none
inconsistant share access in a file server with Domain Controller exceeded tombstone (forcebly demoted)

    Question

  • hello everybody

    I have an issue in my Share in the file server, the shares are not consistant

    nslookup lookup to the server with the name works (not FQDN)

    when I access with the name only \\servername\            it fails with access denied.

    when I access with FQDN it success   but sometimes rarly fails with access denied

    when I access with IP it success but sometimes fails with access denied.

    the user I'm using is a domain admin and in the security tab of the shares local administrators have full controll and my user also has full controll.

    I don't know what's going on, please help

    this file server was also a domain controller exceeded tombstone life time.

    this problem occured when I forcebly demoted the the DC

    Tuesday, January 3, 2017 8:01 AM

All replies

  • Hi

    this file server was also a domain controller exceeded tombstone life time.

    this problem occured when I forcebly demoted the the DC >>>

     This config is not recommended,you should not configure any role on a DC,first you should migrate file shares other member server with robocopy.Then will do a metadata cleanup to remove this problematic dc from domain and then promote it dc again.

    robocopy ; https://technet.microsoft.com/en-us/library/cc733145%28v=ws.11%29.aspx?f=255&MSPPError=-2147217396

    metadata cleanup; https://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Tuesday, January 3, 2017 8:17 AM
  • Hi Arafat,

    Since you have forcibly demoted this DC, the Metadata is not cleaned up.

    so the do the below tasks.

    1) clean up the metadata of the Demoted DC.Please refer the metadata cleanup link provided by Burak.

    2)then please remove the server from domain and rejoin it again to the domain.

    3)if you want to make this server as a DC again please promote it

    Thanks

    krishna

    Tuesday, January 3, 2017 10:03 AM
  • Thanks Burak

    I know it is not recommended to make a DC with file server but this was done long time a go, maybe before I starting studing in a university.

    I did a metadata cleanup

    so, what is the solution to what I did??

    Thursday, January 5, 2017 5:47 AM
  • Dear Krishna,

    I have done all of these. but this issue occured.

    thanks

    Thursday, January 5, 2017 5:49 AM
  • Hi,

    Have you checked the DNS if it is working well? You could run dcdiag /test:dns to check it: https://social.technet.microsoft.com/wiki/contents/articles/17741.dcdiag-for-dns-test-details-explained.aspx

    In addition, you could check if the problem is caused by corrupted offline files cache, here is a similar problem which was discussed in the following thread:

    https://serverfault.com/questions/355482/can-no-longer-access-some-shares-on-domain-file-server

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    And again, it is not suggested to install file server on DC, if you have another member server, we would always recommend to move the file server into that server.

    Best regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, January 9, 2017 3:11 AM
    Moderator
  • Look in to  Windows control panel / Credential manager ,  Some one may put in credentials to server  -just remove that one - 

    in case if the above do not work then If the fqdn works, but not the netbios name... WINS is the culprit. Everybody knows how to setup the IP address and DNS, but everybody seems to forget to go to the advanced button and setup WINS. This applies to both the workstations and the servers. The network will work fine without WINS as long as you dont mind typing FQDNs forever.So check the DNS setting and also try to lush DNS.
    Monday, January 9, 2017 3:26 AM
  • Hi,

    I am checking how the issue going, if you still have any questions, please feel free to contact us.

    And if the replies as above are helpful, we would appreciate you to mark them as answers, and if you resolve it using your own solution, please share your experience and solution here. It will be greatly helpful to others who have the same question.

    Appreciate for your feedback.

    Best regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, January 13, 2017 9:27 AM
    Moderator