sites and Services, it is still listed under Default-First-Site, Servers. So there is one problem.

When I tried the ntdsutil it told me, "There are no more endpoints avaliable from the endpoint mapper". There was another solution here: Google Link2 The solution above was to remove DNS and reinstall it. I have done that but that did not help out. Every time I reinstall DNS the old zones reappear, even when I delete the entire DNS folder in Winnt/System32.

Anyway, I'm just trying to get my server back up and running but it seems to me that my old server, DOC, is haunting my Backup server, Backup-DOC.

Any suggestions would be great. Thanks
 
Was DNS setup on your second DC before the first died? Is it setup now?

Also, there are no primaries and backups in Active Directory. FSMO roles aside, all domain controllers are equals in that they hold a read/write copy of the database.
 
There are five FSMO roles, not three. That's part of the problem, you are missing two roles (schema master and domain naming master).

Also, I suspect you forgot to designate the second DC as a Global Catalog, so you are missing that as well.
At this point, you are going to have to sieze those last two FSMO roles and create a GC on the second DC (not tough to do).

There are MS KB's about all this stuff. I'm too lazy to look it up though. Just search for "siezing FSMO roles" and "designate Global Catalog Server"

I suspect (as Stash noted) you are short a DNS server as well. Create one on the DC you have and make the necessary adjustments in DHCP options or in TCP/IP properties if static.

Good luck. It's a completely repairable situation, so don't lose hope.
 
Thanks for the responses,

I will look into seizing those other two roles but I'm not sure how that's going to work because I've already tried using the ntdsutil utility but I couldn't connect to my old domain controller, DOC. Isn't this how I transfer those roles?... connect to the dead domain controller and then transfer roles to....

I had DNS setup before everything crashed, thanks for correcting me as well.

The Global Catalogue was not setup on my backup controller but I did previously enable it. I thought that was going to fix the problem but it didn't.

Ok, I will get back to you on seizing those roles.

THANKS
 
Ok, all fsmo roles are to backup-doc . With the help of Microsoft Knowledge Base Article - 216498, I removed the dead server, DOC, from AD Sites and Services.

So right now there is no record anywhere of DOC, in DNS nor AD sites and services or users and computers, but I am still having a problem getting my original server backup to a member server. It gives me the same error message as before.

I went to command prompt and typed in "dcdiag", it passed all the tests except "kccevent" and "systemlog". The exact error is below. What does this mean?

Thanks

Starting test: kccevent
An Warning Event occured.
EventID: 0x80000443 Time Generated: 03/02/2003 20:50:23
Event String: The ntdsConnection object BACKUP-DOC failed test kccevent

Starting test: systemlog An Error Event occured.
EventID: 0x8000003E Time Generated: 03/02/2003 20:04:03
(Event String could not be retrieved) An Error Event occured.
EventID: 0x8000003E Time Generated: 03/02/2003 20:46:56
(Event String could not be retrieved) BACKUP-DOC failed test systemlog
 
I got it working. The DNS server ip address was not set on DOC, once I told it the correct IP address, I did dcpromo and everything went great.

Thanks again.
 
Update Well, I fixed all the other poblems I encountered.

I was having a problem with the Group Policy domain controller not being found. Here was the solution. (Q258296 and Q294257)

Also, I could not go online when my LAN network card was enabled. The problem here was that on my LAN, I had the default gateway specified to my server. I thought this was the correct setting but I guess not. Why would this not work? Anyway, thanks for listening. 🙂
 
Guess who... 🙂

Hopefully, last problem I have:

On my client computers, they can not browse the domain. If I go to My Network Places, Entire Network, Microsoft Networks... I see my domain but when I try to get into it, it tells me:
"<<domain>> is not accessible. The remote computer is not available"

The Computer browser service is running on the server as well as the clients. I can get into My Network Places, Entire Network, Directory, <<domain>>, and see all of the active directory objects.

From a client computer, I can access any other client machine by going to run //machine name, but can not do this to the server. Also, from any client I can manage any other client.

My logon scripts are not working either which is probably because of the problem above.

I'm looking through microsoft and google right now but if anyone knows the solution to this problem, please let me know.

Thanks
 
First, do you have the clients pointing to your DC for DNS? Second, do you have the domain name appended to the names of the clients? For example, if your domain is microsoft.com, your clients would be ws1.microsoft.com, ws2.microsoft.com, etc.

Right click on my computer, and go to properties. Then go to network identification and click on the properties button. Then click on the more button and type the primary dns suffix in the box.
 
Hey Stash,

Yes to all of the above. However, when I do ipconfig, the connection specific dns suffix is blank.... but when I right click my computer, network id tab, more, the suffix is there (w01.microsoft.com).

Here is a copy of IPCONFIG:

Host Name . . . . . . . . . . . . : w02
Primary DNS Suffix . . . . . . . : microsoft.local
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : microsoft.local

adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Linksys LNE100TX Fast Ethernet Adapt
0TX v4)
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.0.0.100
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Default Gateway . . . . . . . . . : 10.0.0.1
DHCP Server . . . . . . . . . . . : 10.0.0.1
DNS Servers . . . . . . . . . . . : 10.0.0.1
Lease Obtained. . . . . . . . . . : Friday, March 07, 2003 5:28:44 AM
Lease Expires . . . . . . . . . . : Saturday, March 15, 2003 5:28:44 AM
 
Can you ping the server using the FQDN? (ping dc1.microsoft.local). What happens when you run nslookup.

