Major active directory failure of Domain Controller...
Error Log Listed below...
I can still log in with admin accounts and DNS and IIS is still working. When attempting to access Active Dir. I receive error...
Naming information cannot be located because:
The specified domain does not exist or could not be contacted.
Also...
The directory Schema is not accessable because:
An invalid directory name was passed
For this reason the new menu my be inaccurate and extention snapins ,y not work properly...
How can this recovered...there was some mention someware of reversing the data that was hidden and tombstone time...
C:\Program Files\Support Tools>dcdiag.exe
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\CL
Starting test: Connectivity
......................... CLI-PDC-01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\CL
Starting test: Replications
[Replications Check,CLI-PDC-01] A recent replication attempt failed: From MAIL to CLI-PDC-01
Naming Context: DC=ForestDnsZones,DC=cli-p
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2008-10-02 18:46:12.
The last success occurred at 2006-02-25 12:57:32.
22710 failures have occurred since the last success.
[MAIL] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
[Replications Check,CLI-PDC-01] A recent replication attempt failed:
From MAIL to CLI-PDC-01
Naming Context: DC=DomainDnsZones,DC=cli-p
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2008-10-02 18:46:12.
The last success occurred at 2006-02-25 13:40:45.
22710 failures have occurred since the last success.
[Replications Check,CLI-PDC-01] A recent replication attempt failed:
From MAIL to CLI-PDC-01
Naming Context: CN=Schema,CN=Configuration
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2008-10-02 18:46:54.
The last success occurred at 2006-02-25 12:57:32.
22709 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,CLI-PDC-01] A recent replication attempt failed: From MAIL to CLI-PDC-01
Naming Context: CN=Configuration,DC=cli-pd
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2008-10-02 18:46:33.
The last success occurred at 2006-02-25 13:33:05.
22710 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,CLI-PDC-01] A recent replication attempt failed:
From MAIL to CLI-PDC-01
Naming Context: DC=cli-pdc-01,DC=computerl
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2008-10-02 18:46:12.
The last success occurred at 2006-02-25 13:37:22.
22710 failures have occurred since the last success.
The source remains down. Please check the machine.
REPLICATION-RECEIVED LATENCY WARNING
CLI-PDC-01: Current time is 2008-10-02 19:15:09.
DC=ForestDnsZones,DC=cli-p
Last replication recieved from MAIL at 2006-02-25 12:57:32.
WARNING: This latency is over the Tombstone Lifetime of 180 days
!
DC=DomainDnsZones,DC=cli-p
Last replication recieved from MAIL at 2006-02-25 13:40:45.
WARNING: This latency is over the Tombstone Lifetime of 180 days
!
CN=Schema,CN=Configuration
Last replication recieved from MAIL at 2006-02-25 12:57:32.
WARNING: This latency is over the Tombstone Lifetime of 180 days
!
CN=Configuration,DC=cli-pd
Last replication recieved from MAIL at 2006-02-25 13:33:05.
WARNING: This latency is over the Tombstone Lifetime of 180 days
!
DC=cli-pdc-01,DC=computerl
Last replication recieved from MAIL at 2006-02-25 13:37:22.
WARNING: This latency is over the Tombstone Lifetime of 180 days
!
......................... CLI-PDC-01 passed test Replications
Starting test: NCSecDesc
......................... CLI-PDC-01 passed test NCSecDesc
Starting test: NetLogons
[CLI-PDC-01] An net use or LsaPolicy operation failed with error 1203,
No network provider accepted the given network path..
......................... CLI-PDC-01 failed test NetLogons
Starting test: Advertising
Fatal Error:DsGetDcName (CLI-PDC-01) call failed, error 1355
The Locator could not find the server.
......................... CLI-PDC-01 failed test Advertising
Starting test: KnowsOfRoleHolders
......................... CLI-PDC-01 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... CLI-PDC-01 passed test RidManager
Starting test: MachineAccount
Could not open pipe with [CLI-PDC-01]:failed with 1203: No network prov
ider accepted the given network path.
