Announcement

Collapse
No announcement yet.

Should I DEMOTE??

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Should I DEMOTE??

    We are running 2 Windows 2008 Ent R2 servers on ESXI as Vm's.

    On the the Main Server we are running Exchange 2010 and recently tried to upgrade to SP1 for Exchange. I took a snapshot before upgrading the Exchange.

    We upgraded, it modified the AD SCHEMA.

    We had problems, so I reverted the changes to the main server.

    NOW, the secondary DC is not replicating because it contains the modified AD SCHEMA.

    How can I fix this?? Do I demote the secondary box? Is there a way to force a refresh the AD SCHEMA from the Main server??


    Thanks in advance!

  • #2
    Re: Should I DEMOTE??

    Schema changes cannot be "uninstalled". They can be disabled though.

    If you want to revert back to a previous state, you would have to perform a full restore of the directory prior to the schema update.
    JM @ IT Training & Consulting
    http://www.itgeared.com

    Comment


    • #3
      Re: Should I DEMOTE??

      I do have the previous SCHEMA from the Main server, since it was restored from a snapshot..... the problem is I did not snapshot the second server, so it has the new.....

      Any way to force the second server to revert to the Main servers SCHEMA??

      Comment


      • #4
        Re: Should I DEMOTE??

        Any old system state backups, you can try restoring only schema from it.
        Thanks & Regards
        v-2nas

        MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
        Sr. Wintel Eng. (Investment Bank)
        Independent IT Consultant and Architect
        Blog: http://www.exchadtech.blogspot.com

        Show your appreciation for my help by giving reputation points

        Comment


        • #5
          Re: Should I DEMOTE??

          Unfortunately... being a newer install in progress... I have no backups :.(

          So, should I forcefully demote this secondary controller and clean-up active directory on the main controller??

          Is there a better / quicker way to fix this?

          Comment


          • #6
            Re: Should I DEMOTE??

            Moreover, can you provide your topology information and netdiag, dcdiag reports
            Thanks & Regards
            v-2nas

            MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
            Sr. Wintel Eng. (Investment Bank)
            Independent IT Consultant and Architect
            Blog: http://www.exchadtech.blogspot.com

            Show your appreciation for my help by giving reputation points

            Comment


            • #7
              Re: Should I DEMOTE??

              Server01 is the DC and has Exchange 2010 on it
              Server02 is the secondary DC
              Both are on ESXI as VM's. Server01 is the restored snapshot running the previous AD SCHEMA. Server02 Has the new Schema.

              I want Server02 to have the SCHEMA of Server01

              Here is DCDIAG

              Directory Server Diagnosis

              Performing initial setup:
              Trying to find home server...
              Home Server = SERVER02
              * Identified AD Forest.
              Done gathering initial info.

              Doing initial required tests

              Testing server: Default-First-Site-Name\SERVER02
              Starting test: Connectivity
              ......................... SERVER02 passed test Connectivity

              Doing primary tests

              Testing server: Default-First-Site-Name\SERVER02
              Starting test: Advertising
              ......................... SERVER02 passed test Advertising
              Starting test: FrsEvent
              ......................... SERVER02 passed test FrsEvent
              Starting test: DFSREvent
              There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSV
              replication problems may cause Group Policy problems.
              ......................... SERVER02 failed test DFSREvent
              Starting test: SysVolCheck
              ......................... SERVER02 passed test SysVolCheck
              Starting test: KccEvent
              ......................... SERVER02 passed test KccEvent
              Starting test: KnowsOfRoleHolders
              ......................... SERVER02 passed test KnowsOfRoleHolders
              Starting test: MachineAccount
              ......................... SERVER02 passed test MachineAccount
              Starting test: NCSecDesc
              ......................... SERVER02 passed test NCSecDesc
              Starting test: NetLogons
              ......................... SERVER02 passed test NetLogons
              Starting test: ObjectsReplicated
              ......................... SERVER02 passed test ObjectsReplicated
              Starting test: Replications
              [Replications Check,SERVER02] A recent replication attempt failed:
              From SERVER01 to SERVER02
              Naming Context: DC=ForestDnsZones,DC=brantwood,DC=ca
              The replication generated an error (8456):
              The source server is currently rejecting replication requests.
              The failure occurred at 2010-10-18 10:52:18.
              The last success occurred at 2010-10-18 00:52:17.
              10 failures have occurred since the last success.
              Replication has been explicitly disabled through the server options.
              [Replications Check,SERVER02] A recent replication attempt failed:
              From SERVER01 to SERVER02
              Naming Context: DC=DomainDnsZones,DC=brantwood,DC=ca
              The replication generated an error (8456):
              The source server is currently rejecting replication requests.
              The failure occurred at 2010-10-18 10:52:18.
              The last success occurred at 2010-10-18 00:52:17.
              12 failures have occurred since the last success.
              Replication has been explicitly disabled through the server options.
              [Replications Check,SERVER02] A recent replication attempt failed:
              From SERVER01 to SERVER02
              Naming Context: CN=Schema,CN=Configuration,DC=brantwood,DC=ca
              The replication generated an error (8456):
              The source server is currently rejecting replication requests.
              The failure occurred at 2010-10-18 10:52:18.
              The last success occurred at 2010-10-18 00:52:17.
              10 failures have occurred since the last success.
              Replication has been explicitly disabled through the server options.
              [Replications Check,SERVER02] A recent replication attempt failed:
              From SERVER01 to SERVER02
              Naming Context: CN=Configuration,DC=brantwood,DC=ca
              The replication generated an error (8456):
              The source server is currently rejecting replication requests.
              The failure occurred at 2010-10-18 10:52:18.
              The last success occurred at 2010-10-18 00:53:22.
              16 failures have occurred since the last success.
              Replication has been explicitly disabled through the server options.
              [Replications Check,SERVER02] A recent replication attempt failed:
              From SERVER01 to SERVER02
              Naming Context: DC=brantwood,DC=ca
              The replication generated an error (8456):
              The source server is currently rejecting replication requests.
              The failure occurred at 2010-10-18 11:43:30.
              The last success occurred at 2010-10-18 01:03:29.
              71 failures have occurred since the last success.
              Replication has been explicitly disabled through the server options.
              ......................... SERVER02 failed test Replications
              Starting test: RidManager
              ......................... SERVER02 passed test RidManager
              Starting test: Services
              ......................... SERVER02 passed test Services
              Starting test: SystemLog
              ......................... SERVER02 passed test SystemLog
              Starting test: VerifyReferences
              ......................... SERVER02 passed test VerifyReferences


