none
Windows 2008R2 Domain controller problems after removing First DC Windows 2000 DC

    Question

  • We had a Windows 2000 AD. Added Windows 2008R2 domain controllers in 3 locations. Transferred the roles to a Windows 2008R2 server. Tried to gracefully demote Windows 2000 server but it wouldn't do it. Forced it. Shutdown that server. Now AD won't work on Windows 2008R2 dc. Active Directory management consoles won't open without error, "Naming information cannot be located because the specified domain either does not exist or could not be contacted." This server is DNS and DHCP server.

    In a world of hurt. Any suggestions?

     

    Tuesday, July 24, 2012 11:10 AM

Answers

  • Thanks for all the good advice and suggestions. I enlisted the aid of Microsoft. I hadn't realized that in the process of the forceful demotion of the old server the SYS volume directories for Active Directory and AD policies were cleaned out on all servers. Microsoft was able to regenerate the default policies and directories, recreate the DNS service records which were missing and get replication going between servers. Took about 4 hours but we are back in business. Thanks again everyone.

    -cbh

    Wednesday, July 25, 2012 5:24 PM

All replies

  • Hello,

    please assure to use only the existing domain DNS server on the NCI as preferred and remove the old one.

    Are the DNS zone information complete replicated before you have started removing the old one?

    Please post an unedited ipconfig /all from the existing DC/DNS servers here, so we can verify some settings.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Tuesday, July 24, 2012 11:12 AM
  • Hi,

    I agree with Meinolf, you have to check the pointings of DNS on NIC properties and the binding of active NIC. Also I'm sure AD replication is not working in the domain, fix it first. Provide us ipconfig /all of all the DCs or Dcdiag /v/c/e and pipe it to textpad to check the failed tests.

    Note: Do metadata cleanup if you haven't done after removing server 2000.

    Hope this helps.

    Tuesday, July 24, 2012 11:39 AM
  • Agree with the others.  Active Directory is completely dependent on DNS.  The way it finds all machines (Including the DC itself) is to use DNS and request for srv records within the _msdcs zone of the domain.  So you need to ensure all members of the domain point only to AD DNS servers.  If those members need access to the internet, you don't point them to the internet DNS servers (Your ISP's DNS servers), you have the AD DNS servers be forwarders to the internets DNS servers.

    How to configure DNS for internet access in AD
    http://support.microsoft.com/kb/323380

    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    http://www.pbbergs.com    Twitter @pbbergs
    http://blogs.dirteam.com/blogs/paulbergson

    Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

    Tuesday, July 24, 2012 11:59 AM
    Moderator
  • Well DNS on Main site was pointing to itself. DNS was pointing to old server on 2nd site. 3rd site DNS is very odd. it acts like it is not configured but the screens to configure it are greyed out.

    --------------------------------------------------------------------------------

    ipconfig /all output from 3 servers below:

    (Main Site hle60)


    Windows IP Configuration

       Host Name . . . . . . . . . . . . : HLE60
       Primary Dns Suffix  . . . . . . . : ad.harrang.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : ad.harrang.com

    Ethernet adapter Local Area Connection 5:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : HP Network Team #1
       Physical Address. . . . . . . . . : 64-31-50-51-4C-0C
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 10.200.11.60(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 10.200.11.1
       DNS Servers . . . . . . . . . . . : 10.200.11.60
                                           10.200.28.10
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter Local Area Connection 4:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : HP NC382i DP Multifunction Gigabit Server Adapter #58
       Physical Address. . . . . . . . . : 64-31-50-51-4C-10
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes

    Ethernet adapter Local Area Connection 2:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : HP NC382i DP Multifunction Gigabit Server Adapter #48
       Physical Address. . . . . . . . . : 64-31-50-51-4C-12
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{27AD6F90-3F46-4CA4-9BF9-B69C323DD572}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{C88B1A22-A27B-42CB-9213-F63A0C9B8FC5}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{9F35AC51-C465-40BE-8ECB-F97DB490D8B4}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    ----------------------------------------------------------------------------

    Second Site hlp10

    indows IP Configuration

       Host Name . . . . . . . . . . . . : HLP10
       Primary Dns Suffix  . . . . . . . : ad.harrang.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : ad.harrang.com

