G
Guest
Hey all,
Im at my witts end with a problem involving domain control replacement.
Heres what happened:
About a month ago, a domain controller in my network went to the great
computer god in the sky (hardware failure). So, since I could not demote it,
I used the ntdsutil and removed it from AD. I waited a good day for
everything to converge and replicate everywhere. I checked to see if there
were any lingering issues with that domain controller on ANY of my other DCs.
Everthing looked good.
So, i bought a new server.
-made it a member with a completely different name.
-waited for it to appear in all my DCs in the COMPUTERS contained in my
domain (one forrest, two domains btw).
-then made it a DC via dcpromo.
-Made it a DNS server secondary to the master.
-Made it a wins server to help out the old 98 machines.
-it made some automatic links in the NTDS settings under SITES AND SERVICES
to a couple of the DCs. It put the server in the right site based on its IP
as well.
-I waited again for this to all converge (waited a day).
-made it a global catalog
Everything looked good.
Heres where the prob started:
No user at that site can log in. It keeps giving me "your password is
incorrect" or "no domain server avail for your site" etc... Its DHCP service
is handin gout IPs fine. I look in my DC that is handle most of my FSMO roles
and it shows that the DC in question is having some problems.
Errors in the event log of the NEW DC are:
EVENT ID 1000 Userenv
Windows cannot access the file gpt.ini for GPO The file must be present at
the location <>. (). Group Policy processing aborted.
and
EVENT ID 1000 Userenv
Windows cannot query for the list of Group Policy objects . A message that
describes the reason for this was previously logged by this policy engine.
Also, when i goto my main DC, the one that handles my fsmo roles, i cant use
the SNAP in to connect to any options (such as the event viewer, or say
services) on the new DC. But, if I go to a completely diff DC, I can look at
it fine.
I just demoted it to a member server. It has a SAM entry and look s fine
(other than i cant connect to any of the features through the MMC on another
DC).
It also shows this EVENT ID:
EVENT ID SAM 12296
The SAM database attempted to clear the directory C:\WINNT\NTDS in order to
remove files that were once used by the Directory Service. The error is in
record data. Please have an admin delete these files.
any help greatly appreciated.
Im at my witts end with a problem involving domain control replacement.
Heres what happened:
About a month ago, a domain controller in my network went to the great
computer god in the sky (hardware failure). So, since I could not demote it,
I used the ntdsutil and removed it from AD. I waited a good day for
everything to converge and replicate everywhere. I checked to see if there
were any lingering issues with that domain controller on ANY of my other DCs.
Everthing looked good.
So, i bought a new server.
-made it a member with a completely different name.
-waited for it to appear in all my DCs in the COMPUTERS contained in my
domain (one forrest, two domains btw).
-then made it a DC via dcpromo.
-Made it a DNS server secondary to the master.
-Made it a wins server to help out the old 98 machines.
-it made some automatic links in the NTDS settings under SITES AND SERVICES
to a couple of the DCs. It put the server in the right site based on its IP
as well.
-I waited again for this to all converge (waited a day).
-made it a global catalog
Everything looked good.
Heres where the prob started:
No user at that site can log in. It keeps giving me "your password is
incorrect" or "no domain server avail for your site" etc... Its DHCP service
is handin gout IPs fine. I look in my DC that is handle most of my FSMO roles
and it shows that the DC in question is having some problems.
Errors in the event log of the NEW DC are:
EVENT ID 1000 Userenv
Windows cannot access the file gpt.ini for GPO The file must be present at
the location <>. (). Group Policy processing aborted.
and
EVENT ID 1000 Userenv
Windows cannot query for the list of Group Policy objects . A message that
describes the reason for this was previously logged by this policy engine.
Also, when i goto my main DC, the one that handles my fsmo roles, i cant use
the SNAP in to connect to any options (such as the event viewer, or say
services) on the new DC. But, if I go to a completely diff DC, I can look at
it fine.
I just demoted it to a member server. It has a SAM entry and look s fine
(other than i cant connect to any of the features through the MMC on another
DC).
It also shows this EVENT ID:
EVENT ID SAM 12296
The SAM database attempted to clear the directory C:\WINNT\NTDS in order to
remove files that were once used by the Directory Service. The error is in
record data. Please have an admin delete these files.
any help greatly appreciated.
C_Name /f:c:\dcdiag.log