Windows 2003 Server not saving Active Directory

Home Forums Server Operating Systems Windows Server 2000 / 2003 / 2003 R2 Windows 2003 Server not saving Active Directory

This topic contains 170 replies, has 12 voices, and was last updated by Avatar leoh 11 years, 11 months ago.

Viewing 30 posts - 91 through 120 (of 171 total)
  • Author
    Posts
  • Avatar
    leoh
    Member
    #293105

    Re: Windows 2003 Server not saving Active Directory

    wullieb1;58181 wrote:

    Ok. So now what should I do? Demote it, and then do the metadata cleanup?

    wullieb1;58181 wrote:
    So did you run ADPREP on your 2000 server?? This prepares your forest for your 2003 DC’s.

    Yes, I did, back in december. (Should I do it again?)

    Avatar
    wullieb1
    Moderator
    #240104

    Re: Windows 2003 Server not saving Active Directory

    Has to be worth a shot.

    Did ADPREP run without any errors??

    Try this.

    Transfer any of the FSMO roles back to the 2000 server.
    DCPROMO the server back to being a member server.
    Remove the computer from the domain completely. Actually remove the server from the domain and place it in a workgroup.
    Disconnect the 2003 server from the network. Physically disconnect the machine from the network.

    I think at this point i would rename the server to something else meaningful to your organisation.

    Do a metadata cleanup on the 2000 server.
    Delete all records from DNS that point to the old server. That means checking all folders in your DNS structure and deleting all the entries for the server.

    Prior to adding the machine back onto the domain i would ensure that the following is done

    http://www.petri.com/windows_2003_adprep.htm – This should be done on your 2000 server machine.

    then

    http://www.petri.com/create_a_new_dns_server_for_ad.htm – This references 2000 but it is the same procedure for 2000 as it is for 2003. This needs doen on the Server 2003 machine.

    then

    http://www.petri.com/how_to_install_active_directory_replica_on_windows_2003.htm – This needs done on the 2003 machine.

    Please follow these steps exactly as they are laid out on th edocs and get back to us and let us know how you get on.

    Avatar
    leoh
    Member
    #293106

    Re: Windows 2003 Server not saving Active Directory

    wullieb1;58198 wrote:
    Did ADPREP run without any errors??

    It did run without errors back in december.

    wullieb1;58198 wrote:
    Transfer any of the FSMO roles back to the 2000 server.
    DCPROMO the server back to being a member server.
    Remove the computer from the domain completely. Actually remove the server from the domain and place it in a workgroup.
    Disconnect the 2003 server from the network. Physically disconnect the machine from the network.

    Done

    wullieb1;58198 wrote:
    I think at this point i would rename the server to something else meaningful to your organisation.

    I can’t rename it since I have a few programs in the XP computers pointing towards its name.

    wullieb1;58198 wrote:
    Do a metadata cleanup on the 2000 server.

    Couldn’t do it. Once demoted and moved to the workgroup, it doesn’t appear as a server on the ntdsutil console.

    wullieb1;58198 wrote:
    Delete all records from DNS that point to the old server. That means checking all folders in your DNS structure and deleting all the entries for the server.

    Done. I had several entries. May be 6 or 8 all over the DNS.
    But I found something strange, under sites and services. I am attaching a screenshot. Something is still pointing towards the 2003 server (the translation would be something like “topology generator between sites”). The 2003’s server name is “Materiales”, and the 2000’s name is “Lecorbu”.
    sitesgr3.jpg

    wullieb1;58198 wrote:
    http://www.petri.com/windows_2003_adprep.htm – This should be done on your 2000 server machine.

    Won’t it generate more problem to do it again?

    Avatar
    leoh
    Member
    #293107

    Re: Windows 2003 Server not saving Active Directory

    I just tried to adprep /forestprep and adprep/domainprep, and both commands returned a message saying that the task had already been performed and it did not attempt to run the operation again.

    Avatar
    wullieb1
    Moderator
    #240105

    Re: Windows 2003 Server not saving Active Directory

    Have you deleted all references to the 2003 server??

    Avatar
    leoh
    Member
    #293108

    Re: Windows 2003 Server not saving Active Directory

    wullieb1;58390 wrote:
    Have you deleted all references to the 2003 server??

    Yes, I did, at least the ones I found. I only deleted entries on the DNS. I didn’t find references anywhere else.

