Sunday, December 28, 2008

DB2 Screw Up after Removal of Windows Active Directory

For Windows 2003 machine which is used to host the AD domain controller, if ever you need to uninstall the DC and revert back to normal Windows 2003 server, you can use dcpromo tool from Windows Support CD to demote the role of the Windows.

But because the uninstallation of DC wipes out many things, particularly the user and group repositories, many of the hosted applications will not be able to execute, or even start as usual.

In a not so long ago incident, our customer decided to use one of our development VM for their testing environment before the actual setting up of the "production" version of testing server. Since we already got the VM, why not? Well, things don't turn out as expected because the VM is designed to replicate the actual production environment which includes the use of the same domain name like the one in the customer network. We got only 3 viable options, 1.) Rename the VM's domain name, 2.) Uninstall the domain controller in VM, and 3.) Recreate the VM

Since option 1 involves many manual steps as outlined in Microsoft support site and option 3 involves the most works, we decided to try out our lucks with option 2.

The dcpromo tool is very straightforward to use. You first install the Windows Support Toolkit from your Windows CD and run the dcpromo by either double click it or execute from command prompt. Then a GUI-based wizard will guide you through the rest. Restart Windows at the end.

Ho ho ho. After you restarted the Windows, you shall get a services failed message when you're in the login screen. Then after login, you shall get another DB2 starts failed message.

Do you still remember that some of DB2 servers in Windows environment are registered as Windows services and since the original user and group repositories are gone, the user name used for starting those services are no longer valid and thus you got the error message.

Assuming that your DB2 is installed with the Windows security integration option enabled, you need to recreate DB2ADMNS and DB2USERS group and db2admin (or any other admin account you specified during the installation) user account. You also need to add db2admin as Administrator. If you don't perform this step, you shall get a DB2 start error: SQL1042C SQLSTATE=58004 when tried to do a db2start execution.

Type services.msc in Run menu and sort the services list using the Log On As column. Identify the DB2 services that are using previous user accounts and reenter the new db2admin user account into these services.

Lastly, you need to grant file system rights to the DB2ADMNS and DB2USERS groups. Go to the DB2 installation directory (e.g. C:\Program Files\IBM\SQLLIB) and right lick on it and select Security tab. Remove the 2 invalid accounts and add the DB2ADMNS and DB2USERS groups and give them full control rights with propagation, in my case.

Now, you can peacefully start your DB2. Thanks god.