Ok, I seized the roles. I mistakenly seized the Infrastructure master role, hopefully that won't be a problem.
So, how do I update the DNS which is running on the other server, to point login requests to this server? On Sat, Mar 21, 2009 at 9:05 PM, Brian Desmond <[email protected]> wrote: > So the 2000 box needs to be wiped > > As far as the 2003 box, you need to: > > --> Seize any FSMO roles the 2000 box held > --> Do a metadata cleanup and delete the 2000 box > > > Thanks, > Brian Desmond > [email protected] > > c - 312.731.3132 > > > -----Original Message----- > From: Michael Reid [mailto:[email protected]] > Sent: Saturday, March 21, 2009 7:23 PM > To: NT System Admin Issues > Subject: Re: Replication stopped, how to get going again? > > So can you give me some suggestions on how to smoothly tell the 2003 > that it's now the main server and gracefully demote the past primary > server (which is running 2000) > > > On Sat, Mar 14, 2009 at 8:47 PM, Michael Reid <[email protected]> wrote: >> Ok, so is the general concensis that I should attempt to get them >> talking again? If I kill off the 2000 (which isn't too bad since >> although it's the primary (so to speak), it's only being used as a >> file server. >> >> If it's best to do this, how do I hand the reins to my 2003 and >> gracefully get the 2000 out of the domain. Re adding it doesn't look >> to be a problem really as long as the 2003 will let it come back. >> >> >> >> >> On Fri, Mar 13, 2009 at 3:00 PM, Brian Desmond <[email protected]> >> wrote: >>> OK so at this point this box needs to be wiped. 2000 can't be forcibly >>> demoted without some funny business which I'm not going to document on this >>> DL, so, wipe the box, and then do a metadata cleanup of the now wiped DC. >>> You can repromote it after you rebuild it. This isn't a reparable >>> situation... >>> >>> >>> >>> Thanks, >>> Brian Desmond >>> [email protected] >>> >>> c - 312.731.3132 >>> >>> Active Directory, 4th Ed - http://www.briandesmond.com/ad4/ >>> Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian >>> >>> >>> -----Original Message----- >>> From: Free, Bob [mailto:[email protected]] >>> Sent: Friday, March 13, 2009 11:01 AM >>> To: NT System Admin Issues >>> Subject: RE: Replication stopped, how to get going again? >>> >>> Yea I started reading this thread did some quick math in my head and >>> screaming to myself tombstone lifetime, don't let it replicate! >>> >>> -----Original Message----- >>> From: David Lum [mailto:[email protected]] >>> Sent: Friday, March 13, 2009 7:51 AM >>> To: NT System Admin Issues >>> Subject: RE: Replication stopped, how to get going again? >>> >>> Um...296635 minutes is about 205 days, it's been broken a long, long >>> time.... >>> >>> -----Original Message----- >>> From: Michael Reid [mailto:[email protected]] >>> Sent: Friday, March 13, 2009 7:38 AM >>> To: NT System Admin Issues >>> Subject: Re: Replication stopped, how to get going again? >>> >>> Darn it! I checked the NTDS setting and it's the 2000 server that is >>> the first server. So now I'm lost on who has lost contact with whome. >>> >>> So to sum up at this point: >>> >>> Server REMS...2003 that has the error in the event log is NOT the GC >>> for the domain >>> Server MAIN...2000 is the GC for the domain and is not getting >>> different items in the event log but no errors. Most relevant is this: >>> >>> "The Directory Service consistency checker has noticed that 7405 >>> successive replication attempts with CN=NTDS >>> Settings,CN=REMS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=crystalhomes,DC=com >>> have failed over a period of 296635 minutes. The connection object >>> for this server will be kept in place, and new temporary connections >>> will established to ensure that replication continues. The Directory >>> Service will continue to retry replication with CN=NTDS >>> Settings,CN=REMS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=crystalhomes,DC=com; >>> once successful the temporary connection will be removed. "" >>> >>> >>> >>> On Fri, Mar 13, 2009 at 10:01 AM, Miller Bonnie L. >>> <[email protected]> wrote: >>>> It sounds like the computer account password on the dc that is getting the >>>> "denied" error is still out of sync--you might try re-syncing it again >>>> using netdom.exe and/or nltest.exe since it sounds like you're still >>>> within 60 days of the problem first happening. >>>> >>>> To see who is a GC, open ADS&S, drill down to the server object, and get >>>> properties of the NTDS Settings. >>>> >>>> I think you might have trouble with a straight DCpromo at this point since >>>> they already aren't talking to each other. If re-syncing the DC account >>>> doesn't work, you'll need to look into using NTDSutil to remove the >>>> problem dc. >>>> >>>> -Bonnie >>>> >>>> -----Original Message----- >>>> From: Michael Reid [mailto:[email protected]] >>>> Sent: Friday, March 13, 2009 6:52 AM >>>> To: NT System Admin Issues >>>> Subject: Re: Replication stopped, how to get going again? >>>> >>>> Yes, these servers have been working fine for a year or so. Then a >>>> month or so ago they got disconnected. Someone else dealt with that >>>> and they reset the computer account password and it started >>>> replicating again (didn't get more details than that). >>>> >>>> I found that link too, but since that it wasn't a recent addition I >>>> didn't follow up with it. >>>> >>>> >>>> On Fri, Mar 13, 2009 at 9:44 AM, David Lum <[email protected]> wrote: >>>>> Has replication ever worked? Is one of these a new DC? >>>>> >>>>> Have you Googled that error message? First link takes you here: >>>>> http://support.microsoft.com/kb/329860 >>>>> David Lum // SYSTEMS ENGINEER >>>>> NORTHWEST EVALUATION ASSOCIATION >>>>> (Desk) 971.222.1025 // (Cell) 503.267.9764 >>>>> -----Original Message----- >>>>> From: Michael Reid [mailto:[email protected]] >>>>> Sent: Friday, March 13, 2009 6:40 AM >>>>> To: NT System Admin Issues >>>>> Subject: Replication stopped, how to get going again? >>>>> >>>>> We have a 2003 and a 2000 server. Both are Domain controllers (or are >>>>> suppose to be). When I go into AD users and computers, the second >>>>> server shows up as a DC. When I go into the first server (2003) it >>>>> shows it as a member server. >>>>> >>>>> on the 2003 I get this error: 8453 Replication access was denied. >>>>> >>>>> Passwords, expiries, etc aren't being replicated. I was thinking of >>>>> just re adding the second server to the domain again by DCPROMO'ing >>>>> it. However, this wouldn't go well if it's the global catalogue server >>>>> I'm assuming. How could I tell which server was made first (the GC)? >>>>> >>>>> Any other suggestions? >>>>> >>>>> 'preciate it. >>>>> >>>>> Michael >>>>> >>>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>> >>>> >>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>> >>>> >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> >>> >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
