locked
dcpromo demote win2k3 server RRS feed

  • Question

  • I have a Win2k3 DC that has one of my DNS servers on it.  I have removed all of the FSMO roles and confirmed they are removed.  The user is a part of the Enterprise Admin group.   When i try to remove the DC through dcpromo I get the following error in the dcpromo.log.  I would like to keep from using /forceremoval but is this a sign of something wrong in my AD or just on the DC i am trying to remove.

    7/06 14:24:32 [INFO] Removing Active Directory objects that refer to the local domain controller from the remote domain controller bugs.cic.scic.com…
    07/06 14:24:32 [INFO] Error - Active Directory could not configure the computer account dc_name$ on the remote domain controller other_dc_name. (5)
    07/06 14:24:33 [INFO] NtdsDemote returned 5
    07/06 14:24:33 [INFO] DsRolepDemoteDs returned 5
    07/06 14:24:33 [ERROR] Failed to demote the directory service (5)

     

    Wednesday, July 7, 2010 1:27 PM

Answers

  • Hi KirkSH,


    Thank you for posting in Windows Server Forum.

     

    According to your description, I understand that you are not able to demote a Windows 2003 DC with the error " Failed to configure the service NETLOGON as requested."

     

    To resolve this issue, please stop the Netlogon service before you run DCPROMO. This might allow you to complete the DC demotion.

     

    Wilson Jia

     

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com


    This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    • Marked as answer by Wilson Jia Wednesday, July 14, 2010 1:48 AM
    Thursday, July 8, 2010 8:59 AM

All replies

  • Wednesday, July 7, 2010 1:33 PM
  • I did that and now i get the following on dcpromo.

     

    the operation failed because:

     

    Failed to configure the service NETLOGON as requested.

    "The wait operation timed out"

     

    and in the dcpromo.log is the following:

    07/07 09:02:24 [INFO] Informed NETLOGON to deregister records
    07/07 09:02:24 [INFO] Stopping service NETLOGON

    07/07 09:04:24 [INFO] StopService on NETLOGON failed with 258

     

    Wednesday, July 7, 2010 4:08 PM
  • Hello,

    if i understand you correct you try to demote a DC in an existing domain and have already transferred teh FSMO roles to another DC in the domain. Did you check with "netdom query fsmo" in a command prompt that the other DC is shown for having the FSMO roles?

    Also it can help to uncheck the Global catalog in AD sites and services on the NTDS settings from the DC you need to demote.

    Is connectivity given, check with pinging ip address, computer name and FQDN to the other DC, which also should be Global catalog server?

    Also post an undited ipconfig /all from the existing DC and the one you try to demote.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Wednesday, July 7, 2010 10:03 PM
  • Hi KirkSH,


    Thank you for posting in Windows Server Forum.

     

    According to your description, I understand that you are not able to demote a Windows 2003 DC with the error " Failed to configure the service NETLOGON as requested."

     

    To resolve this issue, please stop the Netlogon service before you run DCPROMO. This might allow you to complete the DC demotion.

     

    Wilson Jia

     

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com


    This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    • Marked as answer by Wilson Jia Wednesday, July 14, 2010 1:48 AM
    Thursday, July 8, 2010 8:59 AM
  • Hi Kirksh,

    Any updates?

    Regards,

    Wilson Jia


    This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    Monday, July 12, 2010 9:01 AM
  • I just experience the same issue, but the answer is very easy to handle.

    Change the first DNS setting on your network card to point to your new DNS server, not the server you are currently demoting.  Once you change the DNS setting to the new DNS server you should be able to demote the server without any issues.

    Dean

    • Proposed as answer by Frank Hurley Wednesday, December 7, 2011 2:21 PM
    Thursday, November 25, 2010 4:37 PM
  • Correct you are

    DNS was the issue for me

    Change the NIC to point to the new dns server - away from the one you are trying to demote

     

    good call

     

    thanks

    Saturday, January 14, 2012 1:10 AM
  • Verify that your account has sufficient permissions to the computer account in Active Directory.
    Even though your running dcpromo with domain admin account... If you haven't got full access to the computer object the operation will fail.

    And check so that "Protect this object from accidental deletion" isn't activated.
    Wednesday, February 22, 2012 1:17 PM
  • Thanks to citapinc, this is what resolved the issue for us!
    Friday, August 24, 2012 3:41 PM
  • Thanks sir

    Solution worked Great.

