Link to home
Start Free TrialLog in
Avatar of EXTRHMAN
EXTRHMAN

asked on

Domain Controller problems. The domain controller can't see itself

In need of immediate help.  Went away for the holiday only to come back and our network is almost completely down.  Our domain controller can't seem to see itself.  

Here is our current setup.
1DC on win2003 standard x32
1Exchange 2007 on win2003 standard x64

We have not installed our backup servers yet (unfortunately) for various reasons.

We ran netdiag and dcdiag.  
Netdiag failed on domain membership test, telling us that "this system volume has not been completely replicated to the local machine.  This machine is not working properly as a DC."

DCdiag failed on Netlogons, telling us "unable to connect to the NETLOGON share!.  An net use LsaPolicy operation failed with error 1203, no network provider accepted the given network path."

We can ping the server and can browse the internet from it.  DHCP says its running, and same with DNS.  But no one can access any network resources and exchange is failing.

I could use any help offered.  This unfortunately is not my regular job, I'm a programmer in networking hell right now LOL.

thanks
Mike
Avatar of t_taylor
t_taylor

Do you have a backup of your AD and GPOs?  I'm assuming you have reboot the server and checked the logs for when errors began...
Avatar of EXTRHMAN

ASKER

We have a full system backup but unfortunately its 77 GB on a NAS and we can't access it from the DC because the NAS uses AD.  :( very frustrating!  We definitely need a better plan than what we had.

On one note.  I noticed we do not have a NETLOGON share or a SYSVOL share.  So I added them and we are currently rebooting............

Thanks for the fast response.
Well, you are definitely not going anywhere without netlogon or sysvol.  The problem is, if sysvol was deleted somehow, that is where GPO information is stored.  The reason I asked about the backup is that you may end up having to demote the server and then run dcpromo again, which means you will lose your AD and GPOs.  If you don't have a backup DC, you really should be backing up both of these on another server outside of systems backups.

It is possible that just adding the netlogon and sysvol may get it working again, but you may have to recreate some part of AD in order to access the systems backup to restore.
first off i would take a look and see if the files exist....i have seen plenty of times those shares dissapear but the data is still there...

c:\windows\Sysvol\Sysvol\

Lets take a look at that before jumping to any conclusions or doing any damage

Is there just one DC in this network?
I noticed under the windows\SYSVOL\sysvol\ourdomain.com there is not a policies or script folder but instead is a folder with this name "ntfrs_preexisting__see_eventlog".  Within that folder are the policies and scripts folders.

I copied them to the ourdoamin.com folder where they should be.  I am hoping the name of that folder could give you an idea of what's going on?  I also noticed that the shares get deleted if we reboot the server.  

The backup is taking forever to copy over so I am still trying anything I can to get up sooner.  One more note.  Under AD all the users and comptuers are listed so we have not lost any of them.  Do you think I should try to demote and then promote the server?  If so how do I export the users and computers from AD?

Thanks
Mike
Jay,
Yes there is only one DC. Now anyways.  Originally we replicated this DC from a small business server per HP tech support suggestion.  Have had many issues since.  The small business server is still available to us but is not running.  It has been demoted and the new full 2003 server is the primary with the GC.
small business server can be very touchy - especially with migration paths if done incorrectly...sounds like those SYSVOL folders are a mess....do your diags cleanup at all with the data copied in?
You can use ntbackup to do it.
Here is an update.  After recreating the shares for SYSVOL and NETLOGON (no reboot) the DCdiag passes, gpupdate succeeds but with errors in event log (1030), Netdiag still returns the DC membership test....failed.
i dont suppose you have a spare 2003 server around at all that we can use to move some roles around and fix this up nice and quickly?
Yes we do.  What did you have in mind?
i would be looking at promoting a new DC - transferring all the roles, then demoting the other one (original one) - then repromoting it, transffering the roles back - then demoting the other one
Jay,
I tried using another server and adding it to the domain as another DC.  When I point it to our domain, it doesn't find the other DC saying something about either DNS does not have the correct IP address(which it does) or the DNS server is not running (which it is)?  Any suggestions?
hmm whilst you have a relatively clean diag it should run....can you ping the existing DC by name?
ASKER CERTIFIED SOLUTION
Avatar of EXTRHMAN
EXTRHMAN

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Works for me
Closed, 500 points refunded.
Vee_Mod
Community Support Moderator