Restoring a Domain Controller - When other DC's are available

Similar Messages

• Remove a domain controller when dcpromo bombs

  i'm trying to demote one server in a two server setup
  i start dcpromo , it gets part way through and then bombs with an "Access is denied" error
  which is b~@:!hit. Ive tied this 2 or 3 times with known good passwords(see dcpromoui.log below)
  So how can i fix that or delete the controller without using dcpromo
  cheers
  dave
  ============================
  dcpromoui E28.638 0466 13:58:28.218   Enter DS::DemoteDC
  dcpromoui E28.638 0467 13:58:28.218     Enter State::IsLastDCInDomain false
  dcpromoui E28.638 0468 13:58:28.218     Enter State::IsForcedDemotion false
  dcpromoui E28.638 0469 13:58:28.218     Enter State::GetAdminPassword
  dcpromoui E28.638 046A 13:58:28.218     Enter State::GetAppPartitionList
  dcpromoui E28.638 046B 13:58:28.218     Enter AllocateAppPartitionList
  dcpromoui E28.638 046C 13:58:28.218     Calling DsRoleDemoteDc
  dcpromoui E28.638 046D 13:58:28.218     lpServer               : (null)
  dcpromoui E28.638 046E 13:58:28.218     lpDnsDomainName        : (null)
  dcpromoui E28.638 046F 13:58:28.218     ServerRole             : DsRoleServerMember
  dcpromoui E28.638 0470 13:58:28.218     lpAccount              : (null)
  dcpromoui E28.638 0471 13:58:28.218     Options                : 0x80
  dcpromoui E28.638 0472 13:58:28.218     fLastDcInDomain        : false
  dcpromoui E28.638 0473 13:58:28.218     cRemoteNCs             : 0
  dcpromoui E28.638 0474 13:58:28.250     HRESULT = 0x00000000
  dcpromoui E28.638 0475 13:58:28.250     Enter DeallocateAppPartitionList
  dcpromoui E28.638 0476 13:58:28.250     Enter DoProgressLoop
  dcpromoui E28.638 0477 13:58:28.250       Enter State::GetOperation DEMOTE
  dcpromoui E28.638 0478 13:58:28.250       Enter ProgressDialog::UpdateButton
  dcpromoui E28.638 0479 13:58:29.765       Enter ProgressDialog::UpdateText Active Directory Domain Services successfully transferred the remaining data in directory partition DC=ForestDnsZones,DC=data-action,DC=co,DC=uk to Active Directory Domain Controller \\nasbox.data-action.co.uk.
  dcpromoui E28.638 047A 13:58:43.297       Enter ProgressDialog::UpdateText Stopping service NETLOGON
  dcpromoui E28.638 047B 13:58:44.797       Enter ProgressDialog::UpdateText Stopping service IsmServ
  dcpromoui E28.638 047C 13:58:47.797       Enter ProgressDialog::UpdateText Stopping service kdc
  dcpromoui E28.638 047D 13:58:49.297       Enter ProgressDialog::UpdateText Creating a new local security account manager (SAM) database...
  dcpromoui E28.638 047E 13:58:50.875       Enter ProgressDialog::UpdateText Removing Active Directory Domain Services objects that refer to the local Active Directory Domain Controller from the remote Active Directory Domain Controller nasbox.data-action.co.uk...
  dcpromoui E28.638 047F 13:59:02.875       Enter ProgressDialog::UpdateText Configuring service NTDS
  dcpromoui E28.638 0480 13:59:04.375       Enter ProgressDialog::UpdateText Configuring service NETLOGON
  dcpromoui E28.638 0481 13:59:05.875       Enter ProgressDialog::UpdateText Configuring service DFSR
  dcpromoui E28.638 0482 13:59:07.375       Enter ProgressDialog::UpdateText The attempted domain controller operation has completed
  dcpromoui E28.638 0483 13:59:07.375       Enter ProgressDialog::UpdateButton
  dcpromoui E28.638 0484 13:59:07.375       Progress loop complete.
  dcpromoui E28.638 0485 13:59:07.375       Calling DsRoleGetDcOperationResults
  dcpromoui E28.638 0486 13:59:07.375       Error 0x0 (!0 => error)
  dcpromoui E28.638 0487 13:59:07.375       Operation results:
  dcpromoui E28.638 0488 13:59:07.375       OperationStatus      : 0x5 !0 => error
  dcpromoui E28.638 0489 13:59:07.375       DisplayString        : The attempt at remote directory server nasbox.data-action.co.uk to remove directory server CN=LPSERVER,CN=Servers,CN=Palatine,CN=Sites,CN=Configuration,DC=data-action,DC=co,DC=uk was unsuccessful.
