+ Post New Thread
Results 1 to 11 of 11
Windows Server 2000/2003 Thread, need some advice urgently failed dc how to stop logons trying to authenticate against in Technical; Hi i have a backup domain controller and it has died how can i stop computers from trying to authenticate ...
  1. #1
    round2it's Avatar
    Join Date
    May 2009
    Location
    UK
    Posts
    991
    Thank Post
    193
    Thanked 143 Times in 101 Posts
    Rep Power
    36

    need some advice urgently failed dc how to stop logons trying to authenticate against

    Hi i have a backup domain controller and it has died how can i stop computers from trying to authenticate from it.

    do i remove the a record from trom dns to stop this or can someone give me an idea of how to stop authentification from this server

    server 2003

  2. #2

    Join Date
    Sep 2006
    Location
    Essex
    Posts
    777
    Thank Post
    1
    Thanked 31 Times in 29 Posts
    Rep Power
    23
    You need to force demote the failed DC

    See the MS articles below for further info.

    http://technet.microsoft.com/en-us/l.../cc535164.aspx

    Forcing the Removal of a Domain Controller: Active Directory
    Last edited by djm968; 12th February 2014 at 11:50 AM.

  3. Thanks to djm968 from:

    round2it (12th February 2014)

  4. #3
    round2it's Avatar
    Join Date
    May 2009
    Location
    UK
    Posts
    991
    Thank Post
    193
    Thanked 143 Times in 101 Posts
    Rep Power
    36
    Thanks for that

    just a few questions


    I have 2 servers one being my main server and the other is a backup domain controller that has dns and dhcp etc

    i can log onto the failed domain controller using activ directory recovery mode

    i should then perform the command

    Dcpromo /forceremoval

    this should not break my existing main domain controller is this correct?

    i will need to perform a metadata cleanup after

    or as i can actually get onto the failed domain controller should i do something different

  5. #4
    round2it's Avatar
    Join Date
    May 2009
    Location
    UK
    Posts
    991
    Thank Post
    193
    Thanked 143 Times in 101 Posts
    Rep Power
    36
    my windows systems are fine its my macs that are throwing a wobbler

  6. #5

    Join Date
    Sep 2006
    Location
    Essex
    Posts
    777
    Thank Post
    1
    Thanked 31 Times in 29 Posts
    Rep Power
    23
    This depends on what state the DC is in. If you can log onto the failed DC then I would try demoting this DC and removing active directory first.

    See the article below.
    Demote a domain controller: Active Directory

    If you are able to successfully demote the failed DC, you shouldn't need to perform any metadata clean-up this is only usually required if the DC has failed and is not accessible.
    You MUST also ensure that you transfer all FSMO roles and make the other DC the global catalogue.
    The articles I have previously provided will assist you completing the required tasks.

  7. Thanks to djm968 from:

    round2it (12th February 2014)

  8. #6
    round2it's Avatar
    Join Date
    May 2009
    Location
    UK
    Posts
    991
    Thank Post
    193
    Thanked 143 Times in 101 Posts
    Rep Power
    36
    My main server is already the GC

    the failed server was just a backup for the main server as the roles it had are DNS DHCP

    I think i will bite the bullet tomorrow
    Its nice to get the Gotchas out of the way thats why I asked

    The macs are funny with DNS im pretty sure it is that

    as i can rebind them and then once they are rebooted the users can not log on........what a pain in the rear i have to rebind again.

    It kinda sucks
    thanks again

  9. #7
    round2it's Avatar
    Join Date
    May 2009
    Location
    UK
    Posts
    991
    Thank Post
    193
    Thanked 143 Times in 101 Posts
    Rep Power
    36
    just checking before i try and demote the old server
    my main server holds these roles a does this look ok(well it must be otherwise all our windows network would be down face palm moment)


    Schema master SCHOOLSERVER.mydomain.local
    Domain naming master SCHOOLSERVER.mydomain.local
    PDC SCHOOLSERVER.mydomain.local
    RID pool manager SCHOOLSERVER.mydomain.local
    Infrastructure master SCHOOLSERVER.mydomain.local
    The command completed successfully.

    Only thing i could not see was wins role
    Last edited by round2it; 12th February 2014 at 05:00 PM.

  10. #8

    Join Date
    Sep 2006
    Location
    Essex
    Posts
    777
    Thank Post
    1
    Thanked 31 Times in 29 Posts
    Rep Power
    23
    All looks good to me and I agree DNS is probably the root of the MAC issues. Good luck

  11. Thanks to djm968 from:

    round2it (13th February 2014)

  12. #9

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 283 Times in 217 Posts
    Blog Entries
    1
    Rep Power
    175

    need some advice urgently failed dc how to stop logons trying to authenticate...

    I don't know if your .local domain is part of this problem, but I've personally seem that cause a load of other problems with Macs. So much so, now I wouldn't touch a .local domain with a 10 foot pole when it comes to Macs. Been there, done that. Never again.

    That said, you don't have the Macs set to prefer the domain controller that died do you? That is an option and could certainly cause problems. Otherwise, I have never seen Macs have a problem with a missing AD server. Of course, your DNS may be completely stuffed and that could be causing it as well.

    I strongly suggest diving into the console after logon failures (with a local user) and searching for the username that failed to logon. You should learn quite a lot about the cause of the problem that way. And of course, check DNS resolution to your servers.

  13. Thanks to seawolf from:

    round2it (13th February 2014)

  14. #10
    round2it's Avatar
    Join Date
    May 2009
    Location
    UK
    Posts
    991
    Thank Post
    193
    Thanked 143 Times in 101 Posts
    Rep Power
    36
    ok
    ping fqdn and ip on the mac client both resolve

    did dcdiag and only errors are from replication this is expected due to dead server. cant demote failed server through recovery mode so i need to clean meta data and stop replication of dns

  15. #11
    round2it's Avatar
    Join Date
    May 2009
    Location
    UK
    Posts
    991
    Thank Post
    193
    Thanked 143 Times in 101 Posts
    Rep Power
    36
    Thanks for your help. The old server is no more.

    Still have a few dns issues that im working on but the macs are working again.

SHARE:
+ Post New Thread

Similar Threads

  1. Crashed My Car -- Need some advice.
    By Robot in forum General Chat
    Replies: 6
    Last Post: 14th January 2010, 02:36 PM
  2. Heading to BETT? We need some advice.
    By Vanti in forum BETT 2014
    Replies: 23
    Last Post: 11th January 2010, 10:07 PM
  3. [Joke] I Need Some Advice: A Friend of mine has said...
    By DaveP in forum Jokes/Interweb Things
    Replies: 9
    Last Post: 18th December 2009, 10:44 AM
  4. Not school related need some advice for my home site
    By edie209 in forum Web Development
    Replies: 4
    Last Post: 22nd August 2007, 03:28 PM
  5. Replies: 14
    Last Post: 7th September 2006, 01:14 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •