• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 397
  • Last Modified:

Cant Remote Desktop to newly promoted domain controller

Hi All,

Quick question , something is bothering me. I've promoted a member server from my domain to a domain controller using dcpromo. Great.

Now I've moved the server to a remote location, when I try to connect up a remote desktop session I get the following message :

Logon Message :

The system cannot log you on due to the following error :

The specified domain does either not exist or cannot be contacted

Please try again or consult your system administrator.


I've logged on to the machine directly (ie pluggin a mouse and keyboard in), and tried to run dcpromo again , this gives me the option to revoke the dc , so what have I done wrong?

D.
0
daveboyle99
Asked:
daveboyle99
  • 17
  • 16
1 Solution
 
Jay_Jay70Commented:
Hi daveboyle99,

nothing wrong my friend

first check that you can ping the DC by name and IP

after that if successful make sure under the properties of my computer, in the remote desktop TAB, that you have allowed logon

check that windows firewall is disabled
0
 
Jay_Jay70Commented:
daveboyle99,

if the new machine is under a router then you will have to allow port 3389 is forwarded to your server
0
 
daveboyle99Author Commented:
Hi Guys,

Sorry guys perhaps my explaination was poor, the server is supposed to be the domain controller. Port 3389 is allowed, hence I can attempt to logon.

D.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
Jay_Jay70Commented:
are you able to resolve the DC by name and IP?
0
 
daveboyle99Author Commented:
Hi Jay Jay,

The machine that I'm trying to log on to is the domain controller. So it shouldnt be trying to connect to any other machine other than itself. How can I check which machine that it thinks is authoritive for the domain, and how do I tell it that it should be its-self?

D.
0
 
Jay_Jay70Commented:
ok now your confusing me....

are you trying to RDP from the DC to a client

or

are you tryint to RDP to the DC from a client

in both case are you able to resolve the name of DC or Client?
0
 
daveboyle99Author Commented:
Hi ,

Sorry, I'm trying to RDP to the DC from a remote loaction on a machine that is not a member of the domain.

D.
0
 
Jay_Jay70Commented:
ohhhhhhhh! i see i see i see,

then you wont be able to log on there is no user account for that user on the domain! you need to specify domain account credentials AND you need to confirm that you can ping the machine by name from your non domain client
0
 
daveboyle99Author Commented:
Jay,

Were getting there. I have a domain controller at a different site that I can log on to remotely using RDP, but I am unable to ping it by name. Is this a definite requirement, as maybe it was able to be pinged by name when it was first created and connected to via RDP locally.

D.
0
 
daveboyle99Author Commented:
Hi again Jay Jay,

Seem to have found whats causing my problem, but still without proper solution. Really hope you can continue to help.

It seems that my domain controller doesn't think its authoratitive for the domain. When I promoted the server to domian controller using dcpromo it was connected to my existing domain controller on the LAN and appears to be still looking to that machine for authentication.

I have tried setting the domain controller mentioned above and (unfirewalled) as dns server and it works as far as I can now log on RDP remotely. This isn't good though as i cant have all my dns requests going out over the web, so how to I make the new domain controller authoritative?

D.
0
 
Jay_Jay70Commented:
is your old domain controller still on the network or has it gone?
0
 
daveboyle99Author Commented:
Hi Jay_Jay,

The old domain controller can be contacted accross the internet, but is not longer on the LAN.

