Solved

Cannot open or access Active Directory in windows server 2003

Posted on 2004-09-08
10
2,748 Views
Last Modified: 2008-05-30
hello guys I really need help..

I'm using only 1 Windows 2003 server for active directory and DNS server.
I can't access Active Directory and can't open Active Directory related MMC.

the error was :
"Naming Information cannot be located because:
The Server is not operational.

If you are trying to connect to a domain controller running Windows 2000, verify that Windows 2000 Server Service
pack 3 or later is installed on the domain controller, or use the Windows 200 administration toos.
For more information about connecting to domain conrollers running Windows 2000, see Help and
Support."


Application event generates an error event ID: 1006, 1030 and  DNS server generates an error of event id: 4000, 4011, 3000.

when i use NTDSUTIL I got an error :
ldap_bind_sW failed with 0x51(81 (Server Down).


DCDIAG results :

[observer] LDAP search failed with error 55,
The specified network resource or device is no longer available..


netdiag result :

....................................

    Computer Name: OBSERVER
    DNS Host Name: observer.tanbros.net
    System info : Windows 2000 Server (Build 3790)
    Processor : x86 Family 6 Model 4 Stepping 2, AuthenticAMD
    List of installed hotfixes :
        KB819696
        KB823182
        KB823353
        KB823559
        KB824105
        KB824141
        KB825119
        KB828035
        KB828741
        KB835732
        KB837001
        KB837272
        KB839643
        KB839643-DirectX9
        KB839645
        KB840315
        KB840374
        KB867460
        KB867801
        Q147222
        Q828026


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection 2

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : observer
        IP Address . . . . . . . . : 192.168.0.100
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.0.100
        Dns Servers. . . . . . . . :192.168.0.100

        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
            No remote names have been found.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{96804752-74FA-4CF2-AECF-D6C0086B233C}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '127.0.0.1' a
nd other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{96804752-74FA-4CF2-AECF-D6C0086B233C}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{96804752-74FA-4CF2-AECF-D6C0086B233C}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
    [FATAL] Cannot do un-authenticated ldap_search to 'observer.tanbros.net': Un
available.
    [WARNING] Failed to query SPN registration on DC 'observer.tanbros.net'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped





0
Comment
Question by:shadowcopy
  • 3
  • 3
  • 2
  • +1
10 Comments
 
LVL 10

Expert Comment

by:jayca
Comment Utility
What is the last change that was done on the server?
0
 
LVL 10

Expert Comment

by:jayca
Comment Utility
0
 
LVL 10

Expert Comment

by:jayca
Comment Utility
To resolve these errors, perform the following steps:

From the Control Panel, open the Network Connections applet, select the network adapter from the list, right-click the network adapter, and select Properties.
From the General tab, select Internet Protocol (TCP/IP), then click Properties.
Click the Advanced button.
Select the Options tab.
Select "TCP/IP filtering", then click Properties.
For "TCP Ports", select "Permit All."
Click OK to close all dialog boxes.
Restart the computer for the changes to take effect.

Per:http://www.winnetmag.com/Article/ArticleID/27455/27455.html
0
 
LVL 82

Accepted Solution

by:
oBdA earned 50 total points
Comment Utility
Did you run dcdiag from another machine? The output says it's a W2k OS, you say your DC is running W2k3.
Anyway, your problem is here:
DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '127.0.0.1' and other DCs also have some of the names registered.

Your DNS server needs to point to its actual IP address, NOT 127.0.0.1.

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036
0
 
LVL 3

Assisted Solution

by:iwontleaveyou
iwontleaveyou earned 50 total points
Comment Utility
It seems that your DNS service has got some problem If this is the case then you have two options.

1) Reinstall the server then AD and DNS.

2) Install DNS on other PC create a ZONE with your domain name.
Start your DC it should now open Active directory's mmc then demote it  and uninstall DNS from your DC then remove your newly installed DNS server and RUN the active directory wizard again and install DNS from this wizard only.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:shadowcopy
Comment Utility
@jayca : the last thing I did in my server is that a couple of week ago, I installed and evaluated the Kerio Winroute Firewall 6 on the same server (since I only have 1 server)  but I already uninstalled it a week ago. Things doin fine when I installed and  I disabled the builtin dns services and vpn of the Kerio knowing that the dns services will have a conflict with the DNS server. I uninstalled it a week ago, and I found no problem. Only lately I discover this problem. Yes, I already read the knowledge base and article before I posted my problem and doesn't help.

@oBdA: no, this is the only server (win2k3 server). yes, i read the FAQs and it seems that's the cause of the problem.. got to check it first.

@iwontleaveyou:If i demote my server, that means I will lost all the users passwords co'z I can only export the username and ou's except the password?
0
 
LVL 3

Expert Comment

by:iwontleaveyou
Comment Utility
Ok Got ur Problem. Well U can Try The Following:

Install DNS on other PC create a ZONE with your domain name.
Start your DC it should now open Active directory's mmc
If this brings the Active directory UP
Then uninstall DNS from your DC and then Reinstall DNS service then create the active directory integrated zone on the dns on domain controller then remove your Second DNS server and Restart your DC.
0
 
LVL 82

Expert Comment

by:oBdA
Comment Utility
I was just wondering, because according to the DNS settings fro the beginning, it seems like it's correct at the moment, with the server pointing to itself.
IP Address . . . . . . . . : 192.168.0.100
Dns Servers. . . . . . . . :192.168.0.100
In that case, the 127.0.0.1 might be some rogue entry left in DNS from earlier. Check all your forward lookup zones (especially the _msdcs etc.), if there are outdated entries left.
0
 

Author Comment

by:shadowcopy
Comment Utility
@iwontleaveyou: i tried that one, it doesn't work. (maybe) because, you can't create an active directory integrated dns server without an active directory installed or not joining it into a domain..

my DNS server works well and could not find any problem before.. I'm very positive that it is the LDAP has cause the problem.


-----
when i use NTDSUTIL I got an error :
ldap_bind_sW failed with 0x51(81 (Server Down).


DCDIAG results :

[observer] LDAP search failed with error 55,
The specified network resource or device is no longer available..

Portqry results :

TCP port 389 (ldap service): LISTENING

Sending LDAP query to TCP port 389...

LDAP query to port 389 failed
Server did not respond to LDAP query

@oBdA: i can't find the _msdcs in the forward lookup zone.. it is because it can't obtain the active directory information.

if someone could trace the problem it would be helpful. ^^
0
 

Author Comment

by:shadowcopy
Comment Utility
sorry guys.. that doesn't help my problem & pretty much confuse what makes my server in a bad shape and whats the cause of the error.. I had no more choice but to reinstall my server..  but anyway thank you for your help especially to OBDA and iwontleaveyou.. you deserve some points.. thanks you all..
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Windows 7 does not have the best desktop search built in. This is something Windows 7 users have struggled with. You type something in, and your search results don’t always match what you are looking for, or it doesn’t actually work at all. There ar…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now