Announcement

Collapse
No announcement yet.

Restoring System State for a Domain Controller for Disaster recovery to 2003 Server w

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Restoring System State for a Domain Controller for Disaster recovery to 2003 Server w

    Windows 2003 SP1, full system state backup using native NTBACKUP.
    For disaster recovery purposes, a task to required to restore a full system state from the "live" 2003 AD network to a TEST network. The live network had 2 DC's amd Exchange 2003. It is required to resore the AD to different hardware and build Exchange and restore IM store to new hardware on the TEST network.
    This task has beem completed using same hardware but, since the OS has been upgraded to SP1 unable to perform the task. Can add members to the Domain but unable to use the MS MMC to open the Domain Policy . When I try I get the error message
    "Failed to Open the Group Policy Object. You may not have appropriate rights. Details: The system cannot find the path specified"
    I have checked permission on the SYSVOL share all seem correct as on the LIVE network.
    Error Message from Event Logs :-
    Sourec : userenv
    EventID : 1058
    Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},
    CN=Policies,CN=System,DC=northampton,DC=uk,DC=inta mac.
    The file must be present at the location <\\northampton.uk.intamac\sysvol\northampton.uk.in tamac\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>.
    (The system cannot find the path specified. ). Group Policy processing aborted.

    Output from DCDIAG /v - errors only from output

    Doing initial required tests

    Testing server: Default-First-Site-Name\INTAMAC-DC
    Starting test: Connectivity
    * Active Directory LDAP Services Check
    * Active Directory RPC Services Check
    [INTAMAC-DC] DsBindWithSpnEx() failed with error -2146892976,
    Win32 Error -2146892976.
    ......................... INTAMAC-DC failed test Connectivity

    Doing primary tests

    Testing server: Default-First-Site-Name\INTAMAC-DC
    Skipping all tests, because server INTAMAC-DC is
    not responding to directory service requests
    Test omitted by user request: Topology
    Test omitted by user request: CutoffServers
    Test omitted by user request: OutboundSecureChannels
    Test omitted by user request: VerifyReplicas
    Test omitted by user request: VerifyEnterpriseReferences
    Test omitted by user request: CheckSecurityError

    Starting test: FsmoCheck
    GC Name: \\intamac-dc.northampton.uk.intamac
    Locator Flags: 0xe00003fd
    Warning: Couldn't verify this server as a PDC using DsListRoles()
    PDC Name: \\intamac-dc.northampton.uk.intamac
    Locator Flags: 0xe00003fd
    Time Server Name: \\intamac-dc.northampton.uk.intamac
    Locator Flags: 0xe00003fd
    Preferred Time Server Name: \\intamac-dc.northampton.uk.intamac
    Locator Flags: 0xe00003fd
    KDC Name: \\intamac-dc.northampton.uk.intamac
    Locator Flags: 0xe00003fd
    ......................... northampton.uk.intamac passed test FsmoCheck


    Would appreciate any help as to why I am unable to open the policy. I have signe don as administrator , who is a member of enterprise admin group, so pretty sure its not a security issue.
    Like i said I have completed this test the only difference being SP1 was NOT installed on the "live" network before. Now it has this seems to be the only difference. A working procedure with all steps tried and tested was followed.
    SO I guess SP1 must be the issue here.

  • #2
    Re: Restoring System State for a Domain Controller for Disaster recovery to 2003 Serv

    Off the top of my head.
    If it is on different hardware have you checked the network card has appeared (different hardware will probably have a differnet NIC)? Can you get internet access or ping outside of the server? Also make sure it is set to use itself for DNS if you have changed IP addresses.

    Sounds to me like it can't resolve DNS at the moment.

    Might also be wortth changing your username as you are inviting spam (from elsewhere) by publishing it fully.
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: Restoring System State for a Domain Controller for Disaster recovery to 2003 Serv

      I have got rid of the "ghost" NIC's like I said, this all worked before SP1 was applied to the "live" network. SO things like "ghost" NIC's and "ntfrsW replication issues were removed.
      Did a dcdiag /test:dns - no errors reported.

      Comment


      • #4
        Re: Restoring System State for a Domain Controller for Disaster recovery to 2003 Serv

        Hmm, I think I misread. Apologies for that.
        You have upgraded, to SP1, an already restored machine that was working and now isn't.

        If it is the only DC (and I appreciate the above now) can you see if it recognises it still holds all of the fsmo roles?
        Maybe restart netlogon too whilst it is running.
        cheers
        Andy

        Please read this before you post:


        Quis custodiet ipsos custodes?

        Comment


        • #5
          Re: Restoring System State for a Domain Controller for Disaster recovery to 2003 Serv

          Andy,
          Thats OK..i did include a lot of information. I am surprised you stayed awake reading it all.

          WHat I have done is, installed 2003 server on TEST server. Installed DNS and SP1 and DCPROMO. Then reboot - F8 then DS restore from System State from the "live" network.
          Then the "ghost" NIC's removed and "ntfrs" stopped, the Domain folder backed up and "burflags" changed to D4 in the registry , restarted. I also did a metaclean up to forcing all roles, if required to this DC , and removing all other DC's from the Metadata database. So the DC has all roles, as the metadata clean up forces this.
          I can add member servers to the Domain but cant open the Policy and each server gets errors in the Event Logs reported the error it cant open the policy.
          Have checked all security settings and confirm they match the live network. This is important as I am having to add Exchange to the scenario, and Exchange is so tightly linked in with the AD.
          The only difference being SP1 is in the scenario. Hope a bit more backgroud information may help in some way.
          Thread below shows some good stuff on secedit which goes through the policy , this does not fix the issue after a "gpupdate"
          http://www.experts-exchange.com/Oper..._21646836.html

          Sorry about the essay......

          Comment


          • #6
            Re: Restoring System State for a Domain Controller for Disaster recovery to 2003 Serv

            You're installing SP1 and then applying a system state backup that was taken from a non SP1 machine?

            Per MS documentation, service pack levels should always match. Also you should not DCPROMO first.

            Comment


            • #7
              Re: Restoring System State for a Domain Controller for Disaster recovery to 2003 Serv

              Originally posted by Meekrobe View Post
              You're installing SP1 and then applying a system state backup that was taken from a non SP1 machine?

              Per MS documentation, service pack levels should always match. Also you should not DCPROMO first.
              Ok, have done as above, and NOT runa DCPROMO.
              It makes no difference when I try to open the Group Policy reports an error as before.

              Comment


              • #8
                Re: Restoring System State for a Domain Controller for Disaster recovery to 2003 Serv

                So it looks as though applying SP1 to the "live" server is the dfference and has done something to the security on the GPO so that I cant open it in the MMC.

                Comment

                Working...
                X