John Wick
asked on
Problems with Active Directory in Windows Server 2003
Two Windows Servers 2003 Standard - A and B. Server B has all FSMO roles (from Server A). After a forced replication last night, I am now getting the following error:
Naming information cannot be located because the specified domain either does not exist or could not be contacted
Also:
Server A - WIndows cannot obtain the domain controller name for your computer network.
Server B - Windows cannot query for the list of Group Policy Objects.
Server B - Windows cannot bind to xxx.local.domain
Server B - Event Codes 1030 and 1006 repeatedly
Server A- Eent Codes 1054, 2114 and 2102 repeatedly
Also:
C:\Program Files\Support Tools>repadmin/showrepl
repadmin running command /showrepl against server localhost
Default-First-Site-Name\Se rver B
DC Options: IS_GC
Site Options: (none)
DC object GUID: 62793a1f-090c-443e-b59c-53 5cea112c3d
DC invocationID: 62793a1f-090c-443e-b59c-53 5cea112c3d
==== INBOUND NEIGHBORS ========================== ========== ==
DC=xxx,DC=local
Default-First-Site-Name\SE RVER B via RPC
DC object GUID: 64d42e4d-da68-4163-85f5-91 fe72964c11
Last attempt @ 2011-01-14 09:56:03 was successful.
CN=Configuration,DC=xxx,DC =local
Default-First-Site-Name\Se rver B via RPC
DC object GUID: 64d42e4d-da68-4163-85f5-91 fe72964c11
Last attempt @ 2011-01-14 09:56:03 was successful.
CN=Schema,CN=Configuration ,DC=xxx,DC =local
Default-First-Site-Name\Se rver B via RPC
DC object GUID: 64d42e4d-da68-4163-85f5-91 fe72964c11
Last attempt @ 2011-01-14 09:56:03 was successful.
DC=DomainDnsZones,DC=xxx,D C=local
Default-First-Site-Name\Se rver B via RPC
DC object GUID: 64d42e4d-da68-4163-85f5-91 fe72964c11
Last attempt @ 2011-01-14 09:56:03 was successful.
DC=ForestDnsZones,DC=xxx,D C=local
Default-First-Site-Name\Se rver B via RPC
DC object GUID: 64d42e4d-da68-4163-85f5-91 fe72964c11
Last attempt @ 2011-01-14 09:56:03 was successful
And..........
C:\Program Files\Support Tools>dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SE RVER B
Starting test: Connectivity
......................... SERVER B passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\ SERVER B
Starting test: Replications
......................... SERVER B passed test Replications
Starting test: NCSecDesc
......................... SERVER B passed test NCSecDesc
Starting test: NetLogons
......................... SERVER B passed test NetLogons
Starting test: Advertising
Fatal ErrorsGetDcName (SERVER B) call failed, error 1355
The Locator could not find the server.
......................... SERVER B failed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER B passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER B passed test RidManager
Starting test: MachineAccount
......................... SERVER B passed test MachineAccount
Starting test: Services
......................... SERVER B passed test Services
Starting test: ObjectsReplicated
......................... SERVER B passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVER B passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... SERVER B failed test frsevent
Starting test: kccevent
......................... SERVER B passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000423
Time Generated: 01/14/2011 09:29:47
Event String: The DHCP service failed to see a directory server
......................... SERVER B failed test systemlog
Starting test: VerifyReferences
......................... SERVER B passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : xxx
Starting test: CrossRefValidation
......................... xxx passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... xxx passed test CheckSDRefDom
Running enterprise tests on : xxx.local
Starting test: Intersite
......................... xxx.local passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQU IRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERV ER_PREFERR ED) call failed, error 135
5
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... xxx.local failed test FsmoCheck
Needless to say I appreciate all the detailed help I can get to resolve this as soon as possible. Clients are still able to log in.
Naming information cannot be located because the specified domain either does not exist or could not be contacted
Also:
Server A - WIndows cannot obtain the domain controller name for your computer network.
Server B - Windows cannot query for the list of Group Policy Objects.
Server B - Windows cannot bind to xxx.local.domain
Server B - Event Codes 1030 and 1006 repeatedly
Server A- Eent Codes 1054, 2114 and 2102 repeatedly
Also:
C:\Program Files\Support Tools>repadmin/showrepl
repadmin running command /showrepl against server localhost
Default-First-Site-Name\Se
DC Options: IS_GC
Site Options: (none)
DC object GUID: 62793a1f-090c-443e-b59c-53
DC invocationID: 62793a1f-090c-443e-b59c-53
==== INBOUND NEIGHBORS ==========================
DC=xxx,DC=local
Default-First-Site-Name\SE
DC object GUID: 64d42e4d-da68-4163-85f5-91
Last attempt @ 2011-01-14 09:56:03 was successful.
CN=Configuration,DC=xxx,DC
Default-First-Site-Name\Se
DC object GUID: 64d42e4d-da68-4163-85f5-91
Last attempt @ 2011-01-14 09:56:03 was successful.
CN=Schema,CN=Configuration
Default-First-Site-Name\Se
DC object GUID: 64d42e4d-da68-4163-85f5-91
Last attempt @ 2011-01-14 09:56:03 was successful.
DC=DomainDnsZones,DC=xxx,D
Default-First-Site-Name\Se
DC object GUID: 64d42e4d-da68-4163-85f5-91
Last attempt @ 2011-01-14 09:56:03 was successful.
DC=ForestDnsZones,DC=xxx,D
Default-First-Site-Name\Se
DC object GUID: 64d42e4d-da68-4163-85f5-91
Last attempt @ 2011-01-14 09:56:03 was successful
And..........
C:\Program Files\Support Tools>dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SE
Starting test: Connectivity
......................... SERVER B passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\ SERVER B
Starting test: Replications
......................... SERVER B passed test Replications
Starting test: NCSecDesc
......................... SERVER B passed test NCSecDesc
Starting test: NetLogons
......................... SERVER B passed test NetLogons
Starting test: Advertising
Fatal ErrorsGetDcName (SERVER B) call failed, error 1355
The Locator could not find the server.
......................... SERVER B failed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER B passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER B passed test RidManager
Starting test: MachineAccount
......................... SERVER B passed test MachineAccount
Starting test: Services
......................... SERVER B passed test Services
Starting test: ObjectsReplicated
......................... SERVER B passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVER B passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... SERVER B failed test frsevent
Starting test: kccevent
......................... SERVER B passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000423
Time Generated: 01/14/2011 09:29:47
Event String: The DHCP service failed to see a directory server
......................... SERVER B failed test systemlog
Starting test: VerifyReferences
......................... SERVER B passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : xxx
Starting test: CrossRefValidation
......................... xxx passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... xxx passed test CheckSDRefDom
Running enterprise tests on : xxx.local
Starting test: Intersite
......................... xxx.local passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQU
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERV
5
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... xxx.local failed test FsmoCheck
Needless to say I appreciate all the detailed help I can get to resolve this as soon as possible. Clients are still able to log in.
any nslookup errors?
