06-21-2019 09:40 AM - edited 06-21-2019 09:47 AM
06-21-2019 09:40 AM - edited 06-21-2019 09:47 AM
We've got a Windows Server 2008 that we're planning to migrate from in a few weeks. Unfortunately, yesterday when Windows Update froze and the system was rebooted, not much works. We can login normally, but we can't launch any app. Even something as simple as starting an MMC doesn't do anything. The computer just acts like it's busy. It does have some services running, and the file shares work, but we can't RDP into the box and can't manage it locally. I can start a normal Command Prompt, but not with Administrative privileges.)
I booted the Install Disk and opened up a command prompt to run the System File Checker and it came up with errors that it said it corrected them, but the symptoms persist. ChkDsk also was ran without any errors. I've even tried throwing the Install disk into the box and run setup to "upgrade" (from Windows,) but it just sits there. I can start TaskMgr, but can't actually do anything with it.
I think the server is trying to start a service, but I'm not sure. Since I was able to open up a command prompt when booting from the Windows Server Install Disk, I was able to start EventVwr (which I can't do from a normal startup) and see a ton of errors, but they all appear to be isolated around failures that a dependent service has failed. (it looks like it has something to do with AD / LDAP, and since this is the domain controller for a small network, I can't login locally from Safe Mode - even though we know the original Administrator password - and even reset it using command prompt.)
Edit: I was able to pull up the list of started services (normal command prompted) and noticed that DHCP Server isn't started, but since I can't start anything privileged, I can't start it.)
What do I look for next?
Thanks in Advance
06-21-2019 12:59 PM
Hopefully there are other domain controllers where can seize roles, perform metadata cleanup and move on.
06-21-2019 03:00 PM
Unfortunately, they lost their other DC a while back (hardware failure) and never replaced it (small organization didn't have $$$ for redundancy.) If I can get them back up and get their data off, I'll make sure to get them setup correctly - probably offloading most of it to the cloud, but we'll see.
I let it sit there for a while and noticed that slowly some services, like DHCP are starting and I can now open a privileged Command Prompt and even Control Panel. I'm thinking that an update got corrupted and I can uninstall it and see what happens? Unfortunately, I feel like I'm shooting in the dark since they logged in and "Last Known Config" is no longer an option and most of the "normal" modes of fixing this haven't worked.
06-21-2019 03:06 PM
Better option is if it eventually starts up then I stand up a new one ASAP
I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting. Then stand up a new one (no newer that 2016 in case FRS is still used) , patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over, transfer pdc emulator role, use dcdiag / repadmin tools to again verify health, when all is good you can decommission / demote old one.
Other options are to verify system and servicing health by running;
06-21-2019 04:18 PM
@Dave PatrickI was thinking dcdiag now that it might be up partially. The plan was to migrate to 2019, but that's 3 steps from 2008. I was also thinking Azure. We'll see. I just need to get this into a good state to move forward.
When I finally got into services, I saw that some services seem to be stuck at "Starting."
I've already done an SFC /scannow and it showed that it fixed errors. Maybe doing it again will help. I'll also look at the Readiness Tool and see if that helps.
Thanks for the suggestions.
06-21-2019 05:39 PM
Was able to run the dcdiag an the only errors it's showing is some services not started. Everything else looks okay from that perspective. Trying to run the System Update Readiness Tool.
Oh... and here's the kicker now that I can see services..... they've got Exchange on this box too. (The dcdiag's only errors were about Exchange services, so I'm looking through those.) Most of the services have started, but the rest are just slowly getting going. I guess they didn't know that everything was on the same server. :(
06-21-2019 05:46 PM - edited 06-21-2019 05:50 PM
Then I'd stand up a new domain controller (following above) ASAP. In order to introduce the first 2019 domain controller the domain functional level needs to be 2008 R2 or higher and sysvol replication needs to be migrated from older FRS technology to DFSR
For the exchange migration I'd reach out to experts in dedicated forums over here.
06-21-2019 06:10 PM
@Dave PatrickSlowly, but surely, everything seems to be coming up. It just takes a couple hours to do something that should take 10 seconds. The odd thing is, resource monitor doesn't show anything out of the normal as everyone is gone and I'm the only one on the box.
I can't stand up a new domain until the new hardware and OS arrive. But I'm giving them options. Since they're having problems, I figure that they just might go for a hybrid cloud solution so they don't have to worry as much about the technical stuff.
06-21-2019 06:24 PM
Sounds good. If it were me I'd probably stand up another domain controller even if its on some desktop hardware for the interim.