Could not get NetBIOSDomainName
Failed can not test for HOST SPN
Failed can not test for HOST SPN
* Missing SPN :(null)
* Missing SPN :(null)
......................... CLI-PDC-01 failed test MachineAccount
Starting test: Services
Could not open Remote ipc to [CLI-PDC-01]:failed with 1203: No network
provider accepted the given network path.
......................... CLI-PDC-01 failed test Services
Starting test: ObjectsReplicated
......................... CLI-PDC-01 passed test ObjectsReplicated
Starting test: frssysvol
[CLI-PDC-01] An net use or LsaPolicy operation failed with error 1203,
No network provider accepted the given network path..
......................... CLI-PDC-01 failed test frssysvol
Starting test: frsevent
......................... CLI-PDC-01 failed test frsevent
Starting test: kccevent
Failed to enumerate event log records, error No network provider accept
ed the given network path.
......................... CLI-PDC-01 failed test kccevent
Starting test: systemlog
Failed to enumerate event log records, error No network provider accept
ed the given network path.
......................... CLI-PDC-01 failed test systemlog
Starting test: VerifyReferences
......................... CLI-PDC-01 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : cli-pdc-01
Starting test: CrossRefValidation
......................... cli-pdc-01 passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... cli-pdc-01 passed test CheckSDRefDom
Running enterprise tests on : cli-pdc-01.computerlogisti
Starting test: Intersite
......................... cli-pdc-01.computerlogisti
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQU
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERV
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... cli-pdc-01.computerlogisti
C:\Program Files\Support Tools>
I can still log in with admin accounts and DNS and IIS is still working. When attempting to access Active Dir. I receive error...
Naming information cannot be located because:
The specified domain does not exist or could not be contacted.
Also...
The directory Schema is not accessable because:
An invalid directory name was passed
For this reason the new menu my be inaccurate and extention snapins ,y not work properly...
How can this recovered...there was some mention someware of reversing the data that was hidden and tombstone time...
C:\Program Files\Support Tools>dcdiag.exe
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\CL
Starting test: Connectivity
......................... CLI-PDC-01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\CL
Starting test: Replications
[Replications Check,CLI-PDC-01] A recent replication attempt failed: From MAIL to CLI-PDC-01
Naming Context: DC=ForestDnsZones,DC=cli-p
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2008-10-02 18:46:12.
The last success occurred at 2006-02-25 12:57:32.
22710 failures have occurred since the last success.
[MAIL] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
[Replications Check,CLI-PDC-01] A recent replication attempt failed:
From MAIL to CLI-PDC-01
Naming Context: DC=DomainDnsZones,DC=cli-p
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2008-10-02 18:46:12.
The last success occurred at 2006-02-25 13:40:45.
22710 failures have occurred since the last success.
[Replications Check,CLI-PDC-01] A recent replication attempt failed:
From MAIL to CLI-PDC-01
Naming Context: CN=Schema,CN=Configuration
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2008-10-02 18:46:54.
The last success occurred at 2006-02-25 12:57:32.
22709 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,CLI-PDC-01] A recent replication attempt failed: From MAIL to CLI-PDC-01
Naming Context: CN=Configuration,DC=cli-pd
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2008-10-02 18:46:33.
The last success occurred at 2006-02-25 13:33:05.
22710 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,CLI-PDC-01] A recent replication attempt failed:
From MAIL to CLI-PDC-01
Naming Context: DC=cli-pdc-01,DC=computerl
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2008-10-02 18:46:12.
The last success occurred at 2006-02-25 13:37:22.
22710 failures have occurred since the last success.
The source remains down. Please check the machine.
REPLICATION-RECEIVED LATENCY WARNING
CLI-PDC-01: Current time is 2008-10-02 19:15:09.
DC=ForestDnsZones,DC=cli-p
Last replication recieved from MAIL at 2006-02-25 12:57:32.
WARNING: This latency is over the Tombstone Lifetime of 180 days
!
DC=DomainDnsZones,DC=cli-p
Last replication recieved from MAIL at 2006-02-25 13:40:45.
