Active Directory Domain Services was unable to establish a connection with the global catalog

How many DC's do you have?

2 DC's, 1 just replicates active directory, but thats not working either....it's shutdown at the moment.

- first can you confirm that which server is this ?? was this machine carrying some roles ?? if yes then what ?? and are you sure that other DC was GC ?? -  also do not restore more than 60 days old, because thats a maximum you can go back -

if this lost DC was actual (only) Global Catalog then you have to make sure where were those 5 FSMO roles are residing ??

Both DC's are down.  Can you log on?  If so can you do the following:
Dcdiag /v /f:dcdiag.txt

Thank you both for replying...it is the main server that is down, we have 1 rds server (powered off) also a replicatared server which is also powered off.  Not sure if the other domain controller is a GC.

The server which is down carrys 8 roles:

Active directory
Application server
dhcp
dns
file services
print and document services
webserver
windows deployment services.

Vinchenzo here is what is contained in the output file you asked me to run:

Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   * Verifying that the local machine DAVE, is a Directory Server.
   Home Server = DAVE

   * Connecting to directory service on server DAVE.

   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=ashgrove,DC=int,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ashgrove,DC=int
   Getting ISTG and options for the site
   * Identifying all servers.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=ashgrove,DC=int,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=DAVE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ashgrove,DC=int
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=AGMICROSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ashgrove,DC=int
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.

   * Found 2 DC(s). Testing 1 of them.

   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\DAVE

      Starting test: Connectivity

         * Active Directory LDAP Services Check
         The host 8008278a-aefc-4862-b511-6e9a0c2f4c73._msdcs.ashgrove.int

         could not be resolved to an IP address. Check the DNS server, DHCP,

         server name, etc.

         Got error while checking LDAP and RPC connectivity. Please check your

         firewall settings.

         ......................... DAVE failed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\DAVE

      Skipping all tests, because server DAVE is not responding to directory

      service requests.

      Test omitted by user request: Advertising

      Test omitted by user request: CheckSecurityError

      Test omitted by user request: CutoffServers

      Test omitted by user request: FrsEvent

      Test omitted by user request: DFSREvent

      Test omitted by user request: SysVolCheck

      Test omitted by user request: KccEvent

      Test omitted by user request: KnowsOfRoleHolders

      Test omitted by user request: MachineAccount

      Test omitted by user request: NCSecDesc

      Test omitted by user request: NetLogons

      Test omitted by user request: ObjectsReplicated

      Test omitted by user request: OutboundSecureChannels

      Test omitted by user request: Replications

      Test omitted by user request: RidManager

      Test omitted by user request: Services

      Test omitted by user request: SystemLog

      Test omitted by user request: Topology

      Test omitted by user request: VerifyEnterpriseReferences

      Test omitted by user request: VerifyReferences

      Test omitted by user request: VerifyReplicas

   
      Test omitted by user request: DNS

      Test omitted by user request: DNS

   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : ashgrove

      Starting test: CheckSDRefDom

         ......................... ashgrove passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ashgrove passed test CrossRefValidation

   
   Running enterprise tests on : ashgrove.int

      Test omitted by user request: DNS

      Test omitted by user request: DNS

      Starting test: LocatorCheck

         Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355

         A Global Catalog Server could not be located - All GC's are down.

         PDC Name: \\DAVE.ashgrove.int
         Locator Flags: 0xe00033fd
         Warning: DcGetDcName(TIME_SERVER) call failed, error 1355

         A Time Server could not be located.

         The server holding the PDC role is down.

         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error

         1355

         A Good Time Server could not be located.

         Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355

         A KDC could not be located - All the KDCs are down.

         ......................... ashgrove.int failed test LocatorCheck

      Starting test: Intersite

         Skipping site Default-First-Site-Name, this site is outside the scope

         provided by the command line arguments provided.
         ......................... ashgrove.int passed test Intersite

Thank you both again
David

Can you do a netdom query fsmo?  Also confirm in ADSS the DC is a GC? If not enable it

i think - check in DNS - and see if you have your IP Address and dns entry is proper ?? as it looks its not resolving names to any IP - so looks a DNS issue in first place, confirm and need answer to netdom query fsmo

Just do an nltest /dsregdns.  This will re register all the srv records in dns and put the host record back that is missing.
I need to know if the DC knows who the holders are for fsmo

OK, I ran netdom, result is:

C:\Users\Administrator>netdom query fsmo
The specified domain either does not exist or could not be contacted.

