Jump to content
Forum²

Recommended Posts

Posted

Sorry for my "short" reply before! I was rushing off to pick up my wife and didn't take time to type a lot!

 

Here's the output fir the current server name: big-rig (same as old DC name)

 

wtbhome\BIG-RIG2

DSA Options: IS_GC 

Site Options: (none)

DSA object GUID: 63fa3998-2396-4450-b046-a8ceb3bf85dc

DSA invocationID: 67c6ff80-efaf-447b-993e-68874af2d24a





==== KCC CONNECTION OBJECTS ============================================



 

And now for the name of the server when I installed it: big-rig2 (before the rename)

 

wtbhome\BIG-RIG2

DSA Options: IS_GC 

Site Options: (none)

DSA object GUID: 63fa3998-2396-4450-b046-a8ceb3bf85dc

DSA invocationID: 67c6ff80-efaf-447b-993e-68874af2d24a





==== KCC CONNECTION OBJECTS ============================================



 

Thank you SO much for your help!

 

I also posted questions on the MS server forums and all I've gotten was admonishments of "why didn't you try it in a lab environment first." You're the only person that has even attempted to take on the challenge of "saving" my server. I am very grateful for that because it will probably save me work in the long run, but most importantly, I will learn WAY more by recovering from this disaster than doing things "by the book" with a re-install.

  • Replies 105
  • Created
  • Last Reply

Top Posters In This Topic

Posted

I had the same problem with official microsoft's forum... they give you links and link and links... but not a solution...

 

Anyway...

 

Maybe I found something interesting from what you just posted.

 

Open Active Directory Sites and Services, expand Sites > Servers. Can you see the old server there? If yes, if you expand it, is there a "NTDS Settings"?

 

Now expand the new DC, right click on NTDS and select properties. Make sure that GLOBAL CATALOG is checked, if not check it and restart your DC. Then click Connections (the next tab) and tell me if you see something under REPLICATE FROM / TO.

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

That failed. :wallbash:

 

The Active Directory Sites And Services fails to open properly. I get an error dialog as follows:

 

Title - Active Directory Domain Services

Message - Naming information cannot be located because:

The interface is unknown

Contact your system administrator to verify that your domain is properly configured and currently online.

 

Think my server is really :sick:

Posted

I had this problem too.

 

Open the Broadcom Advanced Control Suite and DISABLE IPv4 Large Send Offload.

 

Let me know if this solve your problem too.

 

 

Just to sure, can you post the output of "ipconfig /all"

 

thanks

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

Disabled the ... "Large send offload" and still the same problem.

 

Here's my ipconfig /all output AFTER disabling the setting:

 


Windows IP Configuration

Host Name . . . . . . . . . . . . : big-rig
Primary Dns Suffix . . . . . . . : wtbhome.net
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : wtbhome.net

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : BC-AE-C5-29-2C-12
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : fd47:dced:df9d:5a5f::1(Preferred) 
Link-local IPv6 Address . . . . . : fe80::2873:578:ce44:eac9%11(Preferred) 
IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred) 
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 247246533
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-2C-43-33-BC-AE-C5-29-2C-12
DNS Servers . . . . . . . . . . . : ::1
127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{9E9F4615-1412-4E0A-AB1D-005BCDF16A41}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:8a4:1c0e:3f57:fffd(Preferred) 
Link-local IPv6 Address . . . . . : fe80::8a4:1c0e:3f57:fffd%15(Preferred) 
Default Gateway . . . . . . . . . : 
NetBIOS over Tcpip. . . . . . . . : Disabled

Posted

Ehi, wait a minute...

 

Your DC should be named BIG-RIG2 not BIG-RIG, right?

 

If this is right I must know WHEN you renamed the DC (after / before the promotion?)

 

Anyway, if you don't use IPv6 remove it. As said before your migration, you could have troubles migrating from 2k3 to 2k8 with ipv6 enabled, but this is another story.

 

 

After you disabled that option, did you restarted the server?

  • Like 1

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

The DC should now be named big-rig. It was previously named big-rig2. I renamed it after I demoted the old server. (The old server was named big-rig and I renamed it to big-rigx after demotion and before renaming the new one to big-rig)

 

I will disable IPv6 on the server.

