Solved

WIndows Server 2008 Domain Controller Issue

Posted on 2009-04-13
16
1,058 Views
Last Modified: 2012-05-06
Hello Experts
I have an issue with one of my DC at a remote site. It will stop responding to login requests and if we disjoin the machines from the domain and acts like there is not a domain available to rejoin. But it can ping the domain by the name, companyname.int
Now if I restart the DC, everything works again for a couple of hours. But then it happens again and we have to reboot the DC.
I did notice some misconfigurations on the server, so I correct though.  One of the problems was about a month ago we decommissioned a DC at this site, and in sites and services the new dc was pointed to the old DC. I fixed that and corrected some DNS entries.
The one thing I have not tried yet is to DCpromo the server off the domain and then put it back on; I am going to try that tomorrow morning. I am hoping someone else may have some other ideas to try before I go down that road.
Also the server is a Windows Server 2008
Let me know if you need more information, thanks for any help.
0
Comment
Question by:ruffalocody
  • 6
  • 6
  • 2
  • +1
16 Comments
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility

The most likely issue I'd suggest you verify first is what DNS Servers are configured on the DC's TCP/IP properties on the Network Card. The ONLY DNS Server(s) listed should be the IP addresses of the internal Active Directory DNS servers; the network router nor the ISP's DNS servers should never be defined here. Similarly, use the server's IP, not 127.0.0.1, to refer to the server itself.

Make the same checks on the workstations.

-Matt
0
 

Author Comment

by:ruffalocody
Comment Utility
It is pointing to itself and then also to another DC in another site.

All the stations point back to the local DC.
0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility

What are the results of a dcdiag and netdiag?

-Matt
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
What AV are you running? What Event IDs are you getting?
0
 

Author Comment

by:ruffalocody
Comment Utility
We are using LANDesk (Which is based on kaspersky) for AV.

These are the Event IDs I am seeing
2886 ActiveDirectory_DomainServices
1864 ActiveDirectory_DomainServices
1058 GroupPolicy

The 1864 Events have not occurred yet today, but I can tell that the Server is not working correctly.

Here is the DCDiag report, I don't believe that netdiag is supported anymore with Windows Server 2008. Let me know of an Alternative.

Let me know if you need more information, I am going to try and force the server off the domain today and re-dcpromo it.


Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = iuwincc

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Indiana\IUWINCC

      Starting test: Connectivity

         ......................... IUWINCC passed test Connectivity



Doing primary tests

   
   Testing server: Indiana\IUWINCC

      Starting test: Advertising

         ......................... IUWINCC passed test Advertising

      Starting test: FrsEvent

         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... IUWINCC passed test FrsEvent

      Starting test: DFSREvent

         ......................... IUWINCC passed test DFSREvent

      Starting test: SysVolCheck

         ......................... IUWINCC passed test SysVolCheck

      Starting test: KccEvent

         ......................... IUWINCC passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... IUWINCC passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... IUWINCC passed test MachineAccount

      Starting test: NCSecDesc

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=ForestDnsZones,DC=ruffalo,DC=int
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=DomainDnsZones,DC=ruffalo,DC=int
         ......................... IUWINCC failed test NCSecDesc

      Starting test: NetLogons

         ......................... IUWINCC passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... IUWINCC passed test ObjectsReplicated

      Starting test: Replications

         REPLICATION-RECEIVED LATENCY WARNING

         IUWINCC:  Current time is 2009-04-14 08:26:13.

            DC=ForestDnsZones,DC=ruffalo,DC=int
               Last replication received from UNDWINCC at
          2008-09-10 08:48:14
               WARNING:  This latency is over the Tombstone Lifetime of 60

         days!

               Last replication received from IRVWINCC at
          2008-10-01 09:49:29
               WARNING:  This latency is over the Tombstone Lifetime of 60

         days!

               Last replication received from PENNWINDB at
          2008-07-21 18:23:01
               WARNING:  This latency is over the Tombstone Lifetime of 60

         days!

               Last replication received from IDAHOWINDB at
          2008-08-20 16:35:39
               WARNING:  This latency is over the Tombstone Lifetime of 60

         days!

            DC=DomainDnsZones,DC=ruffalo,DC=int
               Last replication received from UNDWINCC at
          2008-09-10 08:48:14
               WARNING:  This latency is over the Tombstone Lifetime of 60

         days!