  dcpromoui E28.638 048A 13:59:07.375       ServerInstalledSite  : (null)
  dcpromoui E28.638 048B 13:59:07.375       OperationResultsFlags: 0x0
  dcpromoui E28.638 048C 13:59:07.375       Enter ProgressDialog::UpdateText The attempt at remote directory server nasbox.data-action.co.uk to remove directory server CN=LPSERVER,CN=Servers,CN=Palatine,CN=Sites,CN=Configuration,DC=data-action,DC=co,DC=uk was unsuccessful.
  dcpromoui E28.638 048D 13:59:07.375       Enter State::SetOperationResultsMessage The attempt at remote directory server nasbox.data-action.co.uk to remove directory server CN=LPSERVER,CN=Servers,CN=Palatine,CN=Sites,CN=Configuration,DC=data-action,DC=co,DC=uk was unsuccessful.
  dcpromoui E28.638 048E 13:59:07.375       Enter State::SetOperationResultsFlags 0x0
  dcpromoui E28.638 048F 13:59:07.375   Exception caught
  dcpromoui E28.638 0490 13:59:07.375   catch completed
  dcpromoui E28.638 0491 13:59:07.375   handling exception
  dcpromoui E28.638 0492 13:59:07.375   Enter State::ClearHiddenWhileUnattended
  dcpromoui E28.638 0493 13:59:07.375   Enter EnableConsoleLocking
  dcpromoui E28.638 0494 13:59:07.375     Enter RegistryKey::Create SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
  dcpromoui E28.638 0495 13:59:07.375     Enter RegistryKey::SetValue-DWORD DisableLockWorkstation
  dcpromoui E28.638 0496 13:59:07.375   Enter State::SetOperationResults result FAILURE
  dcpromoui E28.638 0497 13:59:07.375   Enter ProgressDialog::UpdateText
  dcpromoui E28.638 0498 13:59:07.375   Enter State::IsOperationRetryAllowed
  dcpromoui E28.638 0499 13:59:07.375     true
  dcpromoui E28.638 049A 13:59:07.375   credentials were invalid, hr=0x80070005
  dcpromoui E28.638 049B 13:59:07.375   Enter GetErrorMessage 80070005
  dcpromoui E28.638 049C 13:59:07.375   Enter State::GetOperationResultsMessage The attempt at remote directory server nasbox.data-action.co.uk to remove directory server CN=LPSERVER,CN=Servers,CN=Palatine,CN=Sites,CN=Configuration,DC=data-action,DC=co,DC=uk was unsuccessful.
  dcpromoui E28.638 049D 13:59:07.375   Enter State::GetOperation DEMOTE
  dcpromoui E28.638 049E 13:59:07.375   Enter State::GetParentDomainDnsName
  dcpromoui E28.638 049F 13:59:44.469   credential retry canceled
  dcpromoui E28.638 04A0 13:59:44.469   Enter ComposeFailureMessage
  dcpromoui E28.638 04A1 13:59:44.469     Enter State::GetOperationResultsMessage The attempt at remote directory server nasbox.data-action.co.uk to remove directory server CN=LPSERVER,CN=Servers,CN=Palatine,CN=Sites,CN=Configuration,DC=data-action,DC=co,DC=uk was unsuccessful.
  dcpromoui E28.638 04A2 13:59:44.469     Enter State::GetOperationResultsFlags 0x0
  dcpromoui E28.638 04A3 13:59:44.469     Enter State::GetOperationResultsFlags 0x0
  dcpromoui E28.638 04A4 13:59:44.469     Enter State::SetFailureMessage The operation failed because:
  The attempt at remote directory server nasbox.data-action.co.uk to remove directory server CN=LPSERVER,CN=Servers,CN=Palatine,CN=Sites,CN=Configuration,DC=data-action,DC=co,DC=uk was unsuccessful.
  "Access is denied."
  dcpromoui E28.638 04A5 13:59:44.469   posting message to progress window
  dcpromoui E28.318 04A6 13:59:44.469               Enter ProgressDialog::UpdateText Operation Stopped
  dcpromoui E28.318 04A7 13:59:44.485               Enter ProgressDialog::OnDestroy
  dcpromoui E28.318 04A8 13:59:44.485             OPERATION FAILED
  dcpromoui E28.318 04A9 13:59:44.485           Enter State::GetNeedsReboot false
  dcpromoui E28.318 04AA 13:59:44.485           Enter State::IsOperationRetryAllowed
  dcpromoui E28.318 04AB 13:59:44.485             true
  dcpromoui E28.318 04AC 13:59:44.485           Enter Wizard::SetNextPageID id = 156
  dcpromoui E28.318 04AD 13:59:44.485             push 142
  dcpromoui E28.318 04AE 13:59:44.485         Enter FailurePage::OnInit
  dcpromoui E28.318 04AF 13:59:44.485           Enter MultiLineEditBoxThatForwardsEnterKey::Init
  dcpromoui E28.318 04B0 13:59:44.485             Enter ControlSubclasser::Init
