[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1441
  • Last Modified:

Domain Controller show as workstation and server in role

Hi Experts,

I have 2 DCs in our domain. One of the DC,  was down today, and we're working to replace it. So we're running on only one DC now. When I tried to change some group policy on the surviving DC, it gave me a error message saying Domain Controller is not found. Then I went to AD Users and Computers and check on the DC. The role on my working DC is showing as "Workstation or Server," whereas the dead DC is showing as "Domain Controller."

I have installed Active Directory, DNS, and Printer server role on the working DC. How can I bring back the Domain Controller role to this DC?

Thank you in advance for answering.
0
DelaneyLoi
Asked:
DelaneyLoi
1 Solution
 
Darwinian999Commented:
Please run DCDIAG on the remaining DC and post the output here.
0
 
Jay_Jay70Commented:
Hi DelaneyLoi,

when your other DC went down, did it go down completely? or was it just giving issues?
0
 
MNH1966Commented:
Does the remaining DC hold all FSMO roles?
If not, seize them. (http://support.microsoft.com/kb/255504/en-us)
Is user validation still working in your domain?
If the dead DC will never return to your network, it's also necessary to remove it from the domain.
Follow this article for that: http://support.microsoft.com/kb/216498/en-us
Also remove all traces of the dead DC from DNS (if this is not the case already).

Hope this helps.

Maurice
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
DelaneyLoiAuthor Commented:
Thanks for all of your ideas. Here's the dcdiag log for both DC. The dead one is named bdctesting01, and remaining one is named pgpdc.

bdctesting01, the dead one:


Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\BDCTESTING01
      Starting test: Connectivity
         ......................... BDCTESTING01 passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\BDCTESTING01
      Starting test: Replications
         [Replications Check,BDCTESTING01] A recent replication attempt failed:
            From PGPDC to BDCTESTING01
            Naming Context: DC=DomainDnsZones,DC=Internal,DC=PriceGrabber,DC=com
            The replication generated an error (1256):
            The remote system is not available. For information about network troubleshooting, see Windows Help.
            The failure occurred at 2006-05-16 08:50:10.
            The last success occurred at 2006-05-15 15:56:20.
            17 failures have occurred since the last success.
         [PGPDC] DsBindWithSpnEx() failed with error -2146893022,
         The target principal name is incorrect..
         [Replications Check,BDCTESTING01] A recent replication attempt failed:
            From PGPDC to BDCTESTING01
            Naming Context: DC=ForestDnsZones,DC=Internal,DC=PriceGrabber,DC=com
            The replication generated an error (1256):
            The remote system is not available. For information about network troubleshooting, see Windows Help.
            The failure occurred at 2006-05-16 08:50:10.
            The last success occurred at 2006-05-15 15:56:20.
            17 failures have occurred since the last success.
         [Replications Check,BDCTESTING01] A recent replication attempt failed:
            From PGPDC to BDCTESTING01
            Naming Context: CN=Schema,CN=Configuration,DC=Internal,DC=PriceGrabber,DC=com
            The replication generated an error (-2146893022):
            The target principal name is incorrect.
            The failure occurred at 2006-05-16 08:50:10.
            The last success occurred at 2006-05-15 15:56:20.
            17 failures have occurred since the last success.
         [Replications Check,BDCTESTING01] A recent replication attempt failed:
            From PGPDC to BDCTESTING01
            Naming Context: CN=Configuration,DC=Internal,DC=PriceGrabber,DC=com
            The replication generated an error (-2146893022):
            The target principal name is incorrect.
            The failure occurred at 2006-05-16 09:13:44.
            The last success occurred at 2006-05-15 16:43:44.
            39 failures have occurred since the last success.
         [Replications Check,BDCTESTING01] A recent replication attempt failed:
            From PGPDC to BDCTESTING01
            Naming Context: DC=Internal,DC=PriceGrabber,DC=com
            The replication generated an error (-2146893022):
            The target principal name is incorrect.
            The failure occurred at 2006-05-16 09:46:56.
            The last success occurred at 2006-05-15 16:46:14.
            447 failures have occurred since the last success.
         REPLICATION-RECEIVED LATENCY WARNING
         BDCTESTING01:  Current time is 2006-05-16 09:46:56.
            DC=DomainDnsZones,DC=Internal,DC=PriceGrabber,DC=com
               Last replication recieved from PGPDC at 2006-05-15 15:56:20.
            DC=ForestDnsZones,DC=Internal,DC=PriceGrabber,DC=com
               Last replication recieved from PGPDC at 2006-05-15 15:56:20.
            CN=Schema,CN=Configuration,DC=Internal,DC=PriceGrabber,DC=com
               Last replication recieved from PGPDC at 2006-05-15 15:56:20.
            CN=Configuration,DC=Internal,DC=PriceGrabber,DC=com
               Last replication recieved from PGPDC at 2006-05-15 16:43:44.
            DC=Internal,DC=PriceGrabber,DC=com
               Last replication recieved from PGPDC at 2006-05-15 16:46:14.
         ......................... BDCTESTING01 passed test Replications
      Starting test: NCSecDesc
         ......................... BDCTESTING01 passed test NCSecDesc
      Starting test: NetLogons
         ......................... BDCTESTING01 passed test NetLogons
      Starting test: Advertising
         ......................... BDCTESTING01 passed test Advertising
      Starting test: KnowsOfRoleHolders
         Warning: PGPDC is the Schema Owner, but is not responding to DS RPC Bind.
         [PGPDC] LDAP bind failed with error 8341,
         A directory service error has occurred..
         Warning: PGPDC is the Schema Owner, but is not responding to LDAP Bind.
         Warning: PGPDC is the Domain Owner, but is not responding to DS RPC Bind.
         Warning: PGPDC is the Domain Owner, but is not responding to LDAP Bind.
         Warning: PGPDC is the PDC Owner, but is not responding to DS RPC Bind.
         Warning: PGPDC is the PDC Owner, but is not responding to LDAP Bind.
         Warning: PGPDC is the Rid Owner, but is not responding to DS RPC Bind.
         Warning: PGPDC is the Rid Owner, but is not responding to LDAP Bind.
         Warning: PGPDC is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
         Warning: PGPDC is the Infrastructure Update Owner, but is not responding to LDAP Bind.
         ......................... BDCTESTING01 failed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... BDCTESTING01 failed test RidManager
      Starting test: MachineAccount
         ......................... BDCTESTING01 passed test MachineAccount
      Starting test: Services
         ......................... BDCTESTING01 passed test Services
      Starting test: ObjectsReplicated
         ......................... BDCTESTING01 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... BDCTESTING01 passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... BDCTESTING01 failed test frsevent
      Starting test: kccevent
         An Warning Event occured.  EventID: 0x8000072D
            Time Generated: 05/16/2006   09:35:12
            (Event String could not be retrieved)
         ......................... BDCTESTING01 failed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x40000004
            Time Generated: 05/16/2006   08:51:26
            Event String: The kerberos client received a

         An Error Event occured.  EventID: 0x40000004
            Time Generated: 05/16/2006   09:26:36
            Event String: The kerberos client received a

         An Error Event occured.  EventID: 0x40000004
            Time Generated: 05/16/2006   09:41:12
            Event String: The kerberos client received a

         An Error Event occured.  EventID: 0x40000004
            Time Generated: 05/16/2006   09:41:13
            Event String: The kerberos client received a

         An Error Event occured.  EventID: 0x40000004
            Time Generated: 05/16/2006   09:45:18
            Event String: The kerberos client received a

         ......................... BDCTESTING01 failed test systemlog
      Starting test: VerifyReferences
         ......................... BDCTESTING01 passed test VerifyReferences
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : Internal
      Starting test: CrossRefValidation
         ......................... Internal passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Internal passed test CheckSDRefDom
   
   Running enterprise tests on : Internal.PriceGrabber.com
      Starting test: Intersite
         ......................... Internal.PriceGrabber.com passed test Intersite
      Starting test: FsmoCheck
         ......................... Internal.PriceGrabber.com passed test FsmoCheck
0
 
