also look at:
How to manually decommission a root server that hosts a domain-based DFS root in Windows Server 2003
http://support.microsoft.com/?id=842218
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto #
BLOG -->
http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
it is a bit difficult keeping up with the issues you are experiencing and their current status.
CONCERNING DFS:
From my understanding you have forcebly demoted a DC that also was a root server for one or more namespaces. That demoted DC is now a stand alone server and that server will never return to the network in its current form and it will be reinstalled. In AD this server is still referenced as a root server. Removing the root server reference may not work because it contacts AD and it wants to contact the root server in question
If that is the case look at:
(taken from:
http://www.microsoft.com/technet/pr...Ref/28be5bc5-694d-49ea-981e-34bdadd1a931.mspx)
Example 9: Clean Up a Root-Server Entry in Active Directory
If, for some reason, you have removed a root server and the metadata in Active Directory has not been updated, you can manually cause the root-server entry to be removed from the blob. This parameter is used as a problem/corruption repair setting. Do not confuse it with parameters like /remftroot or /clean. Unless absolutely necessary, use of this parameter should be avoided. To eliminate the resultant obsolete root target in the DFS namespace, type the following at the command line:
dfsutil /unmapftroot /root:\\ex.com\salesdata /server:\\mainshare1
Caution
• Using this option deletes an entire namespace. This option is used only when you already have removed a domain-based root server. When this command statement is executed, the actual server is never contacted before it unmapped (because it is assumed to have been removed and, as such, would not exist). As a result, a functioning root can get removed accidentally.
Notes
• The root-server that has been removed must be domain-based for this method to work.
• DFSUtil works in direct mode to get or update the DFS metadata. This command statement will fail if the root-server is not domain-based or if direct mode cannot be initialized.
• Back up your namespace before using the /unmapftroot parameter.
CONCERNING THE W2K3 DC:
What event log error IDs is it throwing at you?
run:
DCDIAG /D /C /V
NETDIAG /DEBUG /V
what does the output say? Post only the parts in error
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto #
BLOG -->
http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
Thanks a lot.
Now I am removing the dfs targets that are hosted by the demoted DC (hostname of this server is Sgintfs02). I have 3 dfs namespaces:
I am able to display both the DfsDpt and DFSRIS in dfs mmc console but not the DFSRPT. It said "the specified domain either does not exist or could not be contacted".
That's the first problem.
When I want to remove the root target \\SGINTFS02\DfsDpt, it gave a warning followed by an error. I clicked 'Yes' to forcibly remove the root target, it gave the "The system cannot find the file specified" error. It seems that the root target is already removed but in the dfs mmc, it is still displayed there. How can I remove it from the display?
Good. Done those steps today but not yet repromote the server. I will have to go back to the office tomorrow to troubleshoot again to see why I cannot remotely connect the Remote Access server and the Exchange server. As the demoted server was a DHCP and DNS server, could it be the cause?
* take that DC off the network (while it is up, remove the cable)
* SEIZE the FSMO roles held by that bad DC to another live DC
see:
http://blogs.dirteam.com/blogs/jorge/archive/2006/01/05/373.aspx
* Cleanup the metadata of the bad DC (Make sure ALL the metadata is cleaned/removed from AD and replicated to other DCs)
see:
http://blogs.dirteam.com/blogs/jorge/archive/2005/12/03/213.aspx
* Forcebly demote the bad DC: DCPROMO /FORCEREMOVAL (end result is a stand alone server!!!)
see:
http://support.microsoft.com/?id=332199
* If needed REPROMOTE the stand alone server to an additional DC of an existing domain, make it a GC, transfer the FSMO roles back, reconfigure additional services like DNS/WINS accordingly if needed
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto #
BLOG -->
http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
So far the resolution stated in KBQ885875 is to demote the DC. As the DC host the major FSMO roles and it can't transfer the role to other DC at this state. How to best demote it?
Yes, use a normal backup to restore a DC!!! NEVER EVER USE AN IMAGE TO RESTORE A DC!!!
IMAGES/SNAPSHOTS are not AD aware when restoring. So I guess you have been having troubles because of a USN rollback
you can find more info at:
MS-KBQ885875_How to detect and recover from a USN rollback in Windows 2000 Server
MS-KBQ875495_How to detect and recover from a USN rollback in Windows Server 2003
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto #
BLOG -->
http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
I restored a Windows 2000 DC from a most recent ghost image, but it cannot replicate to and from other DCs. The DC within the same site gives the "target principal name is incorrect" when trying to replicate to this restore DC. The DC on the other site of the WAN link gives "Access is denied" when trying to replicate this DC.
Just less than a week ago I did forestprep and domainprep to my Windows 2000 domain so as to allow a Windows 2003 server to be promoted to DC into this domain. Unluckily today the Windows 2000 DC that host the PDC, RID, Infrastructure master could not completely startup (directory service database corrupted). The ghost image does not contains the changes to the AD of forestprep and domainprep.
Is there a way to resolve this replication problem?
