Problems after Restore System State

[Guest]

Thanks for your sympathy & advice about the certificate. I will backup the
current certificate key. I meant to say "DC02' is not the FSMO holder. DC01
is the FSMO & the infrastructure master, etc. Because I am rebuilding DC02 as
a clean Windows OS configure it as a new domain controller using the same IP
address and same computer name, do I still need to seize the FSMO roles from
DC01? AT the moment, I am writing all options on email before I receive the
blame from my boss in the future. Yes....I need lots of luck.

 

[Guest]

DC02 is the subordinate CA enterprise server, DC01 is the root CA enterprise
server.
Because I am rebuilding DC02 from scratch as a clean Windows 200 Domain
controller, I am hoping DC01 will enable the replication again. About the CA
certificate key of DC02, I will back it up beforehand. Will this work? I
really want to sleep comfortably during my leaves. Thanks.

 

[Hank Arnold]

I'd clean up my resume while on vacation, also..... You will not be
returning to a nice situation and bosses have notoriously short memories
(except for grudges)....

 

[Ace Fekay [MVP]]

In

DC02 is the subordinate CA enterprise server, DC01 is the root CA
enterprise server.
Because I am rebuilding DC02 from scratch as a clean Windows 200
Domain controller, I am hoping DC01 will enable the replication
again. About the CA certificate key of DC02, I will back it up
beforehand. Will this work? I really want to sleep comfortably during
my leaves. Thanks.

You would sleep better if you fix it before you go. What's your hurry? Rita?

Ace

 

[Guest]

I encountered many of the same issues you encountered with two domain
controllers in our external connectivity environment. The time period during
which they had failed to communicate had well exceeded the 60 day limit, and
I was at a loss as to what to do having tried all solutions that I could
discover. But I did manage to fix the problem.

I used the NetDom ResetPwd command to reset the machine account password BUT
rather than running this command

(On Non-Working Server)
NETDOM RESETPWD /Server:Working Server /UserDomain\AdministrativeID
/PasswordD:*

I ran

(On WORKING Server)

NETDOM RESETPWD /Server:NonWorkingServer
/UserDomain\AdministrativeID /PasswordD:*

Then I rebooted the non-working server, started the REPLMON program and
forced replication with the working server and everything, including browsing
via the UNC name and certificate services started to function properly.

 

[Ace Fekay [MVP]]

In

I encountered many of the same issues you encountered with two domain
controllers in our external connectivity environment. The time
period during which they had failed to communicate had well exceeded
the 60 day limit, and I was at a loss as to what to do having tried
all solutions that I could discover. But I did manage to fix the
problem.

I used the NetDom ResetPwd command to reset the machine account
password BUT rather than running this command

(On Non-Working Server)
NETDOM RESETPWD /Server:Working Server /UserDomain\AdministrativeID
/PasswordD:*

I ran

(On WORKING Server)

NETDOM RESETPWD /Server:NonWorkingServer
/UserDomain\AdministrativeID /PasswordD:*

Then I rebooted the non-working server, started the REPLMON program
and forced replication with the working server and everything,
including browsing via the UNC name and certificate services started
to function properly.

And that was after 60 days? Interesting. Thanks for the info. I will like to
try this out sometime.

Ace