I hope someone out there can help, I have asked on all IRC channels I can find. Please also bear in mind that I am in now way an expert at this, quite the opposite, I am a newbie so please bear with me. I have two servers, One is my main server (named civil) and is the DC for the domain GA065.org (therefore its FQDN is civil.ga065.org. My other server I tried intorducing a few months ago as a backup server and I made it a DC as well (sorry I do not recall any settings I made to it). Now about three days ago I decided to put this server (named civil2) back into action. I went through the configure your server wizard and promoted it to a child domain as backup.ga065.org. After all that happened, it finished successful and both servers restarted. Now on the login screen I have a choice of two domains to log into (Ga065 or backup). The problem I am facing is that on my original DC, civil, I cannot access anything related to active directory. Net logon will not start, sql will not start, I cannot view users in AD, exchange will not start...so on and so forth. I have looked through the event log and I have found a few errors that may be indicative of the problem. I tried looking through the MS KB articles to no avail. Below please see the errors and an attached dcdiag /test:dns log. Another interesting point is that my passwords for the administrator account on each server were different and after the promotion, they switched! Also MSTSC will not let me remote to my server, it says something like the domain doesn't exist.( I am forced to use the slow java connection of RLO or be at the console) Thanks so much for your help! C/Capt. Gorlin GA065 Administrator 2092: This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role. Operations which require contacting a FSMO operation master will fail until this condition is corrected. FSMO Role: CN=Schema,CN=Configuration,DC=ga065,DC=org 1126:Active Directory was unable to establish a connection with the global catalog. Additional Data Error value: 1792 An attempt was made to logon, but the network logon service was not started. Internal ID: 3200cd1 1308:The Knowledge Consistency Checker (KCC) has detected that successive attempts to replicate with the following domain controller has consistently failed. Attempts: 5 Domain controller: CN=NTDS Settings,CN=CIVIL2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ga065,DC=org Period of time (minutes): 147 The Connection object for this domain controller will be ignored, and a new temporary connection will be established to ensure that replication continues. Once replication with this domain controller resumes, the temporary connection will be removed. Additional Data Error value: 8524 The DSA operation is unable to proceed because of a DNS lookup failure. 2087: Active Directory could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources. Source domain controller: civil2 Failing DNS host name: 7a9e2649-2240-4853-b2c3-9da6f97b31aa._msdcs.ga065.org And Finally the DCDIAG results: Domain Controller Diagnosis Performing initial setup: Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\CIVIL Starting test: Connectivity ......................... CIVIL passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\CIVIL DNS Tests are running and not hung. Please wait a few minutes... Running partition tests on : ForestDnsZones Running partition tests on : DomainDnsZones Running partition tests on : Schema Running partition tests on : Configuration Running partition tests on : ga065 Running enterprise tests on : ga065.org Starting test: DNS Test results for domain controllers: DC: civil.ga065.org Domain: ga065.org TEST: Authentication (Auth) Error: Authentication failed with specified credentials TEST: Basic (Basc) Error: NETLOGON service is not running Warning: adapter [00000002] HP NC3131 Fast Ethernet NIC has in valid DNS server: 69.15.99.130 (<name unavailable>) TEST: Forwarders/Root hints (Forw) Error: Forwarders list has invalid forwarder: 69.15.99.130 (<n ame unavailable>) Error: Root hints list has invalid root hint server: a.root-se rvers.net. (198.41.0.4) Error: Root hints list has invalid root hint server: b.root-se rvers.net . (192.228.79.201) Error: Root hints list has invalid root hint server: c.root-se rvers.net. (192.33.4.12 ) Error: Root hints list has invalid root hint server: d.root-se rvers.net. (128.8.10.90) Error: Root hints list has invalid root hint server: e.root-se rvers.net. (192.203.230.10) Error: Root hints list has invalid root hint server: f.root-se rvers.net. (192.5.5.241) Error: Root hints list has invalid root hint server: g.root-se rvers.net. ( 192.112.36.4) Error: Root hints list has invalid root hint server: h.root-se rvers.net. (128.63.2.53) Error: Root hints list has invalid root hint server: i.root-se rvers.net. (192.36.148.17) Error: Root hints list has invalid root hint server: j.root-se rvers.net . (192.58.128.30) Error: Root hints list has invalid root hint server: k.root-se rvers.net. (193.0.14.129 ) Error: Root hints list has invalid root hint server: l.root-se rvers.net. (198.32.64.12) Error: Root hints list has invalid root hint server: m.root-se rvers.net. (202.12.27.33) TEST: Delegations (Del) Error: DNS server: civil.ga065.org. IP:69.15.99.138 [Broken de legated domain backup.ga065.org .] Error: DNS server: ns1.ga065.org. IP:10.1.2.48 [Broken delegat ed domain backup.ga065.org.] Error: DNS server: ns1.ga065.org. IP:69.15.99.138 [Broken dele gated domain backup.ga065.org.] TEST: Dynamic update (Dyn) Warning: Dynamic update is enabled on the zone but not secure ga065.org. TEST: Records registration (RReg) Network Adapter [00000002] HP NC3131 Fast Ethernet NIC: Error: Missing CNAME record at DNS server 69.15.99.130 : 6532f09f-ef61-4c57-bd2e-8478fde72c74._msdcs.ga065.org Error: Missing DC SRV record at DNS server 69.15.99.130 : _ldap._tcp.dc._msdcs.ga065.org Error: Missing GC SRV record at DNS server 69.15.99.130 : _ldap._tcp.gc._msdcs.ga065.org Error: Missing PDC SRV record at DNS server 69.15.99.130 : _ldap._tcp.pdc._msdcs.ga065.org Error: Record registrations cannot be found for all the network a dapters Summary of test results for DNS servers used by the above domain contro llers: DNS server: 69.15.99.130 (<name unavailable>) 2 test failures on this DNS server Name resolution is not functional. _ldap._tcp.ga065.org. failed o n the DNS server 69.15.99.130 DNS server: 69.15.99.138 (civil.ga065.org.) 2 test failures on this DNS server Delegation is broken for the domain backup.ga065.org. on the DNS server 69.15.99.138 DNS server: 10.1.2.48 (ns1.ga065.org.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.12 7.in-addr.arpa. failed on the DNS server 10.1.2.48 Delegation is broken for the domain backup.ga065.org. on the DNS server 10.1.2.48 DNS server: 128.63.2.53 (h.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.12 7.in-addr.arpa. failed on the DNS server 128.63.2.53 DNS server: 128.8.10.90 (d.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.12 7.in-addr.arpa. failed on the DNS server 128.8.10.90 DNS server: 192.112.36.4 (g.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.12 7.in-addr.arpa. failed on the DNS server 192.112.36.4 DNS server: 192.203.230.10 (e.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.12 7.in-addr.arpa. failed on the DNS server 192.203.230.10 DNS server: 192.228.79.201 (b.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.12 7.in-addr.arpa. failed on the DNS server 192.228.79.201 DNS server: 192.33.4.12 (c.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.12 7.in-addr.arpa. failed on the DNS server 192.33.4.12 DNS server: 192.36.148.17 (i.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.12 7.in-addr.arpa. failed on the DNS server 192.36.148.17 DNS server: 192.5.5.241 (f.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.12 7.in-addr.arpa. failed on the DNS server 192.5.5.241 DNS server: 192.58.128.30 (j.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.12 7.in-addr.arpa. failed on the DNS server 192.58.128.30 DNS server: 193.0.14.129 (k.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.12 7.in-addr.arpa. failed on the DNS server 193.0.14.129 DNS server: 198.32.64.12 (l.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.12 7.in-addr.arpa. failed on the DNS server 198.32.64.12 DNS server: 198.41.0.4 (a.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.12 7.in-addr.arpa. failed on the DNS server 198.41.0.4 DNS server: 202.12.27.33 (m.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.12 7.in-addr.arpa. failed on the DNS server 202.12.27.33 Summary of DNS test results: Auth Basc Forw Del Dyn RReg Ext ________________________________________________________________ Domain: ga065.org civil FAIL FAIL FAIL FAIL WARN FAIL n/a ......................... ga065.org failed test DNS