  dcpromoui E28.318 04B1 13:59:44.485         Enter FailurePage::OnSetActive
  dcpromoui E28.318 04B2 13:59:44.485           Enter State::GetOperationResultsCode FAILURE
  dcpromoui E28.318 04B3 13:59:44.485           Enter State::GetNeedsReboot false
  dcpromoui E28.318 04B4 13:59:44.485           Enter State::GetFailureMessage The operation failed because:
  The attempt at remote directory server nasbox.data-action.co.uk to remove directory server CN=LPSERVER,CN=Servers,CN=Palatine,CN=Sites,CN=Configuration,DC=data-action,DC=co,DC=uk was unsuccessful.
  "Access is denied."
  dcpromoui E28.318 04B5 13:59:47.876         Enter DCPromoWizardPage::OnWizNext
  dcpromoui E28.318 04B6 13:59:47.876           Enter FailurePage::Validate
  dcpromoui E28.318 04B7 13:59:47.876           Enter Wizard::SetNextPageID id = 154
  dcpromoui E28.318 04B8 13:59:47.876             push 156
  dcpromoui E28.318 04B9 13:59:47.876         Enter FinishPage::OnInit
  dcpromoui E28.318 04BA 13:59:47.876           Enter MultiLineEditBoxThatForwardsEnterKey::Init
  dcpromoui E28.318 04BB 13:59:47.876             Enter ControlSubclasser::Init
  dcpromoui E28.318 04BC 13:59:47.876         Enter FinishPage::OnSetActive
  dcpromoui E28.318 04BD 13:59:47.876           Enter State::GetNeedsReboot false
  dcpromoui E28.318 04BE 13:59:47.876           Enter getCompletionMessage
  dcpromoui E28.318 04BF 13:59:47.876             Enter State::GetOperation DEMOTE
  dcpromoui E28.318 04C0 13:59:47.876             Enter State::GetOperationResultsCode FAILURE
  dcpromoui E28.318 04C1 13:59:47.876             Enter NeedDsBinaryWarning
  dcpromoui E28.318 04C2 13:59:47.876               Enter Computer::RemoveLeadingBackslashes
  dcpromoui E28.318 04C3 13:59:47.876               Enter GetProductTypeFromRegistry
  dcpromoui E28.318 04C4 13:59:47.876                 Enter RegistryKey::Open System\CurrentControlSet\Control\ProductOptions
  dcpromoui E28.318 04C5 13:59:47.876                 Enter RegistryKey::GetValue-String ProductType
  dcpromoui E28.318 04C6 13:59:47.876                 LanmanNT
  dcpromoui E28.318 04C7 13:59:47.876                 prodtype : 0x2
  dcpromoui E28.318 04C8 13:59:47.876             Enter State::GetFinishMessages
  dcpromoui E28.318 04C9 13:59:59.751         Enter FinishPage::OnWizFinish
  dcpromoui E28.318 04CA 13:59:59.766         Enter ControlSubclasser::UnhookWindowProc
  dcpromoui E28.318 04CB 13:59:59.766         Enter ControlSubclasser::UnhookWindowProc
  dcpromoui E28.318 04CC 13:59:59.766         Enter ControlSubclasser::UnhookWindowProc
  dcpromoui E28.318 04CD 13:59:59.766       Enter State::GetNeedsReboot false
  dcpromoui E28.318 04CE 13:59:59.766       Enter State::GetUserCancelled false
  dcpromoui E28.318 04CF 13:59:59.766       Enter State::GetOperationResultsCode FAILURE
  dcpromoui E28.318 04D0 13:59:59.766       Enter State::GetHadNonCriticalFailures
  dcpromoui E28.318 04D1 13:59:59.766         bHadNonCriticalFailures = false
  dcpromoui E28.318 04D2 13:59:59.766       Enter ControlSubclasser::UnhookWindowProc
  dcpromoui E28.318 04D3 13:59:59.766       Enter ControlSubclasser::UnhookWindowProc
  dcpromoui E28.318 04D4 13:59:59.766       Enter ControlSubclasser::UnhookWindowProc
  dcpromoui E28.318 04D5 13:59:59.766       Enter ControlSubclasser::UnhookWindowProc
  dcpromoui E28.318 04D6 13:59:59.766       Enter ControlSubclasser::UnhookWindowProc
  dcpromoui E28.318 04D7 13:59:59.766       Enter ControlSubclasser::UnhookWindowProc
  dcpromoui E28.318 04D8 13:59:59.766       Enter ControlSubclasser::UnhookWindowProc
  dcpromoui E28.318 04D9 13:59:59.766       Enter ControlSubclasser::UnhookWindowProc
  dcpromoui E28.318 04DA 13:59:59.766       Enter ControlSubclasser::UnhookWindowProc
  dcpromoui E28.318 04DB 13:59:59.766       Enter ControlSubclasser::UnhookWindowProc
  dcpromoui E28.318 04DC 13:59:59.766     exitCode = 54
  dcpromoui E28.318 04DD 13:59:59.766   Enter State::UnbindFromReplicationPartnetDC
  dcpromoui E28.318 04DE 13:59:59.766 closing log

