windows 2003 DC crashed .. what to do?

[CM Rahman]

Hi,

We have two ServerA Dc and ServerB DC. Both are windows 2003 server.
Our ServerA crashed and ServerB is now serving.

But everytime I try to go "Active directory domain and trust" and
right click on it and go to property, I get this error

"You cannot modify domain or trust information becasue a Primary
Domain Controller (PDC)emulator cannot be contacted. Please verify
that the PDC emulator and the network are both online and functioning
properly."

Anybody know whats up

I have run netdiag and get this

Turst relationship test . . . . . : Failed
[FATAL] Secure channel to domain 'HQ2' is broken.
[ERROR_NO_LOGON_SERVERS]

anybody know what I need to do to fix this?

Thanks

 

[Cary Shultz [MVP]]

-----Original Message-----
Hi,

We have two ServerA Dc and ServerB DC. Both are windows 2003 server.
Our ServerA crashed and ServerB is now serving.

But everytime I try to go "Active directory domain and trust" and
right click on it and go to property, I get this error

"You cannot modify domain or trust information becasue a Primary
Domain Controller (PDC)emulator cannot be contacted. Please verify
that the PDC emulator and the network are both online and functioning
properly."

Anybody know whats up

I have run netdiag and get this

Turst relationship test . . . . . : Failed
[FATAL] Secure channel to domain 'HQ2' is broken.
[ERROR_NO_LOGON_SERVERS]

anybody know what I need to do to fix this?

Thanks
.

CM,

It sounds like the DC that crashed held several of the
FSMO Roles ( well, at the very least the FSMO Role of PDC
Emulator ).

I do not know how this is done in WIN2003 ( would assume
that it is the same as WIN2000 ). In WIN2000 I would do
one of many things: install the Support Tools and issue a
NETDOM QUERY FSMO or use ReplMon or DCDIAG with various
switches or use the ADUC MMC to determine who holds the
three Domain-wide FSMO Roles ( PDC Emulator, RID Master
and Infrastructure Master ). You could also use NTDSUtil
for this.

In your situation ( again, were we in a WIN2000 AD
Domain ) if the DC that crashed and burned was NEVER going
to come back on-line then I would use NTDSUtil to seize
that specific FSMO Role and whichever other FSMO Roles
that it held. There would be additional things to worry
about here as well. I would do a metadata cleanup and
then use ADSIEdit to clean some things up and then make
any other "fixes" as needed ( read: DNS records ).

HTH,

Cary

 

[Cary Shultz [MVP]]

-----Original Message-----

-----Original Message-----
Hi,

We have two ServerA Dc and ServerB DC. Both are windows 2003 server.
Our ServerA crashed and ServerB is now serving.

But everytime I try to go "Active directory domain and trust" and
right click on it and go to property, I get this error

"You cannot modify domain or trust information becasue a Primary
Domain Controller (PDC)emulator cannot be contacted. Please verify
that the PDC emulator and the network are both online

and

functioning
properly."

Anybody know whats up

I have run netdiag and get this

Turst relationship test . . . . . : Failed
[FATAL] Secure channel to domain 'HQ2' is broken.
[ERROR_NO_LOGON_SERVERS]

anybody know what I need to do to fix this?

Thanks
.

CM,

It sounds like the DC that crashed held several of the
FSMO Roles ( well, at the very least the FSMO Role of PDC
Emulator ).

I do not know how this is done in WIN2003 ( would assume
that it is the same as WIN2000 ). In WIN2000 I would do
one of many things: install the Support Tools and issue a
NETDOM QUERY FSMO or use ReplMon or DCDIAG with various
switches or use the ADUC MMC to determine who holds the
three Domain-wide FSMO Roles ( PDC Emulator, RID Master
and Infrastructure Master ). You could also use NTDSUtil
for this.

In your situation ( again, were we in a WIN2000 AD
Domain ) if the DC that crashed and burned was NEVER going
to come back on-line then I would use NTDSUtil to seize
that specific FSMO Role and whichever other FSMO Roles
that it held. There would be additional things to worry
about here as well. I would do a metadata cleanup and
then use ADSIEdit to clean some things up and then make
any other "fixes" as needed ( read: DNS records ).

HTH,

Cary
.

Oh, and do not forget about the Global Catalog Server and
any other services that the downed DC might have held (
like DHCP, DNS, etc. ).

Cary