I have a network with 2 Servers DC01 which is the root DC with everything and then a second DC02 which has AD too
DC01's AD has been corrupted and will now only boot into Directory Services Restore Mode. Tried to restore the system state from backup but to no avail.
Done everything you can with ntdsutil but nothing helps.
AD on DC02 is fine.
How can i repair DC01 without having to repair the network?
Don't know if this will work but could you not transfer the operations master to your DC02 and then replicate the AD back over to DC01 and then re-transfer the operations master control back to DC01. Just a thought
Thats what I would do. If your AD is intact then its less trouble in the long run. You can get alsorts of weird and wonderful things happening froma backup.Originally Posted by bossman
The only time I would attempt to do what you are doing is if it was the only server.
Seize the FSMO roles and go from there.
DC01 will not boot into windows normally, only into Directory Services Restore Mode and DC02 cannot connect to DC01 to sieze the roles
DC02 does not need access to DC01 to seize the roles ... you can force it.
I don't have my Minasi library with me here but I am sure it'll be on Technet somewhere ...
Have a look here for some more info.
Have a look at this article on Seizing FSMO roles
The following link provides information for using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
http://support.microsoft.com/kb/255504
You should also be able to sucessfully recover the active directory on DC01 from a system state backup. The following link willhelp.
Active Directory Operations Guide
I have recovered AD using the procedues listed in the above artical several times with great sucess.
Good luck.
you could dcpromo down and back up again after transferring the fsmo roles this should recover AD. i had this happen and did a system state back up big mistake. so in the end had to seize the fsmo roles from non existant (well dead server) and then strip the sids (important) on the old server when i eventually fixed the raid array
Thanks for the input guys.
Have now managed to get the server to boot into normal windows mode. I know have the following errors in the event log.
Code:Event ID: 474 Source: ESENT Description: lsass (784) The database page read from the file "C:\WINDOWS\ntds\ntds.dit" at offset 10575872 (0x0000000000a16000) for 8192 (0x00002000) bytes failed verification due to a page checksum mismatch. The expected checksum was 3525701925 (0xd225f125) and the actual checksum was 4062572837 (0xf225f125). The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.Code:Event ID: 11 Source: Disk Description: The driver detected a controller error on \Device\Harddisk0.Code:Event ID: 24800 Source: CPQCISSE Description: Logical drive 1, configured on Array Controller in slot 2, returned a fatal error on a read/write request on the volume. Logical block address dbcd40, block count 8, command 20, drive bus 1 and Drive IdSo I am guessing the problem lies with the HDD and Replication from DC02 to DC01.Code:Event ID: 1084 Source: NTDS Replication Description: Internal event: Active Directory could not update the following object with changes received from the following source domain controller. This is because an error occurred during the application of the changes to Active Directory on the domain controller. Object: CN=ICT01,OU=ICT Suite,OU=School Computers,DC=server,DC=local Object GUID: f02c71f7-ea48-456e-bb50-675bd6f3d74c Source domain controller: 18cdebaf-0499-494b-b848-db32982019fb._msdcs.server.local Synchronization of the local domain controller with the source domain controller is blocked until this update problem is corrected. This operation will be tried again at the next scheduled replication. User Action Restart the local domain controller if this condition appears to be related to low system resources (for example, low physical or virtual memory). Additional Data Error value: 1127 While accessing the hard disk, a disk operation failed even after retries.
IYO do you think the HDD is failing or is it windows thinking it is due to other problems?
The drive. Replace it before it fails entirely.
Thanks Geoff you have made my day
So would my plan of action be...
1. Transfer FSMO roles to DC02
2. Image and replace faulty DC01 HDD
3. DCpromo down and back up again
I understand that I then cannot transfer the FSMO roles back to the same server?
What effect will this have on performance of the network as DC02 is really only a desktop spec PC running WUS?
Or would just replaceing the HDD fix the replication issues and therefore repair the AD database?
You need to remove the HDD as soon as possible. It may corrupt data in AD. This faulty data will then be replicated to the other DC. I suggest:
1. Take DC1 offline now.
2. Seize FSMO the roles on DC2.
3. Repair/Replace the hardware on DC1 as required.
4. Restore DC1 from a known good backup.
5. Force a replication from DC2 to DC1.
Replacing the disc might work but I'd transfer the FSMO roles first - you then won't impact on normal logons, user password changes etc.Thanks Geoff you have made my day
So would my plan of action be...
1. Transfer FSMO roles to DC02
2. Image and replace faulty DC01 HDD
3. DCpromo down and back up again
I understand that I then cannot transfer the FSMO roles back to the same server?
What effect will this have on performance of the network as DC02 is really only a desktop spec PC running WUS?
Or would just replaceing the HDD fix the replication issues and therefore repair the AD database?
You don't say if it's 2000 or 2003 but 2003 server (I think with SP1 but it might be the basic) will attempt to transfer roles and then seize if it can't when you use ntdsutil so it's completely safe.
AD is very good at not replicating "bad" data - ie if disc corruption has damaged a record then that won't get replicated.
AD logons are very light in terms of network traffic and machine load so a decent spec workstation should easily cope with the load while you fix the main server.
If the hard disc is failing then you may not be able to image it - what else is on it other than Windows and the DC role? If it's just a DC then you may find it's easier to just install Windows from scratch and dcpromo it. If there are print queues them use printmig3 to make a backup of them - it's then easy to put them back.
If you sieze the roles from DC01 and then restore DC01 from a known good backup, DC01 will comeback online thinking it's the holder of the master roles.
Why don't you just transfer/sieze the roles from DC01
Replace the hardware in DC01
Reinstall server fresh
Let them replicate.
Job done
Main problem is that DC01 is the main server for the lan. It is a primary school so the server was installed with single HDD with single partition. So the server is DNS / DHCP / Print Server / Etc. Plus is houses all user folders / profiles / network shares.
At the moment windows has stoped the server from replicating with DC02. The main issues now are the Event ID: 474 NTDS ISAM / Event ID: 1084 NTDS ISAM.
AD on DC01 can be accessed now and all data seems to be there except I get errors when trying to access an OU which houses all the IT suite computers.
I am hoping now that this issue is being caused by the faulty hard drive and that "IF" i can image the old / new disks then AD will replicate again. Clutching at straws I know.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote