Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!
Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!
Act now. This offer ends July 14, 2017.
Course Of The Month
5 days, 11 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Cannot open or access Active Directory in windows server 2003
Posted on 2004-09-08
hello guys I really need help..
I'm using only 1 Windows 2003 server for active directory and DNS server.
I can't access Active Directory and can't open Active Directory related MMC.
the error was :
"Naming Information cannot be located because:
The Server is not operational.
If you are trying to connect to a domain controller running Windows 2000, verify that Windows 2000 Server Service
pack 3 or later is installed on the domain controller, or use the Windows 200 administration toos.
For more information about connecting to domain conrollers running Windows 2000, see Help and
Support."
Application event generates an error event ID: 1006, 1030 and DNS server generates an error of event id: 4000, 4011, 3000.
when i use NTDSUTIL I got an error :
ldap_bind_sW failed with 0x51(81 (Server Down).
DCDIAG results :
[observer] LDAP search failed with error 55,
The specified network resource or device is no longer available..
netdiag result :
..........................
Computer Name: OBSERVER
DNS Host Name: observer.tanbros.net
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 6 Model 4 Stepping 2, AuthenticAMD
List of installed hotfixes :
KB819696
KB823182
KB823353
KB823559
KB824105
KB824141
KB825119
KB828035
KB828741
KB835732
KB837001
KB837272
KB839643
KB839643-DirectX9
KB839645
KB840315
KB840374
KB867460
KB867801
Q147222
Q828026
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection 2
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : observer
IP Address . . . . . . . . : 192.168.0.100
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.0.100
Dns Servers. . . . . . . . :192.168.0.100
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{96804752-74FA
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '127.0.0.1' a
nd other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{96804752-74FA
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{96804752-74FA
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
[FATAL] Cannot do un-authenticated ldap_search to 'observer.tanbros.net': Un
available.
[WARNING] Failed to query SPN registration on DC 'observer.tanbros.net'.
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
I'm using only 1 Windows 2003 server for active directory and DNS server.
I can't access Active Directory and can't open Active Directory related MMC.
the error was :
"Naming Information cannot be located because:
The Server is not operational.
If you are trying to connect to a domain controller running Windows 2000, verify that Windows 2000 Server Service
pack 3 or later is installed on the domain controller, or use the Windows 200 administration toos.
For more information about connecting to domain conrollers running Windows 2000, see Help and
Support."
Application event generates an error event ID: 1006, 1030 and DNS server generates an error of event id: 4000, 4011, 3000.
when i use NTDSUTIL I got an error :
ldap_bind_sW failed with 0x51(81 (Server Down).
DCDIAG results :
[observer] LDAP search failed with error 55,
The specified network resource or device is no longer available..
netdiag result :
..........................
Computer Name: OBSERVER
DNS Host Name: observer.tanbros.net
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 6 Model 4 Stepping 2, AuthenticAMD
List of installed hotfixes :
KB819696
KB823182
KB823353
KB823559
KB824105
KB824141
KB825119
KB828035
KB828741
KB835732
KB837001
KB837272
KB839643
KB839643-DirectX9
KB839645
KB840315
KB840374
KB867460
KB867801
Q147222
Q828026
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection 2
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : observer
IP Address . . . . . . . . : 192.168.0.100
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.0.100
Dns Servers. . . . . . . . :192.168.0.100
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{96804752-74FA
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '127.0.0.1' a
nd other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{96804752-74FA
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{96804752-74FA
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
[FATAL] Cannot do un-authenticated ldap_search to 'observer.tanbros.net': Un
available.
[WARNING] Failed to query SPN registration on DC 'observer.tanbros.net'.
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
3
-
3
-
2
- +1
10 Comments
To resolve these errors, perform the following steps:
From the Control Panel, open the Network Connections applet, select the network adapter from the list, right-click the network adapter, and select Properties.
From the General tab, select Internet Protocol (TCP/IP), then click Properties.
Click the Advanced button.
Select the Options tab.
Select "TCP/IP filtering", then click Properties.
For "TCP Ports", select "Permit All."
Click OK to close all dialog boxes.
Restart the computer for the changes to take effect.
Per:http://www.winnetmag.com/Article/ArticleID/27455/27455.html
From the Control Panel, open the Network Connections applet, select the network adapter from the list, right-click the network adapter, and select Properties.
From the General tab, select Internet Protocol (TCP/IP), then click Properties.
Click the Advanced button.
Select the Options tab.
Select "TCP/IP filtering", then click Properties.
For "TCP Ports", select "Permit All."
Click OK to close all dialog boxes.
Restart the computer for the changes to take effect.
Per:http://www.winnetmag.com/Article/ArticleID/27455/27455.html
Active today
Did you run dcdiag from another machine? The output says it's a W2k OS, you say your DC is running W2k3.
Anyway, your problem is here:
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '127.0.0.1' and other DCs also have some of the names registered.
Your DNS server needs to point to its actual IP address, NOT 127.0.0.1.
Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382
Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036
Anyway, your problem is here:
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '127.0.0.1' and other DCs also have some of the names registered.
Your DNS server needs to point to its actual IP address, NOT 127.0.0.1.
Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382
Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036
It seems that your DNS service has got some problem If this is the case then you have two options.
1) Reinstall the server then AD and DNS.
2) Install DNS on other PC create a ZONE with your domain name.
Start your DC it should now open Active directory's mmc then demote it and uninstall DNS from your DC then remove your newly installed DNS server and RUN the active directory wizard again and install DNS from this wizard only.
1) Reinstall the server then AD and DNS.
2) Install DNS on other PC create a ZONE with your domain name.
Start your DC it should now open Active directory's mmc then demote it and uninstall DNS from your DC then remove your newly installed DNS server and RUN the active directory wizard again and install DNS from this wizard only.
@jayca : the last thing I did in my server is that a couple of week ago, I installed and evaluated the Kerio Winroute Firewall 6 on the same server (since I only have 1 server) but I already uninstalled it a week ago. Things doin fine when I installed and I disabled the builtin dns services and vpn of the Kerio knowing that the dns services will have a conflict with the DNS server. I uninstalled it a week ago, and I found no problem. Only lately I discover this problem. Yes, I already read the knowledge base and article before I posted my problem and doesn't help.
@oBdA: no, this is the only server (win2k3 server). yes, i read the FAQs and it seems that's the cause of the problem.. got to check it first.
@iwontleaveyou:If i demote my server, that means I will lost all the users passwords co'z I can only export the username and ou's except the password?
@oBdA: no, this is the only server (win2k3 server). yes, i read the FAQs and it seems that's the cause of the problem.. got to check it first.
@iwontleaveyou:If i demote my server, that means I will lost all the users passwords co'z I can only export the username and ou's except the password?
Ok Got ur Problem. Well U can Try The Following:
Install DNS on other PC create a ZONE with your domain name.
Start your DC it should now open Active directory's mmc
If this brings the Active directory UP
Then uninstall DNS from your DC and then Reinstall DNS service then create the active directory integrated zone on the dns on domain controller then remove your Second DNS server and Restart your DC.
Install DNS on other PC create a ZONE with your domain name.
Start your DC it should now open Active directory's mmc
If this brings the Active directory UP
Then uninstall DNS from your DC and then Reinstall DNS service then create the active directory integrated zone on the dns on domain controller then remove your Second DNS server and Restart your DC.
Active today
I was just wondering, because according to the DNS settings fro the beginning, it seems like it's correct at the moment, with the server pointing to itself.
IP Address . . . . . . . . : 192.168.0.100
Dns Servers. . . . . . . . :192.168.0.100
In that case, the 127.0.0.1 might be some rogue entry left in DNS from earlier. Check all your forward lookup zones (especially the _msdcs etc.), if there are outdated entries left.
IP Address . . . . . . . . : 192.168.0.100
Dns Servers. . . . . . . . :192.168.0.100
In that case, the 127.0.0.1 might be some rogue entry left in DNS from earlier. Check all your forward lookup zones (especially the _msdcs etc.), if there are outdated entries left.
@iwontleaveyou: i tried that one, it doesn't work. (maybe) because, you can't create an active directory integrated dns server without an active directory installed or not joining it into a domain..
my DNS server works well and could not find any problem before.. I'm very positive that it is the LDAP has cause the problem.
-----
when i use NTDSUTIL I got an error :
ldap_bind_sW failed with 0x51(81 (Server Down).
DCDIAG results :
[observer] LDAP search failed with error 55,
The specified network resource or device is no longer available..
Portqry results :
TCP port 389 (ldap service): LISTENING
Sending LDAP query to TCP port 389...
LDAP query to port 389 failed
Server did not respond to LDAP query
@oBdA: i can't find the _msdcs in the forward lookup zone.. it is because it can't obtain the active directory information.
if someone could trace the problem it would be helpful. ^^
my DNS server works well and could not find any problem before.. I'm very positive that it is the LDAP has cause the problem.
-----
when i use NTDSUTIL I got an error :
ldap_bind_sW failed with 0x51(81 (Server Down).
DCDIAG results :
[observer] LDAP search failed with error 55,
The specified network resource or device is no longer available..
Portqry results :
TCP port 389 (ldap service): LISTENING
Sending LDAP query to TCP port 389...
LDAP query to port 389 failed
Server did not respond to LDAP query
@oBdA: i can't find the _msdcs in the forward lookup zone.. it is because it can't obtain the active directory information.
if someone could trace the problem it would be helpful. ^^
sorry guys.. that doesn't help my problem & pretty much confuse what makes my server in a bad shape and whats the cause of the error.. I had no more choice but to reinstall my server.. but anyway thank you for your help especially to OBDA and iwontleaveyou.. you deserve some points.. thanks you all..
Featured Post
We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses
Course of the Month5 days, 11 hours left to enroll
707 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.