my domain is hurting, please help

[Mostro]

I have recently run dcdiag on one of my servers but with the switch to test
all. I have 5 servers, and for the purpose of this post. I will refer to
them as Servers 1, 2, 3, 4, and 5

Server 1 was the first server established thus it held all roles or FSMO's.
I then brought up Servers 2, 3, 4, and 5. One day, I lose Server 1 in a
crash, so I bring it back up with a fresh install of the OS but using the
same DNS name (Server 1), and here is where I start hosing stuff up. At
some point, I realize that I have phantom servers that long ago crashed but
that I never removed properly. So I go and remove these using metacleaner.
Ok, then I run dcdiag and I realize that the Role owner is the original
Server 1, and not the current Server 1. I realize this because though they
may hold the same name, they are different because of their unique
identifier (SID maybe). So I then set out to first forcefully seize the
following - schema owner, domain owner, PDC owner, Infrastructure Update
Owner, but I can seize none, I get an error.



DsBindW error 0x6ba (The RPC Server is Unavailable.)



Where do I start? I want my domain to not be sick anymore.

 

[Nayan Parmar [MSFT]]

Mostro,

i'm assuming we're talking about Windows 2000 domain here, single domain,
single forest.

The first step i would reccomend, would be to confirm the metadata cleanup -
i've not heard of metacleanup? - Are you referring to the procedure outlined
in the following KB
http://support.microsoft.com/default.aspx?scid=kb;en-us;216498 or a third
party utility? I'd suggest we run through the above KB to ensure all
references to the previous DC (Server 1) are removed from the domain, if you
have not already done so.

Following this, we need to forcefully seize all the fsmo roles to another
server. The following KB's outline the procedure required to do this :

http://support.microsoft.com/default.aspx?scid=kb;en-us;255504
http://support.microsoft.com/default.aspx?scid=kb;en-us;223787

The unique identifier you mention is the Machine GUID, FYI.

The error message you are receiving is related to issues with RPC. I would
check the status of RPC on your DC's :

Verify the status and startup type for the following services on the server
getting the error:

Remote Procedure Call (RPC) should always be Started and Automatic on all
machines.
Remote Procedure Call (RPC) Locator should be Started and Automatic on
Windows 2000 DCs, but not started and Manual on Windows Server 2003 DCs and
2000/2003 member servers.
Kerberos Key Distribution Center (KDC) should be Started and Automatic on
Windows 2000 and Windows 2003 DCs. It should not be started and set to
Disabled in all other cases.
If you make any changes to match the settings above, reboot the machine,
then test for the problem again.

I would also check for DNS resolution. If you after all the above, you are
still receiving errors, i would first try a simple ping from the problem
machine to the target and make sure that name resolution is working -
failing which, get a netdiag -v and a dcdiag and post them to this thread

HTH

Nayan

 

[Paul McGuire]

I would seize the roles to server 2, 3, or 4 and then make sure they perform
correctly. then I would do a dcpromo on server 1 to remove it as a DC.
Then I would make sure all is working with out it. you may have to do a
metadata cleanup on the domain to get rid of everything from server 1.
After this is cleaned up then you can run dcpromo on server 1 to promote it
back to a DC.

HTH

Paul McGuire

 

[Mostro]

ok, I have been able to seize RID, PDC, and Infrastructure, but I cannot
seize the Operations Master nor can I seize the Schema master roles.