I may have missed this, but the DC with the problem was just that a DC/ Backup DC not a primary is that right?  Can your users login and get out to the internet just fine?  If your other functions are solid with your new 2003 PDC, you really don’t need to worry about the other box if it was just for Backup Purposes.  So you could just upgrade or decommission that box period without ill effect.  Hmmm.

 

 

 

I would drop the firewalls on the PDC and failing DC and see if replication occurs.  If so, your firewall is too restrictive.  I’ve had this problem before. 

 

http://support.microsoft.com/kb/555381 this kbase article is a good guide for setting the File Replication services to use a specific port to make the firewall configuration a snap to maintain.  Just assign a static port to the service, then add that exclusion to your firewall rules.

 

To drop the firewall if you’re enforcing it with a GPO, just run ‘net stop sharedaccess’ at the command prompt.

 

Also, the Security Configuration Wizard works wonders for automatically configuring the required exclusions on the firewall, based on what services are running on the server.

 

 

 

I have an old domain controller that has been having DNS and replication errors for some time now. The PDC in the domain was recently brought up to windows 2003 server service pack 2, and now replication with the failing DC is completely gone. The current PDC is holding all FSMO roles. My question is; can I safely ADPREP the domain, DCPROMO a new DC (2003 R2), and then demote the old DC that can’t replicate?

 

Thanks,

Jesse Howard
_______________________

IT Administrator
Michigan State University Press
[log in to unmask]
www.msupress.msu.edu