 

I did not reboot the server after disabling the option. I didn't think I would need to since it reset the adapter. But I guess I may be wrong there. I'll give it a try rebooting after I disable IPv6

Posted

The DC should now be named big-rig. It was previously named big-rig2. I renamed it after I demoted the old server. (The old server was named big-rig and I renamed it to big-rigx after demotion and before renaming the new one to big-rig)

 

Ok, that means I think I've found your problem but I have to think about a solution.

 

If you look at the output of DCDIAG, you can see that many test have been made to BIG-RIG2, which actually doesn't exist... but in some way it just passed tests.

 

Now I'm going to read your output once again trying to understand where is the problem.

 

Of course we need to be able to access Domain and Trusts snap-in, I don't know if there's a way to do the same thing from command line.

 

I'll wait for your restart, then I hope I can find a solution...

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

Mhhhhh can you please run these commands?

 

(from a workstation)

 

ipconfig /flushdns

ping big-rig

ping big-rig2

ipconfig /displaydns

 

Post results.

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

Results of the tests. Interestingly the server is responding to both names!

 

C:\Users\tborland.WTBHOME>ipconfig /flushdns

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

C:\Users\tborland.WTBHOME>ping big-rig

 

Pinging big-rig.wtbhome.net [192.168.0.2] with 32 bytes of data:

Reply from 192.168.0.2: bytes=32 time

Posted

Results of the tests. Interestingly the server is responding to both names!

 

That's ok :)

 

So... now I've found the problem... but actually I'm not sure about the solution.

 

The problem is the renaming of your DC made before the migration. As you can see, both BIG-RIG and BIG-RIG2 are responding from the same IP.

 

I *THINK* that the problem is when a DC operation is performed, the DNS resolve both big-rig & big-rig2 correctly, but the operation cannot be completed due to the same IP.

 

 

I tought about 2 solutions, but I AM REALLY NOT SURE ABOUT CONSEQUENCES you may have.

 

1) rename your DC from big-rig to big-rig2

2) Follow this procedure:

Transfer FSMO roles

To transfer the FSMO roles by using the Ntdsutil utility, follow these steps:

Log on to a Windows 2000 Server-based or Windows Server 2003-based member computer or domain controller that is located in the forest where FSMO roles are being transferred. We recommend that you log on to the domain controller that you are assigning FSMO roles to. The logged-on user should be a member of the Enterprise Administrators group to transfer Schema master or Domain naming master roles, or a member of the Domain Administrators group of the domain where the PDC emulator, RID master and the Infrastructure master roles are being transferred.

Click Start, click Run, type ntdsutil in the Open box, and then click OK.

Type roles, and then press ENTER.

 

Note To see a list of available commands at any one of the prompts in the Ntdsutil utility, type ?, and then press ENTER.

Type connections, and then press ENTER.

Type connect to server servername, and then press ENTER, where servername is the name of the domain controller you want to assign the FSMO role to.

At the server connections prompt, type q, and then press ENTER.

Type transfer role, where role is the role that you want to transfer. For a list of roles that you can transfer, type ? at the fsmo maintenance prompt, and then press ENTER, or see the list of roles at the start of this article. For example, to transfer the RID master role, type transfer rid master. The one exception is for the PDC emulator role, whose syntax is transfer pdc, not transfer pdc emulator.

At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the ntdsutil prompt. Type q, and then press ENTER to quit the Ntdsutil utility.

 

Taken from http://support.microsoft.com/kb/255504/en-us

 

 

Sorry, but I can't test this scenario... but if you wanna try, start with the second option (transfer FSMO roles) first, which should be the safest one.

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

I FINALLY had some time to give this a try and it did not seem to work.

 

I only tried method 2 that you mentioned because you thought it was the safest. After trying to transfer the roles, I ran dcdiag.exe and I see that big-rig2 is still being referenced for many things.

 

Do you think I should try seizing roles or shold I rename the server back to big-rig2 and then try using the NETDOM method to name the server back to big-rig? Although at this poing, if things get happy with the server named back to big-rig2, I'll be more than happy to change all of the network share references! (Way less work than completely rebuilding the server!)

Posted

I FINALLY had some time to give this a try and it did not seem to work.

 

I only tried method 2 that you mentioned because you thought it was the safest. After trying to transfer the roles, I ran dcdiag.exe and I see that big-rig2 is still being referenced for many things.

