EXTRHMAN
asked on
Domain Controller problems. The domain controller can't see itself
In need of immediate help. Went away for the holiday only to come back and our network is almost completely down. Our domain controller can't seem to see itself.
Here is our current setup.
1DC on win2003 standard x32
1Exchange 2007 on win2003 standard x64
We have not installed our backup servers yet (unfortunately) for various reasons.
We ran netdiag and dcdiag.
Netdiag failed on domain membership test, telling us that "this system volume has not been completely replicated to the local machine. This machine is not working properly as a DC."
DCdiag failed on Netlogons, telling us "unable to connect to the NETLOGON share!. An net use LsaPolicy operation failed with error 1203, no network provider accepted the given network path."
We can ping the server and can browse the internet from it. DHCP says its running, and same with DNS. But no one can access any network resources and exchange is failing.
I could use any help offered. This unfortunately is not my regular job, I'm a programmer in networking hell right now LOL.
thanks
Mike
Here is our current setup.
1DC on win2003 standard x32
1Exchange 2007 on win2003 standard x64
We have not installed our backup servers yet (unfortunately) for various reasons.
We ran netdiag and dcdiag.
Netdiag failed on domain membership test, telling us that "this system volume has not been completely replicated to the local machine. This machine is not working properly as a DC."
DCdiag failed on Netlogons, telling us "unable to connect to the NETLOGON share!. An net use LsaPolicy operation failed with error 1203, no network provider accepted the given network path."
We can ping the server and can browse the internet from it. DHCP says its running, and same with DNS. But no one can access any network resources and exchange is failing.
I could use any help offered. This unfortunately is not my regular job, I'm a programmer in networking hell right now LOL.
thanks
Mike
Do you have a backup of your AD and GPOs? I'm assuming you have reboot the server and checked the logs for when errors began...
ASKER
We have a full system backup but unfortunately its 77 GB on a NAS and we can't access it from the DC because the NAS uses AD. :( very frustrating! We definitely need a better plan than what we had.
On one note. I noticed we do not have a NETLOGON share or a SYSVOL share. So I added them and we are currently rebooting............
Thanks for the fast response.
On one note. I noticed we do not have a NETLOGON share or a SYSVOL share. So I added them and we are currently rebooting............
Thanks for the fast response.
Well, you are definitely not going anywhere without netlogon or sysvol. The problem is, if sysvol was deleted somehow, that is where GPO information is stored. The reason I asked about the backup is that you may end up having to demote the server and then run dcpromo again, which means you will lose your AD and GPOs. If you don't have a backup DC, you really should be backing up both of these on another server outside of systems backups.
It is possible that just adding the netlogon and sysvol may get it working again, but you may have to recreate some part of AD in order to access the systems backup to restore.
It is possible that just adding the netlogon and sysvol may get it working again, but you may have to recreate some part of AD in order to access the systems backup to restore.
first off i would take a look and see if the files exist....i have seen plenty of times those shares dissapear but the data is still there...
c:\windows\Sysvol\Sysvol\
Lets take a look at that before jumping to any conclusions or doing any damage
Is there just one DC in this network?
c:\windows\Sysvol\Sysvol\
Lets take a look at that before jumping to any conclusions or doing any damage
Is there just one DC in this network?
ASKER
I noticed under the windows\SYSVOL\sysvol\ourd omain.com there is not a policies or script folder but instead is a folder with this name "ntfrs_preexisting__see_ev entlog". Within that folder are the policies and scripts folders.
I copied them to the ourdoamin.com folder where they should be. I am hoping the name of that folder could give you an idea of what's going on? I also noticed that the shares get deleted if we reboot the server.
The backup is taking forever to copy over so I am still trying anything I can to get up sooner. One more note. Under AD all the users and comptuers are listed so we have not lost any of them. Do you think I should try to demote and then promote the server? If so how do I export the users and computers from AD?
Thanks
Mike
I copied them to the ourdoamin.com folder where they should be. I am hoping the name of that folder could give you an idea of what's going on? I also noticed that the shares get deleted if we reboot the server.
The backup is taking forever to copy over so I am still trying anything I can to get up sooner. One more note. Under AD all the users and comptuers are listed so we have not lost any of them. Do you think I should try to demote and then promote the server? If so how do I export the users and computers from AD?
Thanks
Mike
ASKER
Jay,
Yes there is only one DC. Now anyways. Originally we replicated this DC from a small business server per HP tech support suggestion. Have had many issues since. The small business server is still available to us but is not running. It has been demoted and the new full 2003 server is the primary with the GC.
Yes there is only one DC. Now anyways. Originally we replicated this DC from a small business server per HP tech support suggestion. Have had many issues since. The small business server is still available to us but is not running. It has been demoted and the new full 2003 server is the primary with the GC.
small business server can be very touchy - especially with migration paths if done incorrectly...sounds like those SYSVOL folders are a mess....do your diags cleanup at all with the data copied in?
You can use ntbackup to do it.
ASKER
Here is an update. After recreating the shares for SYSVOL and NETLOGON (no reboot) the DCdiag passes, gpupdate succeeds but with errors in event log (1030), Netdiag still returns the DC membership test....failed.
i dont suppose you have a spare 2003 server around at all that we can use to move some roles around and fix this up nice and quickly?
ASKER
Yes we do. What did you have in mind?
i would be looking at promoting a new DC - transferring all the roles, then demoting the other one (original one) - then repromoting it, transffering the roles back - then demoting the other one
ASKER
Jay,
I tried using another server and adding it to the domain as another DC. When I point it to our domain, it doesn't find the other DC saying something about either DNS does not have the correct IP address(which it does) or the DNS server is not running (which it is)? Any suggestions?
I tried using another server and adding it to the domain as another DC. When I point it to our domain, it doesn't find the other DC saying something about either DNS does not have the correct IP address(which it does) or the DNS server is not running (which it is)? Any suggestions?
hmm whilst you have a relatively clean diag it should run....can you ping the existing DC by name?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Works for me
Closed, 500 points refunded.
Vee_Mod
Community Support Moderator
Vee_Mod
Community Support Moderator