  this is what i decided to do. unfortunately the metadata cleanup did not complete
  Access is denied? - that sounds familiar
  the server is still listed in "AD Sites and Services" (and cannot be deleted by the management snapin)
  ===================================================
  select operation target:
  select operation target:
  select operation target:
  select operation target: select server 1
  Site - CN=Palatine,CN=Sites,CN=Configuration,DC=data-action,DC=co,DC=uk
  Domain - DC=data-action,DC=co,DC=uk
  Server - CN=LPSERVER,CN=Servers,CN=Palatine,CN=Sites,CN=Configuration,DC=data-ac
  tion,DC=co,DC=uk
          DSA object - CN=NTDS Settings,CN=LPSERVER,CN=Servers,CN=Palatine,CN=Site
  s,CN=Configuration,DC=data-action,DC=co,DC=uk
          DNS host name - lpServer.data-action.co.uk
  No current Naming Context
  select operation target:
  select operation target: quit
  metadata cleanup:
  metadata cleanup:
  metadata cleanup: remove selected server
  Transferring / Seizing FSMO roles off the selected server.
  Removing FRS metadata for the selected server.
  Unable to find server reference on "CN=LPSERVER,CN=Servers,CN=Palatine,CN=Sites,
  CN=Configuration,DC=data-action,DC=co,DC=uk".
  LDAP error 0x5e(94 (No result present in message).
  The attempt to remove the FRS settings on CN=LPSERVER,CN=Servers,CN=Palatine,CN=
  Sites,CN=Configuration,DC=data-action,DC=co,DC=uk failed because "Element not fo
  und.";
  metadata cleanup is continuing.
  DsRemoveDsServerW error 0x5(Access is denied.)
  metadata cleanup:
  metadata cleanup:

