DC seems to have fallen off the Domain
-
@NerdyDad said in DC seems to have fallen off the Domain:
Scratch that. Its fixed. Thanks @Dashrender. That article led me to the right answer and cause of action.
I don't have a firewall on this server, but the conflict in AV's is what caused the issue and trying to keep the system secured.
It's not uncommon for Symantec products to not fully or correctly uninstall
-
@wirestyle22 said in DC seems to have fallen off the Domain:
@NerdyDad said in DC seems to have fallen off the Domain:
Scratch that. Its fixed. Thanks @Dashrender. That article led me to the right answer and cause of action.
I don't have a firewall on this server, but the conflict in AV's is what caused the issue and trying to keep the system secured.
It's not uncommon with Symantec products to not fully or correctly uninstall
I'm seeing that with another DC. This other DC is working correctly, but I want to get Symantec off of there before it gets to be too big of a problem. Considering using CleanWipe but not sure if I should or not.
-
If you're DC is just a DC - you can demote it, then leave the domain, wipe and reload it, join the domain and promote.
If it's also a fileserver, etc, well - have fun.
This of course assumes you can't use the normal tools to remove the old AV cleanly.
-
@nerdydad is this a VM or a standalone server?
-
It's a vm. All of my DC's are vm's.
-
@Dashrender said in DC seems to have fallen off the Domain:
If you're DC is just a DC - you can demote it, then leave the domain, wipe and reload it, join the domain and promote.
If it's also a fileserver, etc, well - have fun.
This of course assumes you can't use the normal tools to remove the old AV cleanly.
mkfs.ntfs & format ... The only tools I know to fully remove Symantec products - except for a snapshot maybe.
-
@thwr said in DC seems to have fallen off the Domain:
@Dashrender said in DC seems to have fallen off the Domain:
If you're DC is just a DC - you can demote it, then leave the domain, wipe and reload it, join the domain and promote.
If it's also a fileserver, etc, well - have fun.
This of course assumes you can't use the normal tools to remove the old AV cleanly.
mkfs.ntfs & format ... The only tools I know to fully remove Symantec products - except for a snapshot maybe.
LOL
-
@NerdyDad Is that secondary domain controller doing anything else like being a file server?
-
@wirestyle22 said in DC seems to have fallen off the Domain:
@NerdyDad Is that secondary domain controller doing anything else like being a file server?
It is a secondary controller. FSMO roles are on another DC. The only other thing this server does is ots a print server and DHCP server.
-
@NerdyDad said in DC seems to have fallen off the Domain:
@wirestyle22 said in DC seems to have fallen off the Domain:
@NerdyDad Is that secondary domain controller doing anything else like being a file server?
It is a secondary controller. FSMO roles are on another DC. The only other thing this server does is ots a print server and DHCP server.
Well, as I said, if you can't remove the old AV using the typical tools, you do have other options, not great ones, but they are there.
-
As I am digging into this more and more, I am finding replication issues between DC's, namely the original problem child.
<code>
Source DSA largest delta fails/total %% errorDOS3 38d.14h:20m:23s 5 / 10 50 (8457) The destination server is currently rejecting replication requests.
DOS4B 38d.14h:20m:22s 5 / 15 33 (8457) The destination server is currently rejecting replication requests.
SMC4A 38d.14h:20m:23s 5 / 15 33 (8457) The destination server is currently rejecting replication requests.
SMC4B 35d.14h:24m:28s 15 / 15 100 (8456) The source server is currently rejecting replication requests.
Destination DSA largest delta fails/total %% error
DOS3 35d.14h:16m:35s 5 / 15 33 (8456) The source server is currently rejecting replication requests.
DOS4B 35d.14h:02m:35s 5 / 15 33 (8456) The source server is currently rejecting replication requests.
SMC4A 35d.14h:22m:52s 5 / 10 50 (8456) The source server is currently rejecting replication requests.
SMC4B 38d.14h:20m:24s 15 / 15 100 (8457) The destination server is currently rejecting replication requests.
</code> -
repadmin /syncon all domain controllers. What does that return? -
@wirestyle22 said in DC seems to have fallen off the Domain:
repadmin /syncon all domain controllers. What does that return?CALLBACK MESSAGE: Error contacting server cff6859a-1945-4334-aa88-e43a448de794._msdcs.smc.com (network error): -2146893 22 (0x80090322): The target principal name is incorrect. CALLBACK MESSAGE: SyncAll Finished. SyncAll reported the following errors: Error contacting server cff6859a-1945-4334-aa88-e43a448de794._msdcs.smc.com (network error): -2146893022 (0x80090322): The target principal name is incorrect. -
@NerdyDad said in DC seems to have fallen off the Domain:
The target principal name is incorrect.
Check that these services are all running:
Active Directory Domain Services
Kerberos Key Distribution Center -
@wirestyle22 said in DC seems to have fallen off the Domain:
@NerdyDad said in DC seems to have fallen off the Domain:
The target principal name is incorrect.
Check that these services are all running:
Active Directory Domain Services.
Active Directory ReplicationHave ADDS but not Active Directory Replication
-
@NerdyDad Sorry, check:
Kerberos Key Distribution Centerin services.msc -
@wirestyle22 said in DC seems to have fallen off the Domain:
@NerdyDad Sorry, check:
Kerberos Key Distribution Centerin services.mscThere and Started.
-
@wirestyle22 If I ever meet you, I owe you a drink at least.
-
@NerdyDad Oh? you get it working?
-
@wirestyle22 said in DC seems to have fallen off the Domain:
@NerdyDad Oh? you get it working?
Not yet. Just appreciating all of the help.
