I may have missed this, but the DC with the problem was just
that a DC/ Backup DC not a primary is that right? Can your users login
and get out to the internet just fine? If your other functions are solid
with your new 2003 PDC, you really don’t need to worry about the other
box if it was just for Backup Purposes. So you could just upgrade or decommission
that box period without ill effect. Hmmm.
Timoteo
"Timo" Vasquez - AIS
Client Server Team
[log in to unmask] - 353.4420 Ext.249
Michigan State University
2 Administration Building
East Lansing, MI 48824-1046
From: MSU Network
Administrators Group [mailto:[log in to unmask]] On Behalf Of Jon
Galbreath
Sent: Monday, July 27, 2009 10:50 AM
To: [log in to unmask]
Subject: Re: [MSUNAG] Demoting DC that can't replicate
I would drop the firewalls on the PDC and failing DC and see if
replication occurs. If so, your firewall is too restrictive.
I’ve had this problem before.
http://support.microsoft.com/kb/555381
this kbase article is a good guide for setting the File Replication services to
use a specific port to make the firewall configuration a snap to
maintain. Just assign a static port to the service, then add that
exclusion to your firewall rules.
To drop the firewall if you’re enforcing it with a GPO,
just run ‘net stop sharedaccess’ at the command prompt.
Also, the Security Configuration Wizard works wonders for
automatically configuring the required exclusions on the firewall, based on
what services are running on the server.
Jon Galbreath
MCSE/Security+
Systems Administrator
International Studies and Programs
Ph: 517-884-2144
From: MSU Network
Administrators Group [mailto:[log in to unmask]] On Behalf Of Jesse
Howard
Sent: Monday, July 27, 2009 10:26 AM
To: [log in to unmask]
Subject: [MSUNAG] Demoting DC that can't replicate
I
have an old domain controller that has been having DNS and replication errors
for some time now. The PDC in the domain was recently brought up to windows
2003 server service pack 2, and now replication with the failing DC is
completely gone. The current PDC is holding all FSMO roles. My question is; can
I safely ADPREP the domain, DCPROMO a new DC (2003 R2), and then demote the old
DC that can’t replicate?
Thanks,
Jesse
Howard
_______________________
IT Administrator
Michigan State University Press
[log in to unmask]
www.msupress.msu.edu