ASKER
"can't find server name for address xxx.xxx.xxx
Default server unknown
Default server unknown
sounds like the problem is with your DNS server
have you checked to ensure that,
your forward and reverse lookup zones are setup correctly?
clear cache from dns server
ipconfig /flushdns
recheck nslookup
have you checked to ensure that,
your forward and reverse lookup zones are setup correctly?
clear cache from dns server
ipconfig /flushdns
recheck nslookup
ASKER
Can you provide more details on how I can accomplish this?
ASKER
Everything was ok until a forced replication. It seems like AD is still there, just cant find sysvol and global catalog
ASKER
NETDIAG:
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test skipped].
Global results:
Domain membership test . . . . . . : Failed
[WARNING] Ths system volume has not been completely replicated to the local
machine. This machine is not working properly as a DC.
NetBT transports test. . . . . . . : Skipped
There are no interfaces that have NetBT enabled. [Test skipped]
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Skipped
There are no interfaces that have NetBT enabled. [Test skipped]
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '10.1.x.xxx'
and other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server '10.1.x.xxx'
and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Skipped
There are no interfaces that have NetBT enabled. [Test skipped]
DC discovery test. . . . . . . . . : Failed
[FATAL] Cannot find DC in domain 'xxx'. [ERROR_NO_SUCH_DOMAIN]
DC list test . . . . . . . . . . . : Failed
'xxx': Cannot find DC to get DC list from [test skipped].
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Skipped
'xxx': Cannot find DC to get DC list from [test skipped].
LDAP test. . . . . . . . . . . . . : Failed
Cannot find DC to run LDAP tests on. The error occurred was: The specified d
omain either does not exist or could not be contacted.
[WARNING] Cannot find DC in domain 'xxx'. [ERROR_NO_SUCH_DOMAIN]
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test skipped].
Global results:
Domain membership test . . . . . . : Failed
[WARNING] Ths system volume has not been completely replicated to the local
machine. This machine is not working properly as a DC.
NetBT transports test. . . . . . . : Skipped
There are no interfaces that have NetBT enabled. [Test skipped]
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Skipped
There are no interfaces that have NetBT enabled. [Test skipped]
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '10.1.x.xxx'
and other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server '10.1.x.xxx'
and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Skipped
There are no interfaces that have NetBT enabled. [Test skipped]
DC discovery test. . . . . . . . . : Failed
[FATAL] Cannot find DC in domain 'xxx'. [ERROR_NO_SUCH_DOMAIN]
DC list test . . . . . . . . . . . : Failed
'xxx': Cannot find DC to get DC list from [test skipped].
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Skipped
'xxx': Cannot find DC to get DC list from [test skipped].
LDAP test. . . . . . . . . . . . . : Failed
Cannot find DC to run LDAP tests on. The error occurred was: The specified d
omain either does not exist or could not be contacted.
[WARNING] Cannot find DC in domain 'xxx'. [ERROR_NO_SUCH_DOMAIN]
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
Hi !
Please follow the Following Steps:
1) Configure Server B (PDC) Role owner to be authoritative time server
Follow Microsoft KB:http://support.microsoft.com/kb/816042
(Note: Manually Configure this Section "Configuring the Windows Time service to use an external time source" from the Article
== While configuring Point 4 = To specify the time sources use IP Address for any of the NIST Servers
For the List of NIST Servers please refer Kb http://support.microsoft.com/kb/262680
or http://tf.nist.gov/tf-cgi/servers.cgi (recommended)
Once configured
Run the following command at the command prompt
Net stop w32time & net start w32time & w32tm /resync
Re Run Dcdiag
Please follow the Following Steps:
1) Configure Server B (PDC) Role owner to be authoritative time server
Follow Microsoft KB:http://support.microsoft.com/kb/816042
(Note: Manually Configure this Section "Configuring the Windows Time service to use an external time source" from the Article
== While configuring Point 4 = To specify the time sources use IP Address for any of the NIST Servers
For the List of NIST Servers please refer Kb http://support.microsoft.com/kb/262680
or http://tf.nist.gov/tf-cgi/servers.cgi (recommended)
Once configured
Run the following command at the command prompt
Net stop w32time & net start w32time & w32tm /resync
Re Run Dcdiag
Check the below link to try & get the overview or troubleshooting replication issues.
http://msdn.microsoft.com/en-us/library/ms151756.aspx
http://www.windowsnetworking.com/articles_tutorials/Active-Directory-Troubleshooting-Part1.html
http://blogs.dirteam.com/blogs/jorge/archive/2006/12/09/Troubleshooting-AD-Replication-Issues.aspx
http://msdn.microsoft.com/en-us/library/ms151756.aspx
http://www.windowsnetworking.com/articles_tutorials/Active-Directory-Troubleshooting-Part1.html
http://blogs.dirteam.com/blogs/jorge/archive/2006/12/09/Troubleshooting-AD-Replication-Issues.aspx
ASKER
Just some more info:
I forced a replication from Server A to Server B. Ever since I did this, both servers now have the "naming information cannot be located because the specified domain either does not exist or could not be contacted" but Server A has the SYSVOL shared whereas Server B does not. Server A seems to have all the files needing to be in SYSVOL whereas Server B has empty files in SYSVOL
Hope that helps
I forced a replication from Server A to Server B. Ever since I did this, both servers now have the "naming information cannot be located because the specified domain either does not exist or could not be contacted" but Server A has the SYSVOL shared whereas Server B does not. Server A seems to have all the files needing to be in SYSVOL whereas Server B has empty files in SYSVOL
Hope that helps
Which DNS servers have you given your DCs to use (TCP/IP configuration)?
Can you open the DNS console and verify that you have a Forward Lookup Zone for your domain name? Then verify that you either have another Forward Lookup Zone for _msdcs.yourdomain.com or your domain has a sub-folder called _msdcs (not greyed out)?
If DNS is at fault, NetDiag is a better tool under 2003, if you could run that please?
Chris
ASKER
NETDIAG is posted above previously.
