shadowcopy
asked on
Cannot open or access Active Directory in windows server 2003
hello guys I really need help..
I'm using only 1 Windows 2003 server for active directory and DNS server.
I can't access Active Directory and can't open Active Directory related MMC.
the error was :
"Naming Information cannot be located because:
The Server is not operational.
If you are trying to connect to a domain controller running Windows 2000, verify that Windows 2000 Server Service
pack 3 or later is installed on the domain controller, or use the Windows 200 administration toos.
For more information about connecting to domain conrollers running Windows 2000, see Help and
Support."
Application event generates an error event ID: 1006, 1030 and DNS server generates an error of event id: 4000, 4011, 3000.
when i use NTDSUTIL I got an error :
ldap_bind_sW failed with 0x51(81 (Server Down).
DCDIAG results :
[observer] LDAP search failed with error 55,
The specified network resource or device is no longer available..
netdiag result :
.......................... ..........
Computer Name: OBSERVER
DNS Host Name: observer.tanbros.net
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 6 Model 4 Stepping 2, AuthenticAMD
List of installed hotfixes :
KB819696
KB823182
KB823353
KB823559
KB824105
KB824141
KB825119
KB828035
KB828741
KB835732
KB837001
KB837272
KB839643
KB839643-DirectX9
KB839645
KB840315
KB840374
KB867460
KB867801
Q147222
Q828026
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection 2
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : observer
IP Address . . . . . . . . : 192.168.0.100
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.0.100
Dns Servers. . . . . . . . :192.168.0.100
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{96804752-74FA -4CF2-AECF -D6C0086B2 33C}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '127.0.0.1' a
nd other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{96804752-74FA -4CF2-AECF -D6C0086B2 33C}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{96804752-74FA -4CF2-AECF -D6C0086B2 33C}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
[FATAL] Cannot do un-authenticated ldap_search to 'observer.tanbros.net': Un
available.
[WARNING] Failed to query SPN registration on DC 'observer.tanbros.net'.
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
I'm using only 1 Windows 2003 server for active directory and DNS server.
I can't access Active Directory and can't open Active Directory related MMC.
the error was :
"Naming Information cannot be located because:
The Server is not operational.
If you are trying to connect to a domain controller running Windows 2000, verify that Windows 2000 Server Service
pack 3 or later is installed on the domain controller, or use the Windows 200 administration toos.
For more information about connecting to domain conrollers running Windows 2000, see Help and
Support."
Application event generates an error event ID: 1006, 1030 and DNS server generates an error of event id: 4000, 4011, 3000.
when i use NTDSUTIL I got an error :
ldap_bind_sW failed with 0x51(81 (Server Down).
DCDIAG results :
[observer] LDAP search failed with error 55,
The specified network resource or device is no longer available..
netdiag result :
..........................
Computer Name: OBSERVER
DNS Host Name: observer.tanbros.net
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 6 Model 4 Stepping 2, AuthenticAMD
List of installed hotfixes :
KB819696
KB823182
KB823353
KB823559
KB824105
KB824141
KB825119
KB828035
KB828741
KB835732
KB837001
KB837272
KB839643
KB839643-DirectX9
KB839645
KB840315
KB840374
KB867460
KB867801
Q147222
Q828026
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection 2
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : observer
IP Address . . . . . . . . : 192.168.0.100
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.0.100
Dns Servers. . . . . . . . :192.168.0.100
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{96804752-74FA
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '127.0.0.1' a
nd other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{96804752-74FA
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{96804752-74FA
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
[FATAL] Cannot do un-authenticated ldap_search to 'observer.tanbros.net': Un
available.
[WARNING] Failed to query SPN registration on DC 'observer.tanbros.net'.
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
What is the last change that was done on the server?
To resolve these errors, perform the following steps:
From the Control Panel, open the Network Connections applet, select the network adapter from the list, right-click the network adapter, and select Properties.
From the General tab, select Internet Protocol (TCP/IP), then click Properties.
Click the Advanced button.
Select the Options tab.
Select "TCP/IP filtering", then click Properties.
For "TCP Ports", select "Permit All."
Click OK to close all dialog boxes.
Restart the computer for the changes to take effect.
Per:http://www.winnetmag.com/Article/ArticleID/27455/27455.html
From the Control Panel, open the Network Connections applet, select the network adapter from the list, right-click the network adapter, and select Properties.