The command failed to complete successfully.

Sorry for being dense, but where do I check in DNS for the IP address and DNS.  also  cound not  find the  option to enable GC in DC .

Open up Sites and Services, expand sites, the DC, and goto the properties of the ntds settings.  make sure Global Catalogue is checked.

Can you open up DNS? Can you browse the zone? Also what's the errors in the DNS event log?

i would rather suggest to check eve if LAN card is working ??? looks IP Address and DNS entry on LAN card is not present even, probably every thing was coming from a DHCP, and DHCP itself might be down as well, better start from a single point,

1. make your list of IP Addresses - as

DC 1 IP = XXX.XXX.XXX.XXX
DC 2 IP = XXX.XXX.XXX.XXX

and other known IP Addresses

and start from LAN card check you have right ip addresses enter on your server, secondly check if that lan card is connected to some switch - so as make sure that lan is up and when you start your computer the services are starting properly

then check your DNS Console - and see if thats giving you right information - if there is no any proper entries you have to manually create them and restart dns service

then check DHCP - if that is started well and see if there are any leases going now ?? - i would suggest to reconcile your leases, but donot remove if there are any reservations defined

after these two steps run the above commands again for netdom query fsmo and other one and give results again  

just gone into ADUC under active directory domain servces and there is no Directory server running, so i attempted to change the the domain controller by entering ashgrove.int (left port out as turned off the firewal). saying pending the unavailable.

DNS looks down.  What error messages is there in dNS event log?
Also do confirm what samsaleem said.  Your ip details are correct.  Dns pointing to itself.

Vinchenzo, when I goto active directory domain services, I click on active directory sites and services and nothing is listed.

I have also included a screen shot of the DNS errors,
samsaleem, just noticed DHCP wasnt running, restarted and got a tick for ip4 and ip6.

I restarted the active directory service, now I have a new error:

Active Directory Domain Services could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory Domain Services from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources.
 
Source domain controller:
 AGMICROSERVER1
Failing DNS host name:
 4a9b875f-46d7-45c4-aa08-702f91d1e891._msdcs.ashgrove.int
 
NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour period, even if more than 10 failures occur.  To log all individual failure events, set the following diagnostics registry value to 1:
 
Registry Path:
HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client
 
User Action:
 
 1) If the source domain controller is no longer functioning or its operating system has been reinstalled with a different computer name or NTDSDSA object GUID, remove the source domain controller's metadata with ntdsutil.exe, using the steps outlined in MSKB article 216498.
 
 2) Confirm that the source domain controller is running Active Directory Domain Services and is accessible on the network by typing "net view \\<source DC name>" or "ping <source DC name>".
 
 3) Verify that the source domain controller is using a valid DNS server for DNS services, and that the source domain controller's host record and CNAME record are correctly registered, using the DNS Enhanced version of DCDIAG.EXE available on http://www.microsoft.com/dns 
 
  dcdiag /test:dns
 
 4) Verify that this destination domain controller is using a valid DNS server for DNS services, by running the DNS Enhanced version of DCDIAG.EXE command on the console of the destination domain controller, as follows:
 
  dcdiag /test:dns
 
 5) For further analysis of DNS error failures see KB 824449:
   http://support.microsoft.com/?kbid=824449
 
Additional Data
Error value:
 11004 The requested name is valid, but no data of the requested type was found.

Event ID : 2087

you don need to do a tick on IP 6 . just get it done on IP 4, now - focus on bringing up your DNS first, and can you confirm that your DNS was running on this machine ?? if yes - do you remember IP Addresses ?? if yes enter them in LAN CARD and point to your local host and restart dns service

Sorry the AGMICROSERVER1 listed is the replicated server which I have powered off, as if the main server is down, all users can do is login and browse the internet.  As all their data is on the main server DAVE
 

Can you browse the dNS zone?  We need to know if DNS is up.

now this situation says something :: (may be i m wrong do correct me)

current machine that you are working is not a master domain controller, its a secondary DC, and it got replicated from the master one, and we need to work on master, reason is, your machines can logon for max of 1 week, after that tokens will be reset and they will need to authenticate again and for that you must have GC running if there is no GC then it wont help you any more, so target it like this,

1. Correct your DNS first, and clear your network paths
2. Correct your DHCP,
3. Work on to recovering GC, if you think and can verify that in absence of your GC new users can be added to AD then switch that machine to GC, but before that - we need to make sure where are those FSMO roles ?? we need to move them to a stable server -

now i would suggest you - when you correct your DNS, and DHCP - locate your GC and start working to recover it, and itdentify FSMO roles and start moving them to another stable server

IP4 wasnt previously running, but is now.  Yes DNS was previoulsy running with the IP address of 10.35.10.195.

