Demoted DC unable to join network

Discussion in 'Server Networking' started by Grajek, Dec 29, 2007.

  1. Grajek

    Grajek Guest

    I recently demoted a windows 2003 server from a secondary DC. I rebuilt the
    network and created a new DC which also acts as a DNS. When I try to join the
    recently demoted DC windows 2003 server it say it cannot contact the network.
    I know it can see the network because I made the new DC/DNS the only DNS for
    the demoted machine and configured it obtain an IP address from DHCP, which
    it does.

    Any ideas why I cannot join this machine to the new network?

    Thanks
     
    Grajek, Dec 29, 2007
    #1
    1. Advertisements

  2. Grajek

    Bill Grant Guest

    Did you ever actually disjoin the machine from the old domain, or just
    run dcpromo? You may have created a new domain with the same name as the old
    one, but it is a different domain with different security identifiers.
     
    Bill Grant, Dec 29, 2007
    #2
    1. Advertisements

  3. Hello Grajek,

    For servers it is better to use fixed ip addresses. So set a fixed ip and
    then ping the server to see if you got a reply. Also check that the DNS server
    is only pointing to itself for DNS and not maybe to your ISP's DNS server.
    BTW, since windows 2000 there is no longer a PDC/BDC concept. All DC's are
    the same, the difference are the 5 FSMO roles which can be stored on all
    DC's (ofcourse there are also some rules to follow).

    Best regards

    Meinolf Weber
    Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    no rights.
    ** Please do NOT email, only reply to Newsgroups
    ** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm
     
    Meinolf Weber, Dec 29, 2007
    #3
  4. Grajek

    Grajek Guest

    I disjoined all the machines. I reformatted the server and started from
    scratch. The odd thing is the demoted server was never able to see the
    network either but was a DNS, DC and Exchange Server (working properly). I
    demoted the box and joined it to a work group. Then I rebuilt the primary DC.
    Is there something I missed when I demoted and disjoined? Any idea would
    greatly appreciated as I have tried for a week to figure it out. Anything
    short of rebuilding the box.

    Thanks
     
    Grajek, Dec 30, 2007
    #4
  5. Grajek

    Grajek Guest

    I actually did the DHCP as a test only. The DNS only points to it's self but
    I do have the name server of the host of my site in the NS list. All 5 roles
    all have the DC as the master. The demoted box is actually part of a work
    group now. I can ping all the machines on the network and all the machines on
    the network can ping the demoted box. Any suggestions short of rebuilding
    the box would greatly appreciated.

    Thanks
     
    Grajek, Dec 30, 2007
    #5
  6. Grajek

    Bill Grant Guest

    The only DNS address(es) a domain client should have should be the local
    DNS server(s). The local DNS should be set up to forward to a public DNS. In
    Active Directory LAN machines find a logon server by querying DNS. Only your
    local DNS server (ie the one linked to your Active Directory) knows how to
    do this.
     
    Bill Grant, Dec 30, 2007
    #6
  7. Hello Grajek,

    Please post an ipconfig /all from your DNS server and the problem server.

    Best regards

    Meinolf Weber
    Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    no rights.
    ** Please do NOT email, only reply to Newsgroups
    ** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm
     
    Meinolf Weber, Dec 30, 2007
    #7
  8. Grajek

    Grajek Guest

    Your correct. The only NS for my domain is the the new DC/DNS. I have two NS
    in my "forward" list (the name servers provided me when I hosted my site with
    Network Assoc). I am not having trouble with my DNS/DC configuration, I have
    two other servers (app and database) successfully joined to my domain. The
    configuration is rock solid. The problem is with the machine I demoted. It
    cannot see or join the domain. all the other boxes, clients and servers
    connect just fine but not the recently demoted one. It is strange that this
    box can ping the other machines in the domain and can view the internet when
    the only DNS is the DC /DNS in my domain (192.168.1.4 this is the one and
    only IP for the ether netcard on the demoted box).

