Problems after Restore System State
in [Active Directory]
|
Prev: How to change the SID on a Windows XP, Windows 2000, or Windows NT computer...
Next: Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
From: seeker01 on 23 Sep 2005 02:18 DC02 is the subordinate CA enterprise server, DC01 is the root CA enterprise server. Because I am rebuilding DC02 from scratch as a clean Windows 200 Domain controller, I am hoping DC01 will enable the replication again. About the CA certificate key of DC02, I will back it up beforehand. Will this work? I really want to sleep comfortably during my leaves. Thanks. "kj" wrote: > > DC01 is the FSMO holders, not DC01 > > Too bad it's not the (root?) CA. > > Before you go, consider printing the following for a little "put you to > sleep reading". > > http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/9216103d-91c6-40da-a370-f95ccf4beaca.mspx > > http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/9216103d-91c6-40da-a370-f95ccf4beaca.mspx > > Particularly the second, which of course, you will have problems completing > beacuse replication is broken. > > Viva la holiday! > > ;-) > > -- > /kj > "Ace Fekay [MVP]" > <PleaseSubstituteMyActualFirstName&LastNameHere(a)hotmail.com> wrote in > message news:eZRxIU%23vFHA.256(a)TK2MSFTNGP15.phx.gbl... > > In news:20A440D3-A0C5-469C-AF6A-E5DC38450EE7(a)microsoft.com, > > seeker01 <seeker01(a)discussions.microsoft.com> made this post, which I then > > commented about below: > >> Hi All, > >> I really appreciate your experienced advice. I have offered numerous > >> times to work on it next week but my boss see no risk to deal with it > >> after I am back from leaves. He is even prepared for me to rebuild > >> the DC02 as a clean OS if "nltest" wont fix the problem after the > >> 60days lifetime. DC01 is the FSMO holders, not DC01. Once again, > >> thanks guys. > > > > Good luck. > > > > Ace > > > > >
From: Hank Arnold on 23 Sep 2005 06:17 I'd clean up my resume while on vacation, also..... You will not be returning to a nice situation and bosses have notoriously short memories (except for grudges).... -- Regards, Hank Arnold "seeker01" <seeker01(a)discussions.microsoft.com> wrote in message news:E2EBB260-E259-4C53-90F9-60A351D9CC95(a)microsoft.com... > Thanks for your sympathy & advice about the certificate. I will backup the > current certificate key. I meant to say "DC02' is not the FSMO holder. > DC01 > is the FSMO & the infrastructure master, etc. Because I am rebuilding DC02 > as > a clean Windows OS configure it as a new domain controller using the same > IP > address and same computer name, do I still need to seize the FSMO roles > from > DC01? AT the moment, I am writing all options on email before I receive > the > blame from my boss in the future. Yes....I need lots of luck. > > "kj" wrote: > >> > DC01 is the FSMO holders, not DC01 >> >> Too bad it's not the (root?) CA. >> >> Before you go, consider printing the following for a little "put you to >> sleep reading". >> >> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/9216103d-91c6-40da-a370-f95ccf4beaca.mspx >> >> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/9216103d-91c6-40da-a370-f95ccf4beaca.mspx >> >> Particularly the second, which of course, you will have problems >> completing >> beacuse replication is broken. >> >> Viva la holiday! >> >> ;-) >> >> -- >> /kj >> "Ace Fekay [MVP]" >> <PleaseSubstituteMyActualFirstName&LastNameHere(a)hotmail.com> wrote in >> message news:eZRxIU%23vFHA.256(a)TK2MSFTNGP15.phx.gbl... >> > In news:20A440D3-A0C5-469C-AF6A-E5DC38450EE7(a)microsoft.com, >> > seeker01 <seeker01(a)discussions.microsoft.com> made this post, which I >> > then >> > commented about below: >> >> Hi All, >> >> I really appreciate your experienced advice. I have offered numerous >> >> times to work on it next week but my boss see no risk to deal with it >> >> after I am back from leaves. He is even prepared for me to rebuild >> >> the DC02 as a clean OS if "nltest" wont fix the problem after the >> >> 60days lifetime. DC01 is the FSMO holders, not DC01. Once again, >> >> thanks guys. >> > >> > Good luck. >> > >> > Ace >> > >> >> >>
From: Ace Fekay [MVP] on 23 Sep 2005 08:24 In news:798DB850-DD25-40F3-BA47-BD9B853D0238(a)microsoft.com, seeker01 <seeker01(a)discussions.microsoft.com> made this post, which I then commented about below: > DC02 is the subordinate CA enterprise server, DC01 is the root CA > enterprise server. > Because I am rebuilding DC02 from scratch as a clean Windows 200 > Domain controller, I am hoping DC01 will enable the replication > again. About the CA certificate key of DC02, I will back it up > beforehand. Will this work? I really want to sleep comfortably during > my leaves. Thanks. You would sleep better if you fix it before you go. What's your hurry? Rita? Ace
From: JHK on 13 Oct 2005 11:54 I encountered many of the same issues you encountered with two domain controllers in our external connectivity environment. The time period during which they had failed to communicate had well exceeded the 60 day limit, and I was at a loss as to what to do having tried all solutions that I could discover. But I did manage to fix the problem. I used the NetDom ResetPwd command to reset the machine account password BUT rather than running this command (On Non-Working Server) NETDOM RESETPWD /Server:Working Server /UserD:Domain\AdministrativeID /PasswordD:* I ran (On WORKING Server) NETDOM RESETPWD /Server:NonWorkingServer /UserD:Domain\AdministrativeID /PasswordD:* Then I rebooted the non-working server, started the REPLMON program and forced replication with the working server and everything, including browsing via the UNC name and certificate services started to function properly.
From: Ace Fekay [MVP] on 14 Oct 2005 00:54
In news:A1B893DB-E3A3-44D9-BD00-EFF125E034FF(a)microsoft.com, JHK <JHK(a)discussions.microsoft.com> made this post, which I then commented about below: > I encountered many of the same issues you encountered with two domain > controllers in our external connectivity environment. The time > period during which they had failed to communicate had well exceeded > the 60 day limit, and I was at a loss as to what to do having tried > all solutions that I could discover. But I did manage to fix the > problem. > > I used the NetDom ResetPwd command to reset the machine account > password BUT rather than running this command > > (On Non-Working Server) > NETDOM RESETPWD /Server:Working Server /UserD:Domain\AdministrativeID > /PasswordD:* > > I ran > > (On WORKING Server) > > NETDOM RESETPWD /Server:NonWorkingServer > /UserD:Domain\AdministrativeID /PasswordD:* > > Then I rebooted the non-working server, started the REPLMON program > and forced replication with the working server and everything, > including browsing via the UNC name and certificate services started > to function properly. And that was after 60 days? Interesting. Thanks for the info. I will like to try this out sometime. Ace |