No announcement yet.

Problems after AD restored ???

  • Filter
  • Time
  • Show
Clear All
new posts

  • Problems after AD restored ???

    Hi all,

    Here's how I restored the AD:

    - build a freshly new Win 2000 adv server, install sp4, let it in workgroup
    - run Ntbackup on this new installed server, to restore the AD from backup file. The AD backup file is normal online windows backup (Sys State & Drive C combined). This is the backup file of DC1 (GC, 5 FSMO roles. We have 2 DC, the other, DC2, is GC too).
    - When finished, server was restarted, then I can logon to the restored server normally

    Here's problem after restoring AD:

    - At the 1st restart, I first logon to the new restored DC, it's OK, but I see the red AD error dialog right on the desktop:

    "Naming information cannot be located because:

    The specified domain either does not exist or could not be contacted.
    Contact your system administrator ..."

    - At the same time, I try to join a new client to the domain (via the new restored DNS/DC), I see the error:

    "The following error occured validating the name "" . This condition may be caused by a DNS lookup problem. For information about troubleshooting common DNS lookup problems, please see the following Microsoft Web Site:

    The specified domain either does not exist or could not be contacted."

    - The 3rd error is that I can't create user / computer accounts at the restored DC (5 fsmo roles, GC). I understand that this DC tries to contact/replicate with other DC (DC2, not be restored now, so just only DC1) to confirm there's no other RID master before it (the RID master) create a new SID for the new account. When DC1 cant contact DC2 (it knows DC2 exist since I still dont sweep away the old information) to confirm it is the only RID master, it doesnot dare to give new SID in attempt to get rid of a duplicate SID potential issue. So, when I use NTDSutil to erase the old info of DC2 and restart DC1, I can create new account.

    - Though I can create new account, the 2 previous error still exist. The error "Naming information ..." still appear after server restart, and I still cant join any new client to domain with the same error display. It seems the DNS at DC1 work normally, and new client is pointed to DC1 for DNS. So I think the error relates to AD rather than DNS. But I try in vain, still stuck.

    I hope someone can give me some advices about this problems.
    Thanks in advance.

  • #2
    Re: Problems after AD restored ???

    Check out this microsoft article. You will need to make the server a domain controller before performing the restore, not leaving it in a workgroup.


    • #3
      Re: Problems after AD restored ???

      Thanks, I'm trying to figure out what u mean.

      Assume I have 2 DC: DC1 (5 fsmo, gc), DC2 (gc), Exchange ... :

      - If DC1 failed forever, so I have some options:

      + Seize 5 fsmo role at DC2. Install new DC (name it DC1 or st else), and it auto-replicate info from DC2.
      + Restore DC1 from backup file:
      -> Install new server, at workgroup, restore AD backup file .
      -> Install new server, promote it to DC, boot into Directory Service Restore Mode, then restore AD (DC1) from backup file (maybe that is what u mean ?)

      - If the whole system pass away forever (2 DC and all Exchange), what left are some backup files (DC1 backup file, MS Infor Store backup file), then I have to build up from scratch:

      + Install new server, let it at workgroup (I dont know if it's sense to make this server a DC ?)
      + Restore DC1 backup file
      + Join other server to domain, install Exchange with /disasterrecovery, then restore mailbox store.

      What I think and face is that if we backup/restore a 1-DC system then we have less problems (in case restore of course) than with multi-DC system. SO it's better to demote DC2 to make 1-DC system before backing up, that make the restore less trouble.

      Thank you again for answering.


      • #4
        Re: Problems after AD restored ???

        I'm not sure I follow you.

        What I linked to at MS is the process to restore a DC. Essentially you reload windows, run Dcpromo to make it a domain controller and then reboot to directory services restore mode. Once there, you restore the active directory from backup.

        Guessing from the naming problems you have, there may be a problem with DNS. If that is not working/configured properly, ADS will have issues.

        I have had one DC die on me before and I just reloaded and promoted it again. That was pretty well the fastest way.

        Hope that makes sense.


