I have a Win2k3 DC that has one of my DNS servers on it.  I have removed all of the FSMO roles and confirmed they are removed.  The user is a part of the Enterprise Admin group.   When i try to remove the DC through dcpromo I get the following error in the dcpromo.log.  I would like to keep from using /forceremoval but is this a sign of something wrong in my AD or just on the DC i am trying to remove.

7/06 14:24:32 [INFO] Removing Active Directory objects that refer to the local domain controller from the remote domain controller bugs.cic.scic.com…
07/06 14:24:32 [INFO] Error - Active Directory could not configure the computer account dc_name$ on the remote domain controller other_dc_name. (5)
07/06 14:24:33 [INFO] NtdsDemote returned 5
07/06 14:24:33 [INFO] DsRolepDemoteDs returned 5
07/06 14:24:33 [ERROR] Failed to demote the directory service (5)

 

try this:

http://support.microsoft.com/kb/2000939

I did that and now i get the following on dcpromo.

 

the operation failed because:

 

Failed to configure the service NETLOGON as requested.

"The wait operation timed out"

 

and in the dcpromo.log is the following:

07/07 09:02:24 [INFO] Informed NETLOGON to deregister records
07/07 09:02:24 [INFO] Stopping service NETLOGON

07/07 09:04:24 [INFO] StopService on NETLOGON failed with 258

 

Hello,

if i understand you correct you try to demote a DC in an existing domain and have already transferred teh FSMO roles to another DC in the domain. Did you check with "netdom query fsmo" in a command prompt that the other DC is shown for having the FSMO roles?

Also it can help to uncheck the Global catalog in AD sites and services on the NTDS settings from the DC you need to demote.

Is connectivity given, check with pinging ip address, computer name and FQDN to the other DC, which also should be Global catalog server?

Also post an undited ipconfig /all from the existing DC and the one you try to demote.

Hi KirkSH,

Thank you for posting in Windows Server Forum.

 

According to your description, I understand that you are not able to demote a Windows 2003 DC with the error " Failed to configure the service NETLOGON as requested."

 

To resolve this issue, please stop the Netlogon service before you run DCPROMO. This might allow you to complete the DC demotion.

 

Wilson Jia

 

TechNet Subscriber Support in forum

If you have any feedback on our support, please contact tngfb@microsoft.com

Hi Kirksh,

Any updates?

Regards,

Wilson Jia

I just experience the same issue, but the answer is very easy to handle.

Change the first DNS setting on your network card to point to your new DNS server, not the server you are currently demoting.  Once you change the DNS setting to the new DNS server you should be able to demote the server without any issues.

Dean

• Proposed as answer by Frank Hurley Wednesday, December 07, 2011 2:21 PM

Correct you are

DNS was the issue for me

Change the NIC to point to the new dns server - away from the one you are trying to demote

 

good call

 

thanks

Verify that your account has sufficient permissions to the computer account in Active Directory.
Even though your running dcpromo with domain admin account... If you haven't got full access to the computer object the operation will fail.

And check so that "Protect this object from accidental deletion" isn't activated.

Thanks to citapinc, this is what resolved the issue for us!

Thanks sir

Solution worked Great.

Else the only way is to run Dcpromo /forceremoval and then through Metadata Cleanup remove all stresses from AD.

I had 10 Domain Controllers to demote....

Once again Thanks

Thanks sir

Solution worked Great.

Else the only way is to run Dcpromo /forceremoval and then through Metadata Cleanup remove all stresses from AD.

I had 10 Domain Controllers to demote....

Once again Thanks

Great .. that's really really workable information ... thank you mahesh

for me the answer of:citapinc worked (DNS settings)

should a Moderator really mark his/her own reply as "answer" ??

my error was:

---------------------------
Active Directory Installation Wizard
---------------------------
The operation failed because:

Failed to configure the service NETLOGON as requested

"The wait operation timed out."
---------------------------
OK   
---------------------------

This was the answer for me. Thank you!

I just experience the same issue, but the answer is very easy to handle.

Change the first DNS setting on your network card to point to your new DNS server, not the server you are currently demoting.  Once you change the DNS setting to the new DNS server you should be able to demote the server without any issues.

Dean

Dean,

Thank you for taking the time to post this. You just saved me what would have probably been hours of troubleshooting for a simple issue.  

Jeffery Smith

This just saved me a bunch of time as well.  Many thanks.

I ended up needing to uncheck the Global Catalog box in AD Sites and Services for the server I was demoting. I had tried pointing to the new PDC and tried disabling Netlogon service in combination with no luck until I removed GC.

I still did have the Netlogon service stopped and disabled and DNS on the server NIC pointing to new PDC when I removed the Global Catalog though.  Not sure if it was a combination of all, but it also stopped warning me about needing a GC on the domain during the dcpromo demotion.

We are in the process of phasing out our 2003 domain controllers and moving to 2012 R2.  I had the same problem with an error on a specific domain controller when it was unable to deal with the NETLOGON service properly.  What worked for me:  I went to Sites and Services and removed the Global Catalog checkbox under the NTDS properties for that problem server (thus removing the server from being a global catalog).

After confirming all other domain controllers now recognized that the server was no longer a global catalog server (checked sites and services on each one for the checkbox) I then tried the demotion process again, and it worked properly through the dcpromo gui.

Old post, but pointing DNS to new server and stopping NET LOGON service prior to running DCPROMO worked for me.

Tks

Found the fix here.  Simple.

http://itthatshouldjustwork.blogspot.com/2013/08/dcpromo-demote-win2k3-server-failed-to.html