Story Time. Simple install went to hell in a handbasket REAL quick! Learned some things!

thecomputerguy

thecomputerguy

Well-Known Member
Reaction score
1,326
I coordinated everything for a client. Got my wiring guy out there for 15 or so drops. Install was a Ubiquiti network with 1AP, 1 Server, and 2 Workstations.

LITERALLY THE EASIEST INSTALL YOU CAN THINK OF. Empty office, No Data, No Software, they actually use Gmail.

Quoted this gravy job VERY VERY high due to Holidays. Accepted.

I'm in it a total of 8 hours, 3 for Proj Management and 5 onsite today.

GRAVY JOB! 3PM rolls around I'm thinking WOW I'm going home! Lets GTFO!

I go to access a utility folder on the Server and Oh snap! The Server doesn't follow my normal naming! I usually do SERVERDC-01, I accidentally did SERVER-DC01. No biggie, rename.

I reboot the Server and think OH SNAP. I had already promoted the Server to a DC ... I hope that doesn't screw anything up.

It did.

Can't login anymore.

I spent two hours trying to figure out why and can only attribute it to the fact that when I renamed it I didn't make an entry into AD with the name of the new Server. Download Server 2022 ISO give it shot, gave up quick, over it.

Thank god I bought ProSupport from Dell. After about 3 hours of install and firmware updates I was finally back to square one with a fresh install of Server 2022. Thanks Dell guy.

I get to the last point where I need to setup some GPO's including folder redirection (I know bad) since they won't be using O365 I need some way to protect the Data on the Workstations.

GP wont update on the 2 Workstations. I'm losing my mind. Error says it can't find the OU my Users and Computers are in but join the Domain fine WTF. After another hour or so of troubleshooting I can't figure it out. I login to one of my other Servers to compare and see nothing. UNTIL... I take a close look at the OU in another Server and see that the standard OU I use for small installs is USERS/COMPUTERS ... the OU I just made was USERS\COMPUTERS.

THAT CAN'T BE IT CAN IT?

It was.

Notes to take away:

- Don't rename a DC ... Ever, Hell ... don't rename a Server.
- Dell ProSupport is worth it's weight in GOLD
- iDRAC is AMAZING (Never used it before... Noob)
- OU's don't work if you use the wrong Slash / \ / \/ \ /\ /\ /\/ \/ \/ \\/ /\ \ / - Don't use slashes in OU's EVER
- Slow down
- I'm an idiot

It's almost 10PM. My idiot self cost me another 5 hours onsite, should have slowed down but got excited that I was getting out of this easy at 3pm. Even will all the extra time still a gravy job at least.

Kill me.
 
Last edited:
Well, I hate when this happens but then again, we love troubleshooting lol.

Next time: quote double, then you win when it's less.
 
I just realized again after reading my OP that everything I did today was so old school that it was the same way it was done in 2003...

Local AD, Local GPO's... Local OU's... FOLDER REDIRECTION!

Good lord how times have changed.

But some jobs may still need to be old school I suppose.

Im gunna get ripped up by sky-knight and I totally deserve every bit of it.
 
My most recent ID ten T moment resulted in over 7 hours I couldn't bill. Outlook stopped connecting. Did the safe mode thing which didn't do anything. So I just did a full install. Worked. Next day she called back and said it wasn't working. Did everything. Re-store points, remove re-install, Tweaking AIO, SaRAH, new profile. At hour 7 I was about to give up and do a nuke and pave and I happened to look down in the lower right corner. The time was off by an 1 hour 40 minutes. Was set to the correct time zone but somehow the time itself got changed. Corrected that, worked like a charm. Somehow SaRA wasn't smart enough to check the time zone and time to see if it was correct. After all a bad time setting causes all kinds of security problems.
 
It's 2023... almost 2024...

WTF are you doing installing a domain controller?

Get that kerberos failing, faulty authenticating, Microsoft never going to fix it ever liability carrying bovine excrement the heck out of your life!

Ok... kidding aside I know there are reasons for it... but if you can dump AD dump it.

P.S. yes... those blasted slashes will get you, and yes... never... EVER rename a domain controller. Other servers you can sort out, but your only DC is the root of the control plane... bad times if you goof it up!
 
Last edited:
Heh...yeah, I never went and renamed a DC...but I recall it being a big "no-no". Actually I'm surprised the OS allows it to happen, one would think it would simply block or even gray out the option to "rename computer" if it's holding FizzyMo roles.

