Forum Discussion
ADs not Syncing
Multi-homing a domain controller always causes no end to grief for active directory domain DNS. So that's the first issue to clear up, then do ipconfig /flushds, ipconfig /registerdns, restart the netlogon service.
Depending on how long this situation has lasted the 2012 may also have tombstoned in which case demoting, reboot, promo it again may be the simpler solution after above is corrected.
As to stopped services I'd check the system event log for details.
Dave Patrick , appreciate you helping me on this and for the lightning fast response.
I will test your advise in an isolated environment and let you know the outcome.
More info:
I also see the following in event viewer.
Event 2103:
The Active Directory Domain Services database has been restored using an unsupported restoration procedure.
Active Directory Domain Services will be unable to log on users while this condition persists. As a result, the Net Logon service has paused.
User Action
See previous event logs for details.
I suspect this is due to the VM being rolled back to its previous state via snapshot.
In my test environment, tried deleting the registry key "DSA not writable" from HKLM\System\CurrentControlSet\Services\NTDS\Parameters and it did resolve the NetLogon and Windows Time service issues but I'm not sure if it's the best thing to do.
My ultimate goal is to eventually remove DC1 from the domain and add in a new primary DC running 2016 or 2019.
After trying your recommendation in the test environment, it seems like I have now lost access to DC2 and getting the error below:
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 20/1/2021 5:38:01 PM
Event ID: 1308
Task Category: Knowledge Consistency Checker
Level: Warning
Keywords: Classic
User: ANONYMOUS LOGON
Computer: DC1.domain.name
Description:
The Knowledge Consistency Checker (KCC) has detected that successive attempts to replicate with the following directory service has consistently failed.
Attempts:
4
Directory service:
CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=name,DC=net
Period of time (minutes):
88989
The Connection object for this directory service will be ignored, and a new temporary connection will be established to ensure that replication continues. Once replication with this directory service resumes, the temporary connection will be removed.
Additional Data
Error value:
5 Access is denied.Here's what I did to remove multi-homing:
1) Removed other and unused NICs in the system via device manager
2) Ran ipconfig /flushdns, ipconfig /registerdns and restarted NetLogon services
Question:
1) Would it be easier to setup a new DC then promote it as the main then remove DC1?
2) Or do I have to fix the issue with DC1 first before I can do anything else?
Please run;
Dcdiag /v /c /d /e /s:%computername% >c:\dcdiag.log
repadmin /showrepl >C:\repl.txt
ipconfig /all > C:\dc1.txt
ipconfig /all > C:\dc2.txt
then put `unzipped` text files up on OneDrive and share a link.Glad to hear problem is sorted.