Share via

Server Corruption Issue

Kinkzter 1 Reputation point
2021-08-14T21:06:06.893+00:00

I have three sites. One of my sites has some sort of corruption that throws DNS errors when I try to replicate. The bad site is a single server Windows Server 2016 GC and I make backup image copies of the server every hour. This corrupted server is NOT the PDC, Domain Naming Master, Schema Master, etc. I believe I can go back to when replication stopped and restore the server. I haven't tried dcpromo because I am not sure if that would work. My question is whether I should try dcpromo since it's a single server off site connected via VPN, or should I restore the server from backup? Or maybe there is another suggestion?

Windows for business Windows Server User experience Other
0 comments

7 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2021-08-14T21:11:38.903+00:00

    I would not restore from backup in a multi domain controller environment. Better option is to stand up a new one for replacement.

    I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new one, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can decommission / demote old one, or perform cleanup to remove remnants of the failed one.
    https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup
    https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-manually-removing-a-domain-controller-server/ba-p/280564

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    1 person found this answer helpful.
  2. Anonymous
    2021-08-14T21:37:01.113+00:00

    Please run;

    Dcdiag /v /c /d /e /s:%computername% >C:\dcdiag.log
    repadmin /showrepl >C:\repl.txt
    ipconfig /all > C:\dc1.txt
    ipconfig /all > C:\dc2.txt
    ipconfig /all > C:\dc3.txt
    ipconfig /all > C:\problemjoinmember.txt

    then put unzipped text files up on OneDrive and share a link.

    1 person found this answer helpful.
  3. Anonymous
    2021-08-14T23:09:50.16+00:00

    Looks like the problem server and problem workstation are both at same location? Another test would be a test join at another site. I'd check the VPN or route from 10.10.3.1 network to other sites 10.28.244.1, 10.11.216.1 is flowing the required ports.
    https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/config-firewall-for-ad-domains-and-trusts
    https://www.microsoft.com/en-us/download/details.aspx?id=24009

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    1 person found this answer helpful.
    0 comments
  4. Kinkzter 1 Reputation point
    2021-08-14T23:34:47.683+00:00

    I can join from the two other sites. The VPN is wide open for ports. I tried to use the DNS from the main site that owns the PDC, etc., but I get the RPC is unavailable error from the 10.10.3 network, which is where the corrupt server resides.

    0 comments
  5. Anonymous
    2021-08-14T23:37:13.267+00:00

    Yes, both of these statements point to some port blocking. It doesn't have to happen at the vpn, it can happen anywhere in the route.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.