• Won't connect to wireless when other cpu's are connected

  I apologize if this has been answered, I did look through and didn't find an answer to my issue.. Normally I have no problems connecting my MacBook with 10.4.1 to wireless internet, however, when other users in my household are on it, it will not let me connect. I have tried restarting the router, even when someone opens their laptop it will connect them and boot me off, nobody else has this problem except me. The password on the router is WPA Personal. I'm not sure if this is a problem with the router or with my computer. Thank you in advance for any help as this has been very frustrating for me!

  Hi Carina,
  The very first thing you need to do is get off of OS 10.4.1. (I'm assuming that's not a typo.) The current release of Tiger (OS 10.4 is 10.4.11). Run Software Update and get the latest version of Tiger, then see if your problem continues.

• Why can't the iTunes store notify me when new TV episodes are available?

  Many times, I have had to purchase a TV show that isn't (yet) offered as a SeasonPass. Then, I have to check each week and buy the shows one at a time for the whole season. How difficult would it be for the iTunes store to offer a notification system telling me when a new episode is available... or, better yet, allow me to have the store automatically sell me the next episode when it is available (upgrade to Season Pass?). Apple iTunes Store is missing out on sales by not providing a simple solution to a simple problem. They already know which shows I've purchased, how tough would it be to provide some followup? --- Same holds true for when additional (previous) seasons are offered... why is the store making their customers do all the work?

  Here again, Dave, I appreciate your answer...and it is probably the exact excuse that iTunes Store executives use to justify not correcting the situation. However, it too is a load of bull.
  Apple has a database of the purchases of its customers. It also knows which shows were purchased on an episode basis (as opposed to a Season Pass)...generally because the show's producer didn't allow (or provide for a Season Pass for whatever reason). But again, regardless of the shows producer's "deal" with Apple regarding the show, there is NO excuse for Apple to not provide an easy mechanism for iTunes Store customers to track, and buy missing episodes. This is a win/win/win situation... the iTunes Customer, Apple, and the show's producer all get something! Don't tell me that Apple can't write an application that does this! We are not talking rocket science here. Most "sales" organizations attempt to upsell... create additional sales. Missed opportunity here.
  I'm not even suggesting that the process be an "upgrade" to a Season Pass as far as pricing goes... merely a mechanical notification that additional episodes are available! This is clearly different than the "complete my album" system and would have absolutely nothing to do with the contractual relationship between Apple and the show's producers.
  Again... it's too bad that Apple doesn't take these discussion comments seriously... there are substantial missed opportunities for TV show sales. Don't you guys that monitor these boards have any pull with Apple? After all, you've got almost 100k items of commentary on these boards...!!!

• Only contact Domain Controller when on a particular network

  As per subject, I have a laptop joined to a domain and logging on is slow when outside the network. Obviously it is trying to contact the domain contoller but fails. Can we set it to immediately use the last saved password when not within the network?

  That might be the reason.
  but as you could logon it, the cached info is worked here. the logon is slow might caused by the mapped drives. and disable the always wait ..policy should fit this, which is not recommended when mapped drive is in use.
  Run Xperf to take a check with the slow logon process.
  http://blogs.technet.com/b/yongrhee/archive/2013/10/15/tool-windows-performance-toolkit-xperf-wprui-and-wpr-updated-version-as-of-aug-2013.aspx
  Rgds

• IPAD 3 wont connect to MIFI 4620L when other wifi signals are present

  I work in a large building with multiple wifi signals bouncing around. My MIFI 4620L works perfectly with all my devices everywhere except in the building in which I work (where it is most needed).  Jetpack reception is good. IPAD recognizes the jetpack, but when I try to connect it either simply wont connect or it connects and disconnects in a fast repetitive cycle.  Any Ideas?

      Hi knox99,
  It's a bummer when you are having trouble using your device in the place you need it most! I'm here to work with you and get to the root cause of the issue. Please try the steps below for some troubleshooting.
  Connect to any device and then navigate to 192.168.1.1 . Then, login using the password on the Mifi label. Once completed, please click on Advanced and then Settings and change the available Wi-fi Connects to one. At this point, please retest at your work location. Please let me know if you need additional assistance, thank you!
  Christina B
  VZW Support
  Follow us on Twitter @VZWSupport

• How can I get a check box automatically checked when other check boxes are checked?