Also, Server A has the SYSVOL shared whereas Server B does not. Server A seems to have all the files needing to be in SYSVOL whereas Server B has empty files in SYSVOL
Hope that helps
Server A - IPCONFIG
Windows IP Configuration
Host Name . . . . . . . . . . . . : Server A
Primary Dns Suffix . . . . . . . : xxx.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : xxx.local
Ethernet adapter internal:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port Network Co
nnection #2
Physical Address. . . . . . . . . : 00-07-E9-06-EE-6E
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.1.xxx.xx5
Subnet Mask . . . . . . . . . . . : 255.255.xxx.xxx
Default Gateway . . . . . . . . . : 10.1.x.x
DNS Servers . . . . . . . . . . . : 10.1.xxx.xx5
10.1.xxx.xx6
NetBIOS over Tcpip. . . . . . . . : Disabled
Server B
Windows IP Configuration
Host Name . . . . . . . . . . . . : Server B
Primary Dns Suffix . . . . . . . : xxx.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ixxx.local
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 PM Network Connection
Physical Address. . . . . . . . . : 00-25-90-14-3C-D0
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.1.xxx.xx6
Subnet Mask . . . . . . . . . . . : 255.255.xxx.xxx
Default Gateway . . . . . . . . . : 10.1.x.x
DNS Servers . . . . . . . . . . . : 10.1.xxx.xx6
10.1.xxx.xx5
NetBIOS over Tcpip. . . . . . . . : Disabled
Also, Server A has the SYSVOL shared whereas Server B does not. Server A seems to have all the files needing to be in SYSVOL whereas Server B has empty files in SYSVOL
Hope that helps
Server A - IPCONFIG
Windows IP Configuration
Host Name . . . . . . . . . . . . : Server A
Primary Dns Suffix . . . . . . . : xxx.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : xxx.local
Ethernet adapter internal:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port Network Co
nnection #2
Physical Address. . . . . . . . . : 00-07-E9-06-EE-6E
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.1.xxx.xx5
Subnet Mask . . . . . . . . . . . : 255.255.xxx.xxx
Default Gateway . . . . . . . . . : 10.1.x.x
DNS Servers . . . . . . . . . . . : 10.1.xxx.xx5
10.1.xxx.xx6
NetBIOS over Tcpip. . . . . . . . : Disabled
Server B
Windows IP Configuration
Host Name . . . . . . . . . . . . : Server B
Primary Dns Suffix . . . . . . . : xxx.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ixxx.local
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 PM Network Connection
Physical Address. . . . . . . . . : 00-25-90-14-3C-D0
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.1.xxx.xx6
Subnet Mask . . . . . . . . . . . : 255.255.xxx.xxx
Default Gateway . . . . . . . . . : 10.1.x.x
DNS Servers . . . . . . . . . . . : 10.1.xxx.xx6
10.1.xxx.xx5
NetBIOS over Tcpip. . . . . . . . : Disabled
Sorry, so you did.
Lets see, what does the Directory Service event log have to say for itself?
Can you also run these please:
netdom query fsmo
dsquery server –isgc
By the way, this:
> "can't find server name for address xxx.xxx.xxx
> Default server unknown
Does not indicate a problem as such. It suggests you do not have a Reverse Lookup Zone for your subnet, or a PTR record (in that zone) for your server. It won't cause any serious harm, although you can still add the zone if you wish.
Chris
Sorry, one more bit.
Time was mentioned earlier, does time match between the two servers? If it falls more than 5 minutes out Kerberos authentication would break. I doubt that is the case as they're replicating, but it never hurts to check.
Chris
ASKER
I will check the time match between two servers. They had problems replicating before I forced replication Thursday night.
I will post results shortly
I will post results shortly
ASKER
netdom query fsmo and dsquery server –isgc:
The specified domain either does not exist or could not be contacted
This is driving me crazy....is there a way to point the AD Sites and Services mmc to the SYSVOL? Or restore from backup? Seems to me that when Server A replicated to Server B, something got lost in translation. Server A was the first to have the "naming" error, whereas Server B worked perfectly for about 15min, then also had the same issue afterwards when opening up the AD SItes and Services mmc.
Server A is very unreliable, hence the purpose of server B and why Server B has all the FSMO roles
The specified domain either does not exist or could not be contacted
This is driving me crazy....is there a way to point the AD Sites and Services mmc to the SYSVOL? Or restore from backup? Seems to me that when Server A replicated to Server B, something got lost in translation. Server A was the first to have the "naming" error, whereas Server B worked perfectly for about 15min, then also had the same issue afterwards when opening up the AD SItes and Services mmc.
Server A is very unreliable, hence the purpose of server B and why Server B has all the FSMO roles
ASKER
Both servers could not locate a time server
Steps, I'd like to look at things in this order, and I don't want to overload you with requests :) If you don't get anywhere with 1, stop there, and so on.
1. Before anything else, did you get a chance to verify that _msdcs exists on your DNS servers? That's how DCs locate each other, if either cannot find it there will be trouble. We can always rebuild DNS, so don't worry if it's not there (worst case we can build it manually).
2. Does time match on the servers? We can sort out time servers later, you just need them to have matching time at the moment.
3. These commands are going to generate a lot of output, in each case we're using the output to file option. NetDiag doesn't let you pick the file name though.
dcdiag /c /v /f:dcdiag.log
netdiag /debug /l
netdiag will log to netdiag.log in the folder you run it from. DCDiag lets you pick the name and path, I've just gone for dcdiag.log in the current directory.
Cheers,
Chris
ASKER
I set the time on SERVER B. rebooted. Event ID 1394 logged - new updates to AD are succeeding...
Logged event id 1054 again...not good. Still getting "naming" error when attempting to open AD sites and Services.
This of course is all on Server B. Server A has the same "naming" error when attempting to open AD Sites and Services.
This is frustrating!! Its as if all is there, just missing 1 piece.
I checked DNS - all as you describe. Thank you for your help!
Logged event id 1054 again...not good. Still getting "naming" error when attempting to open AD sites and Services.
This of course is all on Server B. Server A has the same "naming" error when attempting to open AD Sites and Services.
This is frustrating!! Its as if all is there, just missing 1 piece.
I checked DNS - all as you describe. Thank you for your help!
ASKER
dcdiag /c /v /f:dcdiag.log
Invalid Syntax ?
Invalid Syntax ?
/c should have made it run comprehensive tests. I must have it wrong though, no means of checking the syntax from here. Perhaps just go with "dcdiag /v /f:dcdiag.log".
Chris
ASKER
What would dcdiag /fix do?
ASKER
Doing initial required tests
Testing server: Default-First-Site-Name\SE RVER B
Starting test: Connectivity
......................... SERVER B passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SE RVER B
Starting test: Replications
......................... SERVER Bpassed test Replications
Starting test: Topology
......................... SERVER B passed test Topology
Starting test: CutoffServers
......................... SERVER B passed test CutoffServers
Starting test: NCSecDesc
......................... SERVER B passed test NCSecDesc
Starting test: NetLogons
......................... SERVER B passed test NetLogons
Starting test: Advertising
Fatal Error:DsGetDcName (SERVER B) call failed, error 1355
The Locator could not find the server.
