Active Directory, problem removing old server
hello,
i'm having bit of problem , i'm i'm hoping assistance. setup new windows 2008 r2 server onsite alongside windows 2003 r2 sbs server. added 2008r2 server domain, transfered fsmo roles it, , move client applications new server. working great. 2003 r2 server started shutting down due issue sbs single domain requirement. no problem planned rid of server anyway. tried remove ad server , tells me it's domain controller. check in ad sites , services , new server listed, gc, under connections, lists old server, , when try run dcpromo, tells "before can install or remove ad domain services must remove ad certificate services. information consequences of removing active directory certificate services, see , support." has ad loaded on it. did netdom query domain controllers , both servers listed. when netdom query pdc, list new server , fsmo query returns new server items. i'm tempted remove ad old server, if i'm wrong, i'll rebuilding domain in live network , have relink workstations domain. can figure out going on , fix it? forgot add this:
event type: warning
event source: dns
event category: none
event id: 4013
date: 8/7/2013
time: 1:30:35 pm
user: n/a
computer: windows-ifpdlb8.robinson.local
description:
the dns server waiting active directory domain services (ad ds) signal initial synchronization of directory has been completed. dns server service cannot start until initial synchronization complete because critical dns data might not yet replicated onto domain controller. if events in ad ds event log indicate there problem dns name resolution, consider adding ip address of dns server domain dns server list in internet protocol properties of computer. event logged every 2 minutes until ad ds has signaled initial synchronization has completed.
for more information, see , support center @ http://go.microsoft.com/fwlink/events.asp.
i'm going looking error, wanted post first incase had useful information.
thanks,
jeffery smith
btw, not correct name of server. original name issued system, correct name of server brdserver2013.robinson.local. don't know why it's got computer's original name. i'm guessing part of problem.
circling looking @ dcdiag, appears dermserver1's sysvol corrupt or missing, , dc in jrnl_wrap_error state, or refer journal wrap. that's why there gpo errors. can't replicate sysvol due error.
there number of reasons dc can journal wrap state, jrnl_wrps caused sysvol corruption. usual culprit number of things:
- abrupt shutdown/restart
- disk errors - corrupted sectors.
- av not configured exclude sysvol, ntds , ad processes
expanding on this, below official list, above list, think pretty gives idea may going on.
[1] volume "\\.\c:" has been formatted.
[2] ntfs usn journal on volume "\\.\c:" has been deleted.
[3] ntfs usn journal on volume "\\.\c:" has been truncated. chkdsk can truncate journal if finds corrupt entries @ end of journal.
[4] file replication service not running on computer long time.
[5] file replication service not keep rate of disk io activity on "\\.\c:".
-
as fixing journal wrap , sysvol issues, there couple of ways go it. kb below explains it:
using burflags registry key reinitialize file replication service replica sets
http://support.microsoft.com/kb/290762
so it depends on if copy of sysvol folder , subfolders exist on dermserver1. folder , subfolders exist?
here notes on it, summarizes kb above, , explains settings mean, steps, etc:
==================================================================
==================================================================
recover journal wraps (jrnl_wrap_error) , sysvol dc:
reference:
using burflags registry key reinitialize file replication service replica sets
http://support.microsoft.com/kb/290762
what caused dc state? jrnl_wrps caused sysvol corruption. usual culprit number of things:
- abrupt shutdown/restart
- disk errors - corrupted sectors.
- av not configured exclude sysvol, ntds , ad processes
basically, way fix must first stop ntfrs service on dcs. yes, ntfrs must stopped on dcs perform this. pick
good 1 "source dc."
- if have 1 dc, such sbs, , sysvol appears ok, or restore sysvol backup. follow "specific" steps i've
outlined below.
- if more 1 dc, not many can't shutdown ntfrs on of them, such if have 40 dcs, pick , choose best 1 , apply d2 on bad , d4 on good.
- if there numerous dcs, such large infrastructure, forcedemote dc error, run metadata cleanup, re-promote dc domain.
summarize:
have 2 choices:
1. non-authoritative restore: use d2 option on dc empty sysvol folder, or sysvol folder incorrect data. way copy of current sysvol , other folders dc set d4 option on
2. authoritative restore: use d4 option on dc has copy of current policies , scripts folder (a good, not corrupted folder).
note - steps refer changing registry setting called burflag value. if burglag key not exist, create it. it's dword key.
more imporatnatly, references change burflag 1 of 2 options: d4 or d2. therefore, before going further, squelch confusion on d2 , d4 settings mean:
d2/d4 - which?
•d2, known nonuthoritative mode restore - gets set on dc bad or corrupted sysvol
•d4, known authoritative mode restore - use on dc copy of sysvol.