  A little tongue twister there, but the attached image should clarify.
  I'm trying to create a form to measure achievements. When all achievements are met/checked I want the green check box with a star to auto-check.
  If not all achievements are checked, I want the orange check box to auto check...
  Can I get this working by using export values?
  Thanks!

  I would use a custom JavaScript to count the number of check boxes whose value is not "Off" and set the final box on the result of the count.

• Dreamweaver hangs when other CS programs are running,

  If I run Dreamweaver (4 or 5.5) on its own (with no other CS programs running) it works fine; but the minute I run another CS program (InDesign for example) Dreamweaver eventually hangs and is shown as not responding in Activity Monitor.

  I'm running 10.7.4, but I gave up trying to solve the issue so I uninstalled ALL my creative suite applications and re-installed. Problem solved.

• Best Practice - knowing when excludeIn/includeIn components are available

  I'm using excludeIn and includeIn with states to show/hide certain elements.  What's the best practice of knowing hidden elements become available?  I frequently change to a new state and set labels/dataproviders/etc. on the elements in that state.  Databinding isn't always a clean solution.  Right now I just have a creationComplete handler for a group that contains the changing items, but obviously this won't work if I have numerous elements spread all over the interface.
  Thanks.

  I'm using excludeIn and includeIn with states to show/hide certain elements.  What's the best practice of knowing hidden elements become available?  I frequently change to a new state and set labels/dataproviders/etc. on the elements in that state.  Databinding isn't always a clean solution.  Right now I just have a creationComplete handler for a group that contains the changing items, but obviously this won't work if I have numerous elements spread all over the interface.
  Thanks.

• Group Policy Management Console Failes to open when one Domain Controller is powered down

  Hi All,
  This was an accidental discovery, but here's my dilemma. I have a site with 2 domain controllers(Windows 2008 R2), and if I shut down my second domain controller, when I try to open the Group Policy Management  Console on the 1st domain controller,
  it fails to open and I get the following error, "The specified domain either does not exist or could not be contacted" with 3 options to "retry", "choose another domain controller", or remove.   If I go to chose another domain
  controller and select the 1st domain controller it still fails.  Unless the 2nd DC is turned on, I have no issues opening the GP management console. Not sure, why this is happening, I've done it in the pass without issue.
  Any help would be appreciated.
  Thanks

  Well it seems that some how the PDC emulator is set to be the 2nd DC instead of the 1st DC on the 1st DC which explains why the failure after the 2nd DC went down. Why or should I say how could the PDC get switched from the primary DC without human intervention.
  Does the PDC automatically switch for any reason?

• Secondary domain controller not able to connect from work stations.

  We are using primary and secondary domain controllers. In which the secondary domain controller act as a replication server. actually the problem occurs while accessing the secondary domain controller from work stations I get the following error:
   "The trust relationship between this workstation and the primary domain failed".
  Any one please give as a solution.
  Thank you.

  Hi,
  Most simple resolution would be unjoin/disjoin the computer from the domain and rejoin the computer account back to the domain.
  There might be multiple reasons for this kind of behavior.
  Here are a few of them:
  Single SID has been assigned to multiple computers.
  If the Secure Channel is Broken between Domain controller and workstations
  If there are no SPN or DNS Host Name mentioned in the computer account attributes
  Outdated NIC Drivers.
  According your description, the second one may be the cause of your problem.
  When a Computer account is joined to the domain, Secure Channel password is stored with computer account in domain controller. By default this password will change every 30 days (This is an automatic process, no manual intervention is required).
  Upon starting the computer, Netlogon attempts to discover a DC for the domain in which its machine account exists. After locating the appropriate DC, the machine account password from the workstation is authenticated against the password on the DC.
  If there are problems with system time, DNS configuration or other settings, secure channel’s password between Workstation and DCs may not synchronize with each other.
  A common cause of broken secure channel [machine account password] is that the secure channel password held by the domain member does not match that held by the AD. Often, this is caused by performing a Windows System Restore (or reverting
  to previous backup or snapshot) on the member machine, causing an old (previous) machine account password to be presented to the AD.
  Follow below link which explains typical symptoms when Secure channel broken,
  Typical Symptoms when secure channel is broken
  http://blogs.technet.com/b/asiasupp/archive/2007/01/18/typical-symptoms-when-secure-channel-is-broken.aspx
  For detailed information, please refer to the link below,
  Troubleshooting AD: Trust Relationship between Workstation and Primary Domain failed
  http://social.technet.microsoft.com/wiki/contents/articles/9157.troubleshooting-ad-trust-relationship-between-workstation-and-primary-domain-failed.aspx
  Hope this helps.
  Steven Lee
  TechNet Community Support

