|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Domain Controller Problem after force removalI need some help. We had some time issues on the domain the other day, it resulted in the DC's not replicating and thus being tombstoned, a phone call to MS resolved this and the domain is now in working order. However we did have around 4 DC's that would not come back, thus we had to perform DCPromo /forceremoval which did the trick. The problem we have now is that one of these old DC's doesnt seem to want to be part of the domain anymore. It is a member server and is on the domain, but for some reason it wont apply GPO, and clients located on this site are still attempting to contact this DC for authentication! We decided to re-promote to a DC to see if this fixed the issues, it hasnt, the DC has promoted, but again it looks to be tombstoned and wont allow replication to take place. If I create manual connections to this DC in sites and services I recieve the following error "the procedure number is out of range". Can anyone shed any light on this? All other DC's, branches, sites and the other tombstoned DC's (now member servers) are working fine. Thanks for your time Hello Chris,
How many DCs do you have now and how are they located? What OS version and SP/patch level do you use? Run diagnostic tools dcdiag /v, netdiag /v and repadmin /showrepl to check for problems on the DCs. What kind of time problem did you have that you demote DCs? Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm Show quoteHide quote > Hi all > > I need some help. We had some time issues on the domain the other day, > it resulted in the DC's not replicating and thus being tombstoned, a > phone call to MS resolved this and the domain is now in working order. > > However we did have around 4 DC's that would not come back, thus we > had to perform DCPromo /forceremoval which did the trick. The problem > we have now is that one of these old DC's doesnt seem to want to be > part of the domain anymore. It is a member server and is on the > domain, but for some reason it wont apply GPO, and clients located on > this site are still attempting to contact this DC for authentication! > > We decided to re-promote to a DC to see if this fixed the issues, it > hasnt, the DC has promoted, but again it looks to be tombstoned and > wont allow replication to take place. If I create manual connections > to this DC in sites and services I recieve the following error "the > procedure number is out of range". > > Can anyone shed any light on this? All other DC's, branches, sites and > the other tombstoned DC's (now member servers) are working fine. > > Thanks for your time > Hi Meinolf
Thanks for the prompt reply. Unfortunately our time server reset back to last year, this was caused by our VM ESX infrastructure upgrade. We changed the time back to the correct time and left it at that, unfortunately a few days later we experienced replication problems, we contact MS support and he informed us it was caused by the DC's becoming tombstoned due to the time reset! Anyway, all our existing DC's are now in working order, I have also run the DCDIAG and NETDIAG and they both result full successes. After promoting the problematic member server and leaving it a few hours, it looks as though the problems may have been resolved. For some reason both this server and clients based on this servers site were still attempting to authenticate with the old DC!! After re-promoting it, it seems to have gone away, clients can now authenticate and the server looks to be replicating and working! Any idea what could have caused this? Show quoteHide quote "Meinolf Weber [MVP-DS]" wrote: > Hello Chris, > > How many DCs do you have now and how are they located? What OS version and > SP/patch level do you use? Run diagnostic tools dcdiag /v, netdiag /v and > repadmin /showrepl to check for problems on the DCs. > > What kind of time problem did you have that you demote DCs? > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > > > > Hi all > > > > I need some help. We had some time issues on the domain the other day, > > it resulted in the DC's not replicating and thus being tombstoned, a > > phone call to MS resolved this and the domain is now in working order. > > > > However we did have around 4 DC's that would not come back, thus we > > had to perform DCPromo /forceremoval which did the trick. The problem > > we have now is that one of these old DC's doesnt seem to want to be > > part of the domain anymore. It is a member server and is on the > > domain, but for some reason it wont apply GPO, and clients located on > > this site are still attempting to contact this DC for authentication! > > > > We decided to re-promote to a DC to see if this fixed the issues, it > > hasnt, the DC has promoted, but again it looks to be tombstoned and > > wont allow replication to take place. If I create manual connections > > to this DC in sites and services I recieve the following error "the > > procedure number is out of range". > > > > Can anyone shed any light on this? All other DC's, branches, sites and > > the other tombstoned DC's (now member servers) are working fine. > > > > Thanks for your time > > > > > Hello Chris,
Did you check after demoting the tombstoned DCs that they are also removed complete form AD database and AD sites and services and all DNS zones? /forceremoval will demote a DC regardless of availability of the FSMO holders or Global catalog server. I asssume that there where still some entries left so the clients try to contact them as before, especially if that DCs where also DNS servers and the clients are configured to use them as preferred. So if you kick out a DC the hard way you should at least check with ntdsutil that the database is cleaned from them. See also this article about needed steps when a DC was not demoted properly or died before you where able to demote it. http://support.microsoft.com/kb/555846/en-us Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm Show quoteHide quote > Hi Meinolf > > Thanks for the prompt reply. Unfortunately our time server reset back > to last year, this was caused by our VM ESX infrastructure upgrade. We > changed the time back to the correct time and left it at that, > unfortunately a few days later we experienced replication problems, we > contact MS support and he informed us it was caused by the DC's > becoming tombstoned due to the time reset! > > Anyway, all our existing DC's are now in working order, I have also > run the DCDIAG and NETDIAG and they both result full successes. > > After promoting the problematic member server and leaving it a few > hours, it looks as though the problems may have been resolved. For > some reason both this server and clients based on this servers site > were still attempting to authenticate with the old DC!! After > re-promoting it, it seems to have gone away, clients can now > authenticate and the server looks to be replicating and working! > > Any idea what could have caused this? > > "Meinolf Weber [MVP-DS]" wrote: > >> Hello Chris, >> >> How many DCs do you have now and how are they located? What OS >> version and SP/patch level do you use? Run diagnostic tools dcdiag >> /v, netdiag /v and repadmin /showrepl to check for problems on the >> DCs. >> >> What kind of time problem did you have that you demote DCs? >> >> Best regards >> >> Meinolf Weber >> Disclaimer: This posting is provided "AS IS" with no warranties, and >> confers >> no rights. >> ** Please do NOT email, only reply to Newsgroups >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>> Hi all >>> >>> I need some help. We had some time issues on the domain the other >>> day, it resulted in the DC's not replicating and thus being >>> tombstoned, a phone call to MS resolved this and the domain is now >>> in working order. >>> >>> However we did have around 4 DC's that would not come back, thus we >>> had to perform DCPromo /forceremoval which did the trick. The >>> problem we have now is that one of these old DC's doesnt seem to >>> want to be part of the domain anymore. It is a member server and is >>> on the domain, but for some reason it wont apply GPO, and clients >>> located on this site are still attempting to contact this DC for >>> authentication! >>> >>> We decided to re-promote to a DC to see if this fixed the issues, it >>> hasnt, the DC has promoted, but again it looks to be tombstoned and >>> wont allow replication to take place. If I create manual connections >>> to this DC in sites and services I recieve the following error "the >>> procedure number is out of range". >>> >>> Can anyone shed any light on this? All other DC's, branches, sites >>> and the other tombstoned DC's (now member servers) are working fine. >>> >>> Thanks for your time >>> 
Other interesting topics
DISC SPACE
Migrate users from Existing Windows 2003 Domain to new 2008 Domain DNS zone disappered Group policy tatooing with restricted group ? or strange behaviour ! gpo w2k8 for xp sp3 Domain root MX records do not work with DNS STUB zones How do I connect a new AD account to a new email address Changing passwords from the command line Group Policy Issues - URGENT Upgrading AD 2003 to AD 2008 In-Place |
|||||||||||||||||||||||
