W2K DC Rplction prob

[Guest]

Hey all,

Im at my witts end with a problem involving domain control replacement.

Heres what happened:

About a month ago, a domain controller in my network went to the great
computer god in the sky (hardware failure). So, since I could not demote it,
I used the ntdsutil and removed it from AD. I waited a good day for
everything to converge and replicate everywhere. I checked to see if there
were any lingering issues with that domain controller on ANY of my other DCs.
Everthing looked good.

So, i bought a new server.
-made it a member with a completely different name.
-waited for it to appear in all my DCs in the COMPUTERS contained in my
domain (one forrest, two domains btw).
-then made it a DC via dcpromo.
-Made it a DNS server secondary to the master.
-Made it a wins server to help out the old 98 machines.
-it made some automatic links in the NTDS settings under SITES AND SERVICES
to a couple of the DCs. It put the server in the right site based on its IP
as well.
-I waited again for this to all converge (waited a day).
-made it a global catalog
Everything looked good.

Heres where the prob started:

No user at that site can log in. It keeps giving me "your password is
incorrect" or "no domain server avail for your site" etc... Its DHCP service
is handin gout IPs fine. I look in my DC that is handle most of my FSMO roles
and it shows that the DC in question is having some problems.


Errors in the event log of the NEW DC are:

EVENT ID 1000 Userenv
Windows cannot access the file gpt.ini for GPO The file must be present at
the location <>. (). Group Policy processing aborted.

and

EVENT ID 1000 Userenv
Windows cannot query for the list of Group Policy objects . A message that
describes the reason for this was previously logged by this policy engine.

Also, when i goto my main DC, the one that handles my fsmo roles, i cant use
the SNAP in to connect to any options (such as the event viewer, or say
services) on the new DC. But, if I go to a completely diff DC, I can look at
it fine.

I just demoted it to a member server. It has a SAM entry and look s fine
(other than i cant connect to any of the features through the MMC on another
DC).

It also shows this EVENT ID:

EVENT ID SAM 12296
The SAM database attempted to clear the directory C:\WINNT\NTDS in order to
remove files that were once used by the Directory Service. The error is in
record data. Please have an admin delete these files.


any help greatly appreciated.

 

[Paul Bergson]

It will be hard to debug since you have demoted. Re-Promote and do the
following for help in determining the problem.

Try running netdiag, repadmin and dcdiag. Look for fail, error and warning
errors.

If you don't have the tools installed load them from your install disk.

d:\i386\adminpak.msi (Server tools for remote management of servers)
d:\support\tools\setup.exe (Server Utilities)

Copy the following to a cmd file and run look for error, fail and warn
within the reports. Post any errors you can't figure out. make sure you
modify DC_Name to the name of a dc in your domain.

@echo off

c:
cd \
cd "program files\support tools"

del c:\dcdiag.log
dcdiag /e /c /v /sC_Name /f:c:\dcdiag.log
start c:\dcdiag.log

netdiag.exe /v > c:\netdiag.log
start c:\netdiag.log

repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt
start c:\repl.txt

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Jorge_de_Almeida_Pinto]

Hey all,

Im at my witts end with a problem involving domain control
replacement.

Heres what happened:

About a month ago, a domain controller in my network went to
the great
computer god in the sky (hardware failure). So, since I could
not demote it,
I used the ntdsutil and removed it from AD. I waited a good
day for
everything to converge and replicate everywhere. I checked to
see if there
were any lingering issues with that domain controller on ANY
of my other DCs.
Everthing looked good.

So, i bought a new server.
-made it a member with a completely different name.
-waited for it to appear in all my DCs in the COMPUTERS
contained in my
domain (one forrest, two domains btw).
-then made it a DC via dcpromo.
-Made it a DNS server secondary to the master.
-Made it a wins server to help out the old 98 machines.
-it made some automatic links in the NTDS settings under SITES
AND SERVICES
to a couple of the DCs. It put the server in the right site
based on its IP
as well.
-I waited again for this to all converge (waited a day).
-made it a global catalog
Everything looked good.

Heres where the prob started:

No user at that site can log in. It keeps giving me "your
password is
incorrect" or "no domain server avail for your site" etc...
Its DHCP service
is handin gout IPs fine. I look in my DC that is handle most
of my FSMO roles
and it shows that the DC in question is having some problems.


Errors in the event log of the NEW DC are:

EVENT ID 1000 Userenv
Windows cannot access the file gpt.ini for GPO The file must
be present at
the location <>. (). Group Policy processing aborted.

and

EVENT ID 1000 Userenv
Windows cannot query for the list of Group Policy objects . A
message that
describes the reason for this was previously logged by this
policy engine.

Also, when i goto my main DC, the one that handles my fsmo
roles, i cant use
the SNAP in to connect to any options (such as the event
viewer, or say
services) on the new DC. But, if I go to a completely diff
DC, I can look at
it fine.

I just demoted it to a member server. It has a SAM entry and
look s fine
(other than i cant connect to any of the features through the
MMC on another
DC).

It also shows this EVENT ID:

EVENT ID SAM 12296
The SAM database attempted to clear the directory
C:WINNTNTDS in order to
remove files that were once used by the Directory Service. The
error is in
record data. Please have an admin delete these files.


any help greatly appreciated.

were there other errors in the event logs?

did you run DCDIAG /V

 

[Guest]

Well, right now, all users at the site with the failed DC are loggin in fine
over the link to my main site where there is another DC. So, Im going to
start from scratch with a new box entirely (new hardware, new load, etc).

im going to build the controller ther at the site in that subnet so that
everything looks as it should from the beginnning.

Thanks for the replies, but after thinking about this, there is just too
much wrong to start troubleshooting this without starting it over from
scratch.

Ill post again if it has anothe rprob.

 

[Cary Shultz [A.D. MVP]]

Pooch,

Do not forget to make that DC also a Global Catalog Server! Unless, of
course, there is a compelling reason not to do so. And you will probably
want to install DNS on that DC as well.....

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com