DC seems to have fallen off the Domain
-
If you're DC is just a DC - you can demote it, then leave the domain, wipe and reload it, join the domain and promote.
If it's also a fileserver, etc, well - have fun.
This of course assumes you can't use the normal tools to remove the old AV cleanly.
-
@nerdydad is this a VM or a standalone server?
-
It's a vm. All of my DC's are vm's.
-
@Dashrender said in DC seems to have fallen off the Domain:
If you're DC is just a DC - you can demote it, then leave the domain, wipe and reload it, join the domain and promote.
If it's also a fileserver, etc, well - have fun.
This of course assumes you can't use the normal tools to remove the old AV cleanly.
mkfs.ntfs & format ... The only tools I know to fully remove Symantec products - except for a snapshot maybe.
-
@thwr said in DC seems to have fallen off the Domain:
@Dashrender said in DC seems to have fallen off the Domain:
If you're DC is just a DC - you can demote it, then leave the domain, wipe and reload it, join the domain and promote.
If it's also a fileserver, etc, well - have fun.
This of course assumes you can't use the normal tools to remove the old AV cleanly.
mkfs.ntfs & format ... The only tools I know to fully remove Symantec products - except for a snapshot maybe.
LOL
-
@NerdyDad Is that secondary domain controller doing anything else like being a file server?
-
@wirestyle22 said in DC seems to have fallen off the Domain:
@NerdyDad Is that secondary domain controller doing anything else like being a file server?
It is a secondary controller. FSMO roles are on another DC. The only other thing this server does is ots a print server and DHCP server.
-
@NerdyDad said in DC seems to have fallen off the Domain:
@wirestyle22 said in DC seems to have fallen off the Domain:
@NerdyDad Is that secondary domain controller doing anything else like being a file server?
It is a secondary controller. FSMO roles are on another DC. The only other thing this server does is ots a print server and DHCP server.
Well, as I said, if you can't remove the old AV using the typical tools, you do have other options, not great ones, but they are there.
-
As I am digging into this more and more, I am finding replication issues between DC's, namely the original problem child.
<code>
Source DSA largest delta fails/total %% errorDOS3 38d.14h:20m:23s 5 / 10 50 (8457) The destination server is currently rejecting replication requests.
DOS4B 38d.14h:20m:22s 5 / 15 33 (8457) The destination server is currently rejecting replication requests.
SMC4A 38d.14h:20m:23s 5 / 15 33 (8457) The destination server is currently rejecting replication requests.
SMC4B 35d.14h:24m:28s 15 / 15 100 (8456) The source server is currently rejecting replication requests.
Destination DSA largest delta fails/total %% error
DOS3 35d.14h:16m:35s 5 / 15 33 (8456) The source server is currently rejecting replication requests.
DOS4B 35d.14h:02m:35s 5 / 15 33 (8456) The source server is currently rejecting replication requests.
SMC4A 35d.14h:22m:52s 5 / 10 50 (8456) The source server is currently rejecting replication requests.
SMC4B 38d.14h:20m:24s 15 / 15 100 (8457) The destination server is currently rejecting replication requests.
</code> -
repadmin /syncon all domain controllers. What does that return? -
@wirestyle22 said in DC seems to have fallen off the Domain:
repadmin /syncon all domain controllers. What does that return?CALLBACK MESSAGE: Error contacting server cff6859a-1945-4334-aa88-e43a448de794._msdcs.smc.com (network error): -2146893 22 (0x80090322): The target principal name is incorrect. CALLBACK MESSAGE: SyncAll Finished. SyncAll reported the following errors: Error contacting server cff6859a-1945-4334-aa88-e43a448de794._msdcs.smc.com (network error): -2146893022 (0x80090322): The target principal name is incorrect. -
@NerdyDad said in DC seems to have fallen off the Domain:
The target principal name is incorrect.
Check that these services are all running:
Active Directory Domain Services
Kerberos Key Distribution Center -
@wirestyle22 said in DC seems to have fallen off the Domain:
@NerdyDad said in DC seems to have fallen off the Domain:
The target principal name is incorrect.
Check that these services are all running:
Active Directory Domain Services.
Active Directory ReplicationHave ADDS but not Active Directory Replication
-
@NerdyDad Sorry, check:
Kerberos Key Distribution Centerin services.msc -
@wirestyle22 said in DC seems to have fallen off the Domain:
@NerdyDad Sorry, check:
Kerberos Key Distribution Centerin services.mscThere and Started.
-
@wirestyle22 If I ever meet you, I owe you a drink at least.
-
@NerdyDad Oh? you get it working?
-
@wirestyle22 said in DC seems to have fallen off the Domain:
@NerdyDad Oh? you get it working?
Not yet. Just appreciating all of the help.
-
@NerdyDad Don't worry about it. Everyone helps me all of the time.
Check this article out: https://support.microsoft.com/en-us/help/2090913/troubleshooting-ad-replication-error--2146893022-the-target-principal-name-is-incorrect.
