vmware server 2.0 broke our DC

[mckrooz]

We have 2 servers. Server A is our primary DC that is also a file server and VPN server. Server B was our Exchange and secondary DC that had Exchange decommissioned last year since we moved to hosted services. The other admin tried to install vmware 2.0 on Server B. It installed and then he went to reboot. This is when we lost remote desktop access to it and AD sites and services won't replicate now. So he uninstalled vmware. He never got to the point to create a VM or do any NIC change. Server B can still remote desktop to Server A, but Server A won't RDC to Server B. Server B can still ping A, but A can't ping B. The error we get when trying to manually replicate is "The following error occurred during the attempt to contact the domain controller Server B: The RPC server is unavailable."

Server A (Primary DC, Fileserver): Dell Poweredge 1900
Intel(R) Xeon(R) CPU 5130 @ 2.00GHz
2GB RAM
Server 2003 R2 Standard ver 5.2 SP2 x86

Server B(Secondary DC, BROKEN): Dell Poweredge 2850
Intel(R) Xeon(TM) CPU Model 4 2.8GHz
2GB RAM
Server 2003 Standard SP2

Any ideas or should we wipe Server B?

 

[Berg0]

not much useful info there.

any event log entries? I don't see how you could manage to mes up RDP on a DC, or any server, jsut by installing VMware Server. That being said, don't install VMware server on a DC.
Sounds like some of your services aren't running, maybe? firewall settings?

 

[mckrooz]

Event log has this:

ID: 13508 Source NtFrs

The File Replication Service is having trouble enabling replication from Server A to Server B for c:\windows\sysvol\domain using the DNS name Server A.domain FRS will keep retrying.
Following are some of the reasons you would see this warning.

[1] FRS can not correctly resolve the DNS name Server A.domain from this computer.
[2] FRS is not running on Server A.domain.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.

This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Windows Firewall(ICS) is off. File Replication Service is started. Netstat -a shows it is listening on the RDC port.

After all this we found out it's not good practice to install a VM on a DC (doh!)

 

[C7J0yc3]

Run dcdiag.exe to check for any issues.

If all else fails, since you are just running decommissioned exchange and a secondary DC on this server there wouldn't be any harm in doing dcpromo /forceremove and start from scratch.

Also it is generally not good practice to run anything on a DC other then just the domain services (AD, DNS, DHCP), and file / printer shares.

 

[dbwillis]

it he installed vmware, then it added 2 virtual NIC's to the machine, you can disable them in device manager and verify that your original/physical NIC has the right IP info

 

[mckrooz]

That was one of the first things I checked. Unfortunately, there are no virtual NIC's. Only 2 physical NIC's and one of them is disabled. I even tried swapping NIC's but was unsuccessful.

 

[k1pp3r]

Do you see the virtual NIC's in the device manager?

 

[mckrooz]

No virtual NIC's listed.

 

[ElvisG]

I would just format and reinstall. The secondary server isn't running anything anyway.

 

[k1pp3r]

I would just format and reinstall. The secondary server isn't running anything anyway.

Having to do the forcefull removal and manual cleanup of Metadata is a pain in the ass. Fix it if all possible

 

[mckrooz]

Since I haven't had much luck on my own and much googling, I'm preparing to just dcpromo Server B and start over. From what I understand, it should go like this. Let me know if I'm missing something.

1. dcpromo /forceremoval on Server B
2. Run metadata cleanup on Server A. I'll be using this link.
http://www.petri.co.il/delete_failed_dcs_from_ad.htm

From that link, it says I only need to do the metadata part and not remove Server B from the site and the DC container. I plan to keep the same server name.

Am I missing anything and do you guys have any other advice or tips or cautions when doing this?

Thanks.

 

[k1pp3r]

I suggest following the Microsoft KB article http://support.microsoft.com/kb/216498

 

[mckrooz]

Great. Thanks. I plan to do this next weekend so I'll update and let you know how it goes.

 

[k1pp3r]

If this is your first time doing meta data cleanup and force removal of a DC, give yourself about two hours and take it slow.

 

[mckrooz]

I finally got around to doing this tonight. Metadata removal went well...I think. I did get an error when it was done. Here is my metadata log. https://docs.google.com/document/d/1a2TnsCpbGOgdSbER449UxLjrZGakHfKUpe7KlqWNsmY/edit?hl=en&authkey=CPP-zo0J

After this, I deleted the problem server from the DC container. I also had to remove it from ADSIEDIT. I removed any instance of the problem server from DNS. However, following the MS link regarding step 17: "Remove the cname record in the _msdcs.root domain of forest zone in DNS. Assuming that DC will be reinstalled and re-promoted, a new NTDS Settings object is created by using a new GUID and a matching cname record in DNS. You do not want the DC's that exist to use the old cname record." I only saw one cname in there and it was for the healthy server so I left it. Should I have deleted it?? At this point I was able to join Server B to the domain and run dcpromo. ADU&C and DNS was syncing back and forth from both servers while creating test users and bogus dns entries. Great right!? Well I figure I'll try and force replicate and see what happens. I can see both servers under Sites and Services. Server A(healthy) has 1 object under NTDS settings but Server B does not. Replication fails with "The following error occurred during the attempt to synchronize naming context Fsteam.com from domain controller DOMAINDC2 to domain controller DOMAINDC1:

The naming context is in the process of being removed or is not replicated from the specified server.



This operation will not continue."

Event ID Warning 1925 Source: NTDS KCC gets logged.

The attempt to establish a replication link for the following writable directory partition failed.

Directory partition:
CN=Configuration,DC=Domain1
Source domain controller:
CN=NTDS Settings,CN=SERVER B,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Domain1
Source domain controller address:
b8376b10-1141-413e-8a4a-d1b745be6aa0._msdcs.domain1
Intersite transport (if any):


This domain controller will be unable to replicate with the source domain controller until this problem is corrected.

User Action
Verify if the source domain controller is accessible or network connectivity is available.

Additional Data
Error value:
8524 The DSA operation is unable to proceed because of a DNS lookup failure.


FYI, I kept the same server name and recreated the DNS records with the old IP. Server A still can't ping or RDC to Server B. Any last attempt ideas before we just wipe it?

Cliffnotes: Performed metadata cleanup. dcpromo /forceremoval Server B and promoted back up. AD and DNS replicates back and forth. Forcing replication through Sites and Services fails. Still can't ping Server B or RDC to it.