Solved

DC not starting till another DC starts

Posted on 2009-04-08
21
229 Views
Last Modified: 2012-05-06
Hi, noticed something during a recable at work
a DC lets call it AD1  has all the master roles and is a DSN WINS DHCP GC
none of these services would start when we sitched it on, the box only came to life when another DC was started.  why would this be? it was on a local network.

essentially it would not work independently

windows 2003 sp2
0
Comment
Question by:mhamer
  • 11
  • 6
  • 4
21 Comments
 
LVL 58

Accepted Solution

by:
tigermatt earned 250 total points
ID: 24095784

Verify the DNS Server configuration on the DC. What server(s) does it have configured as DNS Servers to use? It should have itself as the Preferred DNS Server, and the other DC as the alternate DNS server.

-Matt
0
 

Author Comment

by:mhamer
ID: 24095788
yes thats how it is
0
 
LVL 49

Expert Comment

by:Akhater
ID: 24095792
on the DC that is "failing" what is its DNS configuration ?

i.e. who is it using as DNS server ?
0
 

Author Comment

by:mhamer
ID: 24095802
Primary is its self
secondary is a server that was elseware

0
 
LVL 49

Expert Comment

by:Akhater
ID: 24095813
sorry Matt i posted before I refreshed and didn't know you replied to the thread


0
 

Author Comment

by:mhamer
ID: 24095818
it says (event viewer dns could not contact Active directory.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24095819

Run a dcdiag /test:DNS /v to test DNS on this particular DC.

-Matt
0
 

Author Comment

by:mhamer
ID: 24095869
hi, it pass's with flying colours.

background:
as we were recabling we kept sever servers in a nother roomn so basic functionaltiy was till there for weekend users, aDC an exchange box and a SQL server and a firewall
The guys doing the work struggle dto get it to work as this DC would not start its services, as soon as the vpn came up they all sprang in to life.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24095898
What errors are logged in the Event Logs? Is the DC a GC? It's unusual for a DC to not be able to start itself.

-Matt
0
 
LVL 49

Expert Comment

by:Akhater
ID: 24095913
in the DNS zone that is on the failing server, can you confirm that you have yourdomain.com and _msdcs.yourdomain.com zones ?

0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:mhamer
ID: 24095944
1054
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.


40960
The Security System detected an authentication error for the server ldap/asl-ad1.interquad.com.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
 (0xc000005e)".



1059
The DHCP service failed to see a directory server for authorization.


5781
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'interquad.com.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  

Possible causes of failure include:  
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration  

USER ACTION  
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt or by restarting Net Logon service. Nltest.exe is available in the Microsoft Windows Server Resource Kit CD.

4013
The DNS server was unable to open the Active Directory.  This DNS server is configured to use directory service information and can not operate without access to the directory.  The DNS server will wait for the directory to start.  If the DNS server is started but the appropriate event has not been logged, then the DNS server is still waiting for the directory to start.
0
 

Author Comment

by:mhamer
ID: 24095951
yes i can confirm those zones exist, DNS looks fine
0
 
LVL 49

Expert Comment

by:Akhater
ID: 24095992
is it possible that your security log on that DC is full ?

http://support.microsoft.com/kb/316685
0
 

Author Comment

by:mhamer
ID: 24096037
nope its not full  set to over right as needed but has enough space for a months worth.
0
 

Author Comment

by:mhamer
ID: 24096051
I should also add i wasnt here when the event took place, so relying on a "true" account fo what happened

it was connecte dto the network
Logs are still in tact from before and after
nothing els ein the event viewer
no current issue
I just need to know why so it doesnt happen again, caused a lot fo grief for the guys working ove rthe weekend.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 24096069
well i guess you will have to test off working hours. that's my best guess
0
 

Author Comment

by:mhamer
ID: 24096140
yep, I plan to but have to wait till saturday


was just wondering if there is anything obvious like it needs connection to the server thats listed as alternate

so its fair to say  a DC holding all the fsmo roles and dns to itself "should" work independently?
0
 
LVL 49

Assisted Solution

by:Akhater
Akhater earned 250 total points
ID: 24096147
any DC should be able to work independently

0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24096277

It is correct that any DC should be able to work independently of other machines. I have some sites which are isolated from the remainder of the network (and the FSMO role holders) at times, and the network is able to continue running (and be restarted, if necessary) during this period of isolation. You must simply have at least one local DC & GC and a local DNS Server.

-Matt
0
 

Author Comment

by:mhamer
ID: 24097811
ok, enough info to  begoing on with thank you both for your input i'll post back if I find anything.
0
 

Author Closing Comment

by:mhamer
ID: 31567962
more information, than a solution.  thank you
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now