Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET

Failed SBS 2011 Domain Controller – no backups but BDC is online

Home Forums Server Operating Systems SBS 2000 / 2003 / 2008 / 2011 Failed SBS 2011 Domain Controller – no backups but BDC is online

Viewing 1 post (of 1 total)
  • Author

  • beddo

    Hi folks,

    Short version of the question is – can you use dcpromo to remove an SBS 2011 server from a domain and then use dcpromo to put it back in?

    Long version is:

    1) Backups have been failing for a long time
    2) Management has approved a new backup solution but it has been waiting for them to move equipment from one site to another so there is no backup of this server
    3) There is a Server 2012 Standard DC at a different site that is operational.

    Yesterday evening I was notified that the server was stuck in a reboot loop (bluescreening with an AD services error). I do not know what triggered this.
    It would blue screen then go into system recovery.
    The documented DSRM password did not work so I had to use ntpasswd to reset it.
    chkdsk found free space marked as used and fixed that on a couple of drives, I believe most likely caused by the bluescreening rather than a cause of the issue but could be wrong.
    Bootin DSRM brought up configuring changes. These failed and it went on to reverting changes before eventually going to a login screen.

    After getting into DSRM I went through a few checks. I went into the registry to verify the ntds.dit path and found that the whole Parameters key was missing. In fact the only keys in HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesNTDS were Security and Performance. Luckily I was able to get to another SBS 2011 server and export the whole NTDS key (excluding security) then import this into the failed server.

    Upon doing this I received event log 2542 in the directory service log with the following content:

    The Directory Server detected that the database has been replaced. This is an unsafe and unsupported operation. The service will stop until the problem is corrected. User Action: Restore the previous copy of the database that was in use on this machine. In the future, the user is strongly encouraged to use the backup and restore facility to rollback the database. This error can be suppressed and the database repaired by removing the following registry key. Additional Data Registry key: SystemCurrentControlSetServicesNTDSParameters Registry value: DSA Database Epoch

    I’ve then taken a copy of ntds.dit and removed the value specified. This time the server has booted without blue screening and in normal mode has done the applying/configuring changes before moving on to failed and reverting changes. It has been stuck there for some time but I’m hoping it will eventually go to the login screen.

    If AD is still hosed, I’m wondering if it is possible to do a dcpromo to remove the SBS 2011 server (might have to be a force) and then dcpromo it back in. I’ve only ever used dcpromo on SBS when the server is being decommissioned so I’m not sure if SBS will allow for the server to be put back in or if any of the SBS things (mainly Exchange) will be broken by doing so.

    The worst possibility will be having to back up the Exchange databases, wipe the server, do a new build in migration mode and then restore the Exchange databases. I think it’ll be MS PSS before that though.

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: