So can you give me some suggestions on how to smoothly tell the 2003 that it's now the main server and gracefully demote the past primary server (which is running 2000)
On Sat, Mar 14, 2009 at 8:47 PM, Michael Reid <mike...@gmail.com> wrote: > Ok, so is the general concensis that I should attempt to get them > talking again? If I kill off the 2000 (which isn't too bad since > although it's the primary (so to speak), it's only being used as a > file server. > > If it's best to do this, how do I hand the reins to my 2003 and > gracefully get the 2000 out of the domain. Re adding it doesn't look > to be a problem really as long as the 2003 will let it come back. > > > > > On Fri, Mar 13, 2009 at 3:00 PM, Brian Desmond <br...@briandesmond.com> wrote: >> OK so at this point this box needs to be wiped. 2000 can't be forcibly >> demoted without some funny business which I'm not going to document on this >> DL, so, wipe the box, and then do a metadata cleanup of the now wiped DC. >> You can repromote it after you rebuild it. This isn't a reparable >> situation... >> >> >> >> Thanks, >> Brian Desmond >> br...@briandesmond.com >> >> c - 312.731.3132 >> >> Active Directory, 4th Ed - http://www.briandesmond.com/ad4/ >> Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian >> >> >> -----Original Message----- >> From: Free, Bob [mailto:r...@pge.com] >> Sent: Friday, March 13, 2009 11:01 AM >> To: NT System Admin Issues >> Subject: RE: Replication stopped, how to get going again? >> >> Yea I started reading this thread did some quick math in my head and >> screaming to myself tombstone lifetime, don't let it replicate! >> >> -----Original Message----- >> From: David Lum [mailto:david....@nwea.org] >> Sent: Friday, March 13, 2009 7:51 AM >> To: NT System Admin Issues >> Subject: RE: Replication stopped, how to get going again? >> >> Um...296635 minutes is about 205 days, it's been broken a long, long time.... >> >> -----Original Message----- >> From: Michael Reid [mailto:mike...@gmail.com] >> Sent: Friday, March 13, 2009 7:38 AM >> To: NT System Admin Issues >> Subject: Re: Replication stopped, how to get going again? >> >> Darn it! I checked the NTDS setting and it's the 2000 server that is >> the first server. So now I'm lost on who has lost contact with whome. >> >> So to sum up at this point: >> >> Server REMS...2003 that has the error in the event log is NOT the GC >> for the domain >> Server MAIN...2000 is the GC for the domain and is not getting >> different items in the event log but no errors. Most relevant is this: >> >> "The Directory Service consistency checker has noticed that 7405 >> successive replication attempts with CN=NTDS >> Settings,CN=REMS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=crystalhomes,DC=com >> have failed over a period of 296635 minutes. The connection object >> for this server will be kept in place, and new temporary connections >> will established to ensure that replication continues. The Directory >> Service will continue to retry replication with CN=NTDS >> Settings,CN=REMS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=crystalhomes,DC=com; >> once successful the temporary connection will be removed. "" >> >> >> >> On Fri, Mar 13, 2009 at 10:01 AM, Miller Bonnie L. >> <mille...@mukilteo.wednet.edu> wrote: >>> It sounds like the computer account password on the dc that is getting the >>> "denied" error is still out of sync--you might try re-syncing it again >>> using netdom.exe and/or nltest.exe since it sounds like you're still within >>> 60 days of the problem first happening. >>> >>> To see who is a GC, open ADS&S, drill down to the server object, and get >>> properties of the NTDS Settings. >>> >>> I think you might have trouble with a straight DCpromo at this point since >>> they already aren't talking to each other. If re-syncing the DC account >>> doesn't work, you'll need to look into using NTDSutil to remove the problem >>> dc. >>> >>> -Bonnie >>> >>> -----Original Message----- >>> From: Michael Reid [mailto:mike...@gmail.com] >>> Sent: Friday, March 13, 2009 6:52 AM >>> To: NT System Admin Issues >>> Subject: Re: Replication stopped, how to get going again? >>> >>> Yes, these servers have been working fine for a year or so. Then a >>> month or so ago they got disconnected. Someone else dealt with that >>> and they reset the computer account password and it started >>> replicating again (didn't get more details than that). >>> >>> I found that link too, but since that it wasn't a recent addition I >>> didn't follow up with it. >>> >>> >>> On Fri, Mar 13, 2009 at 9:44 AM, David Lum <david....@nwea.org> wrote: >>>> Has replication ever worked? Is one of these a new DC? >>>> >>>> Have you Googled that error message? First link takes you here: >>>> http://support.microsoft.com/kb/329860 >>>> David Lum // SYSTEMS ENGINEER >>>> NORTHWEST EVALUATION ASSOCIATION >>>> (Desk) 971.222.1025 // (Cell) 503.267.9764 >>>> -----Original Message----- >>>> From: Michael Reid [mailto:mike...@gmail.com] >>>> Sent: Friday, March 13, 2009 6:40 AM >>>> To: NT System Admin Issues >>>> Subject: Replication stopped, how to get going again? >>>> >>>> We have a 2003 and a 2000 server. Both are Domain controllers (or are >>>> suppose to be). When I go into AD users and computers, the second >>>> server shows up as a DC. When I go into the first server (2003) it >>>> shows it as a member server. >>>> >>>> on the 2003 I get this error: 8453 Replication access was denied. >>>> >>>> Passwords, expiries, etc aren't being replicated. I was thinking of >>>> just re adding the second server to the domain again by DCPROMO'ing >>>> it. However, this wouldn't go well if it's the global catalogue server >>>> I'm assuming. How could I tell which server was made first (the GC)? >>>> >>>> Any other suggestions? >>>> >>>> 'preciate it. >>>> >>>> Michael >>>> >>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>> >>>> >>>> >>>> >>>> >>>> >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