              Running partition tests on : ForestDnsZones
              Starting test: CheckSDRefDom
              ......................... ForestDnsZones passed test CheckSDRefDom
              Starting test: CrossRefValidation
              ......................... ForestDnsZones passed test CrossRefValidation

              Running partition tests on : DomainDnsZones
              Starting test: CheckSDRefDom
              ......................... DomainDnsZones passed test CheckSDRefDom
              Starting test: CrossRefValidation
              ......................... DomainDnsZones passed test CrossRefValidation

              Running partition tests on : Schema
              Starting test: CheckSDRefDom
              ......................... Schema passed test CheckSDRefDom
              Starting test: CrossRefValidation
              ......................... Schema passed test CrossRefValidation

              Running partition tests on : Configuration
              Starting test: CheckSDRefDom
              ......................... Configuration passed test CheckSDRefDom
              Starting test: CrossRefValidation
              ......................... Configuration passed test CrossRefValidation

              Running partition tests on : brantwood
              Starting test: CheckSDRefDom
              ......................... brantwood passed test CheckSDRefDom
              Starting test: CrossRefValidation
              ......................... brantwood passed test CrossRefValidation

              Running enterprise tests on : brantwood.ca
              Starting test: LocatorCheck
              ......................... brantwood.ca passed test LocatorCheck
              Starting test: Intersite
              ......................... brantwood.ca passed test Intersite

              Comment


              • #8
                Re: Should I DEMOTE??

                a non-authoritative restore?
                Put AD in the newer server into restoration mode, then force the replication from the old partner?

                Failing that, Yes, demote the new server. If you can't do itgracefully, do it using metadata cleanup.
                Then, repromote it.


                I'm guessing this is the Exchange AD Schema modifications you're referring to?
                Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                Comment


                • #9
                  Re: Should I DEMOTE??

                  Hi,

                  It seems difficult to get the replication working between server 1 and server 2 however you can give it a try by reabling the replication using repadmin
                  http://support.microsoft.com/kb/321153

                  You can run the following test to check the topolgy
                  dcdiag /test:Test_Name /fcDiag.log
                  Topology - Checks that the generated topology is fully connected for
                  all DCs.
                  VerifyReplicas - This test verifys that all application directory
                  partitions are fully instantiated on all replica servers.
                  OutboundSecureChannels - See if we have secure channels from all of the
                  DC's in the domain the domains specified by /testdomain:.
                  /nositerestriction will prevent the test from
                  being limited to the DC's in the site.

                  Image based backup is not a supported method for backing up AD.


                  else
                  - Disconnect the Failed Dc from network.
                  - Force Demotion on that Server (dcpromo /forceremoval)
                  - Then remove all references to that Dc on AD database (Metadata cleanup).
                  - Remove any Dns references to the Dc.
                  - If necessary seize any left Op Master roles that were hosted by that Dc.
                  - If the domain controller that you are demoting is a DNS server or global
                  catalog server, you must create a new GC or DNS server to satisfy load
                  balancing, fault tolerance, and configuration settings in the forest.
                  - When you use the remove selected server command in NTDSUTIL, the NTDSDSA
                  object, the parent object for incoming connections to the domain controller
                  that you forcibly demoted is removed. The command does not remove the parent
                  server objects that appear in the Sites and Services snap-in. Use the Active
                  Directory Sites and Services MMC snap-in to remove the server object if the
                  domain controller will not be promoted into the forest with the same
                  computer name
                  Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
                  http://support.microsoft.com/kb/255504/
                  Wizard to force demotion in Windows Server 2003 and in Windows 2000 Server
                  http://support.microsoft.com/kb/332199
                  How to remove data in Active Directory after an unsuccessful domain
                  controller demotion
                  http://support.microsoft.com/?kbid=216498
                  Clean up server metadata
                  http://technet2.microsoft.com/Window....mspx?mfr=true
                  The above solution is from one of the technical forums [was bit lazy to type]
                  Thanks & Regards
                  v-2nas

                  MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
                  Sr. Wintel Eng. (Investment Bank)
                  Independent IT Consultant and Architect
                  Blog: http://www.exchadtech.blogspot.com

                  Show your appreciation for my help by giving reputation points

                  Comment


                  • #10
                    Re: Should I DEMOTE??

                    Schema changes cannot be changed even if u was able to replicate the old AD to the new AD. only demoting the server will solve your issue.

                    Good Luck

                    Comment

                    Working...
                    X