cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Can't seem to recover a FSMO domain controller using BESR 2010

Mrmicp
Level 3

‎03-08-2012 07:02 AM

Hi,

We are planning on service packing our Exchange 2010 server, so we though it an idea to recover the Exchange 2010 server and our FSMO 2008 controller in a virtual enviroment and test the service pack upgrade within.

The exchange 2010 server recovered fine but with the domain controller we had to enter directory restore mode change the DNS to point at itself, which then enabeld us to logon on to our domain.

When we checked AD though the services had failed to start with an error message of "Naming information cannot be located because: The interface is unknown, contact your system admin to verfiy domain is properly configured and is currently online"

Then I noticed that BESR had renamed the DC to a randomly generated name, when we tried to rename it back it asked for the domain credentials which we supplied and then minutes later we get the error that it "failed to rename the computer because the specified domain either does not exist or could not be contacted"

So just wondered if anyone has any tips or has done this before that coudl offer any help?

Many Thanks

Mic P

0 Kudos
26 REPLIES 26

Markus_Koestler
Moderator
Moderator
   VIP   

‎03-08-2012 10:16 PM

Hm, we did a lot of P2V conversion for our DCs and did not run into any of those problems.

Which options do you select when restoring the DC ? Did you select restore to different hardware ?

The error message to me looks like the server is missing his physical network card and does not recognize that there is a new virtual one ?

0 Kudos

Mrmicp
Level 3

‎03-09-2012 12:38 AM

Hi Markus,

Thanks for your reply.

Yeah we selected restore to different hardware and kept everything else default. When we recovered to vmware we did it using the BESR recovery disk as appsoe to converting the back up to an actual VMWare image. Do you think this has something to do with it? We are just using the free version of VMWare and I believe that you can't import images with this version.

With regards to the NIC card if we dont go in and point its DNS to itself we get the error message that It can't log on due to  "The security database on the server does not have a computer account" so i'm assuming it must be aware of the NIC card.

Does your DC name change on recovery or converion to a virtual enviroment ?

Thanks

Mic P

0 Kudos

Markus_Koestler
Moderator
Moderator
   VIP   

‎03-09-2012 12:58 AM

No, we dont change the domain name. 

0 Kudos

Mrmicp
Level 3

‎03-09-2012 01:21 AM

Sorry what I mean't was, does the conversion or recovery process actually give your DC a randomly generated name?

Say our DC was called DC1 and after it had recovered it was given a randomly generated name like WTKSSG66783HJ.

Thanks 

0 Kudos

Markus_Koestler
Moderator
Moderator
   VIP   

‎03-09-2012 08:04 AM

Nop, this does not happen. This looks like an issue with the sysprep that is running when you select the Restore anywhere feature. One other thing: Why don't you run a P2V conversion of a backup instead of restoring the DC in an empty VM ?

0 Kudos

Markus_Koestler
Moderator
Moderator
   VIP   

‎03-29-2012 01:42 AM

Any updates here ?

0 Kudos

Mrmicp
Level 3

‎03-29-2012 06:38 AM

Hi Markus,

No i'm afraid I haven't gotten any further with it.

I wanted to do it this way rather than a P2V to test out our backup plan in case we had to restore any machine to physical hardware. Or in the case of disaster recovery  when the 1st domain controller needs to be recovered.

I find it hard to believe that Symantec haven't thought about sysprep running and it changing the computer name when recovering a domain controller, but i can't see what else it could be.  When this happens there is no way that I can see of renaming the machine and therefore can’t log on to the machine as it can’t see the domain.

Somebody must have had this issue, or I'm missing something really obvious. I would love to know the answer to this as I can't find anything relating to it anywhere :(

0 Kudos

Markus_Koestler
Moderator
Moderator
   VIP   

‎03-29-2012 10:56 PM

Are you entitled to open a support call ?

0 Kudos

Mrmicp
Level 3

‎03-30-2012 01:40 AM

No......but we will be soon as we have just put an order in for two more licecnes for system recovery 2011. So i'll get back and let you know.

I'm really looking forward to the answer on this one as it's driving me crazy ;)

0 Kudos

criley
Moderator
Moderator
Employee Accredited

‎03-30-2012 02:05 AM

With regards to the NIC card if we dont go in and point its DNS to itself we get the error message that It can't log on due to  "The security database on the server does not have a computer account" so i'm assuming it must be aware of the NIC card.

What's the exact error you see?

There is a known issue that will be fixed in the next service pack (SP2) for SSR 2011 that might help. SP2 should be available within the next few weeks.

0 Kudos

Mrmicp
Level 3

‎03-30-2012 02:31 AM

I will start the recovery again in a VM and get straight back to you.

0 Kudos

Mrmicp
Level 3

‎04-11-2012 07:11 AM

Hi,

Sorry its taken so long, but I tried a couple of recoverys on the day and I got a constant blue screens. I have since been away on holiday and now i'm back I tried a recovery and this is what I got....

When it boots up for the first time the logon username is

.\Administrator

So I click on switch user and and i'm presented with the usual expected logon screen (with our company domain name)  then when I log on i get the error message...

"the security database on the server does not have a computer account for this workstation trust relationship"

So I assume as it's name has been randomly generated it can't see the domain as it is the domain controller, and without it's old name AD just won't start. Here's the catch, as it can't contact the domain you can't rename the server back to it's old name.

Hope this helps and that there is an answer out there somewhere.....

 

0 Kudos

criley
Moderator
Moderator
Employee Accredited

‎04-11-2012 09:05 AM

SP2 (10.0.2) for SSR 2011 is now available. Please try with this to see if it helps.

0 Kudos

Mrmicp
Level 3

‎04-12-2012 01:22 AM

Hi,

We are still awating our licences for SRS 2011. We currently only have 2010, so is there not a fix for 2010?

Thanks

 

0 Kudos

criley
Moderator
Moderator
Employee Accredited

‎04-12-2012 02:47 AM

I checked and the issue should already be fixed in SP4 (9.0.4) for BESR 2010. Are you using this?

0 Kudos

Mrmicp
Level 3

‎04-12-2012 03:32 AM

I assumed (wrongly) that symantec live update would tell me if any updates were avaiable, rather than telling me that my product is upto date.

So thanks for your help, I'm currently downloading the SP now and hopefully that will fix it. Do you know if I will need to do a full backup of the system or will an incremental do the job after the application of SP4?

I'll let you know how I get on, thanks again :)

0 Kudos

criley
Moderator
Moderator
Employee Accredited

‎04-12-2012 03:51 AM

I would recommend you take a new FULL backup once you have updated to SP4 (you will have to reboot once SP4 is installed).

However, the key here is that you need to use the SP4 (9.0.4) SRD for the restore.

0 Kudos

Mrmicp
Level 3

‎04-12-2012 04:19 AM

I installed the update but a reboot wasn't required. (do I need to do one anyway, as i'd prefer not to as it's a DC)

I will however do a full backup now it's upadted to SP4 and the recovery disk is almost downloaded.

Thanks

0 Kudos

criley
Moderator
Moderator
Employee Accredited

‎04-12-2012 05:07 AM

Yes, a reboot is needed I'm afraid.

0 Kudos