Can't find windows 2000 domain after PDC Change
Posted
by
Mark A Kruger
on Server Fault
See other posts from Server Fault
or by Mark A Kruger
Published on 2012-06-21T17:39:57Z
Indexed on
2012/06/21
21:18 UTC
Read the original article
Hit count: 245
active-directory
|windows-server-2000
This is a windows 2000 domain issue.
I had an old win2000 PDC that was beginning to fail. So, trying to be pre-emptive, I installed a new BDC, then "demoted" the old PDC and took it off the network.
Now it appears that no member server can "find" the domain anymore. No logins work (for services or a RDP or anything).
What I've tried (based on googling):
- Verified sysvol is shared on all servers.
- Used nslookup to verify that DC's are being found.
- netdiag /fix
- meta data cleanup routines.
- verified no firewall issues (port 389 etc)
- seizing all roles to new PDC (I did that as part of the original promotion).
- LMHOST file and Netbios settings.
At the moment it seems like I can get the DC's returned but cannot contact them. I'm at a loss.
My latest attempt was to remove a member server from the domain and try to "re-add" it. When I do that I get this message:
The query was for the SRV record for _ldap._tcp.dc._msdcs.cfwebtools.com
The following domain controllers were identified by the query:
db-dev1.cfwebtools.com
file-prod1.cfwebtools.com
cfwt-pdc2.cfwebtools.com
However no domain controllers could be contacted.
It then goes on to ask if I've checked my A record and made sure they are running.
Is there a way to force this domain to be seen?
I also shared sysvol (or double checked it) and restarted the dfsr service.
More information. I got looking at sysvol and found it was not shared on 2 of these servers. Only one of them (db-dev1) has a "good" or at least "populated" sys vol store. So I tried doing a "d2" recovery of my PDC against that good sysvol. But it never synchs - or at least it does not seem to synch.
I'm guessing if I could get sysvol and netlogin to kick in and replicate that would fix my issue. I think these DC's aren't responding because they are waiting for replication which is broken somehow.
Would taking down all the DC's except for db-dev1 fix the issue - at least temporarily? I know I can't just copy the sysvol stuff over to the other 2 can I?
© Server Fault or respective owner