Announcement

Collapse
No announcement yet.

Reboot during demote W2k DC after long time offline

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Reboot during demote W2k DC after long time offline

    I have 1 W2k SP4 DC offline long time. However, it has important app so I must connect it to domain again.
    I want to demote this DC because this server hardware too old and it is unstable
    however I met some troubles:

    1. Firstly, I couln't run dcpromote because this server couln't contact with other DC
    I found in some website that this problem due to my DC long time offline.
    I need reset this DC account password. I did and this action was success.
    This server can contact with other DCs and repliation progress can be done.

    2. I can run the dcpromote, however after a few minutes, the server reboot and it showed 2 box messages:

    - The operation failed with the following error: The remote procedure call failed.

    and

    - This system is shutting down. ....
    The system process 'C:\WINNT\system32\Lsass.exe' terminated unexpectedly with status code -1073741819. The system will now shutdown and restart.

    I tried dcpromote /forceremoval, it also met the same trouble.

    Anyone please help me how to demote this DC become a normal PC in our domain?

  • #2
    Re: Reboot during demote W2k DC after long time offline

    Run a av scan asap on that server, i think you may have the lsass virus

    http://www.symantec.com/security_res...050114-1706-99

    once youve done that, then go into AD sites and services on your working dc`s, remove all references to the retired DC.

    Then do the /forceremoval.
    Last edited by Allenwhite78; 8th April 2010, 09:52.
    Allen White
    MCSE,MCSA,MCITP,MCTS,CCA,CCSP,VCP

    Comment


    • #3
      Re: Reboot during demote W2k DC after long time offline

      Thks,

      Now I'm checking and removing virus if it has.

      However, please tell me more what does "remove all references to the retired DC" means?

      Comment


      • #4
        Re: Reboot during demote W2k DC after long time offline

        Seek and ye shall find:
        http://www.petri.com/delete_failed_dcs_from_ad.htm
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: Reboot during demote W2k DC after long time offline

          Well, as the DC has been turned off fo so long it will be tombstoned, meaning it cannot function within AD - connect etc. So in AD sites and services, find all references to this server, right click and delete.

          then do the foreremoval on the retired server
          Allen White
          MCSE,MCSA,MCITP,MCTS,CCA,CCSP,VCP

          Comment


          • #6
            Re: Reboot during demote W2k DC after long time offline

            I checked virus in this server already. It seems no virus because:

            1. Before the time I disconnected this server from NW never reboot automatically like this
            and after I connect to NW, except for the times I use dcpromote, it also never reboot.
            - My DC installed Symantec Antivirus v10 and virus definition is updated.
            - OS service patch updated
            - I run Sasser tool, full scan DC in safe mode, it also didn't find any virus.
            - None of Sasser virus phenomenon were found.

            2. Remote procedure call failed and reboot message only appear when I run dcpromo with the process is: Create a local user for SAM database

            I try forceremoval once again, the problem still happend

            I want to know if the process of demote like above, can the AD function work normal?

            And if I manual remove DC, can I plug this DC in NW continue? Because I must let this server online after demote.
            Last edited by huyenthu; 8th April 2010, 11:33.

            Comment


            • #7
              Re: Reboot during demote W2k DC after long time offline

              Try this. http://forums.petri.com/showthread.p...ght=tombstoned

              As mentioned in the above post, do not forget to reset the Tombstone back to FALSE ( dword:00000000 ) to close the security gap.
              1 1 was a racehorse.
              2 2 was 1 2.
              1 1 1 1 race 1 day,
              2 2 1 1 2

              Comment


              • #8
                Re: Reboot during demote W2k DC after long time offline

                It sounds like the server has been out of the domain for too long and has been tombstoned. I'd suggest going into AD and removing the computer/server in any instances it is found.

                Let me know if that works, or post additional information you may have.

                ______________________________________________
                Tim Macking
                MCSE 2003, MCDBA, MCSA, MCTS, MCP, MCT, MCITP
                Project Manager / IT Consultant
                Zander Technical Conultants Ltd
                St. Petersburg, Florida
                "Working the magic 30% of the time"

                Comment


                • #9
                  Re: Reboot during demote W2k DC after long time offline

                  Originally posted by biggles77 View Post
                  Try this. http://forums.petri.com/showthread.p...ght=tombstoned

                  As mentioned in the above post, do not forget to reset the Tombstone back to FALSE ( dword:00000000 ) to close the security gap.
                  macking, read the link at the quoted link. It shows you how to "UNtombstone" a DC.
                  1 1 was a racehorse.
                  2 2 was 1 2.
                  1 1 1 1 race 1 day,
                  2 2 1 1 2

                  Comment


                  • #10
                    Re: Reboot during demote W2k DC after long time offline

                    Thanks for your solutions,

                    However, I tried to dcpromo /forceremove already. It failed (automatic reboot) when "creating a local account of SAM for database".

                    I don't know after I do like that, can I untomstone it?

                    I afraid AD function have problem because in AD Users & computers snap-in there was nothing in Builtin, Computers, Domain Controllers.
                    Last edited by huyenthu; 13th April 2010, 11:07.

                    Comment

                    Working...
                    X