DelaneyLoiAuthor Commented:
And here's the dcdiag log for pgpdc, the remaining one:


Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\PGPDC
      Starting test: Connectivity
         ......................... PGPDC passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\PGPDC
      Starting test: Replications
         ......................... PGPDC passed test Replications
      Starting test: NCSecDesc
         ......................... PGPDC passed test NCSecDesc
      Starting test: NetLogons
         ......................... PGPDC passed test NetLogons
      Starting test: Advertising
         ......................... PGPDC passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... PGPDC passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... PGPDC passed test RidManager
      Starting test: MachineAccount
         The account PGPDC is not a DC account.  It cannot replicate.
         Warning:  Attribute userAccountControl of PGPDC is: 0x91000 = ( UF_WORKSTATION_TRUST_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_TRUSTED_FOR_DELEGATION )
         Typical setting for a DC is 0x82000 = ( UF_SERVER_TRUST_ACCOUNT | UF_TRUSTED_FOR_DELEGATION )
         This may be affecting replication?
         ......................... PGPDC failed test MachineAccount
      Starting test: Services
         ......................... PGPDC passed test Services
      Starting test: ObjectsReplicated
         ......................... PGPDC passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... PGPDC passed test frssysvol
      Starting test: frsevent
         ......................... PGPDC passed test frsevent
      Starting test: kccevent
         ......................... PGPDC passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x40000004
            Time Generated: 05/16/2006   08:54:03
            Event String: The kerberos client received a

         An Error Event occured.  EventID: 0x40000004
            Time Generated: 05/16/2006   09:00:28
            Event String: The kerberos client received a

         An Error Event occured.  EventID: 0x40000004
            Time Generated: 05/16/2006   09:08:03
            Event String: The kerberos client received a

         An Error Event occured.  EventID: 0x40000004
            Time Generated: 05/16/2006   09:08:04
            Event String: The kerberos client received a

         An Error Event occured.  EventID: 0x40000004
            Time Generated: 05/16/2006   09:13:10
            Event String: The kerberos client received a

         An Error Event occured.  EventID: 0x40000004
            Time Generated: 05/16/2006   09:20:24
            Event String: The kerberos client received a

         An Error Event occured.  EventID: 0x40000004
            Time Generated: 05/16/2006   09:21:19
            Event String: The kerberos client received a

         ......................... PGPDC failed test systemlog
      Starting test: VerifyReferences
         ......................... PGPDC passed test VerifyReferences
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : Internal
      Starting test: CrossRefValidation
         ......................... Internal passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Internal passed test CheckSDRefDom
   
   Running enterprise tests on : Internal.PriceGrabber.com
      Starting test: Intersite
         ......................... Internal.PriceGrabber.com passed test Intersite
      Starting test: FsmoCheck
         ......................... Internal.PriceGrabber.com passed test FsmoCheck
0
 
DelaneyLoiAuthor Commented:
I've check on both DC, and seems like pgpdc, the remaining one, has all the FSMO role. bdctesting01 seems to have a problem recognizing pgpdc for these roles.

Thanks for all of your inputs.
0
 
Darwinian999Commented:
Ok, the first thing I'd try is to run the following commands on PGPDC:

DCDIAG /FIX
IPCONFIG /REGISTERDNS

Then run dcdiag again to see if things are any better. If they're not (probably won't be), do the following:

Run ADSIEdit.msc and find the server object for PGPDC. It should be under: Domain | DC=..... | OU=Domain Controllers
Right click on CN=PGPDC and select Properties.
Edit the attribute userAccountControl, take note of its current value and change it to 532480 (0x82000)
Reboot.

Then run dcdiag again to see if things are any better.
0
 
DelaneyLoiAuthor Commented:
Thanks Darwinian, that did bring the DC back to Domain Controllers :)

Now I have another problem after restarting the DC. The DNS zone disappear after restarting. I've posted another question on EE if you're interested.

http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21854265.html

0

Featured Post

Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now