    Else the only way is to run Dcpromo /forceremoval and then through Metadata Cleanup remove all stresses from AD.

    I had 10 Domain Controllers to demote....

    Once again Thanks

    • Proposed as answer by Kems92 Friday, March 17, 2017 3:59 PM
    Wednesday, October 24, 2012 7:53 PM
  • Thanks sir

    Solution worked Great.

    Else the only way is to run Dcpromo /forceremoval and then through Metadata Cleanup remove all stresses from AD.

    I had 10 Domain Controllers to demote....

    Once again Thanks

    Great .. that's really really workable information ... thank you mahesh
    Thursday, November 22, 2012 5:49 AM
  • for me the answer of:citapinc worked (DNS settings)

    should a Moderator really mark his/her own reply as "answer" ??

    my error was:

    ---------------------------
    Active Directory Installation Wizard
    ---------------------------
    The operation failed because:
    
    Failed to configure the service NETLOGON as requested
    
    "The wait operation timed out."
    ---------------------------
    OK   
    ---------------------------

    Wednesday, April 17, 2013 10:44 PM
  • This was the answer for me. Thank you!
    Friday, June 28, 2013 8:16 PM
  • I just experience the same issue, but the answer is very easy to handle.

    Change the first DNS setting on your network card to point to your new DNS server, not the server you are currently demoting.  Once you change the DNS setting to the new DNS server you should be able to demote the server without any issues.

    Dean

    Dean,

    Thank you for taking the time to post this. You just saved me what would have probably been hours of troubleshooting for a simple issue.  

    Jeffery Smith

    Thursday, July 18, 2013 5:01 PM
  • This just saved me a bunch of time as well.  Many thanks.
    Tuesday, September 24, 2013 12:20 AM
  • I ended up needing to uncheck the Global Catalog box in AD Sites and Services for the server I was demoting. I had tried pointing to the new PDC and tried disabling Netlogon service in combination with no luck until I removed GC.

    I still did have the Netlogon service stopped and disabled and DNS on the server NIC pointing to new PDC when I removed the Global Catalog though.  Not sure if it was a combination of all, but it also stopped warning me about needing a GC on the domain during the dcpromo demotion.

    Wednesday, December 4, 2013 8:09 PM
  • We are in the process of phasing out our 2003 domain controllers and moving to 2012 R2.  I had the same problem with an error on a specific domain controller when it was unable to deal with the NETLOGON service properly.  What worked for me:  I went to Sites and Services and removed the Global Catalog checkbox under the NTDS properties for that problem server (thus removing the server from being a global catalog).

    After confirming all other domain controllers now recognized that the server was no longer a global catalog server (checked sites and services on each one for the checkbox) I then tried the demotion process again, and it worked properly through the dcpromo gui.

    Sunday, October 12, 2014 3:24 AM
  • Old post, but pointing DNS to new server and stopping NET LOGON service prior to running DCPROMO worked for me.

    Tks

    Tuesday, April 7, 2015 2:52 PM
  • Found the fix here.  Simple.

    http://itthatshouldjustwork.blogspot.com/2013/08/dcpromo-demote-win2k3-server-failed-to.html

    Wednesday, May 6, 2015 11:35 PM
  • I had the same issue, and followed all of the advice given here. The problem for me ended up being that this was a remote site in the domain with it's own DC that I was replacing. I had to point DNS to the root DC server, the one with all of the FSMO roles on it, in order for this to complete successfully.

    Run a "netdom query fsmo" to determine which DC has all of the roles, and change your DNS to that server.

    Monday, July 27, 2015 7:20 PM
  • Pointing the DNS to new Server also solved dcpromo issue for me.

    Thanks

    Wednesday, February 3, 2016 11:35 AM
  • I had this same problem. DCPromo was getting stuck on shutting down netlogon and timing out. I just opened up services. I switched netlogon to manual. I start it, stopped it while dcpromo was running and dc promo continued without timing out. 

    Thats the soluution i found. DCpromo wants to shutdown net logon, help it out. Start it and stop it manually. It will proceed.

    Thursday, February 25, 2016 2:47 PM
  • Yep worked for me too.
    Saturday, August 20, 2016 2:11 AM
  • Thanks, this fixed my problem
    Tuesday, June 27, 2017 11:54 PM
  • It worked for me also the DNS settings.

    tks

    Friday, June 28, 2019 7:27 AM