Wild problems in AD with Domain. 3

[AV1611]

I had a AD Server. I moved all the FSMO rolls I believe to another server called Lytec from RLDATASTORE. Now I am getting some weird messages about RLDATASTORE. It was taken off line and formatted. It is back on but as a regular Server.

The event log has problems such as listed below. Please take the time to look and see if anyone can help me. Desperate....

Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 9/6/2003
Time: 1:18:32 AM
User: N/A
Computer: LYTEC
Description:
The File Replication Service is having trouble enabling replication from RLDATASTORE to LYTEC for c:\winnt\sysvol\domain using the DNS name rldatastore.raddiag.com. FRS will keep retrying.
Following are some of the reasons you would see this warning.

[1] FRS can not correctly resolve the DNS name rldatastore.raddiag.com from this computer.
[2] FRS is not running on rldatastore.raddiag.com.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.

This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13562
Date: 9/2/2003
Time: 9:14:58 PM
User: N/A
Computer: LYTEC
Description:
Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller lytec.raddiag.com for FRS replica set configuration information.

Could not find computer object for this computer. Will try again at next polling cycle.


Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13562
Date: 9/2/2003
Time: 9:02:27 PM
User: N/A
Computer: LYTEC
Description:
Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller lytec.raddiag.com for FRS replica set configuration information.

Could not find computer object for this computer. Will try again at next polling cycle.


Event Type: Information
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1308
Date: 9/6/2003
Time: 1:20:49 AM
User: N/A
Computer: LYTEC
Description:
The Directory Service consistency checker has noticed that 86 successive replication attempts with CN=NTDS Settings,CN=RLDATASTORE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=raddiag,DC=com have failed over a period of 4693 minutes. The connection object for this server will be kept in place, and new temporary connections will established to ensure that replication continues. The Directory Service will continue to retry replication with CN=NTDS Settings,CN=RLDATASTORE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=raddiag,DC=com; once successful the temporary connection will be removed.

 

[xmsre]

Looks like you didn't do metadata cleanup after removing RLDATASTORE.

John
MOSMWNMTK

 

[yizhar]

HI.

You should have run DCPROMO before reformatting RLDATASTORE.

If I got the picture right, then the "old" RLDATASTORE simply is still listed in AD and DNS as a Domain Controller.

Here is what you can try:
Backup system state on ALL servers, both to tape and also to disk.
Create a full backup or ghost image (or both) just to be sure.
Schedule for some down time of the servers (you can do the changes without rebooting the "Lytec" server but you should plan a restart to test the changes and also if something fails...

Now to the fun stuff:
Install the support tools from the W2K server setup CDROM on Lytec.
Start ADSI editor.
Delete references for the old RLDATASTORE server in the AD.
You'll find them under the "Domain Controllers" object and also under "Default-Site...".
Delete references for old RLDATASTORE in DNS server (like NS records).
If needed - remove and rejoin RLDATASTORE from the domain as a member server.

Restart both servers and check event logs.

WARNING - Before taking any actions, make sure that you have a good backup, and best way is to first simulate such sensitive changes in a lab.
You should also verify that I got the right picture here (RLDATASTORE was a DC then removed and reinstalled without running DCPROMO, right?).



Yizhar Hurwitz

http://teachers.sivan.co.il/yizhar

 

[xmsre]

Looks like you took RLDATASTORE offline without dcpromoing it out. It's been remormatted, and isn't coming back. AD still thinks it's a domain controller.

It's not that messy.

You go in through ntdsutil and do metadata cleanup. Then go in sites and services and remove any connections that still reference the old server.

John
MOSMWNMTK

 

[svsawkar]

The 13562 are due to the missing FRS Subscription Objects. There are objects both under the server itself, and also some FRS information in the config container (if I remember correctly) that will need to be cleaned out.

Follow Q216498 (especially that last part) to make sure everything is gone!

/Siddharth

 

[AV1611]

Boy did I mess up..... Ok here is where I am... Let me know what I can do. You are all right. I did kill it without demoting it.

I saw some of these errors and before checking back I noticed it was in the AD. I deleted it from the list of Domain controllers.

Then I deleted its host records.

Now the software people that used this server for a certain software we run, put all their stuff back on it with the same name and same IP address.

