Sign in with
Sign up | Sign in
Your question

W2K DC Rplction prob

Last response: in Windows 2000/NT
Share
Anonymous
August 10, 2005 9:11:01 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hey all,

Im at my witts end with a problem involving domain control replacement.

Heres what happened:

About a month ago, a domain controller in my network went to the great
computer god in the sky (hardware failure). So, since I could not demote it,
I used the ntdsutil and removed it from AD. I waited a good day for
everything to converge and replicate everywhere. I checked to see if there
were any lingering issues with that domain controller on ANY of my other DCs.
Everthing looked good.

So, i bought a new server.
-made it a member with a completely different name.
-waited for it to appear in all my DCs in the COMPUTERS contained in my
domain (one forrest, two domains btw).
-then made it a DC via dcpromo.
-Made it a DNS server secondary to the master.
-Made it a wins server to help out the old 98 machines.
-it made some automatic links in the NTDS settings under SITES AND SERVICES
to a couple of the DCs. It put the server in the right site based on its IP
as well.
-I waited again for this to all converge (waited a day).
-made it a global catalog
Everything looked good.

Heres where the prob started:

No user at that site can log in. It keeps giving me "your password is
incorrect" or "no domain server avail for your site" etc... Its DHCP service
is handin gout IPs fine. I look in my DC that is handle most of my FSMO roles
and it shows that the DC in question is having some problems.


Errors in the event log of the NEW DC are:

EVENT ID 1000 Userenv
Windows cannot access the file gpt.ini for GPO The file must be present at
the location <>. (). Group Policy processing aborted.

and

EVENT ID 1000 Userenv
Windows cannot query for the list of Group Policy objects . A message that
describes the reason for this was previously logged by this policy engine.

Also, when i goto my main DC, the one that handles my fsmo roles, i cant use
the SNAP in to connect to any options (such as the event viewer, or say
services) on the new DC. But, if I go to a completely diff DC, I can look at
it fine.

I just demoted it to a member server. It has a SAM entry and look s fine
(other than i cant connect to any of the features through the MMC on another
DC).

It also shows this EVENT ID:

EVENT ID SAM 12296
The SAM database attempted to clear the directory C:\WINNT\NTDS in order to
remove files that were once used by the Directory Service. The error is in
record data. Please have an admin delete these files.


any help greatly appreciated.

More about : w2k rplction prob

Anonymous
August 11, 2005 5:24:25 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

It will be hard to debug since you have demoted. Re-Promote and do the
following for help in determining the problem.

Try running netdiag, repadmin and dcdiag. Look for fail, error and warning
errors.

If you don't have the tools installed load them from your install disk.

d:\i386\adminpak.msi (Server tools for remote management of servers)
d:\support\tools\setup.exe (Server Utilities)

Copy the following to a cmd file and run look for error, fail and warn
within the reports. Post any errors you can't figure out. make sure you
modify DC_Name to the name of a dc in your domain.

@echo off

c:
cd \
cd "program files\support tools"

del c:\dcdiag.log
dcdiag /e /c /v /s:D C_Name /f:c:\dcdiag.log
start c:\dcdiag.log

netdiag.exe /v > c:\netdiag.log
start c:\netdiag.log

repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt
start c:\repl.txt

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.