 

Do you think I should try seizing roles or shold I rename the server back to big-rig2 and then try using the NETDOM method to name the server back to big-rig? Although at this poing, if things get happy with the server named back to big-rig2, I'll be more than happy to change all of the network share references! (Way less work than completely rebuilding the server!)

 

I really cannot tell you what can happens by renaming the DC...

 

I think that you could try seizing roles... and just after that... try the rename... Actually I don't know what can happen...

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

OK, intersting behavior by the server.....

 

I tried seizing the FSMO roles over to BIG-RIG and every one of them reported that seizure was not necessary and that they were transferred properly. However, when I run dcdiag, BIG-RIG2 is still showing up as it did before.

 

So, next I attempted a rename using the computer properties and that failed with an error "The specified domain either does not exist or could not be contacted" I then tried the NETDOM mathod as well and it failed with the same error.

 

So, it looks like I'll have to completely rebuild the server from scratch, unless you can come up with a great idea.

 

If I'm going to do the rebuild I was wondering if you could recommend any good reading on how I should set it up to avoid any problems down the line. One area where I'm not really certain is in the DNS configuration. I should also probably read up on AD configuration and DHCP configuration.

 

I also heard on the MS forums that there is a way to re-build the server and to not have to recreate the user accounts. (Export then import or something like that.) Given the source I wanted to ask you, since I've gotten some marginal advice from the MS forums before.

 

Thanks SO much! (Earliest I'll get to rebuilding the Server will be this Saturday. It also depends on how much reasing you give me to do! ;) )

Posted

OK, intersting behavior by the server.....

 

I tried seizing the FSMO roles over to BIG-RIG and every one of them reported that seizure was not necessary and that they were transferred properly. However, when I run dcdiag, BIG-RIG2 is still showing up as it did before.

 

So, next I attempted a rename using the computer properties and that failed with an error "The specified domain either does not exist or could not be contacted" I then tried the NETDOM mathod as well and it failed with the same error.

 

So, it looks like I'll have to completely rebuild the server from scratch, unless you can come up with a great idea.

 

If I'm going to do the rebuild I was wondering if you could recommend any good reading on how I should set it up to avoid any problems down the line. One area where I'm not really certain is in the DNS configuration. I should also probably read up on AD configuration and DHCP configuration.

 

I also heard on the MS forums that there is a way to re-build the server and to not have to recreate the user accounts. (Export then import or something like that.) Given the source I wanted to ask you, since I've gotten some marginal advice from the MS forums before.

 

Thanks SO much! (Earliest I'll get to rebuilding the Server will be this Saturday. It also depends on how much reasing you give me to do! ;) )

 

 

I just need the last attempt... pleeeeeease :)

 

Open this file: C:\Windows\system32\drivers\etc\hosts

 

you should see only the localhost, add these lines:

 

192.168.0.2 big-rig wtbhome.net

 

Then retry with rename.

 

 

After this we could look at the clean install, anyway we have to pay attention by importing DNS, I think the best way is to create a new DNS service (I don't think you have thousand of names...), regarding AD it's quite easy, look at these document:

http://technet.microsoft.com/en-us/library/cc771290(WS.10).aspx

 

 

I really suggest you to WAIT before doing a clean install, now the situation is working in some way and I think we could come to a solution... . Anyway, if you want to do it, try first a simpler way before:

 

Install a new server (let big-rig / 2 up and running).

Choose a name and NEVER change it :P (don't call it big-rig or big-rig2!!!)

Add that server in domain and, when asked, choose that it will be part of an existing domain, then make it as a global catalogue.

Once you are finished, wait until replication has been completed, you will have all your objects in the new DC. Now you can demote the big-rig / 2 and turn it off.

 

Let me know... we still have time until saturday :)

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

Still no joy, the rename fails with the same error.

 

the line that I added to the hosts file was as follows:

 

192.168.0.2 big-rig.wtbhome.net

 

I also finally disabled IPv6! (Clearing the check mark next to IPv6 was just too obvious for me and it took this long to figure it out!)

 

Possible interesting information from doing Pings on the server.

