Need to start from scratch..?

  • Thread starter Thread starter Brad Berson
  • Start date Start date
B

Brad Berson

This is the kind of thing that needs a newsgroup called
microsoft.public.oh.my.god...

Have a single-server office with the one server acting as the sole DC,
runs Win2K SP4 and E2K SP3. Has about a dozen active users and 4GB of
mailbox data in Exchange.

The box has been hiccuping for months and all the reboots and screwy
consultants have left it with subtle but substantial metabase
corruption (all kinds of bits missing from the metabse schema) and a
domain that can't be recognised by the clients or be joined to. All
functionality right now works, but only on the level of pass-through
authentication. Frankly it's a miracle any of it works at all.

It looks like I'm going to need to rebuild the server from scratch...
meaning: export the accounts, back up file data, back up Exchange,
blow away the partitions, install Windows, drivers, Exchange, patches,
etc., import accounts, restore file data and restore Exchange.

Anyone have any tips for me before I embark down this dark, winding
road??

And specifically, what happens with the original SIDs vs Exchange
mailboxes, etc?

Or is there another way that doesn't involve selling my soul to Satan?

Thanks profusely for any guidance.


-Brad
brad * berson () bytebrothers * org
 
This is the kind of thing that needs a newsgroup called
microsoft.public.oh.my.god...

Have a single-server office with the one server acting as the sole DC,
runs Win2K SP4 and E2K SP3. Has about a dozen active users and 4GB of
mailbox data in Exchange.

The box has been hiccuping for months and all the reboots and screwy
consultants have left it with subtle but substantial metabase
corruption (all kinds of bits missing from the metabse schema) and a
domain that can't be recognised by the clients or be joined to. All
functionality right now works, but only on the level of pass-through
authentication. Frankly it's a miracle any of it works at all.

It looks like I'm going to need to rebuild the server from scratch...
meaning: export the accounts, back up file data, back up Exchange,
blow away the partitions, install Windows, drivers, Exchange, patches,
etc., import accounts, restore file data and restore Exchange.

Anyone have any tips for me before I embark down this dark, winding
road??

And specifically, what happens with the original SIDs vs Exchange
mailboxes, etc?

Or is there another way that doesn't involve selling my soul to Satan?
Click to expand...
Can you hire a machine for a month or so? I'd hesitate to do all that
at once! I'd get in a hire machine, install it as a second DC, move
eveything across, and rebuild and move everything back. That's
assuming that you can get it to play AD with the old one. If not
rebuild on the hire machine, wipe and rebuild the old one (empty) and
move everything across,

Cheers,

Cliff
 
Can you hire a machine for a month or so? I'd hesitate to do all that
at once! I'd get in a hire machine, install it as a second DC, move
eveything across, and rebuild and move everything back. That's
assuming that you can get it to play AD with the old one. If not
rebuild on the hire machine, wipe and rebuild the old one (empty) and
move everything across,
Click to expand...

I already considered the idea of putting in a temporary server but I
can't even get machines to join the domain, much less become a domain
controller! The output from DCDIAG is not promising...

Starting test: Connectivity
*** Warning: could not confirm the identity of this server in
the directory versus the names returned by DNS servers.
If there are problems accessing this directory server then
you may need to check that this server is correctly registered
with DNS

Starting test: FsmoCheck
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
......................... DOMAIN.com failed test FsmoCheck

There are also failures to register the RR in DNS, and MS's tech notes
that apply to that symptom are not relevant. And I'm getting Event
1202s every five minutes, "Security policies are propagated with
warning. 0x4b8 : An extended error has occurred." And once again,
MS's tech note (re Power Users) is not applicable.

As a last resort I'm going to take a stab at rebuilding the domain
database (in SYSVOL?) to see if that brings the domain back to life,
but the fact that MetaEdit's "check" function turned up so many
inconsistencies in the metabase, and the fact that NTFRS also needed
to be reset (was getting "The File Replication Service has detected
that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in
JRNL_WRAP_ERROR"), makes me doubt it's worth the effort to invest much
more time in cleaning up the mess on this box.

-Brad
 
I already considered the idea of putting in a temporary server but I
can't even get machines to join the domain, much less become a domain
controller! The output from DCDIAG is not promising...

