Unable to open AD, Unable to communicate with GC, DNS failing
Posted on 2005-04-20
Server 3 & Server 4 are Win2000, latest SP and patches, their own domain. They were set up several months ago, both DC's and both having copies of the GC, and everything was working. DNS is AD-integrated, and was working with no errors. Up till last week dcdiag and netdiag showed no errors. Users could log on and did log on as tests. Literally, everything was going smooth and I was starting to think they were ready for production, and suddenly one morning, all heck broke loose on Server 3.
Here seem to be the relevant events:
1655 NTDS General - Unable to communicate with the Global Catalog, access is denied
1126 NTDS General - Unable to establish a connection with the Global Catalog
4013 DNS - Unable to open the AD
4000 DNS server was unable to open the AD
13562 NTFRS Could not bind to the domain controller
1000 Userenv - Cannot determine the user or computer name., Return value (5)
560 Security Logon failure \BaseNamed Objects\RasPBFile (numerous)
If I open DFS in the Admin tools and try to display the existing DFS Root - RPC Server is unavailable
If I try to display an existing root - "Unable to update the password. The value provided ar the current password is incorrect."
NTFRSUTL DS Server3 -
Binding to the DS_ldap.connect: Server3 ERROR ldap error 00000031 = invalid credentials. - Tried
dcdiag - Testing server: Default-First-Site-Name\server3 Fails connectivity test - Server3's GUID could not be resolved to and IP address...although the server name, Server3, resolved to an IP address and was pingable
Also in dcdiag - Testing server: Default-first-site-name\server3. Skipping because Server3 is not responding to directory service requests
DNS test failed - DNS entries for this DC are not registered. No DNS servers have the DNS records for this DC
Also in netdiag - ldap test- Passed. Warning: Failed to query SPN registration.
If I try to re-add the AD-integrated Forward lookup Zone in DNS, I get "Zone cannot be created. The AD service is not available"
It is an endless loop and all I am doing at this point is going in circles. The DNS can't load because the AD can't load, and the AD can't load because the DNS is not loading the Forward Lookup Zone. I have tried all the Technet suggestions I could find for these events, which are woefully few. I also tried adding a primary lookup zone (non AD-integrated) for Server3, which loads, but doesn't solve the problem, or even change anything. It appears a password is bad somewhere, but nothing really tells what password is bad. I see no services that should be starting that are not. RPC and RPC locator services are started. Events on Server4 seem normal. Nothing was installed recently, hardware or software, though obviously I did something that caused it. Can anyone suggest a new direction?