    Now I rejoined the server as a DC, and I have what I am attaching, as a screenshot.
    Now the name appears correctly. But should the 2003 server be there?
    But still no NETLOGON share, and the netdiag and dcdiag are giving the same errors. No changes.

    Avatar
    wullieb1
    Moderator
    #240107

    Re: Windows 2003 Server not saving Active Directory

    leoh;58391 wrote:
    Yes, I did, at least the ones I found. I only deleted entries on the DNS. I didn’t find references anywhere else.

    Now I rejoined the server as a DC, and I have what I am attaching, as a screenshot.
    Now the name appears correctly. But should the 2003 server be there?
    But still no NETLOGON share, and the netdiag and dcdiag are giving the same errors. No changes.

    Did you follow the procedures that i gave you a couple of posts ago??

    I’m a bit confused with the remark ‘Now I rejoined the server as a DC’. Did you rejoin the machine to the domain and then run DCPROMO successfully??

    Avatar
    leoh
    Member
    #293109

    Re: Windows 2003 Server not saving Active Directory

    wullieb1;58395 wrote:
    Did you follow the procedures that i gave you a couple of posts ago??

    Yes, I did.

    wullieb1;58395 wrote:
    I’m a bit confused with the remark ‘Now I rejoined the server as a DC’. Did you rejoin the machine to the domain and then run DCPROMO successfully??

    The server was on a workgroup. I ran DCPromo, and set it as an additional server for an existing domain. I guess it added itself automaticaly to the domain.
    In the AD console, it appears as a Domain Controller.

    But the situation is the same as yesterday. Still no NETLOGON, and the DCDiag and NETDiag give the same output.

    Avatar
    wullieb1
    Moderator
    #240108

    Re: Windows 2003 Server not saving Active Directory

    I’m lost then because i have done this same procedure many time before and i’ve never had any issues with adding a 2003 DC to a 2000 domian.

    The procedures i’ve set out are the procedures i would follow almost exactly.

    Can you try something for me. Write down the EXACT procedure you followed to add the server to your domain as a domain controller, including all the options you chose when doing the DCPROMO.

    Avatar
    leoh
    Member
    #293110

    Re: Windows 2003 Server not saving Active Directory

    wullieb1;58401 wrote:
    Can you try something for me. Write down the EXACT procedure you followed to add the server to your domain as a domain controller, including all the options you chose when doing the DCPROMO.

    I did EXACTLY as it appears on the screenshots on
    http://www.petri.com/how_to_install_active_directory_replica_on_windows_2003.htm

    But on step 3, I don’t have everything that should have been created.

    The 4 SRV folders appear (_msdcs, _sites, _tcp, _udp).

    The NTDS folder exists, and has more or less the same content as the screenshot.

    The SYSVOL folder exists, and has 4 folders: domain, staging, staging areas and sysvol. Inside that last sysvol, I have another folder that is empty and called pocqt.ort.edu.uy. I am attaching a screenshot of the structure.
    But there’s no Policies or Scripts folders inside SYSVOL.

    And of course, if I run net share, I can’t see either of them (SYSVOL and NETLOGON). However, I can see other folders, and they work properly. I am using this server as an antivirus server (TrendMicro) and as a file server (about 20 GB of shared files). And those work fine.

    Is it possible that the TrendMicro is affecting somehow?

    Avatar
    wullieb1
    Moderator
    #240109

    Re: Windows 2003 Server not saving Active Directory

    It could be.

    Have you tried disabling it and running DCPROMO again??

    I must admit i never run DCPROMO on a server that has AV software on it.

    Avatar
    wullieb1
    Moderator
    #240110

    Re: Windows 2003 Server not saving Active Directory

    Also have a look at these docs

    http://www.jsifaq.com/SF/Tips/Tip.aspx?id=3304

    http://support.microsoft.com/?kbid=257338

    They may help.

    *DISCLAIMER*

    Please note though that i take no responsibility for anything bad that happens to your system if you use these tips. Please ensure you have a known good backup that you can recover from.

    Editing the registry at any time is dangerous and can result in system instability.

    *END OF DISCLAIMER*

    Avatar
    leoh
    Member
    #293111

    Re: Windows 2003 Server not saving Active Directory

    I’ve read those links, but they refer to Windows 2000. I don’t want to ruin a working 2003 server, since all the rest on it works fine.