D.
0
 
Jay_Jay70Commented:
can you run dcdiag on your current DC to make sure all is well
0
 
daveboyle99Author Commented:
it gives me the option to remove actiuve directory and asks me if its the last dc in the domain, when I say yes and try to un-promote it denies as it doesnt think its the last dc
0
 
Jay_Jay70Commented:
no no not dcpromo

dcdiag!
0
 
daveboyle99Author Commented:
hum, the only way i can get to do anything to server now is to drive there, next opportunity will be tomorrow :(
0
 
Jay_Jay70Commented:
hmm i see i see, i was just hoping there is no dead links between the two still
0
 
daveboyle99Author Commented:
There is connectivity between the two server, although it is limited in terms of transfer speeds. It may be possible to move the new dc back to base if absolutely necessary but I'd like to avoid that if possible
0
 
daveboyle99Author Commented:
ps thanks for the help so far dont give up one me :)
0
 
Jay_Jay70Commented:
i wont :) i just want to see whats causing this!

im hoping that dcdiag comes back with something obvious that we can both go OOOOHHHH! over and wallah!
0
 
daveboyle99Author Commented:
Thanks J really glad of the help so far, top guy.

if I set the dns server to old dc then I should be able to get a RDP session set up and then hopefully make any changes that might be needed as per your advice.
0
 
Jay_Jay70Commented:
no worries mate, let me know how you go
0
 
daveboyle99Author Commented:
Doing initial required tests
   
   Testing server: Default-First-Site-Name\MEDIASERVER
      Starting test: Connectivity
         The host b9568cd1-54ac-4ad9-b5dd-e4283d38b5fb._msdcs.domain.db-tech.co.uk could not be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name

         (b9568cd1-54ac-4ad9-b5dd-e4283d38b5fb._msdcs.domain.db-tech.co.uk)

         couldn't be resolved, the server name

         (mediaserver.domain.db-tech.co.uk) resolved to the IP address

         (192.168.0.10) and was pingable.  Check that the IP address is

         registered correctly with the DNS server.
         ......................... MEDIASERVER failed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\MEDIASERVER
      Skipping all tests, because server MEDIASERVER is
      not responding to directory service requests
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : domain
      Starting test: CrossRefValidation
         ......................... domain passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... domain passed test CheckSDRefDom
   
   Running enterprise tests on : domain.db-tech.co.uk
      Starting test: Intersite
         ......................... domain.db-tech.co.uk passed test Intersite
      Starting test: FsmoCheck
         Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
         A Global Catalog Server could not be located - All GC's are down.
         Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
         A Time Server could not be located.
         The server holding the PDC role is down.
         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355
         A Good Time Server could not be located.
         Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
         A KDC could not be located - All the KDCs are down.
         ......................... domain.db-tech.co.uk failed test FsmoCheck
0
 
daveboyle99Author Commented:
Hi Jay,

Theres the results of my dcdiag, hope I havent given away anything too sensitive there! Anyway looks like there are problems, I'm just hoping that they'll be easy to resolve.

D
0
 
Jay_Jay70Commented:
hmm this is what i thought you might have going on

your FSMO roles are crucial and need to be confirmed for me
http://support.microsoft.com/?id=234790

just confirm they are all intact


mediaserver.domain.db-tech.co.uk

which server is this?
0
 
daveboyle99Author Commented:
J,

FMSO all seem to be intact

mediaserver.domain.db-tech.co.uk is the server im having problems with

D.
0
 
Jay_Jay70Commented:
hmm it cant find the FSMO role holders and you have DNS errors, how kind of global catalog structure do you have set up? what machines hold GC roles?
0
 
daveboyle99Author Commented:
J,

How can I properly confirm the FMSO roles, and can you tell me also how to confirm GC roles.

Sorry, this is all a little beyond my understanding...

D
0
 
Jay_Jay70Commented:
you can use the link above to confirm properly, do it on both DC's that way you can spot the obvious conflictions

a GC is set under sites and services...navigate down to the server ntds settings, properties and see if the tickbox is selected
0
 
daveboyle99Author Commented:
ended up doing a forced demotion and repromotion, managed to get there in the end the hard way:)
0
 
Jay_Jay70Commented:
fair call, thanks for the points
0
 
daveboyle99Author Commented:
no probs, thanks for all your help Jay Jay - great to have it there when its needed
0
 
Jay_Jay70Commented:
no problem at all

all the best Bro
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 17
  • 16
Tackle projects and never again get stuck behind a technical roadblock.
Join Now