•you must shut ntfrs service down on dcs while you're doing until instructed start it.
•you'll want copy current sysvol structure on dc folder backup prior doing this.
simply put, difference d4 "the source dc" want copy sysvol folder bad dc. bad dc d2, tells pull source dc, 1 set d4 on.
basically, here steps summarized:
1. authoritative restore must stop ntfrs services on of dcs
2. in registry location: hkey_local_machine\system\currentcontrolset\servic es\ntfrs\parameters\backup/restore\process
set burflags hex d4 on known sysvol (or @ time restore sysvol data backup set burflags d4) start ntfrs on this server. may want rename old folders .old extensions prior restoring data.
3. clean folders on remaining servers (policies, scripts, etc) - renamed them .old extensions.
4. set burflags d2 on remaining servers , start ntfrs.
5. wait frs replicate.
6. clean .old stuff if things good.
7. if "d4" won't solve problem try "d2" value.
-
so circling back, fix , make work, copy contents of sysvol location, follow kb, states must stop ntfr service on dcs. pick 1 "source dc." of course, i've stated above, if have large number of dcs, best bet forcedemote bad dc, run metadata cleanup remove reference ad, re-promote it.
if have small number of dcs, , if have dc , bad dc, on dc, set burflag d4, , on bad dc set burflag d2. d2 option on bad dc 2 things:
1. copies current stuff in sysvol folder , puts in folder called "pre-existing." folder says is, current data. way if have revert it, can use data in folder.
2. replicates (copies) data dc (d4) bad guy (d2).
-
in example, if set burflags d4 on single domain controller , set burflags d2 on other domain controllers in domain, can rebuild sysvol d4 dc (the source dc).
i've heard of admins manually copying sysvol folder, set burflag options mentioned, works too. no, haven't tested it.
that lab on day. :-)
specific steps authoritative restore:
use d4 option on dc has copy of current policies , scripts folder (a good, not corrupted folder).
1. stop frs service on dcs.
dcs 1 dc, can download psexec , run "psexec \\otherdc net stop ntfrs" 1 @ time each dc.
2. on dc want source, run regedit , go following key:
hkey_local_machine\system\currentcontrolset\services\ntfrs\parameters\backup/restore\process @ startup
in right pane, double-click "burflags." (or rt-click, edit dword)
type d4 , click ok.
3. on bad dc, run regedit , go following key:
hkey_local_machine\system\currentcontrolset\services\ntfrs\parameters\backup/restore\process @ startup
in right pane, double-click "burflags." (or rt-click, edit dword)
type d2 , click ok.
4. quit registry editor, , switch command prompt (which still have opened).
5. on dc, start frs service, or in command prompt, type in "net start ntfrs" , hit <enter>
6. on bad dc, start frs service, or in command prompt, type in "net start ntfrs" , hit <enter>
7. on bad dc, check sysvol folder see if started populating.
8. check eventid 13565 shows process started
9. check eventid 13516, shows it's complete
10. start frs on other dcs.
the following occurs after running steps above , start frs service (ntfrs):
•the value burflags registry key returns 0.
•files in reinitialized frs folders moved <var>pre-existing</var> folder.
•an event 13565 logged signal nonauthoritative restore started.
•the frs database rebuilt.
•the member replicates (copies) sysvol folder dc.
•the reinitialized computer runs full replication of affected replica sets when relevant replication schedule begins.
•when process complete, event 13516 logged signal frs operational. if event not logged, there problem frs configuration.
note: placement of files in <var>pre-existing</var> folder on reinitialized members safeguard in frs designed prevent accidental data loss. can copy stuff if didn't work, have not yet seen when has not worked!
these steps shown in more detail at:
using burflags registry key reinitialize file replication service replica sets
http://support.microsoft.com/kb/290762
==================================================================
==================================================================
-
the dns entries on nics:
also, noticed in dns entries in ipconfigs each dc points itself. ideally, , has been argued since 1999 among microsoft engineers, has been pretty settled, ideally see first entry point replica partner dc, second entry set or loopback. matter of fact, if run ad bpa, that's looks for. suggest set both dcs way until you get through this.
ace fekay
mvp, mct, mcitp/ea, mcts windows 2008/r2 & exchange 2007, exchange 2010 ea, mcse & mcsa 2003/2000, mcsa messaging 2003
microsoft certified trainer
microsoft mvp - directory services
technical blogs & videos: http://www.delawarecountycomputerconsulting.com/
this post provided as-is no warranties or guarantees , confers no rights.
Windows Server > Directory Services
Comments
Post a Comment