    Ethernet adapter Local Area Connection 5:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : HP Network Team #1
       Physical Address. . . . . . . . . : 64-31-50-51-D6-2C
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::c83f:b97:63b3:8baa%17(Preferred)
       IPv4 Address. . . . . . . . . . . : 10.200.28.10(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 10.200.28.1
       DHCPv6 IAID . . . . . . . . . . . : 526659920
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-E8-FA-D2-64-31-50-51-D6-32
       DNS Servers . . . . . . . . . . . : ::1
                                           10.200.28.10
                                           10.200.11.60
                                           127.0.0.1
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter Local Area Connection 4:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : HP NC382i DP Multifunction Gigabit Server Adapter #58
       Physical Address. . . . . . . . . : 64-31-50-51-D6-30
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes

    Ethernet adapter Local Area Connection:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : HP NC382i DP Multifunction Gigabit Server Adapter #48
       Physical Address. . . . . . . . . : 64-31-50-51-D6-32
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{9E559B3D-0938-4CB5-8EFC-112CADBD4846}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{CCE46D5B-D850-453F-B1D6-324C55FBDFE7}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{D22F3C64-9CD7-47A2-AE4A-117BAE72216F}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Third Site

    ----------------------------------------------------------------------------------


    Windows IP Configuration

       Host Name . . . . . . . . . . . . : HLS20
       Primary Dns Suffix  . . . . . . . : ad.harrang.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : ad.harrang.com

    Ethernet adapter Local Area Connection 5:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : HP Network Team #1
       Physical Address. . . . . . . . . : 64-31-50-51-23-12
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::e008:a7b3:b40e:cd55%17(Preferred)
       IPv4 Address. . . . . . . . . . . : 10.200.20.20(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 10.200.20.1
       DHCPv6 IAID . . . . . . . . . . . : 526659920
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-EA-51-69-64-31-50-51-23-18
       DNS Servers . . . . . . . . . . . : ::1
                                           10.200.11.60
                                           10.200.28.10
                                           127.0.0.1
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter Local Area Connection 4:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : HP NC382i DP Multifunction Gigabit Server Adapter #58
       Physical Address. . . . . . . . . : 64-31-50-51-23-16
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes

    Ethernet adapter Local Area Connection:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : HP NC382i DP Multifunction Gigabit Server Adapter #48
       Physical Address. . . . . . . . . : 64-31-50-51-23-18
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:14b9:1d9f:f537:ebeb(Preferred)
       Link-local IPv6 Address . . . . . : fe80::14b9:1d9f:f537:ebeb%20(Preferred)
       Default Gateway . . . . . . . . . : ::
       NetBIOS over Tcpip. . . . . . . . : Disabled

    Tunnel adapter isatap.{8E227451-69B9-48FD-B1BE-DED45AF159C6}:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::5efe:10.200.20.20%13(Preferred)
       Default Gateway . . . . . . . . . :
       DNS Servers . . . . . . . . . . . : ::1
                                           10.200.11.60
                                           10.200.28.10
                                           127.0.0.1
       NetBIOS over Tcpip. . . . . . . . : Disabled

    Tunnel adapter isatap.{5C8D3EC5-CCC8-4BF4-A2D0-B800B4AFD09D}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{96105E7E-0AC5-44D0-B4B5-CF693C18DBE6}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    -----------------------------------------------------------------------------------


    -cbh

    Tuesday, July 24, 2012 5:14 PM
  • Not sure how to post output from large files like the dcdiag that was requested. Sorry.  I am including a sample that includes errors connectivity, advertising, KDC, .... Some are from attempts to contact a removed server HLSQL. Any additional suggestions on how to correct?-Thanks,-C.

       * Verifying that the local machine HLE60, is a Directory Server.

    ....

       All the info for the server collected
       * Identifying all NC cross-refs.
       Ldap search capabality attribute search failed on server HLSQL, return value
       = 81
       Got error while checking if the DC is using FRS or DFSR. Error:
       Win32 Error 81The VerifyReferences, FrsEvent and DfsrEvent tests might fail
       because of this error.
       Ldap search capabality attribute search failed on server HLP10, return value
       = 81
       Got error while checking if the DC is using FRS or DFSR. Error:
       Win32 Error 81The VerifyReferences, FrsEvent and DfsrEvent tests might fail
       because of this error.
       Ldap search capabality attribute search failed on server HLS20, return value
       = 81
       Got error while checking if the DC is using FRS or DFSR. Error:
       Win32 Error 81The VerifyReferences, FrsEvent and DfsrEvent tests might fail
       because of this error.
       * Found 4 DC(s). Testing 4 of them.
       Done gathering initial info.

