Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

DCPromo and Re-installing a DC

  • Filter
  • Time
  • Show
Clear All
new posts

  • DCPromo and Re-installing a DC

    Hi All

    I have been experiencing strange issues with a small DC (say DC03) I promoted into the domain. Issue's started when I transferred all FSMO roles over to DC03 from DC01. Problems included GPO userenv errors (which I fixed by correcting the alternate DNS server on DC03) and time errors. THese seem such small trivial errors and DCDiag and Netdiag show up healthy, however, I fear that such small errors are an indication of other hidden agendas. In frustration I am thinking of removing DC03 (dcpromo) and re-promoting it back into the domain using the same name and IP address, however, was wondering if this can lead to problems or is not best practice.
    I welcome your views.

  • #2
    Re: DCPromo and Re-installing a DC

    what are the time errors ?
    dcdiag says everything is ok.. are there replication issues ? is this a single, or multi-site environment ?
    Please do show your appreciation to those who assist you by leaving Rep Point


    • #3
      Re: DCPromo and Re-installing a DC

      Hi Tehcamel

      The time errors are event id 24 and 29. After I had transferred the FSMO roles across to DC03, all member servers and clients threw up these errors with time and then periodically synced the time and then followed with more errors. DC03 was initially set to look to itself for time exactly as DC01 was configured before I changed it to NTS and all with the same errors. DC03 even continued to look to DC01 for time after the transfer of FSMO roles to DC03. However, when the roles are held with DC01, no time issues. Replication works fine with no replication issues as all GPO's and AD objects are all replicating and replmon is reporting successful replication attempts.
      This is a multi-site domain with three DC's. Two on one site and one at another site (DC02).
      I initially brought DC03 into the domain to replace DC01, however, after I transferred the FSMO roles across to it, DC03 started to post 1030 and 1058 errors with a GPO. I solved that problem as I did not have an alternate DNS server. I wouldnt have thought that this would have been a problem as the DC03 was looking to itself for primary DNS.
      This all seems like small trivial issues, but I suspect that something had gone amiss during the DCPROMO process and thought that maybe removing and re-installing it back into the domain may solve these issues.


      • #4
        Re: DCPromo and Re-installing a DC

        All DC's generally go to the PDC emulator for time checking.

        How long did you leave replication for??

        Have you restarted the time service in all your DC's??


        • #5
          Re: DCPromo and Re-installing a DC

          From what I remember, I had left the DC03 on the domain for about a week to check for any problems, so I am pretty convinced that much of the replication would have completed over that time. Yes I did restart the time service on the DC's. On one of the DC i recall getting a warning that said
          Event Type: Warning
          Event Source: W32Time
          Event Category: None
          Event ID: 26
          Date: 21/04/2010
          Time: 1:26:18 PM
          User: N/A
          Time Provider NtpClient: The response received from domain controller DC03 has a bad signature. The response may have been tampered with and will be ignored.
          This error came up alongside the event id: 24, 29 and 38.
          It has been a hit and miss affair with every few hours that the time works and synchronizes, but then goes back to reporting those errors.
          It seems that the time clients can only get through to DC03 for time every now and then. However, when I moved the roles back over to DC01, all time issues have virtually disappeared.
          Something this simple has driven me nuts.


          • #6
            Re: DCPromo and Re-installing a DC

            Hi All again

            Due the issues I have been having as above, I have decided to DCPROMO the server down and then re-promoted the DC back into the domain using the same name and IP.
            I was wondering if this process can lead to problems or is not best practice?


            • #7
              Re: DCPromo and Re-installing a DC

              You might click a bit trough this
              Technical Consultant

              MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
              "No matter how secure, there is always the human factor."

              "Enjoy life today, tomorrow may never come."
              "If you're going through hell, keep going. ~Winston Churchill"


              • #8
                Re: DCPromo and Re-installing a DC

                Hi All

                Just to update you all that DCPromoting the DC out and back into the domain has resolved the issue with the time service. All seems to be humming along nicely with all clients and member servers collecting their time without any errors. I had also updated the network card drivers prior to DCPromo'ing the DC back into the domain, not that I suspect it caused the issues.
                Thank you dumber for your article, I suspect it had to do with the server being a bit rogue and something went amiss during the initial DCPromo.
                Thanks to all others for their input.


                • #9
                  Re: DCPromo and Re-installing a DC


                  Can you check secure channel between DCs?
                  Thanks & Regards

                  MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
                  Sr. Wintel Eng. (Investment Bank)
                  Independent IT Consultant and Architect

                  Show your appreciation for my help by giving reputation points


                  • #10
                    Re: DCPromo and Re-installing a DC

                    Hi v-2nas

                    Could you please explain what you mean by secure channel and how I might do this?