this post was submitted on 19 Jan 2024
1 points (100.0% liked)

Sysadmin

12 readers
1 users here now

A reddit dedicated to the profession of Computer System Administration.

founded 2 years ago
MODERATORS
[email protected]
1
Two 2003 domain controllers tombstoned. (zerobytes.monster)
submitted 11 months ago by [email protected] to c/[email protected]
0 comments fedilink hide all child comments
 
This is an automated archive.

The original was posted on /r/sysadmin by /u/RW2005 on 2024-01-19 13:14:55+00:00.

I was inherited a mess. I have two domain controllers. They're both on Server 2003.I figured it would be easy...just install a temporary 2012 R2 server and migrate to that first.

When I went to promote the 2012 R2 server to a DC I kept getting an error saying "The wizard cannot access the list of domains in the forest. This error is: The target account name is incorrect." Every time I try to promote I get different random errors saying access denied, etc. I'm guessing this is a replication issue.

I log in to the domain controllers and run a DCDIAG.

Testing server: Default-First-Site-Name\DOMAIN1Starting test: Replications[Replications Check,DOMAIN1] A recent replication attempt failed:From ROOT01 to DOMAIN1Naming Context: DC=DomainDnsZones,DC=domain,DC=localThe replication generated an error (8614):The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.The failure occurred at 2024-01-17 08:55:23.The last success occurred at 2023-09-12 04:59:36.3133 failures have occurred since the last success.

This is the error I get from the DC that DOES NOT have the FSMO roles. I then run another DCDIAG on the DC with FSMO roles and this is what I get.

Testing server: Default-First-Site-Name\ROOT01Starting test: Connectivity......................... ROOT01 passed test ConnectivityDoing primary tests

Testing server: Default-First-Site-Name\ROOT01Starting test: Replications[Replications Check,ROOT01] A recent replication attempt failed:From DOMAIN1 to ROOT01Naming Context: DC=DomainDnsZones,DC=domain,DC=localThe replication generated an error (8614):The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.The failure occurred at 2024-01-17 08:58:25.The last success occurred at 2023-09-12 04:53:49.3040 failures have occurred since the last success.

I've been reading online, and what I'm reading is the best thing to do is demote the server that doesn't have the FSMO roles. DOMAIN1 is the DC without the FSMO roles...so would the best thing to do is demote DOMAIN1? Then go ahead and try to promote my 2012 R2 server again.

Thanks in advance.

Edit: And of course I backed up both servers using NT Backup with system state!

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here