    Doing initial required tests
      
       Testing server: Default-First-Site-Name\HLSQL
          Starting test: Connectivity
             * Active Directory LDAP Services Check
             The host 70773618-03c1-42cd-a03e-946fcbcd67d7._msdcs.ad.harrang.com
             could not be resolved to an IP address. Check the DNS server, DHCP,
             server name, etc.
             Got error while checking LDAP and RPC connectivity. Please check your
             firewall settings.
             ......................... HLSQL failed test Connectivity
      
       Testing server: Default-First-Site-Name\HLE60
          Starting test: Connectivity
             * Active Directory LDAP Services Check
             Determining IP4 connectivity
             * Active Directory RPC Services Check
             ......................... HLE60 passed test Connectivity
      
       Testing server: Portland\HLP10
          Starting test: Connectivity
             * Active Directory LDAP Services Check
             The host c96572a4-52e5-47f1-9094-da9e27404336._msdcs.ad.harrang.com
             could not be resolved to an IP address. Check the DNS server, DHCP,
             server name, etc.
             Got error while checking LDAP and RPC connectivity. Please check your
             firewall settings.
             ......................... HLP10 failed test Connectivity
      
       Testing server: Salem\HLS20
          Starting test: Connectivity
             * Active Directory LDAP Services Check
             The host f0d136ba-600f-44bf-a98a-92534dbb5ff1._msdcs.ad.harrang.com
             could not be resolved to an IP address. Check the DNS server, DHCP,
             server name, etc.
             Neither the the server name (HLS20.@missing_dnsHostName@) nor the Guid
             DNS name (f0d136ba-600f-44bf-a98a-92534dbb5ff1._msdcs.ad.harrang.com)
             could be resolved by DNS.  Check that the server is up and is
             registered correctly with the DNS server.
             Got error while checking LDAP and RPC connectivity. Please check your
             firewall settings.
             ......................... HLS20 failed test Connectivity

    Testing server: Default-First-Site-Name\HLE60
          Starting test: Advertising
             Fatal Error:DsGetDcName (HLE60) call failed, error 1355
             The Locator could not find the server.
             ......................... HLE60 failed test Advertising
          Starting test: CheckSecurityError
             * Dr Auth:  Beginning security errors check!
             No KDC found for domain ad.harrang.com in site Default-First-Site-Name
             (1355, NULL)
             [HLE60] Unable to contact a KDC for the destination domain in it's own
             site.  This means either there are no available KDC's for this domain
             in the site, *including* the destination DC itself, or we're having
             network or packet fragmentation issues connecting to it.  We'll check
             packet fragmentation connection to the destination DC, make
             recommendations, and continue.
             Checking UDP fragmentation issues to HLE60.
              The KDC on HLE60 isn't responsive, please verify that it's running
             and advertising.
             No KDC found for domain ad.harrang.com in site (ALL SITES) (1355,
             NULL)
             [HLE60] Unable to contact a KDC for the destination domain.  If no KDC
             for the destination domain is available, replication will be blocked!
             If there is some KDC for that domain available, check network
             connectivity issues or see possible packet fragmentation issues above.
             Checking machine account for DC HLE60 on DC HLE60.
             * SPN found :LDAP/HLE60.ad.harrang.com/ad.harrang.com
             * SPN found :LDAP/HLE60.ad.harrang.com
             * SPN found :LDAP/HLE60
             * SPN found :LDAP/HLE60.ad.harrang.com/AD
             * SPN found :LDAP/4c36b3f7-e79f-405a-a906-522ff0de9e01._msdcs.ad.harrang.com
             * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/4c36b3f7-e79f-405a-a906-522ff0de9e01/ad.harrang.com
             * SPN found :HOST/HLE60.ad.harrang.com/ad.harrang.com
             * SPN found :HOST/HLE60.ad.harrang.com
             * SPN found :HOST/HLE60
             * SPN found :HOST/HLE60.ad.harrang.com/AD
             * SPN found :GC/HLE60.ad.harrang.com/ad.harrang.com
             Source DC HLSQL has possible security error (1722).  Diagnosing...
                   No KDC found for domain ad.harrang.com in site
                   Default-First-Site-Name (1355, NULL)
                   [HLSQL] Unable to contact this DC.  Cannot continue diagnosing
                   errors with this DC.
             Ignoring DC HLSQL in the convergence test of object
             CN=HLE60,OU=Domain Controllers,DC=ad,DC=harrang,DC=com, because we
             cannot connect!
             Ignoring DC HLP10 in the convergence test of object
             CN=HLE60,OU=Domain Controllers,DC=ad,DC=harrang,DC=com, because we
             cannot connect!
             Ignoring DC HLS20 in the convergence test of object
             CN=HLE60,OU=Domain Controllers,DC=ad,DC=harrang,DC=com, because we
             cannot connect!
             Checking for CN=HLE60,OU=Domain Controllers,DC=ad,DC=harrang,DC=com in domain DC=ad,DC=harrang,DC=com on 1 servers
                Object is up-to-date on all servers.
             ......................... HLE60 failed test CheckSecurityError