• Provision Search in SharePoint Foundation 2013 without Domain Controller / Active Directory - Domain accounts

  Hi,
  I have successfully setup SharePoint Foundation 2013 as single server farm with SQL Server Standard database in a DMZ environment using local accounts since DMZ doesn't have an Active Directory and hence Domain accounts using powershell as described
  in https://theblobfarm.wordpress.com/2012/12/03/installing-sharepoint-2013-without-a-domain-controller 
  When I run Farm configuration wizard to provision search service application, I get an error:
  ERROR: "The service application(s) for the service "Search Service Application" could not be provisioned because of the following error: I/O error occurred."
  The log file logged the details of this error as:
  ERROR: "Failed to create file share Analytics_e441aa1c-1a8d-4f0a-a079-58b499eb4c50 at D:\SharePoint Search\Office Server\Analytics_e441aa1c-1a8d-4f0a-a079-58b499eb4c50 (System.ArgumentException: The SDDL string contains an invalid sid or a sid
  that cannot be translated."
  After investigation, I found that potentially the error could be because the timer service is trying to setup a network share for analytics component (as part of provisioning search). It is trying to setup that share with a domain account that happens to
  be a local user instead in this case and fails with error “System.ArgumentException: The SDDL string contains an invalid sid or a sid that cannot be translated”.
  I got some pointer from the below thread
  https://social.technet.microsoft.com/Forums/en-US/c8e93984-f4e5-46da-8e8a-c5c79ea1ff62/error-creating-search-service-application-on-sharepoint-foundation-with-local-account?forum=sharepointadmin
  However, the above thread doesn't state that the solution worked.
  I have tried creating share manually for Analytics_<Guid> folder but it doesn't work since every time farm configuration wizards is run it creates a new Analytics_<Guid> folder.
  Since, I have setup SharePoint Foundation 2013 on a production environment I cannot test and trial various solutions.
  Can some please guide me on how to successfully provision search for SharePoint Foundation 2013 setup as a single server farm with SQL Server Standard database in a DMZ environment using local accounts (without Active Directory - domain accounts).
  Thanks in advance.
  Himanshu

  Microsoft documentation doesn't always specifically call out all products (Project Server isn't there, either). But it does apply. You'll need to stand up at least one Domain Controller, or allow port access back to a DC.
  Preferably, set up SharePoint on the internal network and use a reverse proxy (which will terminate client connections at the reverse proxy) present in the DMZ.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Windows Server 2012 Foundation, in a Workgroup - "The server did not finish checking the license compliance. If the server is joined to a domain, make sure that the server can connect to a domain controller"...

  Every few days we see two dialogs with the following messages:
  Dialog 1, title: Check for Licensing Compliance is Incomplete
  The server did not finish checking the license compliance. If the server is joined to a domain, make sure that the server can connect to a domain controller.
  Dialog 2, title: Check for Licensing Compliance is Incomplete
  The server did not finish checking the license compliance. If the server is joined to a domain, make sure that the server can connect to a domain controller. If the license compliance check cannot be completed, the server will automatically shut
  down in 8 day(s) 23 hour(s) 0 minute(s).
  The server is not (and never has been) joined to a domain or had any DC roles installed. In fact its still connected to the default Workgroup.
  The server was configured in our office and never showed this message until it was installed on site. The main difference from what I can see is that when installed on site it was given a static IP address and does not have any DNS settings in the network
  adapter properties. 
  I have scoured a number of forums on this error but in almost every other instance of this error message the servers are connected to a Domain Controller and the solutions generally are linked to dis-joining and rejoining the domain. Unfortunately this is
  not an option for this scenario.
  I initially thought that adding some relevant DNS server IP address may resolve the issue, however, we have the exact same model server configured exactly the same running at a different site that does not experience this problem. This server also has no
  DNS server configured.
  I have seen a post that suggests turning off the servers "Foundation Checking", but I'm unsure how to do this.

