Read his blog post regarding this here
My previous network was an RM network.... I've never had to use sysprep before! If anyone has a guide for Sysprep beyond the microsoft KB article which is conjested, and not overly explanatory I'd appreciate it. I have 3 new laptops that arrived last week I can do a FULL new setup on the way I like it
Read his blog post regarding this here
The time isnt different on the DC's is it? i know this can cause problems with replications, just an idea before digging into things to deep.
It won't do any harm trying the newsid - it's on the Admin Bar below btw if you can't find a link. I still use it when Ghosting and using forget to sysprep - old habits die hard as they say....
I find it hard to believe that software was just created to resolve an issue that doesn't exist, wouldn't you research the issue before writing the software? I can only assume this was done, and they wrote the software to combat this.
Alot of sysinternals stuff has been "cleared up" by Microsoft. I remember watching a speech from the last DEF CON Conference how and why these tools were bought up
I still Sysprep machines, plus it's great when deploying an image. I always specify the computer name manually, but then it joins the domain automatically, then restarts ready to use. It saves a lot of time!
The retirement of NewSid is down to the fact that after investigation, Mark Russinovich found that there was no case where two machine machines having the same SID caused any issues.
If you read all the comments under the blog you will see one by one peoples concerns about different scenarios are addressed .
Just wondering what the outcome was of the server re-boots......!!
The reason that NewSID is being (has been?) discontinued is because it's not necessary - Mark Russinovich (who write NewSID) has a blog post about this - Mark's Blog : The Machine SID Duplication Myth
Given that replication isn't working properly between the 2 DCs I think you need to establish which of the DCs are holding which FSMO roles. Move them all to the machine you want to be "correct" and once that's done wait an hour or so for things to settle down (not needed if the FSMO roles are all on your main DC)
Once you've got that sorted, run dcpromo on the other server; this will stop it being a DC and leave the first server as the only DC. That may fix all the problems - if machines are trying to authenticate against DC2 but for some reason it's not being found or its database is not in sync then moving to a single DC will fix the problems.
Check that your one DC points to itself for DNS - the network card properties MUST NOT refer to any DNS other than itself (you resolve external names by setting the DNS service itself to either use root hints or to forward to your ISP DNS). Do another dcdiag - you may well still see frs errors but check the times - they should be before you wiped the other DC settings (nothing to replicate in a single DC setup!)
Once you're confident that your one DC is running OK you can promote the other one. First of all, make sure that it is pointing to your other DC for DNS; again, there must be no reference to external DNS Run dcpromo and follow the prompts to make it a DC in an existing domain.
Finally, check the DHCP settings - again, they must not give out any DNS other than that of your main DC. (It's a really common mistake to have clients getting 2 DNS addresses, one is the internal DNS, the second is external. It looks like a good idea but IT'S WRONG!!) (apologies for shouting; it's just such a common mistake!!)
BJG (26th January 2010)
Just double checking, have you checked your switches (assuming that they are managed ones) to see if there are any excessive broadcasts or loops in your network. Also have you made sure that there aren't any rouge DHCP/DNS servers on your network? Eg external print servers, something along the lines of these that are mis-configured.
There are currently 1 users browsing this thread. (0 members and 1 guests)