encoded66
asked on
Win 2003, domain controller (PDC) emulator cannot be contacted.
We have two win 2003 domain controllers. When I attempt to check my trusts by right clicking on my AD Domain, I get the error: "you cannot modify domain or trust information because a primary domain controller (PDC) emulator cannot be contacted. Please verify that the PDC emulator and the network are both online and functioning properly."
I am not sure what is causing this. I have seen the same issue authored by Rock996 and Chris Dent has worked through the problem. However our servers do not have the same problem of \0ADEL:8daa7e71-2851-4a59-
I am not sure what is causing this. I have seen the same issue authored by Rock996 and Chris Dent has worked through the problem. However our servers do not have the same problem of \0ADEL:8daa7e71-2851-4a59-
Brian Pierce
Check the DNS settings first. Make sure that both domain controllers have there preferred DNS server set to themselves and that the alternate DNS server is either blank, or points to the other DC.
Is this a 2000 or NT client?
ASKER
Both domains are pointing to themsleves.
Answer to elaniyan: This is a win 2003 server, with xp clients connecting to them
Answer to elaniyan: This is a win 2003 server, with xp clients connecting to them
For checking replication / FSMO roles I like using Replmon (part of support tools.)
Add a server ( the DC you are running replmon on.)
Then right click and select properties, you will see FSMO roles as a tab.
Mark
ASKER
I can't find replmon as part of the support tools. I can see repadmin
ASKER
I ran dcdiag /fix and all tests passed except for FsmoCheck.
Response:
Warning: DcGetDcName(GC_SERVER_REQU
Response:
Warning: DcGetDcName(GC_SERVER_REQU
ASKER
Discovery: Replmon exists as part of win 2003 32bit, does not appear in 64bit version.
Therefore installed the 32 bit version on a remote xp server
Therefore installed the 32 bit version on a remote xp server
ASKER
Within Replmon:
Have included both servers.
Have run FSMO roles and have clicked the query button on both servers. All queries test OK.
Have included both servers.
Have run FSMO roles and have clicked the query button on both servers. All queries test OK.
ASKER
I have looked further into the situation. Both servers coexist as Default first site in Active Directory Sites and Services. Should this be true? Ideally we would like one server to be the main primary domain controller and the second one to take over if the first one should ever fail.
Please assist. Thank you
Please assist. Thank you
ASKER
Let me elaborate on the situation:
I run ntdsutil
roles
connections
connect to server abc
quit
select operation target
list roles for connected server
output:
select operation target: list roles for connected server
Server "abc" knows about 5 roles
Schema - CN=NTDS Settings,CN=abc,CN=Servers
Domain - CN=NTDS Settings,CN=abc,CN=Servers
PDC - CN=NTDS Settings,CN=abc,CN=Servers
RID - CN=NTDS Settings,CN=abc,CN=Servers
Infrastructure - CN=NTDS Settings,CN=abc,CN=Servers
I then repeat the same role for other server (backup server):
output for server xyz:
select operation target: list roles for connected server
Server "xyz" knows about 5 roles
Schema - CN=NTDS Settings,CN=abc,CN=Servers
Domain - CN=NTDS Settings,CN=abc,CN=Servers
PDC - CN=NTDS Settings,CN=abc,CN=Servers
RID - CN=NTDS Settings,CN=abc,CN=Servers
Infrastructure - CN=NTDS Settings,CN=abc,CN=Servers
select operation target:
When we try to make a trusted connection from another thrid remote domain controller. Therefore abc and xyz are part of the domain:
abc.coloA.company.co.uk
xyz.coloA.company.co.uk
Another domain controller in coloB
fred.coloB.company.co.uk
In fred, when I go to Active Directory Domain and trusts
right click properties
trusts
(incoming trusts)
click on coloA domain
Properties
Validate
enter in coloA Administrator password
Output:The trust cannot be validated for the following reasons:
The secure channel (SC) reset on domain controller \\xyz.coloA.company.co.uk of domain coloA.company.co.uk to domain coloB.company.co.uk failed with error: There are currently no logon servers available to service the logon request.