......................... SERVER B failed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER B passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER B passed test RidManager
Starting test: MachineAccount
......................... SERVER B passed test MachineAccount
Starting test: Services
......................... SERVER B passed test Services
Starting test: OutboundSecureChannels
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... SERVER B passed test OutboundSecureChan
nels
Starting test: ObjectsReplicated
......................... SERVER B passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVER B passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... SERVER B failed test frsevent
Starting test: kccevent
......................... SERVER B passed test kccevent
Starting test: systemlog
......................... SERVER B passed test systemlog
Starting test: VerifyReplicas
......................... SERVER B passed test VerifyReplicas
Starting test: VerifyReferences
......................... SERVER B passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... SERVER B passed test VerifyEnterpriseRe
ferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : xxxdomain
Starting test: CrossRefValidation
......................... xxxdomain passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... xxxdomain passed test CheckSDRefDom
Running enterprise tests on :xxxdomain Starting test: Intersite
......................... xxxdomain passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQU IRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERV ER_PREFERR ED) call failed, error 135
5
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... icbs.local failed test FsmoCheck
Testing server: Default-First-Site-Name\SE
Starting test: Connectivity
......................... SERVER B passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SE
Starting test: Replications
......................... SERVER Bpassed test Replications
Starting test: Topology
......................... SERVER B passed test Topology
Starting test: CutoffServers
......................... SERVER B passed test CutoffServers
Starting test: NCSecDesc
......................... SERVER B passed test NCSecDesc
Starting test: NetLogons
......................... SERVER B passed test NetLogons
Starting test: Advertising
Fatal Error:DsGetDcName (SERVER B) call failed, error 1355
The Locator could not find the server.
......................... SERVER B failed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER B passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER B passed test RidManager
Starting test: MachineAccount
......................... SERVER B passed test MachineAccount
Starting test: Services
......................... SERVER B passed test Services
Starting test: OutboundSecureChannels
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... SERVER B passed test OutboundSecureChan
nels
Starting test: ObjectsReplicated
......................... SERVER B passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVER B passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... SERVER B failed test frsevent
Starting test: kccevent
......................... SERVER B passed test kccevent
Starting test: systemlog
......................... SERVER B passed test systemlog
Starting test: VerifyReplicas
......................... SERVER B passed test VerifyReplicas
Starting test: VerifyReferences
......................... SERVER B passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... SERVER B passed test VerifyEnterpriseRe
ferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : xxxdomain
Starting test: CrossRefValidation
......................... xxxdomain passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... xxxdomain passed test CheckSDRefDom
Running enterprise tests on :xxxdomain Starting test: Intersite
......................... xxxdomain passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQU
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERV
5
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... icbs.local failed test FsmoCheck
ASKER
I need this resolved soon PLEASE. I only have a few hours left before clients come in. With this still being a problem, no one will be able to access files.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I appreciate this. I will try this within the next 1/2hr.
I appreciate everyone's input with regards to this! Please keep fingers crossed
I appreciate everyone's input with regards to this! Please keep fingers crossed
Post ipconfig /all of both the dc's w/o editing it.
dcdiag /v /c /d /e >>c:\dcpromo.log
Attach the above report,instead of posting inline.
dcdiag /v /c /d /e >>c:\dcpromo.log
Attach the above report,instead of posting inline.
ASKER
Question - Server A has the good sysvol and netlogon share. IF I can get that server (A) up and running FIRST - we can then concentrate on Server B (w/FSMO) and replicating to it.
Just a thought - might be easier. Any input?
Just a thought - might be easier. Any input?
Server A is tats your DC is also not working or its just a replication problem.
How many dc you have & whats the issue with the second DC.
How many dc you have & whats the issue with the second DC.
ASKER
I have two DC's, A and B. A is not stable, hence the FSMO roles transferred to B. But no one checked if A and B were replicating. When I forced replication Thursday night (the last night I slept...lol) the replication was successful to Server B but not vice versa. Server A started getting the error message "Naming information cannot be located because the specified domain either does not exist or could not be contacted". Within 5 or so minutes, Server B received the same error message.
Use the static domain admin account, wen i say static means password sud nvr been changed or not going to expire & reset the secure channel on both the dc's.
netdom resetpwd /server:server2 /userd:mydomain\administra tor /passwordd:*
http://support.microsoft.com/kb/260575
netdom resetpwd /server:server2 /userd:mydomain\administra
http://support.microsoft.com/kb/260575
ASKER
The password is good on both. How do I reset the secure channel on both dc's?
Use the below cmd
netdom resetpwd /server:server2 /userd:mydomain\administra tor /passwordd:*
http://support.microsoft.com/kb/260575
netdom resetpwd /server:server2 /userd:mydomain\administra
http://support.microsoft.com/kb/260575
ASKER
FYI - I am working remotely on the servers, hence my many questions. I will be physically in front of the servers later this afternoon. What I am doing right now is trying to resolve the issue remotely. I appreciate everyone's help
Thats ok, i'm also helping you from India which is late night over here,so if your issue get resolved, well n gud n i can sleep..:)
ok, m leaving, send me the report, i'll analyse & let me knw the results.
If your DNS server is working properly then when you do the nslookup command you should not get any errors. it is possible that your DC is attempting to contact the other DC for naming and schema information via its name and it is unable to do so because when you forced replication you moved that information away from one DC to the next requiring the main DC to use DNS which may be functioning for the rest of the people who are connected but does not work for your other server because there is no pointer to the other server in the forward look up zone?
So once again could you please ensure that your forward and reverse zones are setup correctly, clear cash, flush DNS and then re-perform an nslookup to verify that your DNS server is functioning correctly?
So once again could you please ensure that your forward and reverse zones are setup correctly, clear cash, flush DNS and then re-perform an nslookup to verify that your DNS server is functioning correctly?
ASKER
I will check DNS once again, thank you very much for your detailed explanation.
Any particular test I should be running to ensure DNS is good?
Any particular test I should be running to ensure DNS is good?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
FYI - I am about an hour away from the office. Once there, I will proceed with above tests and advise accordingly.
Thank you!
Thank you!
ASKER
Just wanted to post results prior to utilizing linkd.exe (if necessary):
Server B only has
\SYSVOL
\SYSVOL\domain
\SYSVOL\staging\domain
\SYSVOL\staging areas
\SYSVOL\sysvol
(no \policies or \dcrpts)
Server A has :
\SYSVOL
\SYSVOL\domain
\SYSVOL\staging\domain
\SYSVOL\staging areas
\SYSVOL\domain\Ntfrs_Preex isting_See Eventlog\Policies
\SYSVOL\domain\scripts
\SYSVOL\SYSVOL\xxx.domain\ Ntfrs_Pree xisting_Se e Eventlog
Server B only has
\SYSVOL
\SYSVOL\domain
\SYSVOL\staging\domain
\SYSVOL\staging areas
\SYSVOL\sysvol
(no \policies or \dcrpts)
Server A has :
\SYSVOL
\SYSVOL\domain
\SYSVOL\staging\domain
\SYSVOL\staging areas
\SYSVOL\domain\Ntfrs_Preex
\SYSVOL\domain\scripts
\SYSVOL\SYSVOL\xxx.domain\
ASKER
Do I proceed with linkd.exe?