If both of these work ok, then your srv records on the dns server might be messed up. Also, are there any errors being logged on the DC?
 
I can ping the server with it's FQDN, I'm not exactly sure what you want me to do with nslookup. I just ran it and it gave me this:

C:\>nslookup
*** Can't find server name for address 10.0.0.1: Non-existent domain
*** Default servers are not available
Default Server: UnKnown
Address: 10.0.0.1

I managed to stay up until about 3am last night, getting rid of all the event log errors so nothing there.. (except right now replication error because I shutdown my backup server)

Thanks Stash
 
When you get that error by running nslookup it means that you don't have a reverse lookup zone set up. This is not critical to the AD functioning properly, but you may want to configure one in your dns, just to rule it out.

If you have a reverse zone correctly set up, and you run nslookup from a client, you should see this:

C:\>nslookup
Default Server: dc1.microsoft.local
Address: w.x.y.z

>

Edit:
One other thing. Are your clients being logged into the domain? Or are they using cached credentials? Open a cmd prompt and type 'echo %logonserver%'
If you see the name of your DC, then they are being logged into the domain. If you see the local machine name, then the clients are not communicating with the DC.
 
Hey Stash,

I added the reverse lookup zone but it still gives me the same info on the clients.


But if I do it on the server I get this:

C:\>nslookup
*** Can't find server name for address 10.0.0.1: Non-existent domain
Default Server: ns1.n0.cox.net
Address: 68.11.16.30

BTW, I am logging into the server.
 
Man, this is aggravating,

I've tried disabling my lan connection and go straight with just my lan but no good. I also disabled routing and remote access, nothing.

I'm worried about a couple of things. When I do nslookup, even though I have a reverse zone setup in dns, it still says "default servers not available" but it has the correct IP address to the server. This happens even on the server.

Also, before all this happend, I was having problem with group policies. (this server was/is completely f'd up). The original problem was that I couldn't get into the group policies without is telling me the group policy domain controller could not be found. Once I got that fixed, then it showed that there was no default domain controller or default domain group policy assigned. Do you think this has anything to do with my problem? I put the default domain controller group policy on the domain controller OU, and the default domain policy on my domain in active directory. (The group policies were there just not assigned)
 
Been playing around with nslookup.

if I specify the server (server doc) in nslookup, it finds my server (called doc). I can then type in my domain name and it shows the ip address associated with the domain, including my external ip address.

Also, I type in "ls <<domain>>" and it lists the records. It gives me two, I'm guessing global catalogue records, they are labeled "gc._msdcs". The associated IP address for one of them is my internal server IP, and the other is my external WAN. That doesn't seem correct?


I typed in "browstat" on the server and it returns this:


==============================
Status for domain MICROSOFT on transport \Device\NetBT_Tcpip_{F530775E-DD51-4
158-9551-552453C99E1C}
Browsing is active on domain.
Master browser name is: ???¢¼??
Could not connect to registry, error = 53 Unable to determine build of br
owser master: 53
Unable to determine server information for browser master: 123
1 backup servers retrieved from master ???¢¼??
\\DOC
Unable to retrieve server list from ???¢¼??: 2351


Status for domain MICROSOFT on transport \Device\NetBT_Tcpip_{00CD029E-687D-4
781-B04A-B6DEA1BCBA68}
Browsing is active on domain.
Master browser name is: DOC
Master browser is running build 2195
1 backup servers retrieved from master DOC
\\DOC
Unable to retrieve server list from DOC: 64


=================================

Just trying to give you any information that might be helpful.
 
This is the problem:

I was able to browse my domain if my backup server (backup-doc) was up and running and my primary (doc) server was down. On my primary server, I receive the error message above when checking the status of the computer browser. If I check the status of the computer browser on Backup-Doc, it gives me no errors with the master browser set as itself.

Right now, I have both domain controllers up. On my client computers, I can go to the domain and it lists all client computers and Backup-Doc but not Doc... same applies if I go to Backup-Doc. However, if I go to my primary server, Doc, I see all the client computers, itself, but do not see Backup-Doc. It's kind of looks like if my two domain controllers are setup on different domains.

So the solution lies in trying to get one computer browser for both domain controllers. Anyone know how to do this?

SORRY
 
Hey guys, still having problems...

It seems like the two servers are battling over control. When Backup-Doc is running and Doc is down, my client computers can browse the domain. If my main server, Doc, is up, the clients can not browse the domain.

Also, on Doc, my Group Policy problem came back: When I go to the group policy tab, I receive the following error message:
Group Policy Error:
Failed to open the Group Policy Object. You may not have appropriate rights.

I have fixed this a couple of days ago but it seems to have come back.

Please help, or suggestions.

Thanks
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top