        • #5
          Re: Problems after AD restored ???

          I also face other problems after AD restored:

          - Sysvol problem with following Event report:

          File Replication Service is scanning the data in the system volume. Computer FSOFT-DC01 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.

          To check for the SYSVOL share, at the command prompt, type:
          net share

          When File Replication Service completes the scanning process, the SYSVOL share will appear.

          The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume.

          (event ID: 13566 , source: ntfrs)

          - Directory Service event report:

          Unable to establish connection with global catalog.

          (event ID: 1126 , source: NTDS general)

          The sysvol scanning usually take too long to finish, and many times it seems to never finish, so sysvol cant be shared, and new client cant join the domain. I dont how to make this process finish manually.

          Thanks for any advices that can help me.


          • #6
            Re: Problems after AD restored ???

            Hi all,

            I find many problems after AD restored, that relate to DC replication.
            After AD restored, event viewer reports error 13509, 10508 (FRS)

            - error 13509 report that this DC1 (AD restored) start replicating with another DC, say DC2. Of course it cant finish (it retries many times) since there's no DC2 now (I find the left info about DC2, and I have used NTDSutil to sweep them away, but FRS still realize it).

            - error 13508 report that there's trouble enabling replication between DC1 and DC2 (for SYSVOL), using DNS name (FRS keeps retrying). I open DNS at DC1 and dont find any record relate to DC2.

            The problem is that, though DC2 have been moved long ago (maybe wrongly moved), and I then use ntdsutil to erase its object, but some info about DC2 still exist, that make FRS at DC1 keep trying replication between DC1 and DC2, that make the sysvol at DC1 seem never to get a finish, so DC1 is still not a real DC, that leads to many problem (cant join domain ...).

            So can anyone tell me any ways to erase the old info of DC2 from DC1, so the FRS can finish sharing sysvol quickly after AD restored.

            Thank you so much.


            • #7
              Re: Problems after AD restored ???

              SYSVOL replication issues after AD restored.

              After AD backup, that came from multi-DC system, is restored, one of the most common problem relate to SYSVOL replication between DCs. When DC1 (GC, 5 fsmo) is restored, it is not the sysvol replication Master be default as expected, so it need to replicate sysvol with somewhere (but nowhere, since it is the only DC that is restored), that makes the FRS scan system partition for ever (I cant wait too long, but maybe forever), hanging up the process, sysvol and netlogon cant be shared ... that lead to many problems: not real DC, cant join domain, Exchange DS cant realize this DC ...

              To make this restored DC the sysvol replica Master (so it dont have to depend on other partners to update), I must set register key (value "D4", BurFlags), then FRS finish its job, this DC begin advertising itself ... Now OK, client can join domain, Exch DS can regconize this DC. It sound like making authoritative restore of sysvol; but if I go that way of thinking, and make the authoritative restore of the whole database (restore normally, dont restart, open ntdsutil .... and authoritative restore database, restart), then SYSVOL replication issues still exist and I still have to set D4 in registry to make this DC sysvol replica Master.

              I wonder why authoritative restore of wholde database does not work, and how the sysvol replica Master role works ? (when I refresh the registry, the D4 value just disappear, and value come to 0 as default ?).

              So with a little (and short-lasting) registry change, I can join a new server to domain, install Exchange with /disasterrecovery (sp too), and Exchange can regconize the DC.

              But problem occurs when I add a 2nd DC. Seem still sysvol replication issue. I know when the 1st DC is Master (D4), the 2nd should be Slave (D2). But after setting D2 at DC2, it disappear after a refresh and problem still remains, and Exchange DS cant regconize DC2. In short, the new value disappear after refresh in both DC1 and DC2, and I dont know how to make and keep DC1 the Master and DC2 the Slave. Since Exchange dont see DC2 (only see DC1), the sysvol question with DC2 still remain.

              So can anyone tell me how to fix sysvol issue with this 2-DC system, and make Exchange DS to see the 2 DC ?

              Thanks in advance.