ASKER
Stopped NTFRS on bother servers
ASKER
NSLOOKUP
*** UnKnown can't find 10.1.xxx.xxx: Non-existent domain
> set q=MX
> xxx.local
Server: UnKnown
Address: 10.1.xxx.xxx
xxx.local
primary name server = SERVER B.xxx.local
responsible mail addr = hostmaster
serial = 2226
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
*** UnKnown can't find 10.1.xxx.xxx: Non-existent domain
> set q=MX
> xxx.local
Server: UnKnown
Address: 10.1.xxx.xxx
xxx.local
primary name server = SERVER B.xxx.local
responsible mail addr = hostmaster
serial = 2226
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
ASKER
On Server A (with apparent complete SYSVOL) - can I just take the files out of this NTFS_Preexisting folder and put them where they belong, thus deleting this extra folder?
Ok..
On the Server A,
Please backup only the Policies & Scripts folder from c:\windows\sysvol\domain (don't backup the entire sysvol structure) as i believe that you have the most updated Policies & script on this server.
After backing up stop the NTFRS Services on both the servers
and only restart the NTFRS on Server A
once the service is started just check for the shares via command prompt, use net share command and you should see Netlogon & Sysvol shares
&
You should also check the event viewer and check the file replication service log & you should get a series of event ID like 13508 & 13509 & if everything is good on the server A, then you should Get Event ID 13516 (stating that the NTFRS service no longer stopping the server from becoming DC)
and if you do not get the event ID 13516 then run the linkd command to check the junction points.
On the Server A,
Please backup only the Policies & Scripts folder from c:\windows\sysvol\domain (don't backup the entire sysvol structure) as i believe that you have the most updated Policies & script on this server.
After backing up stop the NTFRS Services on both the servers
and only restart the NTFRS on Server A
once the service is started just check for the shares via command prompt, use net share command and you should see Netlogon & Sysvol shares
&
You should also check the event viewer and check the file replication service log & you should get a series of event ID like 13508 & 13509 & if everything is good on the server A, then you should Get Event ID 13516 (stating that the NTFRS service no longer stopping the server from becoming DC)
and if you do not get the event ID 13516 then run the linkd command to check the junction points.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you, I will begin this within 20 min and advise accordingly
ASKER
FYI- waiting for a previously scheduled backup to finish
ASKER
Netlogon and Sysvol do not show shared on Server A.
Ok
that means we need to fix the Sysvol on Server A
If the sysvol is not shared on both the server then non of the servers right now advertising itself as domain controller because servers only advertise themselves as DC when the sysvol & netlogon shares are shared.
so first tell me if you are able to Ping the Guids for the servers or not
I am online right now & will remain online for couple of hours.
Thanks
that means we need to fix the Sysvol on Server A
If the sysvol is not shared on both the server then non of the servers right now advertising itself as domain controller because servers only advertise themselves as DC when the sysvol & netlogon shares are shared.
so first tell me if you are able to Ping the Guids for the servers or not
I am online right now & will remain online for couple of hours.
Thanks
ASKER
I truly appreciate your help!
How do I ping the GUIDS?
How do I ping the GUIDS?
ASKER
Servers can ping each other and their own respective IP addresses
To ping the Guids just copy the domain controller Guds from the _msdcs.xxx.local resource record or from the dssite.msc->site name-> server name -> ntds connections -> properties tab
then on the command prompt type ping <GUID>
E.g. ping c715ce71-f545-413d-bceb-52
ASKER
yes, I am able to ping the GUIDS from each respective server
ok. that's good news
Now lets try and concentrate on fixing the Sysvol on ServerA first. as we need to fix this server before fixing the ServerB
Take the backup of Policies & scripts on Server A from the Location C:\windows\sysvol\domain
(You can just copy these 2 folders on your desktop to take backup, you don't have to take the entire system state from NT backup.
Now delete everything inside folder c:\windows\sysvol\Sysvol\x xx.local\
Once deleted
re-copy the Policies & Script folder from your desktop
Run the Linkd.exe Command that i have stated earlier.
and paste the output in your comments.
Thanks
Now lets try and concentrate on fixing the Sysvol on ServerA first. as we need to fix this server before fixing the ServerB
Take the backup of Policies & scripts on Server A from the Location C:\windows\sysvol\domain
(You can just copy these 2 folders on your desktop to take backup, you don't have to take the entire system state from NT backup.
Now delete everything inside folder c:\windows\sysvol\Sysvol\x
Once deleted
re-copy the Policies & Script folder from your desktop
Run the Linkd.exe Command that i have stated earlier.
and paste the output in your comments.
Thanks
ASKER
Windows cannot find Linkd.exe
ASKER
Downloading onto server now....
you need to download & install windows 2003 resource kit
Its one of the tools from the resource kit
Its one of the tools from the resource kit
ASKER
C:\Program Files\Support Tools>linkd %systemroot%\sysvol\sysvol \xxx.local
Source C:\WINDOWS\sysvol\sysvol\x xx.local is linked to
C:\WINDOWS\SYSVOL\domain
C:\Program Files\Support Tools>linkd %systemroot%\sysvol\Stagin g Areas\xxx.local
Cannot create a link at: C:\WINDOWS\sysvol\Staging
C:\Program Files\Support Tools>linkd %systemroot%\sysvol\stagin g areas\xxx.local
Cannot create a link at: C:\WINDOWS\sysvol\staging
Source C:\WINDOWS\sysvol\sysvol\x
C:\WINDOWS\SYSVOL\domain
C:\Program Files\Support Tools>linkd %systemroot%\sysvol\Stagin
Cannot create a link at: C:\WINDOWS\sysvol\Staging
C:\Program Files\Support Tools>linkd %systemroot%\sysvol\stagin
Cannot create a link at: C:\WINDOWS\sysvol\staging
in the Second Command you need to use the " " as there is a space in between Staging Areas and command prompt does not except spaces
so please use the exact command stated below
linkd "%systemroot%\sysvol\Stagi ng Areas\xxx.local"
Thanks
so please use the exact command stated below
linkd "%systemroot%\sysvol\Stagi
Thanks
ASKER
Done! So far so good....
I truly appreciate your time and help on this!
I truly appreciate your time and help on this!
ASKER
C:\Program Files\Support Tools>linkd "%systemroot%\sysvol\stagi ng areas\xxx.local"
Source C:\WINDOWS\sysvol\staging areas\xxx.local is linked to
C:\WINDOWS\SYSVOL\staging\ domainM
Source C:\WINDOWS\sysvol\staging areas\xxx.local is linked to
C:\WINDOWS\SYSVOL\staging\
can we have the output of the last command you ran
as it should not contain the Special characters like 1, ` * !]
thanks
and after this we need to authoritatively restore the Sysvol
as it should not contain the Special characters like 1, ` * !]
thanks
and after this we need to authoritatively restore the Sysvol
ASKER
Just pasted it
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
C:\Program Files\Support Tools>linkd "%systemroot%\sysvol\stagi ng areas\xxx.local" /d
The delete operation succeeded.
