none
2012 DC rename causes problems

    Question

  • I had a 2003 domain with only 1 DC called server1.  I  added a 2012 R2 DC called server2 to the domain and transferred the FSMO roles to it.

    I demoted the original server1 and renamed it to oldserver1.  Everything seemed to be working fine.  I needed to rename server2 to server1 for applications reasons.  I performed the rename using the GUI. There was an error, but it appeared the rename did take place.  I rebooted and <g class="gr_ gr_950 gr-alert gr_spell gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="950" id="950">netlogon</g> did not work.  <g class="gr_ gr_1039 gr-alert gr_gramm gr_run_anim Punctuation only-ins replaceWithoutSep" data-gr-id="1039" id="1039">Unfortunately</g> I did not back up the system state of <g class="gr_ gr_1038 gr-alert gr_gramm gr_run_anim Grammar only-del replaceWithoutSep" data-gr-id="1038" id="1038">the 2012</g> before the rename.  Any ideas would be appreciated.


    Directory Server Diagnosis

    Performing initial setup:
       Trying to find home server...
       * Verifying that the local machine <g class="gr_ gr_1021 gr-alert gr_gramm gr_run_anim Punctuation only-del replaceWithoutSep" data-gr-id="1021" id="1021">server1,</g> is a Directory Server. 
       Home Server = server1
       * Connecting to directory service on server server1.
       * Identified AD Forest. 
       Collecting <g class="gr_ gr_943 gr-alert gr_spell gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="943" id="943">AD specific</g> global data 
       * Collecting site info.
       Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=domainname,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
       The previous call succeeded 
       Iterating through the sites 
       Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domainname,DC=local
       Getting ISTG and options for the site
       * Identifying all servers.
       Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=domainname,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
       The previous call succeeded....
       The previous call succeeded
       Iterating through the list of servers 
       Getting information for the server CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domainname,DC=local 
       objectGuid obtained
       InvocationID obtained
       dnsHostname obtained
       site info obtained
       All the info for the server collected
       * Identifying all NC cross-refs.
       * Found 1 DC(s). Testing 1 of them.
       Done gathering initial info.
    Doing initial required tests
         Testing server: Default-First-Site-Name\SERVER2
          Starting test: Connectivity
             * Active Directory LDAP Services Check
             Determining IP4 connectivity 
             Determining IP6 connectivity 
             * Active Directory RPC Services Check
             ......................... SERVER2 passed test Connectivity
    Doing primary tests
        Testing server: Default-First-Site-Name\SERVER2
          Starting test: Advertising
             Fatal Error:DsGetDcName (SERVER2) call failed, error 1717
             The Locator could not find the server.
             RPC Extended Error Info not available. Use group policy on the local
             machine at "Computer Configuration/Administrative
             Templates/System/Remote Procedure Call" to enable it.
             ......................... SERVER2 failed test Advertising
          Test omitted by user request: CheckSecurityError
          Test omitted by user request: CutoffServers
          Starting test: FrsEvent
             * The File Replication Service Event log test 
             There are warning or error events within the last 24 hours after the
             SYSVOL has been shared.  Failing SYSVOL replication problems may cause
            Group Policy problems. 
             A warning event occurred.  EventID: 0x800034FA
                Time Generated: 02/23/2017   08:27:40
                Event String:
                Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller server1.domainname.local for FRS replica set configuration information. 
                      Could not find computer object for this computer. Will try again at next polling cycle.
         
             ......................... SERVER2 passed test FrsEvent

          Starting test: DFSREvent

             The DFS Replication Event Log. 
             Skip the test because the server is running FRS.

             ......................... SERVER2 passed test DFSREvent

          Starting test: SysVolCheck
             * The File Replication Service SYSVOL ready test 
             File Replication Service's SYSVOL is ready 
             ......................... SERVER2 passed test SysVolCheck
        