 

When I ping big-rig.wtbhome.net, big-rig2, or big-rig2.wtbhome.net the server responds on 192.168.0.2 BUT when I ping big-rig, the reply comes from the IPv6 stack (not typing the address here because I assume it's not important) not 192.168.0.2. So when the server is resolving the name for big-rig, it's only finding it on the IPv6 loopback interface.

 

What if I played with the DNS records for big-rig and big-rig2? I looked through the DNS configuration and there are a lot of things that point only to big-rig2. (I tried to do an export, but it's not recursive so I couldn't capture all of it in one file, at least as far as I could tell.)

 

Also thought including the following error might provide some clues, there are lots of them in the event viewer:

 

Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 7062
Date: 4/18/2011
Time: 9:04:18 PM
User: N/A
Computer: big-rig.wtbhome.net
Description:
The DNS server encountered a packet addressed to itself on IP address 192.168.0.2. The packet is for the DNS name "178.20.50.208.in-addr.arpa.". The packet will be discarded. This condition usually indicates a configuration error. 

Check the following areas for possible self-send configuration errors: 
1) Forwarders list. (DNS servers should not forward to themselves). 
2) Master lists of secondary zones. 
3) Notify lists of primary zones. 
4) Delegations of subzones. Must not contain NS record for this DNS server unless subzone is also on this server. 
5) Root hints. 

Example of self-delegation: 
-> This DNS server dns1.example.microsoft.com is the primary for the zone example.microsoft.com. 
-> The example.microsoft.com zone contains a delegation of bar.example.microsoft.com to dns1.example.microsoft.com, 
(bar.example.microsoft.com NS dns1.example.microsoft.com) 
-> BUT the bar.example.microsoft.com zone is NOT on this server. 

Note, you should make this delegation check (with nslookup or DNS manager) both on this DNS server and on the server(s) you delegated the subzone to. It is possible that the delegation was done correctly, but that the primary DNS for the subzone, has any incorrect NS record pointing back at this server. If this incorrect NS record is cached at this server, then the self-send could result. If found, the subzone DNS server admin should remove the offending NS record. 

You can use the DNS server debug logging facility to track down the cause of this problem.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 50 25 00 00 P%.. 

 

Another thing that I noticed is that there is a forwarder in the list for 192.168.0.2 big-rig.wtbhome.net. Thet does not seem right to me, but being a novice didn't want to muck about with it.

Posted

Can you remember when I told you to disable the ipv6 before migration? eheheh

 

Problems are two: error in name (big-rig / big-rig2) and IPv6.

 

big-rig2 and big-rig2.wtbhome.net are the same thing, big-rig sounds like an Alias.

 

To export dns entries use the command prompt and type:

 

dnscmd

 

I know we can find a solution :)

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

Yeah, Oops on the IPv6!

 

Here is the export of my DNS configuration:

 

;
; Database file (null) for wtbhome.net zone.
; Zone version: 5608
;

@ IN SOA big-rig.wtbhome.net. admin.wtbhome.net. (
5608 ; serial number
900 ; refresh
600 ; retry
86400 ; expire
3600 ) ; default TTL

;
; Zone NS records
;

@ NS big-rig.wtbhome.net.
@ NS somewhere-hot.wtbhome.net.

;
; Zone records
;

