Solved

W2K Domain Controller not starting AD properly

Posted on 2006-07-19
11
166 Views
Last Modified: 2010-04-13
OK, for the last couple of days I've been fighting this. I am a unix admin who is now inheriting a Windows network, and I am a little new to this.

Our main DC (FSMO master in all roles) doesn't seem to be working right. I've got a bucketload of symptoms, but I think these are the most relevant:

Event Type:      Warning
Event Source:      NTDS Inter-site Messaging
Event Category:      (19)
Event ID:      1473
Date:            7/19/2006
Time:            10:14:42 AM
User:            N/A
Computer:      DA01
Description:
The Intersite Messaging Service failed to read the configuration of the Intersite Transports out of the Directory.  The error message is as follows:
 The specified server cannot perform the requested operation.
 
 The service has stopped.  It will be necessary to correct the problem and restart the service in order for intersite communication to occur.  The KCC will be unable to calculate intersite topology without this service.
 There may be a problem retrieving data from the LDAP server. Please verify that LDAP queries are succeeding on this machine. You may also wish to try restarting the Intersite Messaging Service manually.
 The record data is the status code.
Data:
0000: 3a 00 00 00               :...    


Manually restarting that service results in the same error message. Also, DNS on that server is down, but I think that's because AD is broken. Also:

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1000
Date:            7/19/2006
Time:            10:36:04 AM
User:            NT AUTHORITY\SYSTEM
Computer:      DA01
Description:
Windows cannot access the file gpt.ini for GPO  The file must be present at the location <>. (). Group Policy processing aborted.


I am not sure if that's just another effect, or a clue, but there it is.

Any help is greatly appreciated.
0
Comment
Question by:gregtrotter
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
11 Comments
 
LVL 26

Expert Comment

by:Pber
ID: 17140929
I think your AD is down because of your DNS.  Your DNS needs to be working in order for AD to work.

How many DC's do you have?  

Make sure the DNS Server service is running on the DC.
Make sure the DNS Client service is running on the DC.
Make sure the DHCP client service is running on the DC.
Make sure your TCP/IP settings have the DNS server pointing to itself.
Do an IPconfig /registerdns from the command prompt
Restart the Netlogon services if running on the DC.
Now Do a dcdiag from the command prompt and see what you get.


0
 
LVL 26

Expert Comment

by:Pber
ID: 17140942
0
 

Author Comment

by:gregtrotter
ID: 17141087
We have three DCs on the network, including the one that's not working properly.

The DNS server is not running because:

Event Type:      Warning
Event Source:      DNS
Event Category:      None
Event ID:      4013
Date:            7/19/2006
Time:            2:26:25 PM
User:            N/A
Computer:      DA01
Description:
The DNS server was unable to open the Active Directory.  This DNS server is configured to use directory service information and can not operate without access to the directory.  The DNS server will wait for the directory to start.  If the DNS server is started but the appropriate event has not been logged, then the DNS server is still waiting for the directory to start.
Data:
0000: f5 25 00 00               õ%..    

The above error repeats every 15 minutes. This indicated to me that the DNS isn't working because AD isn't working... do I have it backwards?
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 

Author Comment

by:gregtrotter
ID: 17192757
Anyone else have any ideas?
0
 
LVL 26

Expert Comment

by:Pber
ID: 17193341
Are the other DC's ok?
0
 

Author Comment

by:gregtrotter
ID: 17193723
Yeah, they are fine. I am almost to the point of just tearing it down and wiping it, but hope to avoid that.
0
 
LVL 26

Expert Comment

by:Pber
ID: 17193734
Try pointing the PDC to one of the other DC's for DNS then reboot the PDC.
0
 

Author Comment

by:gregtrotter
ID: 17193931
Tried that one last week, no joy.
0
 
LVL 26

Accepted Solution

by:
Pber earned 500 total points
ID: 17194266
At this point, I'd probably conclude that AD is corrupt on this box.  If the other two boxes are running fine, I would seize the FSMO and rebuild the DC.  Doing a restore might help, but changes probably have happened on the other DCs so you would have to do a non-authoritative restore so you don't loose data.  It's less hassle to seize and rebuild.

Here's the steps I would do:
Take the failed PDC off the network.
Seize all the FSMO roles on one of the other DCs: http://support.microsoft.com/kb/255504/
Next I would do metadata cleanup: http://support.microsoft.com/kb/216498 or http://www.petri.co.il/delete_failed_dcs_from_ad.htm
Next I would delete all references to the original failed PDC from DNS
Next I would delete the computer object for the original failed PDC if it exists.
Rebuild the original failed PDC and DCPromo back to a DC.
Transfer the FSMO roles back to this box if desired.



0
 
LVL 26

Expert Comment

by:Pber
ID: 17371800
I think I provided a solution to fix the corrupt DC.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question