Additional Domain Controller either does not exist or could not be contacted.

Hello,
We have a problem with Windows 2003 SP2 Domain Controller. On booting, it gave the following error message:
"lsass.exe-system error: Security Accounts Manager initialization failed" error message and event ID 1168 is logged when you restart a Windows Server 2003 domain controller.
We boot the system to Active Directory restore mode but we cannot logon to the system so the only option left is to restore from Backup using Symantec Backup Exec.
We did a full restore including the system state; but on reboot the system came up with the same error message
"lsass.exe-system error: Security Accounts Manager initialization failed"
So we decided to seize the entire five roles on the Domain Controller unto the additional Domain Controller. After seizing all the roles, we experience the following problems:
1.      Users cannot logon to the domain
2.      The additional domain controller cannot be connected to from the network using remote desktop
3.      Exchange services did not start

How can I get this additional domain controller to work so that at least my domain can come up and work can continue in my office while I battle with initial error?
Please help!!!
BABAJIDEFETAsked:
Who is Participating?
 
Netman66Commented:
Check DNS to be sure the SRV record exists in _msdcs.

You may need to change the NIC settings to point only to itself for DNS and restart the Netlogon service to register properly.
0
 
Netman66Commented:
Make the other (remaining) DC a Global Catalog.
0
 
ChiefITCommented:
There are known issues with 2003 server SP2:
Maybe this will help.
http://www.lan-2-wan.com/2003-SP2.htm
0
 
BABAJIDEFETAuthor Commented:
the machine is already a global catalog server but its not working, it does not authenticate users and its generally invisible on the network.
0
 
ChiefITCommented:
I totally agree with what netman just sated:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23356031.html
______________________________________________________________________
If the above doesn't work:
The netlogon service and browser service share a couple things in common.

Both use Netbios. Both use Netbios ports 137,138, and 139

Here, this will back me up on this claim:
http://www.microsoft.com/smallbusiness/support/articles/ref_net_ports_ms_prod.mspx

Make sure Netbios over TCP/IP is enabled on the server.
Make sure Netbios ports are available between the clients and server. You can do this by performing a telnet connection to those ports.

If this is set up in a VPN scenario, you may have to use WINS. Netbios broadcasts will not propogate over NAT and a VPN tunnel.


0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.