Paul
Fri May 09 06:04:11 PDT 2008
Did you do a dcpromo to remove the dc? Do you have any dc's that could
still be in your metadata even though they no longer exist? If so then you
should run metadata cleanup as well.
http://support.microsoft.com/Default.aspx?id=216498
Run diagnostics against your Active Directory domain (RepAdmin shouldn't be
needed but run anyways)
If you don't have the support tools installed, install them from your server
install disk.
d:\support\tools\setup.exe
Run dcdiag, netdiag and repadmin in verbose mode.
-> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log (On each dc)
-> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt
-> dnslint /ad /s "ip address of your dc"
**Note: Using the /E switch in dcdiag will run diagnostics against ALL dc's
in the forest. If you have significant numbers of DC's this test could
generate significant detail and take a long time. You also want to take
into account slow links to dc's will also add to the testing time.
If you download a gui script I wrote it should be simple to set and run
(DCDiag and NetDiag). It also has the option to run individual tests
without having to learn all the switch options. The details will be output
in notepad text files that pop up automagically.
The script is located on my website at
http://www.pbbergs.com/windows/downloads.htm
Just select both dcdiag and netdiag make sure verbose is set. (Leave the
default settings for dcdiag as set when selected)
When complete search for fail, error and warning messages.
Description and download for dnslint
http://support.microsoft.com/kb/321045
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Serge Lavictoire" <sergelavictoire@discussions.microsoft.com> wrote in
message news:B4538968-307A-44D3-9CD6-6B2E9D80FFA1@microsoft.com...
> Hi,
> We had a USN rollback on one of our main DC (called DC1)( only two DCs
> into
> our Active Directory). Problems started to occure with the login process,
> adding new users and link to exchange mailboxes. We had to removed the
> DC2
> from the AD and kept the DC1 as the only DC of our Active Directory.
>
> Now that I have only one domain controller and everytime I reboot that
> server, a Event ID 2103 comes up. ( The Active directory database has
> been
> restored using an ussupported procedure. Active Directory will be unable
> to
> log on users while this condition persist. As a result the Net logon
> service
> as paused.)
>
> Except that error everything is fine, no more problems with my users.
>
> Now my question: Can I fix that error now that I have only one DC with
> USN
> rollback?
>
> tx
> --
> Serge Lavictoire
> Networking Consultant