We are testing and documenting the disaster recovery process of our environment. Only we are experiencing a few problems which we are not able to fix so far. Our situation is as follows:
- Backup server with Backup Exec 12.5
- Windows 2008 Standard Server as domain controller containing all the FSMO roles. Further the server only contains the DNS Server role
We have tried a disaster recovery restore by following these steps:
- Installation of same Windows version, same NTFS partitions and same computer name (FQDN). Also tried same IP-configuration (same result)
o Note: Only installed on different hardware
- Restoring a full system backup of the domain controller
o Including partitions, System State and Shadow Copy
o Restoring over existing files
o Marked this server as primary arbitrator for the domain
The full system backup restore’s without any problems and the computers boots nicely. All the required services for the domain are running:
- Active Directory Domain Services
- DNS Server
- File Replication Service
- Intersite Messaging
- Kerberos Key Distribution Center
When I try to start the “Active Directory Users and Computers” management console I get the following error message:
“Naming Information cannot be located for the following reason:
The server is not operational.”
When I check the Event Viewer of Windows it displays 1 warning and 1 error message’s after booting the system which should point me in the right direction but I just can’t figure it out. Hope one of you guys could give me some advice because I’m kind of stuck.
Further I got three questions:
- Is it necessary to have the same IP-configuration? (Because it looks like a DNS issue)
- Is it necessary to have the DHCP Server service running?
- Is it necessary to have the Certificate Authority installed on the first Domain Controller you restore?
Below are the events of the Event Viewer:
Source: Kerberos-Key-Distribution-Center Event ID: 29
Warning Message: “The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certuil.exe or enroll for a new KDC certificate.
Source: Directory-Services-SAM Event ID: 16651
Error Message: “The request for a new account-identifier pool failed. The operation will be retried until the request succeeds. The error is “The requested FSMO operation failed. The current FSMO holder could not be contacted””