Error when trying to promote DC – Failed to configure the service NETLOGON as requested “The wait operation timed out”

 

The following resolution steps can be taken should you receive this error.

  • Changed DNS on local network adaptor – Enter IP of another DNS server (Don’t put local IP as DNS).
  • Check entries in DNS server and remove A records of server you are trying to promote (Might have legacy records if it was a DC before).
  • Run dcpromo while Netlogon service is stopped
  • Import registry setting from working DC for netlogon
  • Rename netlogon files and restart netlogon service
  • Ensure time is correct – Compare to working DC’s
  • Stopped any services that might be using the Netlogon service
  • Uninstall DNS from the server you are trying to promote

Important things to note on Exchange 2013

  • Can’t migrate from Exchange 2003 directly to Exchange 2013.
  • You need SP3 installed for Exchange 2010 and latest roll up update for Exchange 2007 when migrating to Exchange 2013.
  • Can run on Server 2008 R2
    • Need more pre-requisites installed compared to Server 2012
  • No longer 5 roles – Broken down to Client access and Mailbox role.
    • Unified messaging included in mailbox role.
    • Currently no Edge server but Exchange 2010 Edge server can be used with Exchange 2013.
  • Only 50 databases can be mounted on a mailbox server – Exchange 2010 could mount up to 100.
  • Public folders are no longer replicated in multi-site environment. It will be located in one location.
  • Exchange 2013 is much less resource intensive with regards to IOPS on disks, so cheaper disks can be used for your Exchange server. There is approximately a 99% IOPS reduction compared to Exchange 2003.
  • Web App now can now be used offline.
  • Built-in anti-malware (Previously only anti-spam).
  • Automatic failover to DR site.

 

Fixing a Tombstoned Domain Controller

After struggling for quite a while to get the right commands to fix a domain controller we thought it a good idea to post the steps we had to take.

I know a lot of people would say that the best way is to dcpromo the DC out of the domain, do a meta data cleanup and then dcpromo it in again. Sometimes this method is not possible like in instance were your DC is also an Exchange server. Then you would first have to migrate the Exchange to another server before fixing the broken DC.

Always first and foremost is to make sure you have a system state backup of a healthy DC in case something goes wrong.

The first step is to allow the other domain controllers in your domain to replicate with Tombstoned DC. To do this follow the steps below:

  1. Click Start, click Run, type regedit, and then click OK.
  2. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
  3. In the details pane, create or edit the registry entry as follows:

    If the registry entry exists in the details pane, modify the entry as follows:

    1. In the details pane, right-click Allow Replication With Divergent and Corrupt Partner, and then click Modify.
    2. In the Value data box, type 1, and then click OK.

    If the registry entry does not exist, create the entry as follows:

    1. Right-click Parameters, click New, and then click DWORD Value.
    2. Type the name Allow Replication With Divergent and Corrupt Partner, and then press ENTER.
    3. Double-click the entry. In the Value data box, type 1, and then click OK.
The next step would be to clear lingering objects that is residing on the Tombstoned DC.
Lingering objects are objects that are residing on the Tombstoned DC. This happens for instance when an Object is deleted on a working DC, the object is then tombstoned for 180 days. Then after the 180 days the object is removed completely. Now the tombstoned DC if it was still replicating normally it would detected that the object is tombstoned on another DC and place the same object residing in its database also in a tombstoned state.
Now when you bring the Tombstoned DC back into replication it will have that object in its database but the domain would not know about it as its removed the object completely. This can create inconsistencies in your domain.
To remove these lingering objects is a 2 step process which is described below:
1. First you need to view the lingering objects to make sure you are not deleting anything important.
You run this command:
Repadmin /removelingeringobjects ServerWithLingeringObjects CleanServerGUID NamespaceContainingLingeringObject /advisory_mode
Ex:
Repadmin /removelingeringobjects DC95 a4bcd546-5e94-2330-b4d0-f218b16dc0f6 DC=Test,DC=Com
The server that throws the error is actually the clean server (CleanServerGUID). The GUID of this server can be located in DNS. Expand Forward Lookup Zones and click in the _msdcs.DOMAIN.NAME zone. In this zone there are CNAME records that point all DCs in the domain to their GUIDs. Copy the GUID of the server that threw the error.
After running this the lingering objects will be listed in the Event Logs so you can have a look there.
2. To remove the lingering objects run the exact same command but remove the /Advisory_mode
3. Reboot the domain controllers and see if the replication starts.