question

Kinkzter avatar image
0 Votes"
Kinkzter asked DSPatrick commented

Server Corruption Issue

I have three sites. One of my sites has some sort of corruption that throws DNS errors when I try to replicate. The bad site is a single server Windows Server 2016 GC and I make backup image copies of the server every hour. This corrupted server is NOT the PDC, Domain Naming Master, Schema Master, etc. I believe I can go back to when replication stopped and restore the server. I haven't tried dcpromo because I am not sure if that would work. My question is whether I should try dcpromo since it's a single server off site connected via VPN, or should I restore the server from backup? Or maybe there is another suggestion?

windows-server
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
1 Vote"
DSPatrick answered Kinkzter commented

I would not restore from backup in a multi domain controller environment. Better option is to stand up a new one for replacement.

I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new one, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can decommission / demote old one, or perform cleanup to remove remnants of the failed one.
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup
https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-manually-removing-a-domain-controller-server/ba-p/280564


--please don't forget to upvote and Accept as answer if the reply is helpful--





· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

That's what I would like to do, but I can't stand up a new one because I haven't been able to join the domain without errors.

0 Votes 0 ·

because I haven't been able to join the domain without errors

What happens when you try?


0 Votes 0 ·

The RPC server is unavailable.

0 Votes 0 ·
DSPatrick avatar image
1 Vote"
DSPatrick answered Kinkzter commented

Please run;

Dcdiag /v /c /d /e /s:%computername% >C:\dcdiag.log
repadmin /showrepl >C:\repl.txt
ipconfig /all > C:\dc1.txt
ipconfig /all > C:\dc2.txt
ipconfig /all > C:\dc3.txt
ipconfig /all > C:\problemjoinmember.txt

then put unzipped text files up on OneDrive and share a link.



· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
1 Vote"
DSPatrick answered

Looks like the problem server and problem workstation are both at same location? Another test would be a test join at another site. I'd check the VPN or route from 10.10.3.1 network to other sites 10.28.244.1, 10.11.216.1 is flowing the required ports.
https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/config-firewall-for-ad-domains-and-trusts
https://www.microsoft.com/en-us/download/details.aspx?id=24009

--please don't forget to upvote and Accept as answer if the reply is helpful--






5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Kinkzter avatar image
0 Votes"
Kinkzter answered

I can join from the two other sites. The VPN is wide open for ports. I tried to use the DNS from the main site that owns the PDC, etc., but I get the RPC is unavailable error from the 10.10.3 network, which is where the corrupt server resides.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Yes, both of these statements point to some port blocking. It doesn't have to happen at the vpn, it can happen anywhere in the route.

--please don't forget to upvote and Accept as answer if the reply is helpful--






5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Kinkzter avatar image
0 Votes"
Kinkzter answered DSPatrick commented

I was able to get the server to replicate after a few days of waiting on sfc /scannow and DISM /Scanhealth. I then spun up a new server and moved everything over. This one has been retired.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Glad to hear of success.

--please don't forget to upvote and Accept as answer if the reply is helpful--



0 Votes 0 ·