Solved

Domain Controller problems.  The domain controller can't see itself

Posted on 2007-11-26
18
828 Views
Last Modified: 2008-06-01
In need of immediate help.  Went away for the holiday only to come back and our network is almost completely down.  Our domain controller can't seem to see itself.  

Here is our current setup.
1DC on win2003 standard x32
1Exchange 2007 on win2003 standard x64

We have not installed our backup servers yet (unfortunately) for various reasons.

We ran netdiag and dcdiag.  
Netdiag failed on domain membership test, telling us that "this system volume has not been completely replicated to the local machine.  This machine is not working properly as a DC."

DCdiag failed on Netlogons, telling us "unable to connect to the NETLOGON share!.  An net use LsaPolicy operation failed with error 1203, no network provider accepted the given network path."

We can ping the server and can browse the internet from it.  DHCP says its running, and same with DNS.  But no one can access any network resources and exchange is failing.

I could use any help offered.  This unfortunately is not my regular job, I'm a programmer in networking hell right now LOL.

thanks
Mike
0
Comment
Question by:EXTRHMAN
  • 7
  • 6
  • 3
  • +1
18 Comments
 
LVL 2

Expert Comment

by:t_taylor
Comment Utility
Do you have a backup of your AD and GPOs?  I'm assuming you have reboot the server and checked the logs for when errors began...
0
 
LVL 1

Author Comment

by:EXTRHMAN
Comment Utility
We have a full system backup but unfortunately its 77 GB on a NAS and we can't access it from the DC because the NAS uses AD.  :( very frustrating!  We definitely need a better plan than what we had.

On one note.  I noticed we do not have a NETLOGON share or a SYSVOL share.  So I added them and we are currently rebooting............

Thanks for the fast response.
0
 
LVL 2

Expert Comment

by:t_taylor
Comment Utility
Well, you are definitely not going anywhere without netlogon or sysvol.  The problem is, if sysvol was deleted somehow, that is where GPO information is stored.  The reason I asked about the backup is that you may end up having to demote the server and then run dcpromo again, which means you will lose your AD and GPOs.  If you don't have a backup DC, you really should be backing up both of these on another server outside of systems backups.

It is possible that just adding the netlogon and sysvol may get it working again, but you may have to recreate some part of AD in order to access the systems backup to restore.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
Comment Utility
first off i would take a look and see if the files exist....i have seen plenty of times those shares dissapear but the data is still there...

c:\windows\Sysvol\Sysvol\

Lets take a look at that before jumping to any conclusions or doing any damage

Is there just one DC in this network?
0
 
LVL 1

Author Comment

by:EXTRHMAN
Comment Utility
I noticed under the windows\SYSVOL\sysvol\ourdomain.com there is not a policies or script folder but instead is a folder with this name "ntfrs_preexisting__see_eventlog".  Within that folder are the policies and scripts folders.

I copied them to the ourdoamin.com folder where they should be.  I am hoping the name of that folder could give you an idea of what's going on?  I also noticed that the shares get deleted if we reboot the server.  

The backup is taking forever to copy over so I am still trying anything I can to get up sooner.  One more note.  Under AD all the users and comptuers are listed so we have not lost any of them.  Do you think I should try to demote and then promote the server?  If so how do I export the users and computers from AD?

Thanks
Mike
0
 
LVL 1

Author Comment

by:EXTRHMAN
Comment Utility
Jay,
Yes there is only one DC. Now anyways.  Originally we replicated this DC from a small business server per HP tech support suggestion.  Have had many issues since.  The small business server is still available to us but is not running.  It has been demoted and the new full 2003 server is the primary with the GC.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
Comment Utility
small business server can be very touchy - especially with migration paths if done incorrectly...sounds like those SYSVOL folders are a mess....do your diags cleanup at all with the data copied in?
0
 
LVL 2

Expert Comment

by:t_taylor
Comment Utility
You can use ntbackup to do it.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 1

Author Comment

by:EXTRHMAN
Comment Utility
Here is an update.  After recreating the shares for SYSVOL and NETLOGON (no reboot) the DCdiag passes, gpupdate succeeds but with errors in event log (1030), Netdiag still returns the DC membership test....failed.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
Comment Utility
i dont suppose you have a spare 2003 server around at all that we can use to move some roles around and fix this up nice and quickly?
0
 
LVL 1

Author Comment

by:EXTRHMAN
Comment Utility
Yes we do.  What did you have in mind?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
Comment Utility
i would be looking at promoting a new DC - transferring all the roles, then demoting the other one (original one) - then repromoting it, transffering the roles back - then demoting the other one
0
 
LVL 1

Author Comment

by:EXTRHMAN
Comment Utility
Jay,
I tried using another server and adding it to the domain as another DC.  When I point it to our domain, it doesn't find the other DC saying something about either DNS does not have the correct IP address(which it does) or the DNS server is not running (which it is)?  Any suggestions?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
Comment Utility
hmm whilst you have a relatively clean diag it should run....can you ping the existing DC by name?
0
 
LVL 1

Accepted Solution

by:
EXTRHMAN earned 0 total points
Comment Utility
Wow completely forgot about this.  Sorry for that.  I will be requesting a refund of points for this question.  We ended up getting in touch with the same HP tech support guy and it turns out the Small business server was still hanging on to some roles(even though we thought it was demoted) and this was causing our new server to not function correctly.  I don't recall which roles it wouldn't release but I know it took awhile to get it back up and running.

I would suggest not replicating from a small business server to standard 2003 server.  Way to much of a headache.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
Comment Utility
Works for me
0
 
LVL 1

Expert Comment

by:Vee_Mod
Comment Utility
Closed, 500 points refunded.
Vee_Mod
Community Support Moderator
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now