          Starting test: KnowsOfRoleHolders

             Role Schema Owner = CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domainname,DC=local
             Role Domain Owner = CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domainname,DC=local
             Role PDC Owner = CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domainname,DC=local
             Role Rid Owner = CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domainname,DC=local
             Role Infrastructure Update Owner = CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domainname,DC=local
             ......................... SERVER2 passed test KnowsOfRoleHolders
          Starting test: MachineAccount
             Checking machine account for DC SERVER2 on DC SERVER2.
             * SPN found :LDAP/server2.domainname.local/domainname.local
             * SPN found :LDAP/server2.domainname.local
             * SPN found :LDAP/SERVER2
             * SPN found :LDAP/server2.domainname.local/domainname
             * SPN found :LDAP/2f9e64f3-5318-40eb-9a01-a5ae73bdf140._msdcs.domainname.local
             * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/2f9e64f3-5318-40eb-9a01-a5ae73bdf140/domainname.local
             * SPN found :HOST/server2.domainname.local/domainname.local
             * SPN found :HOST/server2.domainname.local
             * SPN found :HOST/SERVER2
             * SPN found :HOST/server2.domainname.local/domainname
             * SPN found :GC/server2.domainname.local/domainname.local
             ......................... SERVER2 passed test MachineAccount
          Starting test: NCSecDesc
             * Security Permissions check for all NC's on DC SERVER2.
             The forest is not ready for RODC. Will skip checking <g class="gr_ gr_944 gr-alert gr_spell gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="944" id="944">ERODC</g> ACEs.
             * Security Permissions Check for
               DC=DomainDnsZones,DC=domainname,DC=local
                (NDNC,Version 3)
             * Security Permissions Check for
               DC=ForestDnsZones,DC=domainname,DC=local
                (NDNC,Version 3)
             * Security Permissions Check for
               CN=Schema,CN=Configuration,DC=domainname,DC=local
                (Schema,Version 3)
             * Security Permissions Check for
               CN=Configuration,DC=domainname,DC=local
                (Configuration,Version 3)
             * Security Permissions Check for
               DC=domainname,DC=local
                (Domain,Version 3)
             ......................... SERVER2 passed test NCSecDesc

          Starting test: NetLogons
             * Network Logons Privileges Check
             Unable to connect to the NETLOGON share! (\\SERVER2\netlogon)
             [SERVER2] <g class="gr_ gr_1002 gr-alert gr_gramm gr_run_anim Grammar multiReplace" data-gr-id="1002" id="1002">An net</g> use or LsaPolicy operation failed with error 67,
             The network name cannot be <g class="gr_ gr_1003 gr-alert gr_gramm gr_run_anim Punctuation multiReplace" data-gr-id="1003" id="1003">found..</g>
             ......................... SERVER2 failed test NetLogons
          Starting test: ObjectsReplicated
             SERVER2 is in domain DC=domainname,DC=local
             Checking for CN=SERVER1,OU=Domain Controllers,DC=domainname,DC=local in domain DC=domainname,DC=local on 1 servers
                <g class="gr_ gr_965 gr-alert gr_gramm gr_run_anim Grammar multiReplace" data-gr-id="965" id="965">Object</g> is up-to-date on all servers.
             Checking for CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domainname,DC=local in domain CN=Configuration,DC=domainname,DC=local on 1 servers
                <g class="gr_ gr_992 gr-alert gr_gramm gr_run_anim Grammar multiReplace" data-gr-id="992" id="992">Object</g> is up-to-date on all servers.
             ......................... SERVER2 passed test ObjectsReplicated
          Test omitted by user request: OutboundSecureChannels
          Starting test: Replications
             * Replications Check
             * Replication Latency Check
                DC=DomainDnsZones,DC=domainname,DC=local
              

    Friday, February 24, 2017 10:15 AM

All replies

  • Hi

     Alternate you can rename dc with netdom command,check the article follow dns settings;

    https://technet.microsoft.com/en-us/library/cc816601%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

    Also after then run "ipconfig /flushdns","ipconfig /registerdns"..

    Otherwise if the issue persist share "dcdiag" result here.


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Friday, February 24, 2017 11:40 AM
  • Netdom will not work as <g class="gr_ gr_3 gr-alert gr_spell gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="3" id="3">netlogon</g> does not start.  

    Doing initial required tests

        Testing server: Default-First-Site-Name\SERVER2
          Starting test: Connectivity
             * Active Directory LDAP Services Check
             Determining IP4 connectivity 
             Determining IP6 connectivity 
             * Active Directory RPC Services Check
             ......................... SERVER2 passed test Connectivity
    Doing primary tests
         Testing server: Default-First-Site-Name\SERVER2
          Starting test: Advertising
             Fatal Error:DsGetDcName (SERVER2) call failed, error 1717
             The Locator could not find the server.

      ......................... SERVER2 passed test FrsEvent

          Starting test: DFSREvent

             The DFS Replication Event Log. 
             Skip the test because the server is running FRS.

             ......................... SERVER2 passed test DFSREvent
                  ......................... SERVER2 passed test SysVolCheck

    SERVER2 passed test MachineAccount

    SERVER2 passed test NCSecDescS

    SERVER2 passed test RidManager

     Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1717

             A Global Catalog Server could not be located - All GC's are down.

    Sunday, February 26, 2017 4:23 PM
  • Hi

     First check dns config on dc,Dns ip needs to be point to itself from Ipv4.Also check with "ipconfig /all".

    Then try re-registering the DCs SRV records by either restarting netlogon service or by running the following command:
         nltest.exe /dsregdns

    And still it's seems to fsmo roles on server2.(i guess old name of server.)

    Check the fsmo status run "netdom query fsmo"...


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Sunday, February 26, 2017 8:03 PM
  • Hi,

    Just checking in to see if the information provided was helpful. And if the replies as above are helpful, we would appreciate you to mark them as answers, please let us know if you would like further assistance.

    Best Regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, March 3, 2017 6:47 AM
    Moderator