C:\Program Files\Support Tools>linkd "%systemroot%\sysvol\stagi ng areas\xxx.local" "%systemroot%\sysvol\stagi ng\domain"
Link created at: C:\WINDOWS\sysvol\staging areas\xxx.local
C:\Program Files\Support Tools>linkd %systemroot%\sysvol\sysvol \xxx.local
Source C:\WINDOWS\sysvol\sysvol\x xx.local is linked to C:\WINDOWS\SYSVOL\domain
C:\Program Files\Support Tools>linkd "%systemroot%\sysvol\stagi ng areas\xxx.local"
Source C:\WINDOWS\sysvol\staging areas\xxx.local is linked to C:\WINDOWS\sysvol\staging\ domain
The delete operation succeeded.
C:\Program Files\Support Tools>linkd "%systemroot%\sysvol\stagi
Link created at: C:\WINDOWS\sysvol\staging areas\xxx.local
C:\Program Files\Support Tools>linkd %systemroot%\sysvol\sysvol
Source C:\WINDOWS\sysvol\sysvol\x
C:\Program Files\Support Tools>linkd "%systemroot%\sysvol\stagi
Source C:\WINDOWS\sysvol\staging areas\xxx.local is linked to C:\WINDOWS\sysvol\staging\
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
HKLM\system\CurrentControl Set\servic es\ntfrs\P arameters\ cumulative replica set\guid....
only 1 GUID but no Replica set Name
Only "default", "burflags", "number of partners"
only 1 GUID but no Replica set Name
Only "default", "burflags", "number of partners"
ASKER
Disregard...found it under replica stes....
ASKER
C:\Program Files\Support Tools>dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SE RVER A
Starting test: Connectivity
......................... SERVER A passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SE RVER A
Starting test: Replications
......................... SERVER A passed test Replications
Starting test: NCSecDesc
......................... SERVER A
passed test NCSecDesc
Starting test: NetLogons
......................... SERVER A
1 passed test NetLogons
Starting test: Advertising
......................... SERVER A
passed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER A
passed test KnowsOfRoleHolders
Starting test: RidManager
.........................S ERVER A
passed test RidManager
Starting test: MachineAccount
......................... SERVER A
passed test MachineAccount
Starting test: Services
......................... SERVER A
passed test Services
Starting test: ObjectsReplicated
......................... SERVER A
passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVER A
passed test frssysvol
Starting test: frsevent
.........................S ERVER A
passed test frsevent
Starting test: kccevent
......................... SERVER A
passed test kccevent
Starting test: systemlog
......................... SERVER A
passed test systemlog
Starting test: VerifyReferences
......................... SERVER A
passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on :xxx
Starting test: CrossRefValidation
......................... xxx passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... xxx passed test CheckSDRefDom
Running enterprise tests on : xxx.local
Starting test: Intersite
......................... xxx.local passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
......................... xxx.local failed test FsmoCheck
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SE
Starting test: Connectivity
......................... SERVER A passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SE
Starting test: Replications
......................... SERVER A passed test Replications
Starting test: NCSecDesc
......................... SERVER A
passed test NCSecDesc
Starting test: NetLogons
......................... SERVER A
1 passed test NetLogons
Starting test: Advertising
......................... SERVER A
passed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER A
passed test KnowsOfRoleHolders
Starting test: RidManager
.........................S
passed test RidManager
Starting test: MachineAccount
......................... SERVER A
passed test MachineAccount
Starting test: Services
......................... SERVER A
passed test Services
Starting test: ObjectsReplicated
......................... SERVER A
passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVER A
passed test frssysvol
Starting test: frsevent
.........................S
passed test frsevent
Starting test: kccevent
......................... SERVER A
passed test kccevent
Starting test: systemlog
......................... SERVER A
passed test systemlog
Starting test: VerifyReferences
......................... SERVER A
passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on :xxx
Starting test: CrossRefValidation
......................... xxx passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... xxx passed test CheckSDRefDom
Running enterprise tests on : xxx.local
Starting test: Intersite
......................... xxx.local passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
......................... xxx.local failed test FsmoCheck
This looks good..
It just says that it cannot contact PDC as we still have a problem with that server
my advise to you right now seize the FSMO roles to ServerA
http://support.microsoft.com/kb/255504 this way you will have 1 working DC
once you got all the roles on server A and rerun dcdiag without the /v switch
once all the test pass we will troubleshoot server B
It just says that it cannot contact PDC as we still have a problem with that server
my advise to you right now seize the FSMO roles to ServerA
http://support.microsoft.com/kb/255504 this way you will have 1 working DC
once you got all the roles on server A and rerun dcdiag without the /v switch
once all the test pass we will troubleshoot server B
Also can you tell me if both the servers are located in the same AD site of in different sites
Thanks
Thanks
ASKER
Server A is VERY unstable, low on memory and disk space. My concern is that it will go down before we even get Server B up and running.
Also, if we "seize" the roles back from Server B, can we "seize" them back to Server B afterwards? Or should we transfer the roles?
Again, I am so relieved we have gotten this far and appreciate your help.
Also, if we "seize" the roles back from Server B, can we "seize" them back to Server B afterwards? Or should we transfer the roles?
Again, I am so relieved we have gotten this far and appreciate your help.
ASKER
Both servers located in same AD.
NTFRS started in Server A. Should I start it in Server B as well?
NTFRS started in Server A. Should I start it in Server B as well?
I understand the situation
Yes we can seize the roles back to serverB later on.. and if you closely look at the process.. the seize command first attempts to gracefully transfer the roles from the owner if it fails then only it seizes
using the seize command not only get the roles but also save the time.
Regarding NTFRS on serverB (keep it in stop state for now)
ASKER
Ok, if you have time, I will begin the FSMO transfer right now
If everything Goes well we will be able to resolve all the 3 questions you have posted
1 in this thread
2) https://www.experts-exchange.com/questions/26733935/Naming-information-can-not-be-located-because-the-specified-domain-either-does-not-exist-or-could-not-be-contacted.html
3) https://www.experts-exchange.com/questions/26735064/Server-2003-Standard-not-replicating-no-SYSVOL-share.html
1 in this thread
2) https://www.experts-exchange.com/questions/26733935/Naming-information-can-not-be-located-because-the-specified-domain-either-does-not-exist-or-could-not-be-contacted.html
3) https://www.experts-exchange.com/questions/26735064/Server-2003-Standard-not-replicating-no-SYSVOL-share.html
ASKER
Hopefully. At the time I was looking for a needle in a haystack and thought everything was unrelated.
I will close the other questions and reference this link. I am sure I am not the only one to have gone through this issue and others might be seeking the valued help I have received.
Once the FSMO roles are transferred, I will advise accordingly.
I will close the other questions and reference this link. I am sure I am not the only one to have gone through this issue and others might be seeking the valued help I have received.
