I have two Windows Server 2008 (non-R2) domain controllers, both installed as virtual machines on a VMWare ESXi 5.0 host. A few weeks ago I decided I wanted to rename the domain and took a VM snapshot of both DCs. I ran into problems with the domain rename almost right off the bat, and so I abandoned the effort and reverted both DCs back to the snapshots.
Shortly thereafter I started noticing some replication problems (adding new computers to the domain, then couldn't login to them) and found that I was getting Event ID 2103 "The Active Directory Domain Services database has been restored using an unsupported restoration procedure" in the Directory Service log. After doing some quick research, I found KB875495 which stated I had incurred a USN rollback and, since I didn't have any other backup of the AD database (I had since deleted the snapshots), the only course of recovery was to demote the domain controller that was getting the 2103 errors, clean up the metadata, and repromote the DC.
I've tried to demote the faulty domain controller no less than 25 times, with and without the /forceremoval switch, all with no success. Each time I try, it gets through the first 2 or 3 steps and after I enter the new password to assign to the local administrator account, it throws an error stating "Windows has encountered a critical problem and will restart automatically in one minute." The AD DS Installation Wizard remains in the background and if I click Next on it, another error occurs stating"The wizard is unable to determine the status of the Active Directory Domain Services on this computer." Then of course it reboots.
I've analyzed the dcpromoui log file and noticed something that doesn't seem right near the end of the log:
using domain = xyz.local, serverName = local
Enter FindAuthoritativeServer local
Enter FullyQualifyDnsName local
Enter MyDnsQuery local.
Calling DnsQuery_W
lpstrName : local.
wType : 6
fOptions : 8
status = 0000232B
RCODE_NAME_ERROR
Enter Dns::GetParentDomainName local.
.
Enter MyDnsQuery .
Calling DnsQuery_W
lpstrName : .
wType : 6
fOptions : 8
status = 00000000
ERROR_SUCCESS
Enter FindSoaRecord
SOA record found
autoritative server found
Enter GetIpAddress a.root-servers.net
Calling gethostbyname
198.41.0.4
result = 00000000
authZone = .
authServer = a.root-servers.net
authServerIpAddress = 198.41.0.4
discovered parent zone = .
Enter State::SetParentZoneName .I don't understand why it's trying to go to the root "dot" zone. I don't have the root zone on my DNS servers. I disabled recursion, hoping that might tell it not to try to go to the root zone, but that didn't help. I'll gladly post the entire dcpromoui log if anyone feels like taking a look at it.
Thanks in advance.