The server is a HP ml330 and has 2 network adaptors which are bridged, how do I the brigdge to the local host?

If they are not teamed disable one of them?

You need DNS for AD.  You need AD for DHCP.

Can you browse the DNS zone?

i wud rather get a remote desktop and get some details  - this looks a much cluttered scenario, many things interconnected, and you need work as a string, catch one point and workout your path - you already got starting point

We must have done something wrong, Our original server DAVE has been running for around 18months and we brought the AGMICROSERVER1 online about 1 month ago.  As we were told we needed replication.  How can I make DAVE the master domain controller again, will this resolve our issues, or at least go towards resolving them?

Vinchenzo, DNS appears to be up and running..

samsaleem, we cant really move the rolses to another server, as our other AGMICROSERVER1 , is  a HP MICROSERVER with a 250gb hd and only 1gb ram.

David

what is the result of query :: netdom query fsmo

On DAVE.
Make sure IP address is correct and DNS is pointing to itself.
can DAVE resolve itself in DNS?
run nltest /dsregdns
Open ADUC

see if you were told that you needed second server for the purpose of replication, then may be your old server is still keeping some roles, if it is gracefully demoted then you cant switch back or if OS on old is different that new, then we can face some issues, else, in a scenario of Replication was enabled, may be old machine was GC - we need to confirm that part - also i can see that your old server DAVE is still working as a DC, and there is surely some roles running on that, and if you were explicitly told to shutdown old one, then keep it shut down, and if you were not better bring that machine online and see if you can get connected to that one - and then on DAVE check sites and services if you can see that out there and check which one is schema master

why these questions are being asked >>> 

i want to make sure that there is some Global Catalog existing in current scenario, even if new machine was clicked to be GC and replication was not done, still we can manually tell this machine to become GC, now importantly we need to verify all roles are on new server before doing any thing further, - or where ever they are existing .. that machine should be identified and bring online

if we fail to locate any GC and/or location of FSMO roles and schema master - then we need to work from scratch :( and thats the worst situation -

Vinchenzo, im not sure what you mean by browsing the dns zone sorry.

I have deleted the network bridge nd restarted dns.

samsaleem you are more than welcome the rd into the server, I cant tell how much I appreciate you both helping me on this.

David

Further to this ::::

see if you are trying to go back  by recovering to an older date on one server while the second is running will never help as the version stamp from other DC will always overwrite restored DC, so if you want to do something like that you better take off all DCs and then do recovery - and then in that case you will loose most of changes during that time - and then you need to redo all the work of publishing new server and then move forward :)

http://www.ammyy.com/en/

run this sw and tell me the ID and give me control

Can you open DNS, do you see the zone? Can you see the host records?

Vinchenzo, yes can pen DNS and there are zones listed.

samsaleem: 3 491 474

For some reason, the active directory, sites and services and active directory users and computers are now running, dont think its working correctly though

you dont seem to be connected, did you pressed that START button ??

do a dcdiag /v /f:dcdiag.txt and attach the file

Although it AD is now running, users still cannot login

yoru dns was not working fine due to ur IP address that was issued by DHCP, so once they are fine, and on cycle update things will start falling back to proper place but needs to propagate

ammyy now running

We now need to know if it knows who the fsmo holders are.  Do the dcdiag?

run ipconfig /renew - i forgot to tell u before

check hosts file if something added accidentally
under c:\windows\system32\drivers\etc\hosts (open with notepad)

you can try to move fsmo roles by seizing with ntdsutil command onto a dc that hasn't been restored.
http://www.petri.co.il/seizing_fsmo_roles.htm
if it works then install a new dc, before that be sure you get a proper answer from "netdom query fsmo"  command.

samsaleem, thank you so much for the time you spent on this....so good to meet people like yourself in the world.

David