Once the FSMO roles are transferred, I will advise accordingly.
ok..
let do it
open command prompt on serverA
<type> ntdsutil < press enter>
<type> roles <press enter>
<type> connections <press enter>
<type> connect to server localhost <press enter>
<type> q <enter>
<type> seize PDC <enter> you will get a prompt select yes
once the role is seized
<type> seize schema master <press enter>
then seize domain naming master <press enter>
<after this> seize infrastructure master <press enter>
<now> seize rid master <press enter>
once all the 5 roles are seized press q twice to exit ntdsutil to check the fsmo role owner on server A type netdom query FSMO
also run netdom query dc and paste the results
let do it
open command prompt on serverA
<type> ntdsutil < press enter>
<type> roles <press enter>
<type> connections <press enter>
<type> connect to server localhost <press enter>
<type> q <enter>
<type> seize PDC <enter> you will get a prompt select yes
once the role is seized
<type> seize schema master <press enter>
then seize domain naming master <press enter>
<after this> seize infrastructure master <press enter>
<now> seize rid master <press enter>
once all the 5 roles are seized press q twice to exit ntdsutil to check the fsmo role owner on server A type netdom query FSMO
also run netdom query dc and paste the results
Hi
I would require the output of netdom query dc from both the servers
I would require the output of netdom query dc from both the servers
ASKER
C:\Program Files\Support Tools>netdom query FSMO
Schema owner Server A.xxx.local
Domain role owner Server A.xxx.local
PDC role Server A.xxx.local
RID pool manager Server A.xxx.local
Infrastructure owner Server A.xxx.local
The command completed successfully.
C:\Program Files\Support Tools>netdom query dc
List of domain controllers with accounts in the domain:
Server A
Server B
The command completed successfully.
C:\Program Files\Support Tools>
Schema owner Server A.xxx.local
Domain role owner Server A.xxx.local
PDC role Server A.xxx.local
RID pool manager Server A.xxx.local
Infrastructure owner Server A.xxx.local
The command completed successfully.
C:\Program Files\Support Tools>netdom query dc
List of domain controllers with accounts in the domain:
Server A
Server B
The command completed successfully.
C:\Program Files\Support Tools>
ASKER
netdom query for both servers are identical
great..
now let see if the secure channel is working between the 2 domain controllers is working on not
Sitting on ServerA open run and <type> \\Server B <enter>
Also run this command <type> \\server B.xxx.local <enter>
please let me know if you are able to access the ServerB using the above 2 ways or got an error
if you got an error then paste it in your comments
now let see if the secure channel is working between the 2 domain controllers is working on not
Sitting on ServerA open run and <type> \\Server B <enter>
Also run this command <type> \\server B.xxx.local <enter>
please let me know if you are able to access the ServerB using the above 2 ways or got an error
if you got an error then paste it in your comments
ASKER
Yes, am able to access Server B using the above commands!!!
ok.. now repeat the same on server B
Sitting on ServerB open run and <type> \\Server A <enter>
Also run this command <type> \\server A.xxx.local <enter>
and let me know the results
Sitting on ServerB open run and <type> \\Server A <enter>
Also run this command <type> \\server A.xxx.local <enter>
and let me know the results
ASKER
Yes, am able to access Server A from Server B using the above commands
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Should I start NTFRS on Server B and disregard for now and proceed as instructed?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This is how it all began back on Thursday...
ASKER
I'll need to downlaod the resource tools to Server B as well....
Give me a few minutes please. I have not replicated as of yet nor have I started NTFRS on Server B...
Give me a few minutes please. I have not replicated as of yet nor have I started NTFRS on Server B...
ok..
I'll be back in 5 mins.
Thanks
I'll be back in 5 mins.
Thanks
i am back
ASKER
Performed linkd commands described above on Server B - no errors. All good
ASKER
C:\Program Files\Windows Resource Kits\Tools>linkd %systemroot%\sysvol\sysvol
xxx.local
Source C:\WINDOWS\sysvol\sysvol\x xx.local is linked to
C:\WINDOWS\SYSVOL\domain
C:\Program Files\Windows Resource Kits\Tools>linkd "%systemroot%\sysvol\stagi ng
areas\ixxx.local"
Source C:\WINDOWS\sysvol\staging areas\xxx.local is linked to
C:\WINDOWS\SYSVOL\staging\ domain
C:\Program Files\Windows Resource Kits\Tools>
xxx.local
Source C:\WINDOWS\sysvol\sysvol\x
C:\WINDOWS\SYSVOL\domain
C:\Program Files\Windows Resource Kits\Tools>linkd "%systemroot%\sysvol\stagi
areas\ixxx.local"
Source C:\WINDOWS\sysvol\staging areas\xxx.local is linked to
C:\WINDOWS\SYSVOL\staging\
C:\Program Files\Windows Resource Kits\Tools>
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I am performing this on Server B, correct?
Yes
ASKER
And this is BEFORE I perform the replication steps from above?
Making sure, my apologies for asking so much. This has been a nightmare and thanks to you I can breathe a bit easier now
Making sure, my apologies for asking so much. This has been a nightmare and thanks to you I can breathe a bit easier now
perform AD replication first and then do this for the sysvol
as FRS service depends on AD replication to work correctly
If you perform this without checking AD replication you might end up doing this step again
as FRS service depends on AD replication to work correctly
If you perform this without checking AD replication you might end up doing this step again
ASKER
dssite.msc snapin go to the default first site -> serverA -> ntds settings on the right hand panel right click automatically generated connection object & try replication
Do same on Server B
Then go to regedit and perform steps above, correct?
Again, want to make sure I get this right.
Thank you
Do same on Server B
Then go to regedit and perform steps above, correct?
Again, want to make sure I get this right.
Thank you
yes.. but make sure AD replication is successful & then do the regedt & perform the steps
Thanks
Thanks
ASKER
Starting NTFRS is at the end, once all goes well?
yes...
ASKER
FYI - there is no Netlogon or SYSVOL shares on Server B
thats why we are changing the BurFlag value to D2 on server B so that the Polices & scripts folder gets replicated from Server A (working server)
ASKER
All ok except for Netlog Share not visible on server B
ASKER
I did not change the burflag value to D2
ASKER
Just changed it to D2
check for file replication event viewer on server B
you should expect event ID 13508, 13509 & after some time 13516 (all ok event)
or you can just type sysvol in the run prompt and go to sysvol\xxx.local\ and check if policies & scrip folder is appearing or not
if everything was done right you should see the netlogon & sysvol folder when you do net share
you should expect event ID 13508, 13509 & after some time 13516 (all ok event)
or you can just type sysvol in the run prompt and go to sysvol\xxx.local\ and check if policies & scrip folder is appearing or not
if everything was done right you should see the netlogon & sysvol folder when you do net share
BurFlag value should always be changed when the file replication is in stopped state.
Burflag registry key decide the behavior of the FRS service at startup
D2- mean non authoritative start pull replication from Authoritative member
D4- sets the Server as the authoritative server
ASKER
I did not change it while i stopped state.