    -cbh

    Tuesday, July 24, 2012 5:26 PM
  • Hello,

    easiest is always to pipe the output to a file and then upload them to Windows Sky drive:

    ipconfig /all >c:\ipconfig.txt [from each DC/DNS Server]
    dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt
    repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt  ["dc* is a place holder for the starting name of the DCs if they all begin the same (if more then one DC exists)]
    dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045)

    As the output will become large, DON'T post them into the thread, please use Windows Sky Drive (skydrive.live.com) [with open access!] and add the link from it here. Also the /e in dcdiag scans the complete forest, so better run it on COB.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Tuesday, July 24, 2012 6:20 PM
  • Fix all your dns configs before anything else.  Give it 3 hours and then I would run diagnostics.

    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    http://blogs.dirteam.com/blogs/paulbergson      Twitter @pbbergs

    Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

    Tuesday, July 24, 2012 9:38 PM
    Moderator
  • Ensure the following DNS setting on DC.

    -Check the DNS setting on the Server it should point to itself(assuming that dns role is installed on the server).If multiple DNS are present add the alternate dns setting as well

    --If the public ip address is added in the NIC DNS setting remove the same and add to DNS forwarders if required.

    --If 127.0.0.1 is entered as dns remove the same and add ip address.If it is set as alternate dns setting then there is no issue.

    --Check NIC binding the NIC which is online and has ip details should be in first order.If multiple NIC are present then disabled the unrequired NIC.http://theregime.wordpress.com/2008/03/04/how-to-setview-the-nic-bind-order-in-windows/

    --Also make sure the IPv6 is configured to dynamic (Automatically).

    2.Ran ipconfig /flushdns and ipconfig /registerdns

    3.Restart the netlogon and DNS service

    4.Ran repadmin /syncall /AdeP on all DC to force the replication.

    5.Once done ran dcdiag /q to check for any errors.

    Since you have mentioned that Win2000 server was demoted forecfully you need to perfrom metadata cleanup to remove the instances of faulty DC.
    http://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx

    Since you have transfered the FSMO role,configure authorative time server on the PDC role holder server below is the KB article for the same.
    http://support.microsoft.com/kb/816042

    Once done run the dcdiag /q and repadmin /replsum to check the health of DC post the log if error is reported,also post the ipconfig /all details.Please use skydrive to post the logs.

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Wednesday, July 25, 2012 3:08 AM
  • I haven't seen anywhere mentioned, transfer of the time server role to the new DC holding PDCe role. If not done, change it now to the new DC.

    Windows Time Server Role in AD Forest/Domain  http://awinish.wordpress.com/2011/10/07/time-server-role-in-forestdomain/

    Second question, can you verify the Sysvol/Netlogon shares are present & accessible on the network using Net Share cmd.

    Let the IPv6 option in the NIC to be set as obtain IP address automatically for the IP as well as DNS part.  Also, it appears to me there are connection issues & it might be some changes on the firewall or high latency, since you already mentioned packet fragmentation, i would solve connectivity issues first & then time, sysvol approach & other issues.


    Awinish Vishwakarma - MVP - Directory Services

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Wednesday, July 25, 2012 9:35 AM
    Moderator
  • Thanks for all the good advice and suggestions. I enlisted the aid of Microsoft. I hadn't realized that in the process of the forceful demotion of the old server the SYS volume directories for Active Directory and AD policies were cleaned out on all servers. Microsoft was able to regenerate the default policies and directories, recreate the DNS service records which were missing and get replication going between servers. Took about 4 hours but we are back in business. Thanks again everyone.

    -cbh

    Wednesday, July 25, 2012 5:24 PM