transfer FSMO roles server 2003

Discussion in 'Active Directory' started by Leonard, Oct 11, 2008.

  1. Leonard

    Leonard Guest

    I had out server go down so we replaced the HDD's and reloaded server 2003
    std and resored the system state.

    This brought all my active directory back but also showed all the installed
    programs what where loaded to this server, this caused numnerout problems so
    we setup a temp server and transfed the FSMO roles to it.

    We tested that i worked with out exchange box and a user logged on ok and
    viewed their email

    we proceded to reload the real server and transfered the FSMO roles to it
    BUT that not working

    we run manage your server and select add a role > Custom confguration >
    select Domain Controller, select additional domain controller for an
    existing domain.

    we enter the username, password and domain name, when I click next i end up
    with a box saying

    "an active directory domain controller for the domain "my domin name" could
    not be connected

    ensure that the dns domain name is typed correctly

    if the name is correct then click details for trouble shooting information

    iam at a loss and need to get the server up and running by 5pm sunday so its
    now urgent

    hope you can help
     
    Leonard, Oct 11, 2008
    #1
    1. Advertisements

  2. Hello Leonard,

    How many DC's have you had before the crash and now?

    What kind of restore was it, non-authoritative (sinlge DC) or authoritative
    (multiple DC's)?

    Did you also make the temp DC Global catalog server and DNS server, what
    kind of zones, AD integrated?

    Please post an unedited ipconfig /all from the temp DC and the reinstalled.

    Best regards

    Meinolf Weber
     
    Meinolf Weber, Oct 11, 2008
    #2
    1. Advertisements

  3. Leonard

    Leonard Guest

    only 1 DC

    1 exchange 2003 server

    not sure what you mean about the restore type?

    did the DC Global catalog server, not sure how I setup the DNS, or zones etc
    hope you can still assist DNS is a little over my head


    IPCONFIG FOR THE NEW SERVEER TO BE

    Microsoft Windows [Version 5.2.3790]
    (C) Copyright 1985-2003 Microsoft Corp.

    C:\Documents and Settings\Administrator.SERVER001.001>ipconfig /all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : server001
    Primary Dns Suffix . . . . . . . : totalgutters.co.uk
    Node Type . . . . . . . . . . . . : Unknown
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : totalgutters.co.uk
    co.uk

    Ethernet adapter Local Area Connection(Internet):

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
    Connection #
    2
    Physical Address. . . . . . . . . : 00-30-48-2E-86-B1
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    IP Address. . . . . . . . . . . . : 192.168.1.2
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.1.1
    DHCP Server . . . . . . . . . . . : 192.168.1.1
    DNS Servers . . . . . . . . . . . : 127.0.0.1
    Lease Obtained. . . . . . . . . . : 11 October 2008 23:01:07
    Lease Expires . . . . . . . . . . : 12 October 2008 23:01:07

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
    Physical Address. . . . . . . . . : 00-30-48-2E-86-B0
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.16.2
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.16.2
    DNS Servers . . . . . . . . . . . : 127.0.0.1

    C:\Documents and Settings\Administrator.SERVER001.001>

    THE TEMP SERVER

    Microsoft Windows [Version 5.2.3790]
    (C) Copyright 1985-2003 Microsoft Corp.

    C:\Documents and Settings\Administrator.SERVER001.001>ipconfig /all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : server001
    Primary Dns Suffix . . . . . . . : totalgutters.co.uk
    Node Type . . . . . . . . . . . . : Unknown
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : totalgutters.co.uk
    co.uk

    Ethernet adapter Local Area Connection(Internet):

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
    Connection #
    2
    Physical Address. . . . . . . . . : 00-30-48-2E-86-B1
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    IP Address. . . . . . . . . . . . : 192.168.1.2
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.1.1
    DHCP Server . . . . . . . . . . . : 192.168.1.1
    DNS Servers . . . . . . . . . . . : 127.0.0.1
    Lease Obtained. . . . . . . . . . : 11 October 2008 23:01:07
    Lease Expires . . . . . . . . . . : 12 October 2008 23:01:07

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
    Physical Address. . . . . . . . . : 00-30-48-2E-86-B0
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.16.2
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.16.2
    DNS Servers . . . . . . . . . . . : 127.0.0.1

    C:\Documents and Settings\Administrator.SERVER001.001>
     
    Leonard, Oct 11, 2008
    #3
  4. Hello Leonard,

    Is the temp server with the same name and ip address or is this posting a
    typo?

