dcpromo errors...

  • Thread starter Thread starter DCBuller
  • Start date Start date
D

DCBuller

I'm trying to DEMOTE a Win2K DC that can't be wiped clean. I've
isolated the domain, so the DC is the only controller in the forest. I
intend to reduce the DC to a WORKGROUP server and start over, without
bringing it offline for more than rebooting when neccessary. I've had
DAT tape errors, so my backups are unreliable. I've preped it for
inclusion in a Win2K3 domain too. I had to seize the Operations Master
role, and the RID from this machine to save another one.

It's too late to turn back.

I've studid the problem at length, but I've been whipped by dcpromo's
strict adherance to policy - you wouldn't think Active Directory Rules
would be so important when your trying to remove it all together. :)

What I've determined is SYSVOL and NETLOGON share are missing, there
appears to be no GC, DNS is working, but dcpromo's calls to
DcGetDcName() fail w/error 1355 consistantly.

I've worked my way through KB articles 257338, 283133, 250454, 250545,
and many others.

ALL I NEED TO DO IS REMOVE AD FROM THE LAST DC in a forest.

I'm getting swamped with other tasks...

Any help would be greatly appriciated.

Thanks!


C:\>netdiag /fix

.....................................

Computer Name: ITHICA
DNS Host Name: ithica.auburn.softspec.org
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 15 Model 2 Stepping 7, GenuineIntel
List of installed hotfixes :
KB822831
KB823559
KB823980
KB824105
Q147222
Q816093
Q818043


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Embedded NIC LAN

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : ithica.auburn.softspec.org
IP Address . . . . . . . . : 192.168.1.60
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.1.1
Dns Servers. . . . . . . . : 192.168.1.60


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Adapter : Add-On NIC WAN

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : ithica.dev.auburn.softspec.org
IP Address . . . . . . . . : 192.168.2.50
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . :
Dns Servers. . . . . . . . : 192.168.1.60

IpConfig results . . . . . : Passed

AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed
No remote names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Failed
[WARNING] Ths system volume has not been completely replicated to
the local machine. This machine is not working properly as a DC.


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{5AC1E3C5-662B-48F4-9A98-DC1A9B3B3EEC}
NetBT_Tcpip_{C5DB5B95-6F0B-4AD5-B035-46F633CF0E18}
2 NetBt transports currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[FATAL]: The DNS registration for
'ithica.auburn.softspec.org' is incorrect on all DNS servers.
PASS - All the DNS entries for DC are registered on DNS server
'192.168.1.60' and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{5AC1E3C5-662B-48F4-9A98-DC1A9B3B3EEC}
NetBT_Tcpip_{C5DB5B95-6F0B-4AD5-B035-46F633CF0E18}
The redir is bound to 2 NetBt transports.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{C5DB5B95-6F0B-4AD5-B035-46F633CF0E18}
NetBT_Tcpip_{5AC1E3C5-662B-48F4-9A98-DC1A9B3B3EEC}
The browser is bound to 2 NetBt transports.


DC discovery test. . . . . . . . . : Failed
[FATAL] Cannot find DC in domain 'AUBURN'.
[ERROR_NO_SUCH_DOMAIN]


DC list test . . . . . . . . . . . : Failed
'AUBURN': Cannot find DC to get DC list from [test skipped].


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Skipped
'AUBURN': Cannot find DC to get DC list from [test skipped].


LDAP test. . . . . . . . . . . . . : Failed
Cannot find DC to run LDAP tests on. The error occurred was: The
specified domain either does not exist or could not be contacted.

[WARNING] Cannot find DC in domain 'AUBURN'.
[ERROR_NO_SUCH_DOMAIN]


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.


The command completed successfully

C:\>dcdiag /s:ithica /v /i /fix /c

DC Diagnosis

Performing initial setup:
* Connecting to directory service on server ithica.
* Collecting site info.
* Identifying all servers.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial non skippeable tests

Testing server: AuburnOffice\ITHICA
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... ITHICA passed test Connectivity

