Solved

Domain Controller problems.  The domain controller can't see itself

Posted on 2007-11-26
18
848 Views
Last Modified: 2008-06-01
In need of immediate help.  Went away for the holiday only to come back and our network is almost completely down.  Our domain controller can't seem to see itself.  

Here is our current setup.
1DC on win2003 standard x32
1Exchange 2007 on win2003 standard x64

We have not installed our backup servers yet (unfortunately) for various reasons.

We ran netdiag and dcdiag.  
Netdiag failed on domain membership test, telling us that "this system volume has not been completely replicated to the local machine.  This machine is not working properly as a DC."

DCdiag failed on Netlogons, telling us "unable to connect to the NETLOGON share!.  An net use LsaPolicy operation failed with error 1203, no network provider accepted the given network path."

We can ping the server and can browse the internet from it.  DHCP says its running, and same with DNS.  But no one can access any network resources and exchange is failing.

I could use any help offered.  This unfortunately is not my regular job, I'm a programmer in networking hell right now LOL.

thanks
Mike
0
Comment
Question by:EXTRHMAN
  • 7
  • 6
  • 3
  • +1
18 Comments
 
LVL 2

Expert Comment

by:t_taylor
ID: 20353445
Do you have a backup of your AD and GPOs?  I'm assuming you have reboot the server and checked the logs for when errors began...
0
 
LVL 1

Author Comment

by:EXTRHMAN
ID: 20353708
We have a full system backup but unfortunately its 77 GB on a NAS and we can't access it from the DC because the NAS uses AD.  :( very frustrating!  We definitely need a better plan than what we had.

On one note.  I noticed we do not have a NETLOGON share or a SYSVOL share.  So I added them and we are currently rebooting............

Thanks for the fast response.
0
 
LVL 2

Expert Comment

by:t_taylor
ID: 20353739
Well, you are definitely not going anywhere without netlogon or sysvol.  The problem is, if sysvol was deleted somehow, that is where GPO information is stored.  The reason I asked about the backup is that you may end up having to demote the server and then run dcpromo again, which means you will lose your AD and GPOs.  If you don't have a backup DC, you really should be backing up both of these on another server outside of systems backups.

It is possible that just adding the netlogon and sysvol may get it working again, but you may have to recreate some part of AD in order to access the systems backup to restore.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20353972
first off i would take a look and see if the files exist....i have seen plenty of times those shares dissapear but the data is still there...

c:\windows\Sysvol\Sysvol\

Lets take a look at that before jumping to any conclusions or doing any damage

Is there just one DC in this network?
0
 
LVL 1

Author Comment

by:EXTRHMAN
ID: 20354056
I noticed under the windows\SYSVOL\sysvol\ourdomain.com there is not a policies or script folder but instead is a folder with this name "ntfrs_preexisting__see_eventlog".  Within that folder are the policies and scripts folders.

I copied them to the ourdoamin.com folder where they should be.  I am hoping the name of that folder could give you an idea of what's going on?  I also noticed that the shares get deleted if we reboot the server.  

The backup is taking forever to copy over so I am still trying anything I can to get up sooner.  One more note.  Under AD all the users and comptuers are listed so we have not lost any of them.  Do you think I should try to demote and then promote the server?  If so how do I export the users and computers from AD?

Thanks
Mike
0
 
LVL 1

Author Comment

by:EXTRHMAN
ID: 20354078
Jay,
Yes there is only one DC. Now anyways.  Originally we replicated this DC from a small business server per HP tech support suggestion.  Have had many issues since.  The small business server is still available to us but is not running.  It has been demoted and the new full 2003 server is the primary with the GC.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20354113
small business server can be very touchy - especially with migration paths if done incorrectly...sounds like those SYSVOL folders are a mess....do your diags cleanup at all with the data copied in?
0
 
LVL 2

Expert Comment

by:t_taylor
ID: 20354115
You can use ntbackup to do it.
0
 
LVL 1

Author Comment

by:EXTRHMAN
ID: 20354124
Here is an update.  After recreating the shares for SYSVOL and NETLOGON (no reboot) the DCdiag passes, gpupdate succeeds but with errors in event log (1030), Netdiag still returns the DC membership test....failed.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20354201
i dont suppose you have a spare 2003 server around at all that we can use to move some roles around and fix this up nice and quickly?
0
 
LVL 1

Author Comment

by:EXTRHMAN
ID: 20354223
Yes we do.  What did you have in mind?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20354283
i would be looking at promoting a new DC - transferring all the roles, then demoting the other one (original one) - then repromoting it, transffering the roles back - then demoting the other one
0
 
LVL 1

Author Comment

by:EXTRHMAN
ID: 20354398
Jay,
I tried using another server and adding it to the domain as another DC.  When I point it to our domain, it doesn't find the other DC saying something about either DNS does not have the correct IP address(which it does) or the DNS server is not running (which it is)?  Any suggestions?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20354550
hmm whilst you have a relatively clean diag it should run....can you ping the existing DC by name?
0
 
LVL 1

Accepted Solution

by:
EXTRHMAN earned 0 total points
ID: 20684833
Wow completely forgot about this.  Sorry for that.  I will be requesting a refund of points for this question.  We ended up getting in touch with the same HP tech support guy and it turns out the Small business server was still hanging on to some roles(even though we thought it was demoted) and this was causing our new server to not function correctly.  I don't recall which roles it wouldn't release but I know it took awhile to get it back up and running.

I would suggest not replicating from a small business server to standard 2003 server.  Way to much of a headache.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20687572
Works for me
0
 
LVL 1

Expert Comment

by:Vee_Mod
ID: 20705445
Closed, 500 points refunded.
Vee_Mod
Community Support Moderator
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Home Folder Permissions in Active Directory 2 31
Domain Service Not Responding 14 30
Public IP address in an internal DNS reverse lookup zone 2 25
Domian name change 12 23
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question