Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

asr restore of a domain controller

Status
Not open for further replies.
4johnny

4johnny

IS-IT--Management
May 22, 2007
42
I made an ASR backup of our live domain controller and restored in our lab to identical hardware. This DC runs DNS, DHCP and is the only controller at this location. I then tried to connect with a laptop and was not issued an IP address by DHCP so I assigned a static address in the same range. I then was able to connect to the DC, however, I could not join the domain... stating that a domain controller cannot be contacted.

the event log is relatively clean and just about all services started up and are running.

I then found an article about doing a fix after restoring a DC with ASR and bur flags. It had to do with restoring the sysvol folder correctly. However, that fix did not resvolve my issues.

I then booted into directory restore mode and restored a copy of the system drive and system state files. Again, this did not resolve my issues stated above.

I thought this process was simplified by ASR but I was wrong. Can anyone help with this restore process?

Thanks
 
Sort by date Sort by votes
ok so 1...DHCP on a DC is a HUGE no-no. It is both a security and functionality/operational risk. You should do away with that as soon as possible. It will cause contention with FRS because both use a JET database, which does not like to share resources. The DCs jet db is more important (its AD after all and DHCP wont matter without it running right)....

With that being said:

Why did you perform the restoration via ASR vs. normal methods?

The burflags value is used to cause replica DCs to either source from a primary DC who was D4ed (when using D2), or to force a specific copy of sysvol on a DC to become the authoritative source (in which case other DCs would be D2ed), in turn, this tends to fix issues where sysvolready will not flip to 1. This would have absolutwely no impact on anything other than FRS..it does not even force AD replication to be authoritative...

Did you do a D2 or D4?

On your test machine, I assume the IP was in the same subnet, same subnet mask, and client pointed to DC for preferred DNS? I also assume the DC points to itself and itself only for DNS and all roles have been seized to it (if its the only one in the lab, you MUST do this).?


Have you already attempted reinstalling the dhcp service?



id be curious to see a netdiag /v from both the client and the DC...along with a dcdiag /v from the DC...



-Brandon Wilson
MCSE00/03, MCSA:Messaging00, MCSA03, A+
Manager - Global AD Operations
ACS, Inc.
 
Upvote 0 Downvote
Thanks for the reply Brandon

My goal is to make an exact copy of the DC for disaster recovery practice and also because our office is moving to a new location and the goal is to have both sites operational for a short time... Possibly using the duplicate lab DC (to provide DHCP and DNS) at our old location with a barebones staff that just need internet access for a week or 2.

From what i have read, ASR backup/restore seemed like the easiest way to make an image of the DC, creating the correct RAID/partitioning scheme and restoring the system drive. Then all that would be needed is to restore any data from backups afterwards.

Is there an easier way...you referred to 'normal methods' of restoring? Is that by installing a fresh copy of win2003 on my lab Dc, naming it correctly, patching it up to current, and then restoring system state and system drive backup?

I also do not know what D2 and D4 means?

I am starting over today with the ASR restore.

Thanks for the advice about the DHCP service....
 
Upvote 0 Downvote
btw...this is a copy of the fixasr.bat

NOTE: You can use NTBackup to perform an authoritative primary restore on a new Windows Server 2003 that is the first domain controller in a domain.

The subject problem occurs because the Sysvol folder cannot be restored authoritatively when you use ASR to perform an authoritative primary restore on a new Microsoft Windows Server 2003 computer that is the first domain controller in a domain.

To workaround this behavior:

1. Run FixASR.bat, which contains:

@echo off
net stop ntfrs
@echo REGEDIT4>"%TEMP%\BurFlags.reg"
@echo.>>"%TEMP%\BurFlags.reg"
@echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup]>>"%TEMP%\BurFlags.reg"
@echo "BurFlags"=dword:000000d4>>"%TEMP%\BurFlags.reg"
@echo.>>"%TEMP%\BurFlags.reg"
@echo.>>"%TEMP%\BurFlags.reg"
regedit /s "%TEMP%\BurFlags.reg"
del /q "%TEMP%\BurFlags.reg"
move "%SystemRoot%\sysvol\sysvol\%USERDNSDOMAIN%\NtFrs_PreExisting\*.*" "%SystemRoot%\sysvol\sysvol\%USERDNSDOMAIN%"
net start ntfrs
exit /b 0
 
Upvote 0 Downvote
D4 and D2 are the two values used for BurFlags.

D4 makes a replica set authoritative
D2 makes a replica set source from the authoritative/D4ed DC

:)

-Brandon Wilson
MCSE00/03, MCSA:Messaging00, MCSA03, A+
Manager - Global AD Operations
ACS, Inc.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
373
goombawaho
goombawaho
Teo En Ming
  • Locked
  • Question
Actions taken during Disaster Recovery for client whose IBM Megaraid controller has failed
Replies
2
Views
227
fightaccording
fightaccording
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
276
DrB0b
DrB0b
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
136
ADB100
ADB100
fredmartinmaine
  • Locked
  • Question
Domain Controller without DNS Server
Replies
4
Views
336
fredmartinmaine
fredmartinmaine

Part and Inventory Search

Sponsor

Back
Top