Solved

Cannot open or access Active Directory in windows server 2003

Posted on 2004-09-08
10
2,756 Views
Last Modified: 2008-05-30
hello guys I really need help..

I'm using only 1 Windows 2003 server for active directory and DNS server.
I can't access Active Directory and can't open Active Directory related MMC.

the error was :
"Naming Information cannot be located because:
The Server is not operational.

If you are trying to connect to a domain controller running Windows 2000, verify that Windows 2000 Server Service
pack 3 or later is installed on the domain controller, or use the Windows 200 administration toos.
For more information about connecting to domain conrollers running Windows 2000, see Help and
Support."


Application event generates an error event ID: 1006, 1030 and  DNS server generates an error of event id: 4000, 4011, 3000.

when i use NTDSUTIL I got an error :
ldap_bind_sW failed with 0x51(81 (Server Down).


DCDIAG results :

[observer] LDAP search failed with error 55,
The specified network resource or device is no longer available..


netdiag result :

....................................

    Computer Name: OBSERVER
    DNS Host Name: observer.tanbros.net
    System info : Windows 2000 Server (Build 3790)
    Processor : x86 Family 6 Model 4 Stepping 2, AuthenticAMD
    List of installed hotfixes :
        KB819696
        KB823182
        KB823353
        KB823559
        KB824105
        KB824141
        KB825119
        KB828035
        KB828741
        KB835732
        KB837001
        KB837272
        KB839643
        KB839643-DirectX9
        KB839645
        KB840315
        KB840374
        KB867460
        KB867801
        Q147222
        Q828026


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection 2

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : observer
        IP Address . . . . . . . . : 192.168.0.100
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.0.100
        Dns Servers. . . . . . . . :192.168.0.100

        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
            No remote names have been found.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{96804752-74FA-4CF2-AECF-D6C0086B233C}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '127.0.0.1' a
nd other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{96804752-74FA-4CF2-AECF-D6C0086B233C}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{96804752-74FA-4CF2-AECF-D6C0086B233C}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
    [FATAL] Cannot do un-authenticated ldap_search to 'observer.tanbros.net': Un
available.
    [WARNING] Failed to query SPN registration on DC 'observer.tanbros.net'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped





0
Comment
Question by:shadowcopy
  • 3
  • 3
  • 2
  • +1
10 Comments
 
LVL 10

Expert Comment

by:jayca
ID: 12012846
What is the last change that was done on the server?
0
 
LVL 10

Expert Comment

by:jayca
ID: 12012854
0
 
LVL 10

Expert Comment

by:jayca
ID: 12012860
To resolve these errors, perform the following steps:

From the Control Panel, open the Network Connections applet, select the network adapter from the list, right-click the network adapter, and select Properties.
From the General tab, select Internet Protocol (TCP/IP), then click Properties.
Click the Advanced button.
Select the Options tab.
Select "TCP/IP filtering", then click Properties.
For "TCP Ports", select "Permit All."
Click OK to close all dialog boxes.
Restart the computer for the changes to take effect.

Per:http://www.winnetmag.com/Article/ArticleID/27455/27455.html
0
 
LVL 83

Accepted Solution

by:
oBdA earned 50 total points
ID: 12013977
Did you run dcdiag from another machine? The output says it's a W2k OS, you say your DC is running W2k3.
Anyway, your problem is here:
DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '127.0.0.1' and other DCs also have some of the names registered.

Your DNS server needs to point to its actual IP address, NOT 127.0.0.1.

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036
0
 
LVL 3

Assisted Solution

by:iwontleaveyou
iwontleaveyou earned 50 total points
ID: 12014995
It seems that your DNS service has got some problem If this is the case then you have two options.

1) Reinstall the server then AD and DNS.

2) Install DNS on other PC create a ZONE with your domain name.
Start your DC it should now open Active directory's mmc then demote it  and uninstall DNS from your DC then remove your newly installed DNS server and RUN the active directory wizard again and install DNS from this wizard only.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:shadowcopy
ID: 12022239
@jayca : the last thing I did in my server is that a couple of week ago, I installed and evaluated the Kerio Winroute Firewall 6 on the same server (since I only have 1 server)  but I already uninstalled it a week ago. Things doin fine when I installed and  I disabled the builtin dns services and vpn of the Kerio knowing that the dns services will have a conflict with the DNS server. I uninstalled it a week ago, and I found no problem. Only lately I discover this problem. Yes, I already read the knowledge base and article before I posted my problem and doesn't help.

@oBdA: no, this is the only server (win2k3 server). yes, i read the FAQs and it seems that's the cause of the problem.. got to check it first.

@iwontleaveyou:If i demote my server, that means I will lost all the users passwords co'z I can only export the username and ou's except the password?
0
 
LVL 3

Expert Comment

by:iwontleaveyou
ID: 12023828
Ok Got ur Problem. Well U can Try The Following:

Install DNS on other PC create a ZONE with your domain name.
Start your DC it should now open Active directory's mmc
If this brings the Active directory UP
Then uninstall DNS from your DC and then Reinstall DNS service then create the active directory integrated zone on the dns on domain controller then remove your Second DNS server and Restart your DC.
0
 
LVL 83

Expert Comment

by:oBdA
ID: 12024565
I was just wondering, because according to the DNS settings fro the beginning, it seems like it's correct at the moment, with the server pointing to itself.
IP Address . . . . . . . . : 192.168.0.100
Dns Servers. . . . . . . . :192.168.0.100
In that case, the 127.0.0.1 might be some rogue entry left in DNS from earlier. Check all your forward lookup zones (especially the _msdcs etc.), if there are outdated entries left.
0
 

Author Comment

by:shadowcopy
ID: 12031169
@iwontleaveyou: i tried that one, it doesn't work. (maybe) because, you can't create an active directory integrated dns server without an active directory installed or not joining it into a domain..

my DNS server works well and could not find any problem before.. I'm very positive that it is the LDAP has cause the problem.


-----
when i use NTDSUTIL I got an error :
ldap_bind_sW failed with 0x51(81 (Server Down).


DCDIAG results :

[observer] LDAP search failed with error 55,
The specified network resource or device is no longer available..

Portqry results :

TCP port 389 (ldap service): LISTENING

Sending LDAP query to TCP port 389...

LDAP query to port 389 failed
Server did not respond to LDAP query

@oBdA: i can't find the _msdcs in the forward lookup zone.. it is because it can't obtain the active directory information.

if someone could trace the problem it would be helpful. ^^
0
 

Author Comment

by:shadowcopy
ID: 12140775
sorry guys.. that doesn't help my problem & pretty much confuse what makes my server in a bad shape and whats the cause of the error.. I had no more choice but to reinstall my server..  but anyway thank you for your help especially to OBDA and iwontleaveyou.. you deserve some points.. thanks you all..
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Resolve DNS query failed errors for Exchange
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now