Doing primary tests

Testing server: AuburnOffice\ITHICA
Starting test: Replications
* Replications Check
......................... ITHICA passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=auburn,DC=softspec,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=auburn,DC=softspec,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=auburn,DC=softspec,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... ITHICA passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=auburn,DC=softspec,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,DC=auburn,DC=softspec,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=auburn,DC=softspec,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... ITHICA passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=auburn,DC=softspec,DC=org
* Security Permissions Check for
CN=Configuration,DC=auburn,DC=softspec,DC=org
* Security Permissions Check for
DC=auburn,DC=softspec,DC=org
......................... ITHICA passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... ITHICA passed test NetLogons
Starting test: Advertising
Fatal Error:DsGetDcName (ITHICA) call failed, error 1355
The Locator could not find the server.
......................... ITHICA failed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=ITHICA,CN=Servers,CN=AuburnOffice,CN=Sites,CN=Configuration,DC=auburn,DC=softspec,DC=org
Role Domain Owner = CN=NTDS
Settings,CN=ITHICA,CN=Servers,CN=AuburnOffice,CN=Sites,CN=Configuration,DC=auburn,DC=softspec,DC=org
Role PDC Owner = CN=NTDS
Settings,CN=ITHICA,CN=Servers,CN=AuburnOffice,CN=Sites,CN=Configuration,DC=auburn,DC=softspec,DC=org
Role Rid Owner = CN=NTDS
Settings,CN=ITHICA,CN=Servers,CN=AuburnOffice,CN=Sites,CN=Configuration,DC=auburn,DC=softspec,DC=org
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=ITHICA,CN=Servers,CN=AuburnOffice,CN=Sites,CN=Configuration,DC=auburn,DC=softspec,DC=org
......................... ITHICA passed test
KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 3117 to 1073741823
* ithica.auburn.softspec.org is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1105 to 1604
* rIDNextRID: 1155
* rIDPreviousAllocationPool is 1105 to 1604
......................... ITHICA passed test RidManager
Starting test: MachineAccount
* SPN found
:LDAP/ithica.auburn.softspec.org/auburn.softspec.org
* SPN found :LDAP/ithica.auburn.softspec.org
* SPN found :LDAP/ITHICA
* SPN found :LDAP/ithica.auburn.softspec.org/AUBURN
* SPN found
:LDAP/dd3ef411-eaad-483f-a6f3-70a2790884a9._msdcs.auburn.softspec.org
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/dd3ef411-eaad-483f-a6f3-70a2790884a9/auburn.softspec.org
* SPN found
:HOST/ithica.auburn.softspec.org/auburn.softspec.org
* SPN found :HOST/ithica.auburn.softspec.org
* SPN found :HOST/ITHICA
* SPN found :HOST/ithica.auburn.softspec.org/AUBURN
* SPN found
:GC/ithica.auburn.softspec.org/auburn.softspec.org
......................... ITHICA passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: RPCLOCATOR
* Checking Service: w32time
* Checking Service: TrkWks
* Checking Service: TrkSvr
* Checking Service: NETLOGON
* Checking Service: Dnscache
* Checking Service: NtFrs
......................... ITHICA passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... ITHICA passed test
OutboundSecureChannels
Starting test: ObjectsReplicated
ITHICA is in domain DC=auburn,DC=softspec,DC=org
Checking for CN=ITHICA,OU=Domain
Controllers,DC=auburn,DC=softspec,DC=org in domain
DC=auburn,DC=softspec,DC=org on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=ITHICA,CN=Servers,CN=AuburnOffice,CN=Sites,CN=Configuration,DC=auburn,DC=softspec,DC=org
in domain CN=Configuration,DC
=auburn,DC=softspec,DC=org on 1 servers
Object is up-to-date on all servers.
......................... ITHICA passed test
ObjectsReplicated
Starting test: frssysvol
* The File Replication Service Event log test
Error: No record of File Replication System, SYSVOL started.
The Active Directory may be prevented from starting.
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
An Warning Event occured. EventID: 0x800034FE
Time Generated: 09/10/2003 09:27:36
Event String: File Replication Service is scanning the
data in
the system volume. Computer ITHICA cannot become
a domain controller until this process is
complete. The system volume will then be shared
as SYSVOL.

To check for the SYSVOL share, at the command
prompt, type:
net share

When File Replication Service completes the
scanning process, the SYSVOL share will appear.

The initialization of the system volume can take
some time. The time is dependent on the amount of
data in the system volume.
......................... ITHICA passed test frssysvol
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the
last 15 minutes.
......................... ITHICA passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... ITHICA passed test systemlog

Running enterprise tests on : auburn.softspec.org
Starting test: Intersite
Skipping site AuburnOffice, this site is outside the scope
provided by the command line arguments provided.
......................... auburn.softspec.org passed test
Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error
1355
A Global Catalog Server could not be located - All GC's are
down.
PDC Name: \\ithica.auburn.softspec.org
Locator Flags: 0xe00001fd
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed,
error 1355
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... auburn.softspec.org failed test
FsmoCheck

C:\>nltest /query /dclist:auburn.softspec.org
Flags: 0
Connection Status = 0 0x0 NERR_Success
Cannot find DC to get DC list from.Status = 1355 0x54b
ERROR_NO_SUCH_DOMAIN
The command completed successfully

C:\>nltest /query /dcname:auburn.softspec.org
Flags: 0
Connection Status = 0 0x0 NERR_Success
NetGetDCName failed: Status = 2453 0x995 NERR_DCNotFound


C:\>net share

Share name Resource Remark

-------------------------------------------------------------------------------
R$ R:\ Default share
IPC$ Remote IPC
D$ D:\ Default share
print$ C:\WINNT\System32\spool\drivers Printer Drivers
I$ I:\ Default share
wwwroot$ c:\inetpub\wwwroot Used for file share
access to web
H$ H:\ Default share
E$ E:\ Default share
G$ G:\ Default share
C$ C:\ Default share
ADMIN$ C:\WINNT Remote Admin
F$ F:\ Default share
Apps D:\
Archive G:\
Data F:\
Dev E:\
HPLaserJet4siMX
IP_192.168.1.30 Spooled Turn it off before you
leave.
The command completed successfully.


C:\>
 
If you are at SP4 then run DCpromo /Forceremoval This will remove ad from
this server without talking to any other DC. If there are other DCs in the
forest\Domain then you need to step through article 216498. If you are at
SP3 then request the hotfix for article 332199

ARTICLE LINKS
===============
332199 Using the DCPROMO /FORCEREMOVAL Command to Force the Demotion of
Active
http://support.microsoft.com/?id=332199
216498 HOW TO: Remove Data in Active Directory After an Unsuccessful Domain
http://support.microsoft.com/?id=216498

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Rich,

Thanks for helping us out. I wish I could build more effective
queryies for the knowledge base. You ROCK!

Regards,

DC Buller
 
Back
Top