@ 600 A 192.168.0.2
@ 600 AAAA fd47:dced:df9d:5a5f::1
63fa3998-2396-4450-b046-a8ceb3bf85dc._msdcs 600 CNAME big-rig2.wtbhome.net.
_kerberos._tcp.wtbhome._sites.dc._msdcs 600 SRV 0 100 88 big-rig2.wtbhome.net.
_ldap._tcp.wtbhome._sites.dc._msdcs 600 SRV 0 100 389 big-rig2.wtbhome.net.
_kerberos._tcp.dc._msdcs 600 SRV 0 100 88 big-rig2.wtbhome.net.
_ldap._tcp.dc._msdcs 600 SRV 0 100 389 big-rig2.wtbhome.net.
_ldap._tcp.d170d4c1-dda7-4565-b23c-024adc8e5aa9.domains._msdcs 600 SRV 0 100 389 big-rig2.wtbhome.net.
gc._msdcs 600 A 192.168.0.100
600 A 192.168.0.2
600 AAAA fd47:dced:df9d:5a5f::1
_ldap._tcp.wtbhome._sites.gc._msdcs 600 SRV 0 100 3268 big-rig2.wtbhome.net.
_ldap._tcp.gc._msdcs 600 SRV 0 100 3268 big-rig2.wtbhome.net.
_ldap._tcp.pdc._msdcs 600 SRV 0 100 389 big-rig2.wtbhome.net.
_gc._tcp.wtbhome._sites 600 SRV 0 100 3268 big-rig2.wtbhome.net.
_kerberos._tcp.wtbhome._sites 600 SRV 0 100 88 big-rig2.wtbhome.net.
_ldap._tcp.wtbhome._sites 600 SRV 0 100 389 big-rig2.wtbhome.net.
_gc._tcp 600 SRV 0 100 3268 big-rig2.wtbhome.net.
_kerberos._tcp 600 SRV 0 100 88 big-rig2.wtbhome.net.
_kpasswd._tcp 600 SRV 0 100 464 big-rig2.wtbhome.net.
_ldap._tcp 600 SRV 0 100 389 big-rig2.wtbhome.net.
_kerberos._udp 600 SRV 0 100 88 big-rig2.wtbhome.net.
_kpasswd._udp 600 SRV 0 100 464 big-rig2.wtbhome.net.
apocalypso 1200 A 192.168.0.68
ATMRACK 1200 A 192.168.0.54
BankOfBadHabits 1200 A 192.168.0.53
big-rig2 A 192.168.0.2
AAAA fd47:dced:df9d:5a5f::1
big-rigx 1200 A 192.168.0.7
CHGSINLATTITUDE 1200 A 192.168.0.55
DomainDnsZones 600 A 192.168.0.2
600 AAAA fd47:dced:df9d:5a5f::1
_ldap._tcp.wtbhome._sites.DomainDnsZones 600 SRV 0 100 389 big-rig2.wtbhome.net.
600 SRV 0 100 389 big-rig.wtbhome.net.
_ldap._tcp.DomainDnsZones 600 SRV 0 100 389 big-rig2.wtbhome.net.
600 SRV 0 100 389 big-rig.wtbhome.net.
ForestDnsZones 600 A 192.168.0.2
600 AAAA fd47:dced:df9d:5a5f::1
_ldap._tcp.wtbhome._sites.ForestDnsZones 600 SRV 0 100 389 big-rig2.wtbhome.net.
600 SRV 0 100 389 big-rig.wtbhome.net.
_ldap._tcp.ForestDnsZones 600 SRV 0 100 389 big-rig.wtbhome.net.
600 SRV 0 100 389 big-rig2.wtbhome.net.
JamaciaMistaka 1200 A 192.168.0.54
mame-cabinet 1200 A 192.168.0.57
mamecab 1200 A 192.168.0.69
mamestation 1200 A 192.168.0.59
Margaritaville 1200 A 192.168.0.54
miss-magic 1200 A 192.168.0.57
missmagic 1200 A 192.168.0.51
overkill 1200 A 192.168.0.55
virtoverkill 1200 A 192.168.0.69
WIN7TEST-PC 1200 A 192.168.131.66

Posted

Comment out (put the ";" at the beginning) all the lines with BIG-RIG2 and substitute them with big rig.

 

For example:

 

; _ldap._tcp.wtbhome._sites.gc._msdcs 600 SRV 0 100 3268 big-rig2.wtbhome.net.

_ldap._tcp.wtbhome._sites.gc._msdcs 600 SRV 0 100 3268 big-rig.wtbhome.net.

 

Flush cache and retry.

 

(Give it some time...)

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

Comment out (put the ";" at the beginning) all the lines with BIG-RIG2 and substitute them with big rig.

 

For example:

 

; _ldap._tcp.wtbhome._sites.gc._msdcs 600 SRV 0 100 3268 big-rig2.wtbhome.net.

_ldap._tcp.wtbhome._sites.gc._msdcs 600 SRV 0 100 3268 big-rig.wtbhome.net.

 

Flush cache and retry.

 

(Give it some time...)

 

So not 100% sure how to do this. (I got the file edited properly.) But not sure if the file needs to be imported or what. (I created the file using "dnscmd localhost /zoneexport wtbhome.net dns.txt") I did move the file out of c:\WIndows\system32\dns

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...