    I’ll focus into installing a new server, under VMWare, on top of the 2003 Server. Do you think I should install Windows 2000 Server, or 2003 Server?
    You think a 2000 server is “more compatible” with the existing 2000 server, compared to a 2003 server?

    Avatar
    wullieb1
    Moderator
    #240113

    Re: Windows 2003 Server not saving Active Directory

    leoh;58577 wrote:
    I’ve read those links, but they refer to Windows 2000. I don’t want to ruin a working 2003 server, since all the rest on it works fine.

    I’ll focus into installing a new server, under VMWare, on top of the 2003 Server. Do you think I should install Windows 2000 Server, or 2003 Server?
    You think a 2000 server is “more compatible” with the existing 2000 server, compared to a 2003 server?

    Server 2003 is really just the same code base as 2000 and effectively works the same, albeit restrcited.

    I would definatley install Server 2003 into your VMWare session and see what happens.

    Is there anything on the 2000 server that would affect it replicating?? I.E. Firewall.

    The 2000 server is just that its not an SBS server is it??

    I know a bit late to be asking these questions but its better late than never.

    Avatar
    leoh
    Member
    #293112

    Re: Windows 2003 Server not saving Active Directory

    wullieb1;58578 wrote:
    I would definatley install Server 2003 into your VMWare session and see what happens.

    Ok, I’ll try with 2003 server then. I thought using 2000 would be more straightforward.

    wullieb1;58578 wrote:
    Is there anything on the 2000 server that would affect it replicating?? I.E. Firewall.

    I don’t think there is a firewall problem, since the GC is being replicated. The servers can ping eachother and see eachother. The problem here is that the XP computers can’t find the domain once the 2000 is offline.

    wullieb1;58578 wrote:
    The 2000 server is just that its not an SBS server is it??

    The 2000 Server is a normal 2000 Server. But actually, since this is a University, I can install any Microsoft OS I want. Taking that into account, is there a better solution?
    I wouldn’t risk to upgrade the 2000 to 2003, since I am not completely certain that it is working fine.

    Avatar
    leoh
    Member
    #293113

    Re: Windows 2003 Server not saving Active Directory

    Still no luck. I set up a new 2000 Server under VMWare.
    I added it as a DC with GC.
    When I tried to set up the DNS, I get the following error (translation):
    Cannot update the server’s root suggestions.
    Cannot write the configuration registry key.

    I remember to have seen the same error on the original 2003 server when I attempted to do the same, but since it had generated everything on the DNS, I didn’t pay attention. But since both servers give the same result… then something is going on there.

    Besides, the new server doesn’t have either the NETLOGON and SYSVOL shares.

    What can cause this?

    Avatar
    wullieb1
    Moderator
    #240126

    Re: Windows 2003 Server not saving Active Directory

    Try this
    http://support.microsoft.com/kb/300684

    Avatar
    leoh
    Member
    #293114

    Re: Windows 2003 Server not saving Active Directory

    wullieb1;58714 wrote:

    I read it but I don’t know what “single-label DNS names” are.
    How is that related to my problem?

    Avatar
    tonyyeb
    Member
    #223664

    Re: Windows 2003 Server not saving Active Directory

    leoh;58800 wrote:
    I read it but I don’t know what “single-label DNS names” are.
    How is that related to my problem?

    The article does say what a single-label domain is:

    Quote:
    Generally, we recommend that you register DNS names for internal and external namespaces with an Internet registrar. This includes the DNS names of Active Directory domains, unless such names are sub-domains of DNS names that are registered by your organization name. For example, “corp.example.com” is a sub-domain of “example.com.” Registering your DNS names with an Internet registrar may prevent possible name collisions if another organization tries to register the same DNS name, or if your organization merges with, acquires, or is acquired by another organization that uses the same DNS name.

    DNS names that do not contain a suffix such as .com, .corp, .net, .org or companyname are considered to be single-label DNS names. For example, “host” is a single-label DNS name. Most Internet registrars do not allow the registration of single-label DNS names.

    But your domain isn’t. Infact yours is one of the longest ive ever seen. Why is it so long? Is it connected to the internet? Is it a DNS server for a domain on the internet?

    Avatar
    leoh
    Member
    #293115

    Re: Windows 2003 Server not saving Active Directory

    tonyyeb;58807 wrote:
    But your domain isn’t. Infact yours is one of the longest ive ever seen. Why is it so long? Is it connected to the internet? Is it a DNS server for a domain on the internet?