Unfortunately they have to have the same name and IP's. Also I did the FSMO rolls before I killed the RlDatastore and made it a Backup Server I thought but something might not have transferred. Now the New Rldatastore is just a regular Server running their software but it is very slow and the network has a lot of errors in the Event Log on the Lytec..... All those listed above.

Any advice on how to clean up my mess, now that I have done everything completely Wrong....

Thanks in advance, AV

 

[svsawkar]

What do you mean by RIDAtaStore? The RID master (FSMO)? If you do a 'netdom query fsmo' from your machines, who comes up with all of the roles?

Does this machine that has all the software put back on it have to be a DC now?

/Siddharth

 

[AV1611]

UPdates and Replies...

Update 1. I looked in the Actived Directory Sites and Services and it still list the Rldatastore, which is the computer that previously had the roles.

I go to AD Users and computers and it has been deleted. I assume my network is looking at and for two different Rldatastores for different things.

REPLY to Siddharth:

Rldatastore was the Primary DC. I removed the roles or atleast think I did to another DC. I then made the new Server the Primary and the Rldatastore a Backup. Then we formatted the Rldatastore without running Dcpromo on it. Now we reinstalled as just a Server, NO DC, but it has same name and same IP address.

I don't know if I am querying right for the FSMO or not but I can't get it to come up. What is the exact command??

Thanks for all the help, AV

 

[svsawkar]

Ok, so how many DC's do you have in your environment? Right now it sounds like you have just 1. If you have just one, go back and run through Q216498 from start to finish to make sure you have removed the old DC and it's associated information in the domain and config containers.

Then, run (the following is the exact command, but you may need to install the Support Tools from the W2k Server CD) 'netdom query FSMO' to see who has the roles. They should all be on your existing server.

Now, if all that is ok, you should not have any old NTDS objects in Sites and Services. Then it is ok to bring up the new server as a DC, if you want to.

/Siddharth

 

[AV1611]

I only have one DC and that is all I want at the moment. The others run software that needs to pretty much just be left alone. So I won't bring it back in. But I am trying to rid myself of all the weird errors I am getting in the Event Viewer on the current server.

I tried the fmso and it didn't work. So I am assuming I need the support tools off the CDrom. Is it possible to load these whithout taking the network down or rebooting. I am unable to shutdown the network at the moment.

AV

 

[svsawkar]

Yes, you can install the support tools with rebooting the server.

If that's all you need, make sure 216498 was followed and run 'dcdiag /v' and show up any errors (not event log related) that you get.

/Siddharth

 

[AV1611]

I ran netdom query fsmo and it showed the New Server as the one holding all the roles. So that was done correctly. However I still have those errors in the even logs. And I tried the meta cleanup but I guess I did something wrong because I couldn't get it to ever complete without running into a lot of errors.

Any more suggestions?

AV

 

[svsawkar]

So what errors are the event logs showing?

/Siddharth

 

[AV1611]

Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5774
Date: 9/8/2003
Time: 7:01:03 PM
User: N/A
Computer: LYTEC
Description:
Registration of the DNS record '_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.raddiag.com. 600 IN SRV 0 100 88 lytec.raddiag.com.' failed with the following error:
DNS server unable to interpret format.
Data:
0000: 29 23 00 00 )#..


Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5774
Date: 9/8/2003
Time: 7:01:02 PM
User: N/A
Computer: LYTEC
Description:
Registration of the DNS record '05e211e5-5a3e-45a4-b552-744c18a17dbf._msdcs.raddiag.com. 600 IN CNAME lytec.raddiag.com.' failed with the following error:
DNS server unable to interpret format.
Data:
0000: 29 23 00 00 )#..


Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5774
Date: 9/8/2003
Time: 7:01:01 PM
User: N/A
Computer: LYTEC
Description:
Registration of the DNS record '_ldap._tcp.3ee8833e-c830-4bbc-abba-fa7aa4677dbb.domains._msdcs.raddiag.com. 600 IN SRV 0 100 389 lytec.raddiag.com.' failed with the following error:
DNS server unable to interpret format.
Data:
0000: 29 23 00 00 )#..


