Replication- and dcpromo-problem after DC Disaster

A

Andreas Kirchner

Hi,

because of a hardware crash on DC2 holding a)FSMO
(schema,domainname,RID,PDC), b)GC and c)Exchange-Server I
had to implement:

c:\winnt\system32\config\software
c:\winnt\system32\config\SECURITY

from a "3-month-old" Backup!!! (scary, I know)

The System is running now. Users can access Mailboxes etc.

But:
1.) The Server is not replicating with DC1.
EventID 13508
2.) I can not dcpromo a new Server as new DC,
because it aborts with "LinkID=5171:
RPC Server not available"

I already:
- did a SP4 Installation on DC2!
- checked DNS from cmdline, worked correct!
- checked that RPC is running on DC1 and DC2
- "net shared": sysvol is available on DC2 and DC2

I even don´t know what the best way is:

A) trying to promote a new DC to demote the DC1
B) trying to repair replication etc on DC1 to "re-work"

Thanks in advance for any help!
 
M

Matjaz Ladava [MVP]

RPC Server not available is 91.3% caused by DNS problem. check your DNS
first.

--
Regards

Matjaz Ladava, MCSE, MCSA, MCT, MVP
Microsoft MVP - Active Directory
(e-mail address removed), (e-mail address removed)
http://ladava.com

Hi,

because of a hardware crash on DC2 holding a)FSMO
(schema,domainname,RID,PDC), b)GC and c)Exchange-Server I
had to implement:

c:\winnt\system32\config\software
c:\winnt\system32\config\SECURITY

from a "3-month-old" Backup!!! (scary, I know)

The System is running now. Users can access Mailboxes etc.

But:
1.) The Server is not replicating with DC1.
EventID 13508
2.) I can not dcpromo a new Server as new DC,
because it aborts with "LinkID=5171:
RPC Server not available"

I already:
- did a SP4 Installation on DC2!
- checked DNS from cmdline, worked correct!
- checked that RPC is running on DC1 and DC2
- "net shared": sysvol is available on DC2 and DC2

I even don´t know what the best way is:

A) trying to promote a new DC to demote the DC1
B) trying to repair replication etc on DC1 to "re-work"

Thanks in advance for any help!
 
D

David Pharr [MSFT]

Restoring software and security hives from a 3-month old backup is beyond
the default tombstone lifetime (60-days) so the secure channel connections
between the two DCs is broken, AD replication between the two DCs is
probably completely busted and trying to get them to replicate is likely a
waste of time.

Why would you try to demote DC1? Isn't that the machine that did NOT
crash? If so, it should have the latest AD information. Demoting that
machine would cause you to lose all the AD information in your domain over
the past 3 months and you'd be stuck with the old information that DC2
contains. You want to keep the latest AD information that DC1 has and you
can recreate the FSMO roles by seizing them to DC1.

Backup the Exchange databases on DC2 before trying these steps (kb 326052).
Force DC2 (the machine that crashed) down using dcpromo /forceremoval (kb
332199) to get AD off that box (it will be a member server in a workgroup),
seize the FSMO roles to DC1 (kb 255504) and make DC1 a GC, join DC2 back to
the domain and then promote it as a domain controller so it grabs its AD
information from DC1. Restore Exchange to DC2 once it is back up and
running as a DC.

Also, start maintaining at least a system state backup of these DCs per kb
240363.

David Pharr, (e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Content-Class: urn:content-classes:message
| From: "Andreas Kirchner" <[email protected]>
| Sender: "Andreas Kirchner" <[email protected]>
| Subject: Replication- and dcpromo-problem after DC Disaster
| Date: Thu, 11 Dec 2003 02:18:36 -0800
| Lines: 34
| Message-ID: <[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: quoted-printable
| X-Newsreader: Microsoft CDO for Windows 2000
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Thread-Index: AcO/0CNOBzruZoODSjGH9kA1RYXNFg==
| Newsgroups: microsoft.public.win2000.active_directory
| Path: cpmsftngxa07.phx.gbl
| Xref: cpmsftngxa07.phx.gbl microsoft.public.win2000.active_directory:59067
| NNTP-Posting-Host: tk2msftngxa12.phx.gbl 10.40.1.164
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| Hi,
| because of a hardware crash on DC2 holding a)FSMO
| (schema,domainname,RID,PDC), b)GC and c)Exchange-Server I
| had to implement:
| c:\winnt\system32\config\software
| c:\winnt\system32\config\SECURITY
| from a "3-month-old" Backup!!! (scary, I know)
| The System is running now. Users can access Mailboxes etc.
| But:
| 1.) The Server is not replicating with DC1.
| EventID 13508
| 2.) I can not dcpromo a new Server as new DC,
| because it aborts with "LinkID=5171:
| RPC Server not available"
| I already:
| - did a SP4 Installation on DC2!
| - checked DNS from cmdline, worked correct!
| - checked that RPC is running on DC1 and DC2
| - "net shared": sysvol is available on DC2 and DC2
| I even don´t know what the best way is:
| A) trying to promote a new DC to demote the DC1
| B) trying to repair replication etc on DC1 to "re-work"
| Thanks in advance for any help!
|
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top