VMware Cloud Community
MBaldwin
Contributor
Contributor
‎01-25-2008 01:13 PM

Cannot log in to my DC after restore

I restored my domain controller from an esxRanger backup and I cannot log in to it. Any ideas?

0 Kudos
9 Replies
AWo
Immortal
Immortal
‎01-25-2008 01:25 PM

Uhh, many questions....let's see, where do I start?

Just a plain backup and a plain restore? Like an image backup/restore? For AD you have to do a Systemstate backup...and a restore in Directory recovery mode.

Is this your only DC (hopefully not)?

If not, has your other DC accepted him as a replication partner again? Look for events on the other DC.

How old is the backup? Has the password changed in between (and the new one is not/can't be replicated)?

If this was "just" an DC (and not the only one), don't spend to much time...remove the old one from AD (I provide some links later) and bring out a new one.

AWo

Message was edited by: AWo

vExpert 2009/10/11 [:o]===[o:] [: ]o=o[ :] = Save forests! rent firewood! =
0 Kudos
Chamon
Commander
Commander
‎01-25-2008 01:25 PM

Do you have more then 1 DC? Did you rest the old account in AD. If it comes back on line the wrong way the other DC will kill it. Smiley Sad Can you log into the other servers?

0 Kudos
AWo
Immortal
Immortal
‎01-25-2008 01:30 PM

Aspirin for AD:

http://support.microsoft.com/?scid=kb%3Ben-us%3B555846&x=11&y=10

AWo

vExpert 2009/10/11 [:o]===[o:] [: ]o=o[ :] = Save forests! rent firewood! =
0 Kudos
ctfoster
Expert
Expert
‎01-25-2008 01:33 PM

How old was the backup - if the date of your system backup exceeds the maximum age limit set in Active Directory you might have a problem. To come back online the controller must have security credentials to talk to the other servers. If these have aged out then it can't authencate to replicate with AD.

0 Kudos
MBaldwin
Contributor
Contributor
‎01-25-2008 02:04 PM

Sorry for the bad description folks. I was late for a meeting when I posted it.

It is a full VMDK backup via esxRanger. The backup was taken this past weekend. I am restoring it on the ESX internal only network so I can authenticate on a sharepoint server that is also in the internal only network. Long story.

Does that help?

0 Kudos
ctfoster
Expert
Expert
‎01-25-2008 02:10 PM

Whats the internal networks access to DNS ?

0 Kudos
MBaldwin
Contributor
Contributor
‎01-25-2008 06:46 PM

Well the dc is the dns access, so that's about it actually.

0 Kudos
AWo
Immortal
Immortal
‎01-28-2008 02:11 AM

Boot in Directory repair mode and check the File Replication Service log for messages that the replication ring is broken (that's often the case after image restores). If so, the File Replication Service prevents the DC to become an active DC and the AD keeps closed (you'll find this message, too).

There's also an explanation how to repair this ring in the error message, but I don't know if this works, while the replication partners are not available.

AWo

Message was edited by: AWo (I meant File Replication Service, not AD, just to make it sure).

vExpert 2009/10/11 [:o]===[o:] [: ]o=o[ :] = Save forests! rent firewood! =
MBaldwin
Contributor
Contributor
‎01-28-2008 05:58 AM

Thanks. I'll give this a try in a few.

0 Kudos