Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Server will not DCPROMO 1

Status
Not open for further replies.

fitfixer

Technical User
Apr 11, 2001
150
IE
Server 2003 R2 std SP1 domain controller one of 5 DC's on a small 100+ user LAN, the machine was used as a backup logon server until it was replaced by a bigger box, nobody thought to dcpromo it before replacing it
It was unplugged from the network for a couple of months, it held the Global Catalog and domain naming master FSMO's

I decided to rebuild it, so I fired it up and reconnected it, users started reporting that their accounts were expired, there were differences between the copy it held of the AD, it would not replicate, I managed to seize the 2 roles to another DC, all I want to do is dcpromo it down to a member server so that I can rebuild it without causing problems in AD

DCpromo will not work, it gives the error message;

operation failed, the session with <servername> failed,
Logon failure: the target account name is incorrect

I am using the Domain admins account,
can I just wipe and rebuild without using dcpromo?

Thanks for any help

FrankF
A+,Network+,MCSA

 
target account name is incorrect = secure channel busted

this is fixable without a rebuild.

also if this DC was unplugged for more than the tombstone lifetime (usually 60days) and if it's windows 2003, then other DC will refuse to replicate with this DC anyways
(there's a reg hack for that, but it has its own side effects)

yes, you can wipe it, but you have to remember to remove metadata information on one of the other DCs as they will not be aware that you have removed this DC from the enviroment.

you cannot just rebuild it with the same name before doing that cleanup. (so dcpromo is required)

keep in mind though that any account changes or pretty much anything that was changed on that DC before it had the chance to replicate that information to other DCs will be lost.

Lukasz
 
Hi Lukasz
You are right, the replication errors said that the tombstone lifetime had been exceeded
The only problem was when this was connected again it started acting as a logon server, once I unplugged it everything went fine, I will go for leaving it offline and wiping it then removing the metadata from the other DC's
thanks for your help



FrankF
A+,Network+,MCSA

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top