Announcement

Collapse
No announcement yet.

Server 2003 Additional DC Failed

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Server 2003 Additional DC Failed

    Hi all,

    Lurked quite a bit on these forums but never posted before hope someone can help us out.

    We are trying to add a third dc offsite to our domain and are having a few problems with the promotion.

    Currently have 2 onsite domain controllers running server 2003 x64 sp2 physical on the same subnet working fine carried out dcdiag, replmon, repadmin etc to check the health of active directory all ok.

    Built a new server in the offsite office to act as DR solution to our domain runnning windows server 2003 x64 sp2 joined to the domain no problems and set static ip installed dns role but root hints only at this stage.

    Then did a dcpromo all ok asked for credentials entered enterprise admins credentials all ok started the promotion firstly syncing the clock (Which was already in time ok checked before starting active directory wizard runs but stopped after 1 minute during promotion active directory could not create the ntds settings objects for this domain controller then has the path to the server and final error is "the rpc server is unavailable"

    Checked the server it was connected to the rpc was running and it was. Also noted that the server had created an object of the server in active directory sites and services but nothing within.

    Checked dns and active directory the object had not been moved into the domain controllers ou or any dns records the only thing that seemed to have changed was in sites and services.

    Ip is set static and looks at the two domain controllers for dns and resolution i.e. nslookup and ping returns the correct addresses and no lost packets or massive latency (it is on a 100mb pipe from our main office to the offsite office).

    I suspect it is the cisco firewall at fault and stopping a certain port although it was able to create the object in sites and services which is strange? I will be opening up all traffic tomorrow to the correct ip's to prove if it is or not.

    As I have not had many failures in the past and this one is new to me do I need to do anything to active directory or more importantly sites and services as I am concerned it has made some changes but obviously not all should I delete the object in sites and services and try again or should I leave as be and try again once I have opened up the firewall (if this is the issue.)???

    I also checked dcdiag and replmon and repadmin again to check all was ok which it was and also none of the above commands had any reference to the new server at all so I am guessing it fell over literally at the first hurdle just not too sure on how to proceed as never had this failure before.

    Cheers for any help given.

    Lee

  • #2
    Re: Server 2003 Additional DC Failed

    I think you definitely need to look at firewalls as being the problem here..
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: Server 2003 Additional DC Failed

      Originally posted by leedudmish View Post
      I suspect it is the cisco firewall at fault and stopping a certain port although it was able to create the object in sites and services which is strange? I will be opening up all traffic tomorrow to the correct ip's to prove if it is or not.
      As you and tehcamel say it is highly likely to be the firewall. Do you know what the rulesets on it are? Is it a PIX/ASA? What rules do you have setup on it?
      Have you got the MS firewalls enabled on the DCs as well?
      cheers
      Andy

      Please read this before you post:


      Quis custodiet ipsos custodes?

      Comment


      • #4
        Re: Server 2003 Additional DC Failed

        We have an ASA we are sure its this that is blocking the promtion as RPC is using dynamic ports we have configured the ASA to allow traffic from the other two domain controllers and we are ready to go but I am still unsure if we need to remove the current object in active directory sites and services any ideas??

        Really dont want to mess up our active directory and require a rebuild.

        Andy the local firewalls are not turned on and the firewall service is set to disabled.

        Cheers,

        Lee

        Comment


        • #5
          Re: Server 2003 Additional DC Failed

          The ASA can be set to log to a syslog if you want to see what is happening if you want. Is your rule allow IP X to Y both ways?

          Does the machine think it is a DC if you run dcpromo again (not completing it of course)?
          cheers
          Andy

          Please read this before you post:


          Quis custodiet ipsos custodes?

          Comment


          • #6
            Re: Server 2003 Additional DC Failed

            Hi Andy,

            No re running dcpromo allows us to go through all the details again and attempt the promotion again we have opened up all ip and tcp and udp between the three servers as they are all internal anyway just to make sure it goes through smoothly, have had a good look in all parts of the active directory and can only find a reference to it in sites and services as an object.

            Cheers,

            Lee

            Comment


            • #7
              Re: Server 2003 Additional DC Failed

              How about going through a metadata cleanup to the point of seeing if anything else exists. Delete anything that isn't used/shouldn't be there and start again. As the box is not a DC currently it will be fine to do this.

              http://technet.microsoft.com/en-us/l...bkmk_graphical
              cheers
              Andy

              Please read this before you post:


              Quis custodiet ipsos custodes?

              Comment


              • #8
                Re: Server 2003 Additional DC Failed

                Hi Andy,

                Heard of it but never used it before any pointers or good sites to lookup had a google already but any tips always worth having.

                Thanks,

                Lee

                Comment


                • #9
                  Re: Server 2003 Additional DC Failed

                  You don't need to use it here but it is worth walking through the steps so you can see where the objects may exist. Delete the ones that you know are invalid (it sounds like just sites/services in your case).
                  cheers
                  Andy

                  Please read this before you post:


                  Quis custodiet ipsos custodes?

                  Comment

                  Working...
                  X