isolated DC fails to work

[c0d3r]

I have a single forest, with 3 domains (1 top domain, a child domain, and a
'grandchild' domain). Each domain has 2 DC's.
All DC's are 2003 standard, SP1

domain.com : 2 DC's
child.domain.com : 2 DC's
local.child.domain.com : 2 DC's

The first DC in domain.com holds the rid, schema, etc. fsmo roles

Each first DC holds the PDC emulator fsmo roles.
Every DC is GC

I converted the first DC from local.child.domain.com into a vmware machine,
isolated from the rest of the network. The DC has network connectivity to an
isolated switch, but not to the rest of the network.
The DC boots and allows me to log on with the domain administrator account.
I disabled the existing network interfaces, enabled the vmware NIC, and set
the same IP configuration as the 'live' one. Rebooted the server..
Yet still after the reboot, all of the essential services(AD/DNS/...) are
not working (so I guess I'm logged on with cached credentials), so the DC
cannot be used at all.

Event logs shows all kinds of errors - some of them are caused by the fact
that the DC cannot talk to other sites/DC's... etc... others are caused by
other reasons, but they all seem pretty valid to me, because the DC is
isolated.

The problem is : the DC simply doesn't work. When I open AD U&C, I'm
getting an error, stating that a DC (or domain) cannot be found...

The DC has the same IP configuration as the 'live' one, same hostname, etc..
DNS points to itself...

I have no clue where to start first - I just don't understand why this DC
doesn't want to run by itself. It is the first DC of a separate domain, so
why can't it run by itself (for a while) ?

any ideas/suggestions ?

thanks

 

[Danny Sanders]

Yet still after the reboot, all of the essential services(AD/DNS/...) are

not working (so I guess I'm logged on with cached credentials), so the DC
cannot be used at all.

Event logs shows all kinds of errors - some of them are caused by the fact
that the DC cannot talk to other sites/DC's... etc... others are caused
by
other reasons, but they all seem pretty valid to me, because the DC is
isolated.

The problem is : the DC simply doesn't work. When I open AD U&C, I'm
getting an error, stating that a DC (or domain) cannot be found...

Sounds like it is pointed to itself for DNS and DNS is not running. Can you
start the DNS service?



hth
DDS

 

[c0d3r]

it is running, but it throws errors in the event log
After all, DNS relies on AD/AD relies on DNS... if one is not working fine,
the other one won't be working well either...

restarting the DNS service didn't work

Could the be caused because I converted a physical server into VMWare, and
it messed up the IP stack or so ?
anything I can do to fix this ?

 

[Danny Sanders]

Actually DNS can work just fine without AD.

What are the errors in event viewer?

hth
DDS

 

[Paul Bergson [MVP-DS]]

Run diagnostics against your Active Directory domain.

If you don't have the support tools installed, install them from your server
install disk.
d:\support\tools\setup.exe

Run dcdiag, netdiag and repadmin in verbose mode.
-> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log (On each dc)
-> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt

**Note: Using the /E switch in dcdiag will run diagnostics against ALL dc's
in the forest. If you have significant numbers of DC's this test could
generate significant detail and take a long time. You also want to take
into account slow links to dc's will also add to the testing time.

If you download a gui script I wrote it should be simple to set and run
(DCDiag and NetDiag). It also has the option to run individual tests
without having to learn all the switch options. The details will be output
in notepad text files that pop up automagically.

The script is located on my website at
http://www.pbbergs.com/windows/downloads.htm

Just select both dcdiag and netdiag make sure verbose is set. (Leave the
default settings for dcdiag as set when selected)

When complete search for fail, error and warning messages.


--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[c0d3r]

I think I found a way to do it :
https://petersblog.dyndns.org:8899/Lists/Posts/Post.aspx?ID=18
and
https://petersblog.dyndns.org:8899/Lists/Posts/Post.aspx?ID=17