Solved

Active Directory not functioning properly

Posted on 2004-09-26
10
4,077 Views
Last Modified: 2010-02-20
I am running Windows Server 2003 and am getting error messages in event viewer.  

Error 1:
Event ID 4001 DNS
The DNS server was unable to open zone 1.168.192.in-addr.arpa in the Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.
(Also got that for my WAN NIC as well)

Error 2:
Event ID 1655 Global catalog
Active Directory attempted to communicate with the following global catalog and the attempts were unsuccessful.
Global catalog:
\\NS1.mydomain.com
The operation in progress might be unable to continue. Active Directory will use the domain controller locator to try to find an available global catalog server.
 
Error 3:
Event ID 1126 Global catalog
Active Directory was unable to establish a connection with the global catalog.
Additional Data
Error value:
8430 The directory service encountered an internal failure.
Internal ID:
3200c45
User Action:
Make sure a global catalog is available in the forest, and is reachable from this domain controller.  You may use the nltest utility to diagnose this problem.

Here's what I get with DCDiag:
Domain Controller Diagnosis

Performing initial setup:
   [ns1] Directory Binding Error 1727:
   The remote procedure call failed and did not execute.
   This may limit some of the tests that can be performed.
   Done gathering initial info.

Doing initial required tests

   Testing server: Mydomain\NS1
      Starting test: Connectivity
         [NS1] DsBindWithSpnEx() failed with error 1727,
         The remote procedure call failed and did not execute..
         ......................... NS1 failed test Connectivity

Doing primary tests

   Testing server: Mydomain\NS1
      Skipping all tests, because server NS1 is
      not responding to directory service requests

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
       ......................... ForestDnsZones passed test CrossRefValidation
**************
Everything else, including the above entry) passed successfully.

I tried running NTDSUTIL and Esustutl in DS restore mode to no avail.  
Since most everything's dependent on AD and because it's a Global Catalog server as well, I keep getting the 'Remote procedure call failed and did not execute' errors everywhere.  Why it's happening is beyond me.  Anyone have any ideas?  Thanks.

0
Comment
Question by:bleujaegel
  • 5
  • 4
10 Comments
 
LVL 6

Expert Comment

by:Casca1
ID: 12155521
Let's look at the output of an IPconfig /all. Since this is appears to be a DNS issue, we need start from scratch, and verify all settings.
In particular, the DNS error message points at a reverse zone. This shouldn't cause AD to fail; but with all the other errors indicating AD didn't load properly, and it appears to be related to communications, and AD relys on DNS for communication, then we have to conclude DNS is the issue.
Is your network using the reserved network of 192.168.1.0? The reverse lookup says it thinks you are.All that is for reverse lookups, though, and shouldn't be in the way.go to DNSConsole, right click the server, go to properties, monitoring, and test your DNS. Let's see what it returns.
Good Luck!
0
 
LVL 2

Author Comment

by:bleujaegel
ID: 12155603
I tested the DNS and it passed both tests.  Interestingly enough the DHCP service fails to start as well.   I get the same error 'Remote procedure call failed and did not execute'.  The problem does seem to point to DNS, but I can't find anything wrong with it yet...

Here is the IPCONFIG:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : ns1
   Primary Dns Suffix  . . . . . . . : mydomain.net
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : mydomain.net

Ethernet adapter LAN:

   Connection-specific DNS Suffix  . : mydomain.net
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Desktop Adapter
   Physical Address. . . . . . . . . : 00-07-E9-13-EF-92
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   Primary WINS Server . . . . . . . : 192.168.1.1

Ethernet adapter WAN:

   Connection-specific DNS Suffix  . : mydomain.net
   Description . . . . . . . . . . . : NVIDIA nForce MCP Networking Controller
   Physical Address. . . . . . . . . : 00-0C-76-E4-37-28
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : My IP
   Subnet Mask . . . . . . . . . . . : 255.255.255.248
   Default Gateway . . . . . . . . . : ISP Gateway
   DNS Servers . . . . . . . . . . . : ISP DNS 1
                                       ISP DNS 2
0
 
LVL 6

Expert Comment

by:Casca1
ID: 12155637
Hmmm, I was hoping you had the internal DNS set to 127.0.0.1... 8-)
How is network communication working? Can you ping everything internally? From client to server and server to client by IP and by name?
What about LMhosts; Do you have one in use?
Check the status of the RPC services...
My services are set to start RPC automatically, and RPC locator is set to manual. The RPC service is started, but the locator is not.
Check your settings. You might even try a restart of the RPC.
Then we'll start digging in a little deeper into the services, next. Let's see what the status is on these and move forward.
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 2

Author Comment

by:bleujaegel
ID: 12155741
Thanks for the fast response!