So glad I only have around 1/2 a dozen clients with on prem servers left...I enjoy ditching servers and going all M365bizprem....I might even grow some hair back on the top of my head!
 
Whom the Gods would destroy, they first make mad...

Glad you got it sorted out. Gladder still I'm not the only person this kind of thing happens to.
 
YeOldeStonecat said:
Heh...yeah, I never went and renamed a DC...but I recall it being a big "no-no". Actually I'm surprised the OS allows it to happen, one would think it would simply block or even gray out the option to "rename computer" if it's holding FizzyMo roles.

So glad I only have around 1/2 a dozen clients with on prem servers left...I enjoy ditching servers and going all M365bizprem....I might even grow some hair back on the top of my head!
Click to expand...
If you have more than one DC, it's not so bad! Because the network stack assuming isn't FUBAR will find the other, and authentication will happen.

But if you rename the forest root controller, it can't find itself... net logon doesn't know where to register AD, DNS doesn't get updated, and now the DC cannot find the only user account database it was told to respect. The only way to fix it is to get into the system via a local account that doesn't really exist, update DNS with the new names manually, and restart netlogon.

OR... if it's a fresh server... just format C: and start over, which is honestly faster and easier.
 
Sky-Knight said:
It's 2023... almost 2024...

WTF are you doing installing a domain controller?

Get that kerberos failing, faulty authenticating, Microsoft never going to fix it ever liability carrying bovine excrement the heck out of your life!

Ok... kidding aside I know there are reasons for it... but if you can dump AD dump it.

P.S. yes... those blasted slashes will get you, and yes... never... EVER rename a domain controller. Other servers you can sort out, but your only DC is the root of the control plane... bad times if you goof it up!
Click to expand...

Thank you for going easy on me :)
 
Sky-Knight said:
If you have more than one DC, it's not so bad! Because the network stack assuming isn't FUBAR will find the other, and authentication will happen.

But if you rename the forest root controller, it can't find itself... net logon doesn't know where to register AD, DNS doesn't get updated, and now the DC cannot find the only user account database it was told to respect. The only way to fix it is to get into the system via a local account that doesn't really exist, update DNS with the new names manually, and restart netlogon.

OR... if it's a fresh server... just format C: and start over, which is honestly faster and easier.
Click to expand...

What you described here is literally EXACTLY what happened.
 
thecomputerguy said:
What you described here is literally EXACTLY what happened.
Click to expand...
I know that process because I've been where you are... I can't be hard on you, I nuked myself too. ;) There are certain things everyone learns face first... this is very much one of them. Congrats, you're now qualified to work on Active Directory, when Active Directory on Server 2025 may well be the very last version ever released.
 
Last edited:
Holy goodness, I knew I was paranoid about ever trying to rename a DC and now I know why. Felt your pain on this.

@Sky-Knight what would you recommend nowadays outside of Azure. Hyper-V servers? I been setting those up lately for my day job.
 
cypress said:
Holy goodness, I knew I was paranoid about ever trying to rename a DC and now I know why. Felt your pain on this.

@Sky-Knight what would you recommend nowadays outside of Azure. Hyper-V servers? I been setting those up lately for my day job.
Click to expand...

Depends... If you've got a Windows Server license involved it's rather hard to not use Hyper-V. You've already got it licensed, you get a fully functional hypervisor on a platform that's easy to patch and maintain.

I've got a fair number of VMWare servers in the field too, though those are probably going to go away now with VMWare changing owners.

I've done XenServer, ProxMox, and a ton of others that I can't be bothered to name right now. If you want an open source option, ProxMox is probably your best bet. I run Hyper-V internally, but again that's because I have a Windows Server license, and I have need to use it from time to time to interact with Azure... it's just easier that way. But I've considered dumping it for ProxMox since it has the ability to emulate TPM to guests even if the host lacks the hardware.
 
You must log in or register to reply here.

Similar threads

thecomputerguy
Never a dull moment. (story time)
Replies
18
Views
697
britechguy
britechguy
HCHTech
Any Adobe alternative for server installs?
Replies
11
Views
327
SAFCasper
SAFCasper
thecomputerguy
AutoCAD LT .... Egnyte, Vault, or in-house?
Replies
8
Views
343
Sky-Knight
Sky-Knight
HCHTech
Hot-Desking setup
Replies
0
Views
308
HCHTech
HCHTech
thecomputerguy
I'm looking for a text autofill app to convert a command into a block of text. (PC/Android)
Replies
2
Views
193
britechguy
britechguy
Back
Top