Solved

Cannot open or access Active Directory in windows server 2003

Posted on 2004-09-08
10
2,784 Views
Last Modified: 2008-05-30
hello guys I really need help..

I'm using only 1 Windows 2003 server for active directory and DNS server.
I can't access Active Directory and can't open Active Directory related MMC.

the error was :
"Naming Information cannot be located because:
The Server is not operational.

If you are trying to connect to a domain controller running Windows 2000, verify that Windows 2000 Server Service
pack 3 or later is installed on the domain controller, or use the Windows 200 administration toos.
For more information about connecting to domain conrollers running Windows 2000, see Help and
Support."


Application event generates an error event ID: 1006, 1030 and  DNS server generates an error of event id: 4000, 4011, 3000.

when i use NTDSUTIL I got an error :
ldap_bind_sW failed with 0x51(81 (Server Down).


DCDIAG results :

[observer] LDAP search failed with error 55,
The specified network resource or device is no longer available..


netdiag result :

....................................

    Computer Name: OBSERVER
    DNS Host Name: observer.tanbros.net
    System info : Windows 2000 Server (Build 3790)
    Processor : x86 Family 6 Model 4 Stepping 2, AuthenticAMD
    List of installed hotfixes :
        KB819696
        KB823182
        KB823353
        KB823559
        KB824105
        KB824141
        KB825119
        KB828035
        KB828741
        KB835732
        KB837001
        KB837272
        KB839643
        KB839643-DirectX9
        KB839645
        KB840315
        KB840374
        KB867460
        KB867801
        Q147222
        Q828026


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection 2

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : observer
        IP Address . . . . . . . . : 192.168.0.100
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.0.100
        Dns Servers. . . . . . . . :192.168.0.100

        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
            No remote names have been found.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{96804752-74FA-4CF2-AECF-D6C0086B233C}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '127.0.0.1' a
nd other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{96804752-74FA-4CF2-AECF-D6C0086B233C}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{96804752-74FA-4CF2-AECF-D6C0086B233C}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
    [FATAL] Cannot do un-authenticated ldap_search to 'observer.tanbros.net': Un
available.
    [WARNING] Failed to query SPN registration on DC 'observer.tanbros.net'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped





0
Comment
Question by:shadowcopy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
10 Comments
 
LVL 10

Expert Comment

by:jayca
ID: 12012846
What is the last change that was done on the server?
0
 
LVL 10

Expert Comment

by:jayca
ID: 12012854
0
 
LVL 10

Expert Comment

by:jayca
ID: 12012860
To resolve these errors, perform the following steps:

From the Control Panel, open the Network Connections applet, select the network adapter from the list, right-click the network adapter, and select Properties.
From the General tab, select Internet Protocol (TCP/IP), then click Properties.
Click the Advanced button.
Select the Options tab.
Select "TCP/IP filtering", then click Properties.
For "TCP Ports", select "Permit All."
Click OK to close all dialog boxes.
Restart the computer for the changes to take effect.

Per:http://www.winnetmag.com/Article/ArticleID/27455/27455.html
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 85

Accepted Solution

by:
oBdA earned 50 total points
ID: 12013977
Did you run dcdiag from another machine? The output says it's a W2k OS, you say your DC is running W2k3.
Anyway, your problem is here:
DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '127.0.0.1' and other DCs also have some of the names registered.

Your DNS server needs to point to its actual IP address, NOT 127.0.0.1.

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036
0
 
LVL 3

Assisted Solution

by:iwontleaveyou
iwontleaveyou earned 50 total points
ID: 12014995
It seems that your DNS service has got some problem If this is the case then you have two options.

1) Reinstall the server then AD and DNS.

2) Install DNS on other PC create a ZONE with your domain name.
Start your DC it should now open Active directory's mmc then demote it  and uninstall DNS from your DC then remove your newly installed DNS server and RUN the active directory wizard again and install DNS from this wizard only.
0
 

Author Comment

by:shadowcopy
ID: 12022239
@jayca : the last thing I did in my server is that a couple of week ago, I installed and evaluated the Kerio Winroute Firewall 6 on the same server (since I only have 1 server)  but I already uninstalled it a week ago. Things doin fine when I installed and  I disabled the builtin dns services and vpn of the Kerio knowing that the dns services will have a conflict with the DNS server. I uninstalled it a week ago, and I found no problem. Only lately I discover this problem. Yes, I already read the knowledge base and article before I posted my problem and doesn't help.

@oBdA: no, this is the only server (win2k3 server). yes, i read the FAQs and it seems that's the cause of the problem.. got to check it first.

@iwontleaveyou:If i demote my server, that means I will lost all the users passwords co'z I can only export the username and ou's except the password?
0
 
LVL 3

Expert Comment

by:iwontleaveyou
ID: 12023828
Ok Got ur Problem. Well U can Try The Following:

Install DNS on other PC create a ZONE with your domain name.
Start your DC it should now open Active directory's mmc
If this brings the Active directory UP
Then uninstall DNS from your DC and then Reinstall DNS service then create the active directory integrated zone on the dns on domain controller then remove your Second DNS server and Restart your DC.
0
 
LVL 85

Expert Comment

by:oBdA
ID: 12024565
I was just wondering, because according to the DNS settings fro the beginning, it seems like it's correct at the moment, with the server pointing to itself.
IP Address . . . . . . . . : 192.168.0.100
Dns Servers. . . . . . . . :192.168.0.100
In that case, the 127.0.0.1 might be some rogue entry left in DNS from earlier. Check all your forward lookup zones (especially the _msdcs etc.), if there are outdated entries left.
0
 

Author Comment

by:shadowcopy
ID: 12031169
@iwontleaveyou: i tried that one, it doesn't work. (maybe) because, you can't create an active directory integrated dns server without an active directory installed or not joining it into a domain..

my DNS server works well and could not find any problem before.. I'm very positive that it is the LDAP has cause the problem.


-----
when i use NTDSUTIL I got an error :
ldap_bind_sW failed with 0x51(81 (Server Down).


DCDIAG results :

[observer] LDAP search failed with error 55,
The specified network resource or device is no longer available..

Portqry results :

TCP port 389 (ldap service): LISTENING

Sending LDAP query to TCP port 389...

LDAP query to port 389 failed
Server did not respond to LDAP query

@oBdA: i can't find the _msdcs in the forward lookup zone.. it is because it can't obtain the active directory information.

if someone could trace the problem it would be helpful. ^^
0
 

Author Comment

by:shadowcopy
ID: 12140775
sorry guys.. that doesn't help my problem & pretty much confuse what makes my server in a bad shape and whats the cause of the error.. I had no more choice but to reinstall my server..  but anyway thank you for your help especially to OBDA and iwontleaveyou.. you deserve some points.. thanks you all..
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question