Gostev wrote:Basically, you cannot pull a single DC from a multi-DC environment, and expect it to work in the isolated environment. Because what happens is it will fail to find replication partners (other DCs), and will stop the NETLOGON service.
Also, keep in mind that you must wait for the DC to automatically reboot (after it completes the VSS restore process) before attempting to logon.
One of these 2 points is likely the cause for your issue.
Please search the existing topics for more information and the detailed description of the DC restore.
So if I have two DC's and want to replicate them to a DR site, what is the correct way of doing this and turning them up in an DR event?
Can I just turn them both on? Or will on need to be put into authoritative restore mode?
If I lost just one domain controller - how should the replica be brought up?
If I lost just one domain controller - how should the replica be brought up?
In this case, you can just do normal failback/failover operation, thus, DC would be brought up in automated non-authoritative mode and would be synced up with the other DCs automatically.
In fact, this sort of questions has been already covered several times. So, please take a look at the existing topics:
I don't doubt this has been covered before, So why not create a KB instead of referring people to pages and pages and pages in multiple threads and then links to other threads?!?! It can be tough to get a clean answer.
Something explaining what automation is included, what to expect during a restore, etc. What should be done/expected and differences when restoring via backup or replica. Something clear we can include in our DR procedures. You never know who might be trying to do the recovery.
I think the automation behind the restore somewhat clouds the produce of restore for some people in certain scenarios. I can understand that while the restoration of a DC somewhat falls outside of Veeam's responsibility, you have included automation of the process so I feel that you should provide documentation as to the scenarios you have prepared for and what may or may not need to be done when a restore is completed.
Thanks for all your support
There is 1 other way also to start the replicated domain controller.
1) Edit the Virtual machine and connect it to isolated network then go to boot options and force machine to bios setup and while booting press F8 and boot the machine in directory service repair mode.
2) After machine boot wait till the machine get stable and login with AD recovery account which is administrator and password and again wait around 5-10 min.
3) Restart the machine and let it go to normal mode.
4) After machine come in normal mode and if you get error "Active Directory: Naming Information cannot be located because the specified domain does not exist" then
5) Open regedit Browse to HKLM\SYSTEM\CurrentControlSet\Services\Ntfrs\Parameters\Backup/Restore\Process at Startup
Set the BurFlags value to D4 (Hex) / 212 (Dec)
Restart the "File Replication" service
6) ntdsutil
ntdsutil: roles
fsmo maintenance: connections
server connections: connect to server <servername>
serverconnections: q
fsmo maintenance: seize infrastructure master
fsmo maintenance: seize naming master
fsmo maintenance: seize pdc
fsmo maintenance: seize rid master
fsmo maintenance: seize schema master
fsmo maintenance: q
ntdsutil: q
I am loving My Veeam Backup and replication.
I have migrated most of my Virtual machines to new hosts with little to know downtime using replication and failover.
I have yet to attempt the domain controller. It is windows server 2008 R2.
Do I need to do anything different? My plan was to replicate the DC/fileserver to a new host. Turn off the DC/fileserver on the old host. Run replication one final time for the incremental data that may have been missed. Failover to the new DC/fileserver on the new host. wait a day and click permanent failover, then remove the old host.
are there any caveats since this is a DC being moved? I would do Cold Quick migration, but I am trying to minimize downtime.
You don't have to do failover and initiate incremental replication manually as it can be done by planned failover.
Please review this discussion as it contains useful experience of replicating DCs. Thanks!
I understand that. What I mean is when I failover after replication with the domain controller, do I need to do anything special? like boot the replica in ds restore mode? or just power off Old Domain controller and click failover?
PLanned failover is nice but I need to supervise the failover.
No special things are required (given that this is a single DC VM). Please take a look at the topic above "Active Directory and DR Site" for more info.
We utilise veeam to replace ~ 100 VMs to an offsite server, that from a LAN perspective cannot see our production network at all.
We have two server 2016 domain controller, one as a VM in which we replicate, one is physical which we do not
from time we do a failover to do a "dr test" and have found each time the DC has issues, which we would expect (not finding the secondary) all other servers come up OK also
Is there a better way to manage this as we are not having luck replicating just the primary DC.
I use to have Running DC on my disastery recovery site.
When we test the site, we use to seize all roles on the running DC, and that works fine.
I know windows2012 is snapshot aware now, so I wonder if I can just replicate my DC also, then just be able to power it on after a failure of our prod site.
Doing so, would allow me to failover much quicker, I don't have the seize all the roles...
So I tested that, I powered on the replicated DC in an internal network.
But the issue is that AD doesn't start. And the network connection shows "unidentified network" instead of my domain.
I set "Repl Perform Initial Synchronizations" to 0 in registry, and restarted, but that still didn't work.
So is there a veeam recommendation how to replicate a DC, and power it on ? ( and I still have my prod DC running )
we use
veeam Replication&backup 9.5
vcenter 6.5
ESXi 5.5
I've got a a customer who is doing power maintenance on their DR site and wants us to ensure the domain controller (DC02) that is hosted at the DR site isn't powered down. DC02 is replicated over to the production site, so we have a replica of DC02 on the Production side. What process should I take to get the DC02 failed over to the production site with the least disruption? My understanding would be
Run a replication from DC02 to the DC02_replica
Run a planned failover for DC02
Run an active directory sync from DC01 to DC02
When the power is restored, run a failback to the original DC02 on the DR site
Run another active directory sync from DC01
Am I going to need to do any other steps or am I missing anmything here?
All you need to know about DCs restore\failover contained in this thread. There are helpful links on page 3, also there is KB here that describes most of the nuances.
Please review it and don't hesitate to ask additional questions. Thanks!