"pooch" <pooch@discussions.microsoft.com> wrote in message
news:7C3ED982-A4AA-4AD2-90B9-1731C4BD3F34@microsoft.com...
> Hey all,
>
> Im at my witts end with a problem involving domain control replacement.
>
> Heres what happened:
>
> About a month ago, a domain controller in my network went to the great
> computer god in the sky (hardware failure). So, since I could not demote
> it,
> I used the ntdsutil and removed it from AD. I waited a good day for
> everything to converge and replicate everywhere. I checked to see if
> there
> were any lingering issues with that domain controller on ANY of my other
> DCs.
> Everthing looked good.
>
> So, i bought a new server.
> -made it a member with a completely different name.
> -waited for it to appear in all my DCs in the COMPUTERS contained in my
> domain (one forrest, two domains btw).
> -then made it a DC via dcpromo.
> -Made it a DNS server secondary to the master.
> -Made it a wins server to help out the old 98 machines.
> -it made some automatic links in the NTDS settings under SITES AND
> SERVICES
> to a couple of the DCs. It put the server in the right site based on its
> IP
> as well.
> -I waited again for this to all converge (waited a day).
> -made it a global catalog
> Everything looked good.
>
> Heres where the prob started:
>
> No user at that site can log in. It keeps giving me "your password is
> incorrect" or "no domain server avail for your site" etc... Its DHCP
> service
> is handin gout IPs fine. I look in my DC that is handle most of my FSMO
> roles
> and it shows that the DC in question is having some problems.
>
>
> Errors in the event log of the NEW DC are:
>
> EVENT ID 1000 Userenv
> Windows cannot access the file gpt.ini for GPO The file must be present
> at
> the location <>. (). Group Policy processing aborted.
>
> and
>
> EVENT ID 1000 Userenv
> Windows cannot query for the list of Group Policy objects . A message that
> describes the reason for this was previously logged by this policy engine.
>
> Also, when i goto my main DC, the one that handles my fsmo roles, i cant
> use
> the SNAP in to connect to any options (such as the event viewer, or say
> services) on the new DC. But, if I go to a completely diff DC, I can look
> at
> it fine.
>
> I just demoted it to a member server. It has a SAM entry and look s fine
> (other than i cant connect to any of the features through the MMC on
> another
> DC).
>
> It also shows this EVENT ID:
>
> EVENT ID SAM 12296
> The SAM database attempted to clear the directory C:\WINNT\NTDS in order
> to
> remove files that were once used by the Directory Service. The error is in
> record data. Please have an admin delete these files.
>
>
> any help greatly appreciated.
Anonymous
August 11, 2005 7:35:40 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"" wrote:
> Hey all,
>
> Im at my witts end with a problem involving domain control
> replacement.
>
> Heres what happened:
>
> About a month ago, a domain controller in my network went to
> the great
> computer god in the sky (hardware failure). So, since I could
> not demote it,
> I used the ntdsutil and removed it from AD. I waited a good
> day for
> everything to converge and replicate everywhere. I checked to
> see if there
> were any lingering issues with that domain controller on ANY
> of my other DCs.
> Everthing looked good.
>
> So, i bought a new server.
> -made it a member with a completely different name.
> -waited for it to appear in all my DCs in the COMPUTERS
> contained in my
> domain (one forrest, two domains btw).
> -then made it a DC via dcpromo.
> -Made it a DNS server secondary to the master.
> -Made it a wins server to help out the old 98 machines.
> -it made some automatic links in the NTDS settings under SITES
> AND SERVICES
> to a couple of the DCs. It put the server in the right site
> based on its IP
> as well.
> -I waited again for this to all converge (waited a day).
> -made it a global catalog
> Everything looked good.
>
> Heres where the prob started:
>
> No user at that site can log in. It keeps giving me "your
> password is
> incorrect" or "no domain server avail for your site" etc...
> Its DHCP service
> is handin gout IPs fine. I look in my DC that is handle most
> of my FSMO roles
> and it shows that the DC in question is having some problems.
>
>
> Errors in the event log of the NEW DC are:
>
> EVENT ID 1000 Userenv
> Windows cannot access the file gpt.ini for GPO The file must
> be present at
> the location <>. (). Group Policy processing aborted.
>
> and
>
> EVENT ID 1000 Userenv
> Windows cannot query for the list of Group Policy objects . A
> message that
> describes the reason for this was previously logged by this
> policy engine.
>
> Also, when i goto my main DC, the one that handles my fsmo
> roles, i cant use
> the SNAP in to connect to any options (such as the event
> viewer, or say
> services) on the new DC. But, if I go to a completely diff
> DC, I can look at
> it fine.
>
> I just demoted it to a member server. It has a SAM entry and
> look s fine
> (other than i cant connect to any of the features through the
> MMC on another
> DC).
>
> It also shows this EVENT ID:
>
> EVENT ID SAM 12296
> The SAM database attempted to clear the directory
> C:WINNTNTDS in order to
> remove files that were once used by the Directory Service. The
> error is in
> record data. Please have an admin delete these files.
>
>
> any help greatly appreciated.

were there other errors in the event logs?

did you run DCDIAG /V

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Active-Directory-W2K-DC-Rp...
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1351610
Related resources
Can't find your answer ? Ask !
Anonymous
August 11, 2005 9:55:04 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Well, right now, all users at the site with the failed DC are loggin in fine
over the link to my main site where there is another DC. So, Im going to
start from scratch with a new box entirely (new hardware, new load, etc).

im going to build the controller ther at the site in that subnet so that
everything looks as it should from the beginnning.

Thanks for the replies, but after thinking about this, there is just too
much wrong to start troubleshooting this without starting it over from
scratch.

Ill post again if it has anothe rprob.
Anonymous
August 12, 2005 2:52:32 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Pooch,

Do not forget to make that DC also a Global Catalog Server! Unless, of
course, there is a compelling reason not to do so. And you will probably
want to install DNS on that DC as well.....

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com



"pooch" <pooch@discussions.microsoft.com> wrote in message
news:ECAA74A6-CDB2-4241-A63A-2959089FA3B6@microsoft.com...
>
> Well, right now, all users at the site with the failed DC are loggin in
> fine
> over the link to my main site where there is another DC. So, Im going to
> start from scratch with a new box entirely (new hardware, new load, etc).
>
> im going to build the controller ther at the site in that subnet so that
> everything looks as it should from the beginnning.
>
> Thanks for the replies, but after thinking about this, there is just too
> much wrong to start troubleshooting this without starting it over from
> scratch.
>
> Ill post again if it has anothe rprob.
!