Event Type: Error
Event Source: NTDS General
Event Category: Global Catalog
Event ID: 1126
Date: 9/8/2003
Time: 8:15:16 PM
User: Everyone
Computer: LYTEC
Description:
Unable to establish connection with global catalog.


Event Type: Information
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1308
Date: 9/8/2003
Time: 7:05:05 PM
User: N/A
Computer: LYTEC
Description:
The Directory Service consistency checker has noticed that 165 successive replication attempts with CN=NTDS Settings,CN=RLDATASTORE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=raddiag,DC=com have failed over a period of 8637 minutes. The connection object for this server will be kept in place, and new temporary connections will established to ensure that replication continues. The Directory Service will continue to retry replication with CN=NTDS Settings,CN=RLDATASTORE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=raddiag,DC=com; once successful the temporary connection will be removed.


Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 9/8/2003
Time: 7:03:13 PM
User: N/A
Computer: LYTEC
Description:
The File Replication Service is having trouble enabling replication from RLDATASTORE to LYTEC for c:\winnt\sysvol\domain using the DNS name rldatastore.raddiag.com. FRS will keep retrying.
Following are some of the reasons you would see this warning.

[1] FRS can not correctly resolve the DNS name rldatastore.raddiag.com from this computer.
[2] FRS is not running on rldatastore.raddiag.com.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.

This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.



These are mainly it and a few like them. I didn't delete the Datastore from the Sites and Services in AD yet because I wasn't sure if I had done everything right with the metadata cleanup.

AV

 

[svsawkar]

Exactly- you haven't cleaned out all of the data, and that is why we seem to still be trying to replicate with the server. You should be done with the NTDSUTIL part of the article- how about the stuff with using ADSIEdit and going into dns? That will clean up the connection objects, frs subscription objects and host records. Have you reconfigured DNS so this DC points to a writeable forward lookup zone?

/Siddharth

 

[AV1611]

No, I am not familiar with that term. What exactly is setting it to a writable forward lookup zone?

On the NTDSUTIL part I tried following the article but got errors and wasn't sure I was doing it right. When I ran FSMO query it only found Lytec and not the Rldatastore, so should I still try to run the NTDSUTIL??

As for ADSIEdit and going into dns, no I haven't got there yet. I wanted to make sure I wasn't doing anything out of step or that I couldn't go back if I messed up.

What should I do first. Get rid of Rldatastore in Sites and Services by deleting or try NTDSUTIL again or ADSIEdit??

Thanks for all the help, AV

 

[AV1611]

I finally got the NTDSUTIL to run correctly and without error. It removed Rldatastore and I got out of it. I am now going to try and run ADSIEdit.....

Any other suggestions??

AV
Thanks a million.....

 

[AV1611]

When I get to the part below I am now having problems.

Now that the NTDS setting object has been deleted we can now delete the following objects:
Use ADSIEdit to delete the computer account in the OU=Domain Controllers,DC=domain...

Note: The FRS subscriber object is deleted when the computer object is deleted, since it is a child of the computer account.
Use ADSIEdit to delete the FRS member object in CN=Domain System Volume (SYSVOL share),CN=file replication service,CN=system....
In the DNS console, use the DNS MMC to delete the cname (also known as the Alias) record in the _msdcs container.
In the DNS console, use the DNS MMC to delete the A (also known as the Host) record in DNS.
If the deleted computer was the last domain controller in a child domain and the child domain was also deleted, use ADSIEdit to delete the trustDomain object for the child in CN=System, DC=domain, DC=domain, Domain NC.


Once I get there some of the items are not listed that I went to look for. Some of them are there but I am assuming they are there because that particular Computer is back on the Network with the same name "Rldatastore" even though it isn't a DC anymore.

Then it is also still listed in Sites and Services. Should I delete it from there and do I need to reboot the Server now after running NTDSUTIL?

AV

 

[svsawkar]

That's fine-

Delete it from Sites and Services and where ever you see it in the Domain Controllers and FRS Subscribers using ADSI Edit.

You don't need to restart for any of this to work.

/Siddharth

 

[AV1611]

SvSawkar,

I can't find things in Active Directory and I am getting the same errors I had for Rldatastore, now for the current DC, Lytec. How can I find out what is going on with this thing?

AV