    The problem has to be to an old reference left over from the pre-demotion.
    The .dns files in \windows\systesm32\dns directory

    Thanks
     
    Grajek, Dec 30, 2007
    #8
  9. Grajek

    Grajek Guest

    I noticed 192.168.1.5 is an old reference to the second network card. Not
    sure how to get rid of it.

    Thanks for any critic / suggestions. I am pretty new to Networks.

    Windows IP Configuration (Demoted Machine)

    Host Name . . . . . . . . . . . . : nolo
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Unknown
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : tjctc.org

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . : tjctc.org
    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
    Physical Address. . . . . . . . . : 00-14-22-5C-8D-CF
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    IP Address. . . . . . . . . . . . : 192.168.1.20
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.1.1
    DHCP Server . . . . . . . . . . . : 192.168.1.4
    DNS Servers . . . . . . . . . . . : 192.168.1.4
    NetBIOS over Tcpip. . . . . . . . : Disabled
    Lease Obtained. . . . . . . . . . : Saturday, December 29, 2007 8:06:13 PM
    Lease Expires . . . . . . . . . . : Sunday, January 06, 2008 8:06:13 PM


    Rebuilt DC/DNS

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : judge
    Primary Dns Suffix . . . . . . . : tjctc.org
    Node Type . . . . . . . . . . . . : Unknown
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : tjctc.org

    Ethernet adapter Local Area Connection 2:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
    Connection #2
    Physical Address. . . . . . . . . : 00-14-22-1A-54-53
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.1.4
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.1.1
    DNS Servers . . . . . . . . . . . : 127.0.0.1

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
    Physical Address. . . . . . . . . : 00-14-22-1A-54-54
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.1.5
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.1.1
    DNS Servers . . . . . . . . . . . : 192.168.1.4
     
    Grajek, Dec 30, 2007
    #9
  10. Hello Grajek,

    "nolo" is ok, except i would configure a fixed ip not DHCP, because it is
    a server, but that's only my thought.

    I assume the "judge" is one server, even if you have configured 2 ip addresses?
    If it is one physical machine use only one NIC and disable the second NIC
    (multihoming a DC will make a lot of problems and is not recommended by MS),
    configure it like this,:

    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.1.4
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.1.1
    DNS Servers . . . . . . . . . . . : 192.168.1.4

    Do not use the loopback address (127.0.0.1), will only work without problems
    if you have only one DNS server, better use the real ip address.

    Best regards

    Meinolf Weber
    Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    no rights.
    ** Please do NOT email, only reply to Newsgroups
    ** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm
     
    Meinolf Weber, Dec 30, 2007
    #10
  11. Grajek

    Grajek Guest

    Okay thanks.

    I gave nolo it's static IP. The second netwrok card has been disabled for
    over a year, so I do not know how nolo still has a reference to it. I also
    deleted the NIC as you suggested. I have taken out the loop back as well.
    The machine is still unable to see the domain or join the domain. Very
    strange, no one seems to know how to remedy this. I do not feel so bad now
    since I have not been able to join it to the domain either. 3 weeks of
    staring at it without knowing how to fix it has given me an ulcer.

    I guess the rebuild is the only solution.

    Thanks for everyones help.

    Grajek
     
    Grajek, Dec 30, 2007
    #11
  12. Hello Grajek,

    I was talking about judges second NIC not nolos, so which one are you talking
    about now?

    Best regards

    Meinolf Weber
    Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    no rights.
    ** Please do NOT email, only reply to Newsgroups
    ** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm
     
    Meinolf Weber, Dec 30, 2007
    #12
  13. Grajek

    Grajek Guest

    I was also talking about Judge. Nolo has only one NIC. It appears there is
    no way to join nolo to the domain unless I rebuild the machine. Even that
    might not work.

    Thanks Again.
     
    Grajek, Dec 30, 2007
    #13
  14. hi,
    can you check the contents of the %windir%\system32\drivers\etc\hosts file?
     
    Dragos CAMARA, Jan 2, 2008
    #14
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.