On the Server, I pinged Yahoo by name and IP, so reverse lookup is working.  I pinged both NIC's and localhost.  From client, I pinged everything on server and the internet in forward and reverse.  No hitches there.  RPC services are running...even restarted them.  Isn't there a tool for viewing AD?  ADSI or something.  Would like to run Insight for Active Directory or Netpro but don't have that kind of cash.  If you know of any good tools, please let me know.  Thanks again.
0
 
LVL 2

Author Comment

by:bleujaegel
ID: 12155853
Also, I ran netdiag and everything passed except one item:

DC list test . . . . . . . . . . . : Failed
    [WARNING] Cannot call DsBind to mydomain.net
(My Wan IP). [RPC_S_CAL
L_FAILED_DNE]
0
 
LVL 6

Expert Comment

by:Casca1
ID: 12156019
Well, That wasn't quite what I meant, but DNS seems to respond as expected, so I have to chage tact here a little.
How do the entries to your DNS server look? DO you have the little subdomains, like
_msdcs
_sites
_tcp
Etc? Is the zone complete?Pinging by IP tests the hardware, pinging by hostname is the test for record entries. Your problem is not the records. It's in resource location, or in configuration.
Tell me about your setup. How many DC's, how many of those are GC's, how is your site(s) configured?
If DHCP isn't working, how are clients getting their address?
0
 
LVL 2

Author Comment

by:bleujaegel
ID: 12157818
DNS does have the above mentioned subdomains.  I only have 1 DC.  It is multihomed.  I have RRAS, Exchange, IIS, TS, RIS, DHCP, and Wins installed.  Only 1 laptop uses DHCP (occasionally), the rest were static.

I tried unchecking 'Gobal Catalog' and restarting, then re-checking to see if that would fix the problem.  I also reinstalled DNS then AD, but it only seemed to make things worse.  No matter what I do I keep getting the 'The remote procedure call failed..' error for everything (Exchange, DHCP, AD sites and subnets, etc.).  

Here is my DCDIAG after the reinstall:

Domain Controller Diagnosis

Performing initial setup:
   [ns1] Directory Binding Error 1727:
   The remote procedure call failed and did not execute.
   This may limit some of the tests that can be performed.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\NS1
      Starting test: Connectivity
         [NS1] DsBindWithSpnEx() failed with error 1726,
         The remote procedure call failed..
         ......................... NS1 failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\NS1
      Skipping all tests, because server NS1 is
      not responding to directory service requests

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : (MyDomain)
      Starting test: CrossRefValidation
         ......................... MyDomain passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... MyDomain passed test CheckSDRefDom

   Running enterprise tests on : MyDomain.net
      Starting test: Intersite
         ......................... MyDomain.net passed test Intersite
      Starting test: FsmoCheck
         Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
         A Global Catalog Server could not be located - All GC's are down.
         Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
         A Time Server could not be located.
         The server holding the PDC role is down.
         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 135
5
         A Good Time Server could not be located.
         Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
         A KDC could not be located - All the KDCs are down.
         ......................... MyDomain.net failed test FsmoCheck

This one is pretty nasty.  Thanks for the help!
0
 
LVL 6

Accepted Solution

by:
Casca1 earned 250 total points
ID: 12166123
When's the last restore?
What you need to do is rebuild the server from scratch, from what I can tell. Somethings busted, and busted bad.
While RPC SAYS it's running, it most obviously isn't responding to queries.
Ordinarily, I would start looking at hardware, or another system not communicating, but that's not it. Not using ISA, so it isn't getting in the way. Tell me, did you did you recently enable RRAS and set some default routes? Or attempt to configure like NAT or something? Possibly try to setup a VPN connection?
Something is blocking communication. While it might be possible to troubleshoot and resolve, in a production environment, you need an answer that fixes your problem. While it's a little drastic, a complete re-install and then restore from a recent backup , preferably from before the last major change, should fix you back up.
Jeez, I've done something similiar, a couple times, and it sure got me in some hot water. But, I'm also being allowed to build my test network.
8-)
Good Luck!
0
 
LVL 2

Author Comment

by:bleujaegel
ID: 12331435
I forgot to mention that I had ISA installed, so you were partially right.  Uninstalling ISA got rid of the 'Remote Procedure Call' error.  In the end, I'm not sure what else went wrong, but I just decided to reinstall.  Thanks for the help.
0
 
LVL 11

Expert Comment

by:marek1712
ID: 23219455
I had similar problem - just solved it moment ago.
"[serwerAD] Directory Binding Error 1727:
   Win32 Error 1727"
In my case it was Kaspersky Internet Security with two stupid rules:
"Block local TCP/UDP services".
C:\Users\Administrator>dcdiag
 
Directory Server Diagnosis
 
Performing initial setup:
   Trying to find home server...
   Home Server = serwerAD
   [serwerAD] Directory Binding Error 1727:
   Win32 Error 1727
   This may limit some of the tests that can be performed.
   * Identified AD Forest.
   Done gathering initial info.
 
Doing initial required tests
 
   Testing server: Default-First-Site-Name\SERWERAD
      Starting test: Connectivity
         [SERWERAD] DsBindWithSpnEx() failed with error 1722,
         Win32 Error 1722.
         ......................... SERWERAD failed test Connectivity
 
Doing primary tests
 
   Testing server: Default-First-Site-Name\SERWERAD
      Skipping all tests, because server SERWERAD is not responding to
      directory service requests.
 
 
   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation
 
   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation
 
   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
 
   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
 
   Running partition tests on : przyklad
      Starting test: CheckSDRefDom
         ......................... przyklad passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... przyklad passed test CrossRefValidation
 
   Running enterprise tests on : przyklad.pl
      Starting test: LocatorCheck
         ......................... przyklad.pl passed test LocatorCheck
      Starting test: Intersite
         ......................... przyklad.pl passed test Intersite

Open in new window

0

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
how can I practice with windows server os 2 80
Windows Services - Run a Program Grey Out 3 95
BgInfo help 5 65
Promote Server 2012 R2 on Server 2003 domain 13 24
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question