    Best regards

    Meinolf Weber
     
    Meinolf Weber, Oct 12, 2008
    #4
  5. Leonard

    Leonard Guest

    no the temp server that is the current DC

    its server002
    ip address is 192.168.16.111
    subnet 255.255.255.0
    gate way is i think as I cant get logged back into it at moment 192.168.1.1
    also tried it as 192.168.16.2

    lookforward to your reply
     
    Leonard, Oct 12, 2008
    #5
  6. Hello Leonard,

    Your ip configuration is the big problem in here. Multihoming DC's is a bad
    solution (2 NIC's with different ip's on one server). This causes your problem.
    Also if you have more then one DC do not use the loopback address 127.0.0.1
    as preferred, use allways the real ip.

    So make your basic server setup as follows:
    1. connect both servers with one NIC (disable the other one) to a switch
    and your switch to the router for internet access(if needed).
    2. configure the ip addresses to use one subnet, not 2 like in your ipconfig
    output. If the router is 192.168.1.1 set it like this:

    server001(that one for rebuilding):
    ip 192.168.1.112
    sm 255.255.255.0
    dg 192.168.1.1
    dns 192.168.1.111 (preferred)!!!!!!!!!

    server002(temp DC):
    ip 192.168.1.111
    sm 255.255.255.0
    dg 192.168.1.1
    dns 192.168.1.111 (preferred)
    192.168.1.112

    Make sure on the temp DC you have in the forward lookup zone the temp DC
    listed as DNS server, also make sure that you run AD integrated zones. Open
    a command window and ping the temp DC from the rebuilded to make sure you
    can reach it. Now run dcpromo again and try to add it again as additional
    DC to the domain. If this is succesfull and and the DC has rebooted and replicated
    the database make it DNS server and wait for replication of the zone information
    form the temp DC, because of the AD integrated zones this will occur automatically
    in roundabout 15 minutes. If this is done completely you can reconfigure
    the preferred DNS to itself and secondary to the temp DC.


    The restore difference:
    During a typical file restore operation, Microsoft Windows Backup operates
    in nonauthoritative restore mode. In this mode, Windows Backup restores all
    files, including Active Directory objects, with their original Update Sequence
    Number (USN) or numbers. The Active Directory replication system uses the
    USN to detect and replicate changes to Active Directory to all the domain
    controllers on the network. All data that is restored nonauthoritatively
    appears to the Active Directory replication system as old data. Old data
    is never replicated to any other domain controllers. The Active Directory
    replication system updates the restored data with newer data from other domain
    controllers. Performing an authoritative restore resolves this issue.

    An authoritative restore replicates all objects that are marked authoritative
    to every domain controller hosting the naming contexts that the objects are
    in. To perform an authoritative restore on the computer, you must use the
    Ntdsutil.exe tool to make the necessary USN changes to the Active Directory
    database.

    Best regards

    Meinolf Weber


     
    Meinolf Weber, Oct 12, 2008
    #6
  7. Leonard

    Leonard Guest

    Thanks

    Sorry to be a pain

    can you explain the DNS bit in a bit more detail do i just all the ip
    address for the server can you explain how to do this

    I am not sure where in the world you are, but might have to contat you again
    iam in the UK


     
    Leonard, Oct 12, 2008
    #7
  8. Hello Leonard,

    Your ip addresses on both servers create the problem. every server has 2
    NIC's with ip addresses from different subnets x.x.16.x and x.x.1.x, this
    has to be changed.

    Reconfigure them to the following:

    server001(that one for rebuilding):
    ip 192.168.1.112
    sm 255.255.255.0
    dg 192.168.1.1
    dns 192.168.1.111 (preferred)!!!!!!!!!


    server002(temp DC):
    ip 192.168.1.111
    sm 255.255.255.0
    dg 192.168.1.1
    dns 192.168.1.111 (preferred)
    192.168.1.112

    Open Start, programs, administrative tools. DNS management console There
    you have the forward lookup zone.


    Best regards

    Meinolf Weber


     
    Meinolf Weber, Oct 12, 2008
    #8
  9. Leonard

    Leonard Guest

    Hi

    Hope you can help further

    Got the roles transferd ok from what I can see but i still have a problem

    The use can logon the xp pro client ok, it can see the network but can not
    see the server.

    ~I can ping the server by IP and by name

    when I try and and view network shares \\server001 it bring up a logon
    screen for server001 I enter the username and password for both the use and
    the administraior but not of these work

    I get the error message \\server001 is not accessible. you might not have
    permission to use this network resource

    What have I missed?

    Thanks

     
    Leonard, Oct 12, 2008
    #9
  10. Hello Leonard,

    Please post again an unedited ipconfig /all.

    Best regards

    Meinolf Weber


     
    Meinolf Weber, Oct 13, 2008
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.