go to eventid.net and lookup the event id's

start with a class or a book on 2003 and AD. A child domain has nothing to do with redundancy. You should have entered the new DC into the SAME domain. Configured it with dns server and with the global catalog for redundancy. If your post is longer than a screen you are not speaking concisely and that's a waste of everyones time. Give a person a fish, they eat for a day. Suggest they internet search and they learn a skill for a lifetime.

I don't even know where to begin. I'm not meaning this harshly, but I don't think a single thing was done correctly when AD was setup originally. For example, why is the server using root hints for a private AD infrastructure?! Your DNS is JACKED! AD is horribly damaged. From the looks of it, you may have even been hacked. Learn DNS and AD, make sure you're securing your network, export your AD accounts if there's a bunch, and start the whole thing over. AD is not something you can just setup, and expect to work without understanding how it works, along with all technologies it's dependent on, such as DNS. People set it up, and if authentication is working, they think AD was setup right. Fast forward a bit when the AD configuration gets even a little bit more complicated...multiple sites...multiple DC's...multiple domains...and "suddenly" there's a problem. I truly don't intend this post to sound ill-sprited. I do sincerely hope you read up, learn from this, and get your stuff rolling. You need to understand that there is no substitute for foundational knowledge. Without it, sooner or later (like now) it will bite you in the butt. If starting over is not an option, you need REALLY GOOD professional help to fix this. Hire the most experienced, knowledgeable person you can possibly find. Please help survivors of Hurricane Katrina! www.redcross.org

Holy wow, you took the complete wrong path from the beginning. Let it be a lesson, never play with a live server situation. Networking is just like building a house, you can't just run in there with some 2x4's and start hammering, you have to design, implement, test, THEN build. You should have done some research first, you could have asked the board for help on how you should go about creating a 'backup' server. Re-read heropsycho2177's post, he hits the nail on the head.