==> Firstly the connection should be going to abc.coloA.company.co.uk not xyz.
Next I agree to reset the trust passwords
Output:
Windows cannot find a primary domain controller for the coloA.company.co.uk domain. Verify the PDC is functioning and then try again.
Is there something I missing out on the abc and xyz??
Please help. Thanks again
I run ntdsutil
roles
connections
connect to server abc
quit
select operation target
list roles for connected server
output:
select operation target: list roles for connected server
Server "abc" knows about 5 roles
Schema - CN=NTDS Settings,CN=abc,CN=Servers
Domain - CN=NTDS Settings,CN=abc,CN=Servers
PDC - CN=NTDS Settings,CN=abc,CN=Servers
RID - CN=NTDS Settings,CN=abc,CN=Servers
Infrastructure - CN=NTDS Settings,CN=abc,CN=Servers
I then repeat the same role for other server (backup server):
output for server xyz:
select operation target: list roles for connected server
Server "xyz" knows about 5 roles
Schema - CN=NTDS Settings,CN=abc,CN=Servers
Domain - CN=NTDS Settings,CN=abc,CN=Servers
PDC - CN=NTDS Settings,CN=abc,CN=Servers
RID - CN=NTDS Settings,CN=abc,CN=Servers
Infrastructure - CN=NTDS Settings,CN=abc,CN=Servers
select operation target:
When we try to make a trusted connection from another thrid remote domain controller. Therefore abc and xyz are part of the domain:
abc.coloA.company.co.uk
xyz.coloA.company.co.uk
Another domain controller in coloB
fred.coloB.company.co.uk
In fred, when I go to Active Directory Domain and trusts
right click properties
trusts
(incoming trusts)
click on coloA domain
Properties
Validate
enter in coloA Administrator password
Output:The trust cannot be validated for the following reasons:
The secure channel (SC) reset on domain controller \\xyz.coloA.company.co.uk of domain coloA.company.co.uk to domain coloB.company.co.uk failed with error: There are currently no logon servers available to service the logon request.
==> Firstly the connection should be going to abc.coloA.company.co.uk not xyz.
Next I agree to reset the trust passwords
Output:
Windows cannot find a primary domain controller for the coloA.company.co.uk domain. Verify the PDC is functioning and then try again.
Is there something I missing out on the abc and xyz??
Please help. Thanks again
Try creating secondary zone of coloA in coloB and a secondary zone of coloB in coloA. Then re-try verifying the trust or re-establishing the trust.
Please forgive me if you already did this and I missed it. But can you ping by host name a DC in the target domain?
Also anything in the event viewer on the failing machine?
What server has the PDC FSMO role for each server?
here is how to find them http://support.microsoft.com/kb/324801
Also anything in the event viewer on the failing machine?
What server has the PDC FSMO role for each server?
here is how to find them http://support.microsoft.com/kb/324801
ASKER
I have fixed the problem now everyone. Thanks. Even though when you type list roles for connected server on both the primarr y and secondary domain controller, the output showed the correct domain as the PDC. However, when I went to another colo and attempted to set up a trust the dc in the other colo simply said can not establish connection with PDC, make sure it is working properly.
So I thought it couldn't hurt. I went to the pdc in the first colo and transferred the PDC. I reattempted to set trust and the problem was solved.
Therefore I recommend if you have problems connecting to the PDC when you have a secondary DC, re-attempt to transfer PDC, and things may realign again.
Once again thanks for all your help again
So I thought it couldn't hurt. I went to the pdc in the first colo and transferred the PDC. I reattempted to set trust and the problem was solved.
Therefore I recommend if you have problems connecting to the PDC when you have a secondary DC, re-attempt to transfer PDC, and things may realign again.
Once again thanks for all your help again
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.