Replicated 2012 Server DC

[rileybloke]

Hi everyone, encountered a bit of an issue and wonder if anyone could share some advice or insight pls...

I have replicated a Windows 2012 R2 domain controller to another host, whilst the original was powered down but after powering on the new one it doesn't service the logins or authentication for the AD site is for.

The VM in question is the primary domain controller holding all the FSMO roles for the domain, which is made up of 4 sites, with 1 domain controller in each site. All domain controller are global cats.
Before I powered the VM back on I shutdown all network links to other 3 sites, in case the VM caused any AD corruption.
The VM did take a long time to come back on, but it did. Unfortunately the clients can no longer authenticate.
I restarted some clients but they still could not authenticate, they are unable to contact the server to authenticate.

I read this KB https://www.veeam.com/kb1277, and other posts and believe the DC should have started up in DSRM, but my DC starts normally, maybe because I shutdown the DC gracefully before replicating it?

I am reluctant to start the replicated DC when links to other DC's are active in case it sends some bad data to the other DC's on the WAN, or is this what it needs?
I have a DCdiag output which shows a couple of errors...

I am thinking these errors should not exist as the VM in question is the PDC and Global Cat, it should not need to see the other DC's immediately to work correctly?

Code: Select all

Starting test: NetLogons

         Unable to connect to the NETLOGON share! (\\CMSERVER\netlogon)

         [CMSERVER] An net use or LsaPolicy operation failed with error 67,

         The network name cannot be found..

         ......................... CMSERVER failed test NetLogons


Starting test: RidManager

         The DS has corrupt data: rIDPreviousAllocationPool value is not valid

         No rids allocated -- please check eventlog.

         ......................... CMSERVER failed test RidManager


 Running enterprise tests on : mydomain.local

      Starting test: LocatorCheck

         Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355

         A Global Catalog Server could not be located - All GC's are down.

         Warning: DcGetDcName(TIME_SERVER) call failed, error 1355

         A Time Server could not be located.

         The server holding the PDC role is down.

         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error

         1355

         A Good Time Server could not be located.

         Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355

         A KDC could not be located - All the KDCs are down.

         ......................... mydomain.local failed test LocatorCheck

[PTide]

Hi,

Please see my post and check whether MAC address change could be the reason for such a failure.

Thank you.

[rileybloke]

Hi, thanks for the link, unfortunately both VM have the same MAC address, so I don't believe this could be the issue.

[PTide]

A deeper investigation is required. Please open a support case and post your case ID here so other users will have an access to the solution in future.

Thank you.

[foggy]

I am reluctant to start the replicated DC when links to other DC's are active in case it sends some bad data to the other DC's on the WAN, or is this what it needs?

Basically, yes. Veeam B&R performs a non-authoritative restore of the DC, which perfectly fits for the cases when there are other functional DCs in the environment. What you have done by isolating your DC from the other ones, is similar to when a single DC is restored within SureBackup job: since it cannot find it's replication partners it needs to be restored in authoritative mode. If you've just moved the DC to another location, you can simply switch it on and wait for it's second boot.

[rileybloke]

thanks I took a leap of faith, and started the replica VM with site links up, it just booted normally, and is working ok. Was a little over cautious.
Strange tho how veeam copy fails with an NFC server file put error every time, yet the replica job completes perfectly, had to use the replication job to effectively copy my vm to another host.

[rileybloke]

spoke too soon, all network operations seem to be working, but runnign DCDIAG on the replicated vm is giving the following error?

Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\CMSERVER\netlogon)
[CMSERVER] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... CMSERVER failed test NetLogons

I restarted it a second time, the error still exists, there is nothing in the event log relating to this.

Any ideas, thanks again.

[rileybloke]

Hi, could we un-merge my original post and put it back in as its own thread, as it unrelated to the "Replicated VM's and Changed MAC Addresses"
Thanks.

[rileybloke]

seems time was the healer! took the kids 10 pin bowling, come back did another DCDIAG and hey presto! all good. Thanks everyone.

[rileybloke]

I believe the Domain Controllers held an election after a specified interval and promoted the SYSVOL share on the DC in question.