none
Can't demote Windows Server 2008 DC

    Question

  • I have two Windows Server 2008 (non-R2) domain controllers, both installed as virtual machines on a VMWare ESXi 5.0 host.  A few weeks ago I decided I wanted to rename the domain and took a VM snapshot of both DCs.  I ran into problems with the domain rename almost right off the bat, and so I abandoned the effort and reverted both DCs back to the snapshots.

    Shortly thereafter I started noticing some replication problems (adding new computers to the domain, then couldn't login to them) and found that I was getting Event ID 2103 "The Active Directory Domain Services database has been restored using an unsupported restoration procedure" in the Directory Service log.  After doing some quick research, I found KB875495 which stated I had incurred a USN rollback and, since I didn't have any other backup of the AD database (I had since deleted the snapshots), the only course of recovery was to demote the domain controller that was getting the 2103 errors, clean up the metadata, and repromote the DC.

    I've tried to demote the faulty domain controller no less than 25 times, with and without the /forceremoval switch, all with no success.  Each time I try, it gets through the first 2 or 3 steps and after I enter the new password to assign to the local administrator account, it throws an error stating "Windows has encountered a critical problem and will restart automatically in one minute."  The AD DS Installation Wizard remains in the background and if I click Next on it, another error occurs stating "The wizard is unable to determine the status of the Active Directory Domain Services on this computer."  Then of course it reboots.

    I've analyzed the dcpromoui log file and noticed something that doesn't seem right near the end of the log:

         using domain = xyz.local, serverName = local
         Enter FindAuthoritativeServer local
           Enter FullyQualifyDnsName local
           Enter MyDnsQuery local.
             Calling DnsQuery_W
             lpstrName : local.
             wType     : 6
             fOptions  : 8
             status = 0000232B
             RCODE_NAME_ERROR
           Enter Dns::GetParentDomainName local.
             .
           Enter MyDnsQuery .
             Calling DnsQuery_W
             lpstrName : .
             wType     : 6
             fOptions  : 8
             status = 00000000
             ERROR_SUCCESS
           Enter FindSoaRecord
             SOA record found
           autoritative server found
           Enter GetIpAddress a.root-servers.net
             Calling gethostbyname
             198.41.0.4
           result = 00000000
           authZone            = .
           authServer          = a.root-servers.net
           authServerIpAddress = 198.41.0.4
         discovered parent zone = .
       Enter State::SetParentZoneName .

    I don't understand why it's trying to go to the root "dot" zone.  I don't have the root zone on my DNS servers.  I disabled recursion, hoping that might tell it not to try to go to the root zone, but that didn't help.  I'll gladly post the entire dcpromoui log if anyone feels like taking a look at it. 

    Thanks in advance.

    

    Monday, November 12, 2012 8:30 PM

Answers

All replies