From the General tab, select Internet Protocol (TCP/IP), then click Properties.
Click the Advanced button.
Select the Options tab.
Select "TCP/IP filtering", then click Properties.
For "TCP Ports", select "Permit All."
Click OK to close all dialog boxes.
Restart the computer for the changes to take effect.
Per:http://www.winnetmag.com/Article/ArticleID/27455/27455.html
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
@jayca : the last thing I did in my server is that a couple of week ago, I installed and evaluated the Kerio Winroute Firewall 6 on the same server (since I only have 1 server) but I already uninstalled it a week ago. Things doin fine when I installed and I disabled the builtin dns services and vpn of the Kerio knowing that the dns services will have a conflict with the DNS server. I uninstalled it a week ago, and I found no problem. Only lately I discover this problem. Yes, I already read the knowledge base and article before I posted my problem and doesn't help.
@oBdA: no, this is the only server (win2k3 server). yes, i read the FAQs and it seems that's the cause of the problem.. got to check it first.
@iwontleaveyou:If i demote my server, that means I will lost all the users passwords co'z I can only export the username and ou's except the password?
@oBdA: no, this is the only server (win2k3 server). yes, i read the FAQs and it seems that's the cause of the problem.. got to check it first.
@iwontleaveyou:If i demote my server, that means I will lost all the users passwords co'z I can only export the username and ou's except the password?
Ok Got ur Problem. Well U can Try The Following:
Install DNS on other PC create a ZONE with your domain name.
Start your DC it should now open Active directory's mmc
If this brings the Active directory UP
Then uninstall DNS from your DC and then Reinstall DNS service then create the active directory integrated zone on the dns on domain controller then remove your Second DNS server and Restart your DC.
Install DNS on other PC create a ZONE with your domain name.
Start your DC it should now open Active directory's mmc
If this brings the Active directory UP
Then uninstall DNS from your DC and then Reinstall DNS service then create the active directory integrated zone on the dns on domain controller then remove your Second DNS server and Restart your DC.
I was just wondering, because according to the DNS settings fro the beginning, it seems like it's correct at the moment, with the server pointing to itself.
IP Address . . . . . . . . : 192.168.0.100
Dns Servers. . . . . . . . :192.168.0.100
In that case, the 127.0.0.1 might be some rogue entry left in DNS from earlier. Check all your forward lookup zones (especially the _msdcs etc.), if there are outdated entries left.
IP Address . . . . . . . . : 192.168.0.100
Dns Servers. . . . . . . . :192.168.0.100
In that case, the 127.0.0.1 might be some rogue entry left in DNS from earlier. Check all your forward lookup zones (especially the _msdcs etc.), if there are outdated entries left.
ASKER
@iwontleaveyou: i tried that one, it doesn't work. (maybe) because, you can't create an active directory integrated dns server without an active directory installed or not joining it into a domain..
my DNS server works well and could not find any problem before.. I'm very positive that it is the LDAP has cause the problem.
-----
when i use NTDSUTIL I got an error :
ldap_bind_sW failed with 0x51(81 (Server Down).
DCDIAG results :
[observer] LDAP search failed with error 55,
The specified network resource or device is no longer available..
Portqry results :
TCP port 389 (ldap service): LISTENING
Sending LDAP query to TCP port 389...
LDAP query to port 389 failed
Server did not respond to LDAP query
@oBdA: i can't find the _msdcs in the forward lookup zone.. it is because it can't obtain the active directory information.
if someone could trace the problem it would be helpful. ^^
my DNS server works well and could not find any problem before.. I'm very positive that it is the LDAP has cause the problem.
-----
when i use NTDSUTIL I got an error :
ldap_bind_sW failed with 0x51(81 (Server Down).
DCDIAG results :
[observer] LDAP search failed with error 55,
The specified network resource or device is no longer available..
Portqry results :
TCP port 389 (ldap service): LISTENING
Sending LDAP query to TCP port 389...
LDAP query to port 389 failed
Server did not respond to LDAP query
@oBdA: i can't find the _msdcs in the forward lookup zone.. it is because it can't obtain the active directory information.
if someone could trace the problem it would be helpful. ^^
ASKER
sorry guys.. that doesn't help my problem & pretty much confuse what makes my server in a bad shape and whats the cause of the error.. I had no more choice but to reinstall my server.. but anyway thank you for your help especially to OBDA and iwontleaveyou.. you deserve some points.. thanks you all..