    It is not connected to the internet. But I was asked to name it like this. This is a University, called “ORT”. “pocqt” is the faculty code inside the university.
    “EDU” is educational. “UY” is the country code for Uruguay.

    Avatar
    tonyyeb
    Member
    #223668

    Re: Windows 2003 Server not saving Active Directory

    leoh;59012 wrote:
    It is not connected to the internet. But I was asked to name it like this. This is a University, called “ORT”. “pocqt” is the faculty code inside the university.
    “EDU” is educational. “UY” is the country code for Uruguay.

    Are there any other active directory domain controllers on your network? On the campus anywhere?

    Avatar
    leoh
    Member
    #293116

    Re: Windows 2003 Server not saving Active Directory

    tonyyeb;59017 wrote:
    Are there any other active directory domain controllers on your network? On the campus anywhere?

    Yes, but they are all independant. The idea is to integrate them at some point, but not right now.
    At this time, the networks are independant, and the domains too.

    Avatar
    leoh
    Member
    #293117

    Re: Windows 2003 Server not saving Active Directory

    So? What could I do next?
    Is it worth trying to install a 2000 Server under VMWare, or will I have the same result?

    JeremyW
    JeremyW
    Moderator
    #268778

    Re: Windows 2003 Server not saving Active Directory

    leoh;59177 wrote:
    So? What could I do next?
    Is it worth trying to install a 2000 Server under VMWare, or will I have the same result?

    I’d say give it a shot but it seems very strange that you don’t get any errors but the install isn’t complete. Is there any firewall or AV on the source DC?

    Avatar
    leoh
    Member
    #293118

    Re: Windows 2003 Server not saving Active Directory

    JeremyW;59196 wrote:
    I’d say give it a shot but it seems very strange that you don’t get any errors but the install isn’t complete. Is there any firewall or AV on the source DC?

    There’s a TrendMicro OfficeScan antivirus, as in every computer here.
    Do you think that might be affecting?
    The GC is being copied, and the servers can see eachother, the problem, again, is that the SYSVOL, NETLOGON, etc are not being created or shared.

    Avatar
    tonyyeb
    Member
    #223675

    Re: Windows 2003 Server not saving Active Directory

    Try disabling the antivirus whilst you promote the other DC.

    JeremyW
    JeremyW
    Moderator
    #268781

    Re: Windows 2003 Server not saving Active Directory

    tonyyeb;59203 wrote:
    Try disabling the antivirus whilst you promote the other DC.

    Exactly what I was going for. :grin:

    Avatar
    Dumber
    Participant
    #196300

    Re: Windows 2003 Server not saving Active Directory

    Damn, this is a long thread :shock:
    Ok, i haven’t read all of it. If the disabling of the AV won’t work, maybe you start summerizing all the actions you currently have done.

    Maybe we all are loosing it…

    Avatar
    tonyyeb
    Member
    #223677

    Re: Windows 2003 Server not saving Active Directory

    119 Posts on adding a new domain controller…. must be a record thread for problem solving???

    Avatar
    leoh
    Member
    #293119

    Re: Windows 2003 Server not saving Active Directory

    Ok, let me sumarize what happened so far:

    I started working at a new job. I found 2 servers:

    1 2000 Server, as a BDC
    1 2003 Server as a member server

    The original DC did not exist, so I had to manually (on the ntdsutil console) change the BDC to DC. And also removed the non-existing servers.
    The DNS wasn’t working either. I got it to work.

    Then, I tried to promote the 2003 Server to DC, so that I get redundancy. I am NOT looking for improved performance, only redundancy here.

    That didn’t work. I succesfully activated the GC on that server (everything is being syncronized correctly), but the XP terminals can’t see the domain once the 2000 Server is offline. Finally found that the server is not creating nor sharing the SYSVOL or NETLOGON folders.

    Tried to run a new 2003 Server, under VMWare, but got the same situation as the other 2003 Server.

    So, for some reason, the NETLOGON and SYSVOL shares are not being created on the new 2003 Servers. Any idea why? I don’t think it’s an antivirus or firewall issue, since the DNS and GC are being syncronized correctly.
    What I don’t understand is what can cause the NETLOGON and SYSVOL not to be created. Any ideas?

Viewing 30 posts - 91 through 120 (of 171 total)

You must be logged in to reply to this topic.