- Posts: 35
- Liked: never
- Joined: Jun 25, 2009 6:55 pm
- Full Name: Martin Schedlbauer
The dcs first started in safe mode. After the second restart I could logon.
The problem is that on all the restored dcs the sysvol and netlogon shares were missing. The folders existed, but they were not shared.
I think the cause of this problem is that after the restore all dcs are in a non-authoritative state.
Must there be at least one dc running in the domain to do a restore of the other dcs in the same domain ?
Are there best practises for restoring all dcs in a domain with veeambackup ?
Does anybody ever had to do this ? What are your experiences ?
Is a successfull restore of a dc with veeambackup even possible ?
- SVP, Product Management
- Posts: 28495
- Liked: 5127 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Posts: 15
- Liked: never
- Joined: Nov 02, 2009 1:36 pm
1. DCs are time sensitive.
2. Pause, move, resume - when it works, works best.
3. The order they are restored CAN matter.
4. DCs keep and internal "counter" for replications, getting these out of sync can cause headaches.
When moved, I received errors, netlogon was paused and replication failed. After exhaustive troubleshooting, I found the solution. You HAVE to run a commandline program (REPADMIN). The program is provided by Microsoft, but in the Support Tools. You have to download it. A very important tool, and they don't include it in the base install. http://support.microsoft.com/kb/321153 Basically you run this command to re-enable replication, then resume/restart netlogon. At this point you can use the GUI AD Site tool to replicate manually.
My suggestion is this:
Have one DC that you consider king, and that system should be exclusively a DC. In DR, this is the first this to bring up. Make sure it works and is up to date. Then bring up your other DCs and push the replication from the "king" down to the rest. If the king is hosed, then use a secondary. If you try to bring them all up at the same time, then isolating issues can be tricky. If your DR is temporary, you may consider limiting DCs (heaven forbid even to just one). If you are like me, in DR you have too much going on to be diagnosing weird MS AD quirks. Getting one DC up and moving on is my strategy. After all the critical systems are up, I bring up a second DC.