Now I'm hyperventilating again... yikes
I see 13516 on Server B as well as seeing policies and script folders
The only thing wrong (other than me changing value while not stopping ntfrs) is the netlogon share not showing on Server B
Now I'm hyperventilating again... yikes
I see 13516 on Server B as well as seeing policies and script folders
The only thing wrong (other than me changing value while not stopping ntfrs) is the netlogon share not showing on Server B
ok no issues lets fix the netlogon share as well
re-run the following commands on serverB
linkd "%systemroot%\sysvol\sysvo l\xxx.loca l"
linkd "%systemroot%\sysvol\Stagi ng Areas\xxx.local"
and paste the results
re-run the following commands on serverB
linkd "%systemroot%\sysvol\sysvo
linkd "%systemroot%\sysvol\Stagi
and paste the results
ASKER
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator.xxx >linkd %systemroot%\sysvol\sysvol \xxx.local
Source C:\WINDOWS\sysvol\sysvol\x xx.local is linked to
C:\WINDOWS\SYSVOL\domain
C:\Documents and Settings\Administrator.xxx >linkd "%systemroot%\sysvol\stagi ng
areas\xxx.local"
Source C:\WINDOWS\sysvol\staging areas\xxx.local is linked to
C:\WINDOWS\SYSVOL\staging\ domain
C:\Documents and Settings\Administrator.xxx >
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator.xxx
Source C:\WINDOWS\sysvol\sysvol\x
C:\WINDOWS\SYSVOL\domain
C:\Documents and Settings\Administrator.xxx
areas\xxx.local"
Source C:\WINDOWS\sysvol\staging areas\xxx.local is linked to
C:\WINDOWS\SYSVOL\staging\
C:\Documents and Settings\Administrator.xxx
ok..
can you just stop & start the ntfrs service again & also paste the dcdiag (do not use the /v switch>
can you just stop & start the ntfrs service again & also paste the dcdiag (do not use the /v switch>
ASKER
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\Se rver B
Starting test: Connectivity
......................... Server B passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\ Server B
Starting test: Replications
......................... Server B passed test Replications
Starting test: NCSecDesc
......................... Server B passed test NCSecDesc
Starting test: NetLogons
......................... Server B passed test NetLogons
Starting test: Advertising
Warning: DsGetDcName returned information for \\server b.xxx.loal, when we were trying to reach ISLANDBILLING2.
Server is not responding or is not considered suitable.
......................... Server B failed test Advertising
Starting test: KnowsOfRoleHolders
......................... Server B passed test KnowsOfRoleHolder
Starting test: RidManager
......................... Server B passed test RidManager
Starting test: MachineAccount
......................... Server B passed test MachineAccount
Starting test: Services
......................... Server B passed test Services
Starting test: ObjectsReplicated
......................... Server B passed test ObjectsReplicated
Starting test: frssysvol
......................... Server B passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... Server B failed test frsevent
Starting test: kccevent
......................... Server B passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x0000164A
Time Generated: 01/16/2011 00:56:57
Event String: The Netlogon service could not create server
......................... Server B failed test systemlog
Starting test: VerifyReferences
......................... Server B passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidatio
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidatio
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : xxx
Starting test: CrossRefValidation
......................... xxx passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... xxx passed test CheckSDRefDom
Running enterprise tests on : xxx.local
Starting test: Intersite
......................... xxxx.local passed test Intersite
Starting test: FsmoCheck
.........................x xx.local passed test FsmoCheck
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\Se
Starting test: Connectivity
......................... Server B passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\ Server B
Starting test: Replications
......................... Server B passed test Replications
Starting test: NCSecDesc
......................... Server B passed test NCSecDesc
Starting test: NetLogons
......................... Server B passed test NetLogons
Starting test: Advertising
Warning: DsGetDcName returned information for \\server b.xxx.loal, when we were trying to reach ISLANDBILLING2.
Server is not responding or is not considered suitable.
......................... Server B failed test Advertising
Starting test: KnowsOfRoleHolders
......................... Server B passed test KnowsOfRoleHolder
Starting test: RidManager
......................... Server B passed test RidManager
Starting test: MachineAccount
......................... Server B passed test MachineAccount
Starting test: Services
......................... Server B passed test Services
Starting test: ObjectsReplicated
......................... Server B passed test ObjectsReplicated
Starting test: frssysvol
......................... Server B passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... Server B failed test frsevent
Starting test: kccevent
......................... Server B passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x0000164A
Time Generated: 01/16/2011 00:56:57
Event String: The Netlogon service could not create server
......................... Server B failed test systemlog
Starting test: VerifyReferences
......................... Server B passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidatio
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidatio
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : xxx
Starting test: CrossRefValidation
......................... xxx passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... xxx passed test CheckSDRefDom
Running enterprise tests on : xxx.local
Starting test: Intersite
......................... xxxx.local passed test Intersite
Starting test: FsmoCheck
.........................x
ASKER
Netlogon and Sysvol both show on Server B Net Share command
I wanted dcdiag without the /v switch.. anyways
what do you see when you do a net share on the server B.
what do you see when you do a net share on the server B.
ASKER
I see both Sysvol and Netlogon shares in Server B (and A)
so what is not left to be resolved ?
v_2abhis2, gr8 temperment & i apologize to renniscom:, it looks to be lot of work has been done.
Thanks ! Awinish, much appreciated
ASKER
My friend, everything at this moment is resolved! In the morning I will transfer the FSMO roles back to Server B as well as perform some backups.
As stated, I will be closing the other questions out and referencing this one as an answer.
You guys a true gems in this forum. Your input here are what make this forum tops.
I thank you for your assistance, your detailed explanations, your patience and dedication to see this thru.
As stated, I will be closing the other questions out and referencing this one as an answer.
You guys a true gems in this forum. Your input here are what make this forum tops.
I thank you for your assistance, your detailed explanations, your patience and dedication to see this thru.
Hey renniscom,
Thanks for appreciating, I do this because I love what I do..
Thanks
Cheers..
signing off for the day..
Thanks for appreciating, I do this because I love what I do..
Thanks
Cheers..
signing off for the day..
v_2abhis2:definitely need applause & tell you Guy people who are helping,doing w/o any cause or money & your realization towards effort is the only way of saying thank you & in night i tried but it was late night so i went in morning, first thing i did opened the question & saw v_2abhis2: has taken the task & shown gr8 patience to help, m really awed with the extra level of effort given by v_2abhis2:, keep it up.
Being in IT for long can feel when something is down n management on head to get up irrespective of understanding any problem,so that way i felt in night n i tried to help, but late night & tiring day made me sleep after waiting for author comment, but gud to hear issue is resolved..keep it up v_2abhis2.
Being in IT for long can feel when something is down n management on head to get up irrespective of understanding any problem,so that way i felt in night n i tried to help, but late night & tiring day made me sleep after waiting for author comment, but gud to hear issue is resolved..keep it up v_2abhis2.
v_2abhis2:you work for convergys & MS support center, right..:)
ASKER
Amazing Help!!!! THANK YOU v_2abhis2
Hi Awinish,
I used to work for Microsoft EPS @ convergys a year back, Now I am working as a domain specialist at an MNC.
I used to work for Microsoft EPS @ convergys a year back, Now I am working as a domain specialist at an MNC.