WARNING: This latency is over the Tombstone Lifetime of 180 days
!
CN=Schema,CN=Configuration
Last replication recieved from MAIL at 2006-02-25 12:57:32.
WARNING: This latency is over the Tombstone Lifetime of 180 days
!
CN=Configuration,DC=cli-pd
Last replication recieved from MAIL at 2006-02-25 13:33:05.
WARNING: This latency is over the Tombstone Lifetime of 180 days
!
DC=cli-pdc-01,DC=computerl
Last replication recieved from MAIL at 2006-02-25 13:37:22.
WARNING: This latency is over the Tombstone Lifetime of 180 days
!
......................... CLI-PDC-01 passed test Replications
Starting test: NCSecDesc
......................... CLI-PDC-01 passed test NCSecDesc
Starting test: NetLogons
[CLI-PDC-01] An net use or LsaPolicy operation failed with error 1203,
No network provider accepted the given network path..
......................... CLI-PDC-01 failed test NetLogons
Starting test: Advertising
Fatal Error:DsGetDcName (CLI-PDC-01) call failed, error 1355
The Locator could not find the server.
......................... CLI-PDC-01 failed test Advertising
Starting test: KnowsOfRoleHolders
......................... CLI-PDC-01 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... CLI-PDC-01 passed test RidManager
Starting test: MachineAccount
Could not open pipe with [CLI-PDC-01]:failed with 1203: No network prov
ider accepted the given network path.
Could not get NetBIOSDomainName
Failed can not test for HOST SPN
Failed can not test for HOST SPN
* Missing SPN :(null)
* Missing SPN :(null)
......................... CLI-PDC-01 failed test MachineAccount
Starting test: Services
Could not open Remote ipc to [CLI-PDC-01]:failed with 1203: No network
provider accepted the given network path.
......................... CLI-PDC-01 failed test Services
Starting test: ObjectsReplicated
......................... CLI-PDC-01 passed test ObjectsReplicated
Starting test: frssysvol
[CLI-PDC-01] An net use or LsaPolicy operation failed with error 1203,
No network provider accepted the given network path..
......................... CLI-PDC-01 failed test frssysvol
Starting test: frsevent
......................... CLI-PDC-01 failed test frsevent
Starting test: kccevent
Failed to enumerate event log records, error No network provider accept
ed the given network path.
......................... CLI-PDC-01 failed test kccevent
Starting test: systemlog
Failed to enumerate event log records, error No network provider accept
ed the given network path.
......................... CLI-PDC-01 failed test systemlog
Starting test: VerifyReferences
......................... CLI-PDC-01 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : cli-pdc-01
Starting test: CrossRefValidation
......................... cli-pdc-01 passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... cli-pdc-01 passed test CheckSDRefDom
Running enterprise tests on : cli-pdc-01.computerlogisti
Starting test: Intersite
......................... cli-pdc-01.computerlogisti
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQU
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERV
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... cli-pdc-01.computerlogisti
C:\Program Files\Support Tools>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
See http://support.microsoft.c
http://www.microsoft.com/d
Make sure you get the one for Directory Services...
http://www.microsoft.com/d
Make sure you get the one for Directory Services...
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hiiii .. any update or any other information you require, please let me know
Hope above information helped :)
Hope above information helped :)
On the DC do "net share" , i think your sysvol and netlogon will not be shared in this scenario
If it does not.. You have 2 DC's > MAIL and CLI-PDC-01
Take backup of Sysvol from DC which has good data
Follow Kb 315457: (this part):
On all domain controllers except the reference domain controller, configure the FRS to be non-authoritative. To do this, follow these steps: 1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the BurFlags entry under the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\
GUID is the GUID of the domain system volume replica set that is shown in the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\
3. On the Edit menu, point to New, and then click DWORD Value.
4. Type D2 for the name of the DWORD, and then press ENTER.
Do D4 on a DC which has all data in sysvol and do D4 on server which is problematic
Make sure to stop frs service before you do so .. and after you change the value to d4 or d2.. restart frs service
This should take care of your issue
Please let me know,
Thanks
Hardeep