Starting test: Connectivity
*** Warning: could not confirm the identity of this server in
the directory versus the names returned by DNS servers.
If there are problems accessing this directory server then
you may need to check that this server is correctly registered
with DNS

Starting test: FsmoCheck
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
......................... DOMAIN.com failed test FsmoCheck

There are also failures to register the RR in DNS, and MS's tech notes
that apply to that symptom are not relevant. And I'm getting Event
1202s every five minutes, "Security policies are propagated with
warning. 0x4b8 : An extended error has occurred." And once again,
MS's tech note (re Power Users) is not applicable.

As a last resort I'm going to take a stab at rebuilding the domain
database (in SYSVOL?) to see if that brings the domain back to life,
but the fact that MetaEdit's "check" function turned up so many
inconsistencies in the metabase, and the fact that NTFRS also needed
to be reset (was getting "The File Replication Service has detected
that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in
JRNL_WRAP_ERROR"), makes me doubt it's worth the effort to invest much
more time in cleaning up the mess on this box.
Click to expand...
I think you are right. A rebuild from scratch looks to be the best
course. How did it ever get in such a mess? (Rhetorical question)

Cheers,

Cliff
 
From your posts, it sure looks like a completely new re-build is necessary.
I'd ***STRONGLY*** recommend you set up your new domain with two servers. A
very low end server (or even a good workstation) could easily function as a
DC. Keep Exchange off of a DC. It's a very bad idea.... We just went through
an effort to be able to DCPROMO the Exchange server to an AS. It was not
fun.... Also, be sure to have two drives in the Exchange server and use the
Exchange Optimizer to move log files and databases onto the second drive.
Also, be sure to set up a scheduled backup of the Exchange database using
NTBACKUP. I'd also recommend you set up a second DC to provide redundancy.
 
Hank,

A couple of things:

1) While I agree with you that it is an excellent idea to keep Exchange off
of a Domain Controller ( putting it on a member server is the better
choice ) I think that this standpoint is starting to turn a little bit.
With money being generally tight and people not really understanding the
need ( CFO: Well, didn't we just spend about $5,000 for a server? Why do we
need another one for e-mail. Can't we just put it on the one we just
bought? ) a lot of hardware companies are promoting the
'multi-functionality' of their hardware. I agree with you completely on
this for a lot of reasons, though. Also, there are a lot of smaller
companies out there making use of SBS!

2) Neither Exchange 2000 nor Exchange 2003 has the Optimizer like Exchange
5.5 had. You have to manually move the log files and the database files.
While this is a rather simple task, it might pose daunting for some people
as you have to create some sort of directory structure so that there is a
location to place the .edb and .stm as well as the .log files ( if you
choose to not have them in their default locations - which is also the
better choice ).

3) Having at least two Domain Controllers is absolutely the way to go.
However, it might not always be feasible - even with your very good idea of
using a workstation-class machine as the second DC. Granted, I am with you
on this that doing otherwise might be a bit short-sighted ( how much are you
going to pay a consultant or your IT Department to fix this? ). Not only
that, how much downtime are you going to have because of this? How much
does that cost you in lost productivity ( you are paying people to sit there
and twiddle their thumbs! ).

Cary
 
2) Neither Exchange 2000 nor Exchange 2003 has the Optimizer like Exchange
5.5 had. You have to manually move the log files and the database files.
While this is a rather simple task, it might pose daunting for some people
as you have to create some sort of directory structure so that there is a
location to place the .edb and .stm as well as the .log files ( if you
choose to not have them in their default locations - which is also the
better choice ).
Click to expand...
Cary, a question. When you say "manually move" the log files and the
database files, now it's a long time since I did it, but I seem to
recall that you use the Exchange System Manager tool to move database
or logfiles. Am I correct?

Cheers,

Cliff
 
Cliff,

Yes, you would use the ESM to do this - but you have to create the directory
structure.

You would open up the ESM, open up "Organization", then open up
"Administrative Groups", then open up "First Administrative Group", then
open up "Servers" and open the particular Server in question ( "MyServer" ),
open up the Storage Group in question ( "First Storage Group" ) and then
right click on the Mailbox Store and open up the "Databases" tab....this is
where you would 'manually' relocate the files.

Thank you for asking for an explanation. I should have defined 'manually
move'.

Cary
 
Back
Top