  Thanks for your response Vivian.
  I can confirm that this server is not (and never has been) a member of any active directory, it is configured as a Workgroup server. It was initially configured on a network that does have an active directory, but was never joined to it. During that time it
  never displayed these messages.
  The server was moved into production on a different site and network and setup with a static IP address.The site network does have its own active directory but the server was not joined to it. It is whilst on this new network that these messages began.
  Since my original post DNS servers have been added and the Microsoft activation has been verified, however, the messages are still appearing.
  There are only 2 user accounts configured on this server. The local admin account and another local admin user.
  The remote desktop services roles have been installed but not yet configured. I don't think that has any bearing on this scenario though.
  The description of this error in the above "Introduction to Windows Server 2012 Foundation" link states:
  This error occurs when the server cannot finish checking the requirements for the root domain, forest trust configuration, or both. It usually happens when the server cannot connect to a domain controller. If the situation persists, the server will
  shut down 10 days after the first time the compliance check failed. Each time this error message occurs, it will state the actual time remaining before the server will shut down. If you restart the server after it has shut down because of non-compliance, the
  server will shut itself down again in 3 days.
  The above description leads me to the following question - In a Workgroup environment, does the server still try to contact a domain controller to establish a level of trust? If this is the case could it be that the server can no longer see the initial DC
  on its new network and this is what is triggering the messages?
  Am I clutching at straws here?

• Error finding a domain controller

  Hi,
  I have an error in finding a windows domain controller when a PC bootup and does a network access via a Cisco wireless PCMCIA card (AIR PCM-352) managed by Cisco ACU.
  This is the situation:
  - the operating system of the PC is Windows XP sp2
  - the wireless card is an AIR PCM352 with firmware V.5.60.21
  - the version of ACU is 6.6.00
  - the Access point is a Cisco 1120 (802.11b) with IOS version 12.3(8)JA
  - wireless communication is completely open (ssid in guest mode, authentication open ,no wep)
  - the ip address of the PC is obtained via DHCP (DHCP server is a Microsoft Server)
  I notice a difference between a Cisco PCMCIA card 352 managed by Cisco ACU and by Windows XP.
  In fact this error doesn't happen when the WLAN card is controlled by Windows wireless utility.
  Is it possible that the startup timing of the Cisco ACU is later than the Window's one?
  Does anyone resolved this error?
  Thanks in advance
  Antonio

  Hi Antonio,
  Obviously you get the error of the domain not found because your wireless card is not even associated (the wireless card utility hasn’t started)
  Can you clarify the line "Is it possible that the startup timing of the Cisco ACU is later than the Window's one? " . You mean start the Cisco ACU before the windows one right?
  The best way to get around issues like that is to use for example the Odyssey client from Funk and turn on GINA and it should work fine.
  Rgds,
  Pablo

• Old domain controller crashed. Created a new one..having to rejoin computers to domain..easier way to do this?

  I had a single domain controller. It has crashed. I had to create a new domain controller with all the same existing information from the old server..same domain name, server name, and IP. Im having issues with desktops. Everything is setup on the server.
  The desktops however I need to rejoin them to the domain and get them to start synching properly. But when I do this, the profile is resetting itself to a new profile. How can I keep the same profile with the same documents. Or am I out of luck on this and
  have to recreate the profiles. I have had to recreate the profiles so far, but do not want to do this for about 5 computers because there is way to much software and work that will need to be involved in moving these profiles. Any shortcut for these computers
  to automatically see this domain server and synch to it? Everything is identical to the old server. The old server is inaccessible.
  The new servers domain name is the same, IP address is the same, and computer name is the same. AD running with all identical information. DNS installed.
  Let me know if anyone has some advice on here.

  There's unfortunately a lot more involved than names, domain names and IP addresses.
  Most of those are linked to long numbers such as "SID"s and "GUID"s in the background that actually govern the interaction between clients and servers (authentication for one).
  Without the same SIDs and GUID, I fear there will be no end to your problems.
  That's why either a second domain controller or a good backup are so important. 
  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.