               Last replication received from IRVWINCC at
          2008-10-01 09:49:28
               WARNING:  This latency is over the Tombstone Lifetime of 60

         days!

               Last replication received from PENNWINDB at
          2008-07-21 18:23:05
               WARNING:  This latency is over the Tombstone Lifetime of 60

         days!

               Last replication received from IDAHOWINDB at
          2008-08-20 16:35:37
               WARNING:  This latency is over the Tombstone Lifetime of 60

         days!

            CN=Schema,CN=Configuration,DC=ruffalo,DC=int
               Last replication received from UNDWINCC at
          2008-09-10 08:58:48
               WARNING:  This latency is over the Tombstone Lifetime of 60

         days!

               Last replication received from IRVWINCC at
          2008-10-01 09:49:03
               WARNING:  This latency is over the Tombstone Lifetime of 60

         days!

               Last replication received from PENNWINDB at
          2008-07-21 18:26:10
               WARNING:  This latency is over the Tombstone Lifetime of 60

         days!

               Last replication received from IDAHOWINDB at
          2008-08-20 16:34:31
               WARNING:  This latency is over the Tombstone Lifetime of 60

         days!

            CN=Configuration,DC=ruffalo,DC=int
               Last replication received from UNDWINCC at
          2008-09-10 09:19:46
               WARNING:  This latency is over the Tombstone Lifetime of 60

         days!

               Last replication received from IRVWINCC at
          2008-10-01 09:48:40
               WARNING:  This latency is over the Tombstone Lifetime of 60

         days!

               Last replication received from PENNWINDB at
          2008-07-21 18:26:07
               WARNING:  This latency is over the Tombstone Lifetime of 60

         days!

               Last replication received from IDAHOWINDB at
          2008-08-20 16:34:04
               WARNING:  This latency is over the Tombstone Lifetime of 60

         days!

            DC=ruffalo,DC=int
               Last replication received from UNDWINCC at
          2008-09-10 09:22:06
               WARNING:  This latency is over the Tombstone Lifetime of 60

         days!

               Last replication received from IRVWINCC at
          2008-10-01 09:49:33
               WARNING:  This latency is over the Tombstone Lifetime of 60

         days!

               Last replication received from PENNWINDB at
          2008-07-21 18:26:13
               WARNING:  This latency is over the Tombstone Lifetime of 60

         days!

               Last replication received from IDAHOWINDB at
          2008-08-20 16:35:14
               WARNING:  This latency is over the Tombstone Lifetime of 60

         days!

         ......................... IUWINCC passed test Replications

      Starting test: RidManager

         ......................... IUWINCC passed test RidManager

      Starting test: Services

         ......................... IUWINCC passed test Services

      Starting test: SystemLog

         An Error Event occurred.  EventID: 0x00000422

            Time Generated: 04/14/2009   07:31:46

            Event String:

            The processing of Group Policy failed. Windows attempted to read the file \\ruffalo.int\SysVol\ruffalo.int\Policies\{65A45506-2C36-4BA5-B5FD-003B90E7B003}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:


         An Error Event occurred.  EventID: 0x00000457

            Time Generated: 04/14/2009   08:25:39

            Event String:

            Driver hp LaserJet 1300 PCL 6 required for printer !!rcawinprtsrv!IT-Room is unknown. Contact the administrator to install the driver before you log in again.

         An Error Event occurred.  EventID: 0x00000457

            Time Generated: 04/14/2009   08:25:42

            Event String:

            Driver RICOH Aficio MP C6000 PCL 5c required for printer !!rcawinprtsrv!FRONT-DESK 2 is unknown. Contact the administrator to install the driver before you log in again.

         An Error Event occurred.  EventID: 0x00000457

            Time Generated: 04/14/2009   08:25:45

            Event String:

            Driver RICOH Aficio 2238C PCL 5c required for printer !!rcawinprtsrv!RICOH Aficio 2238C PCL 5c Executive Side is unknown. Contact the administrator to install the driver before you log in again.

         An Error Event occurred.  EventID: 0x00000457

            Time Generated: 04/14/2009   08:25:48

            Event String:

            Driver Fiery S300 50C-KM v2.0 eu required for printer !!rcawinprtsrv!Exec-Color is unknown. Contact the administrator to install the driver before you log in again.

         An Error Event occurred.  EventID: 0x00000457

            Time Generated: 04/14/2009   08:25:52

            Event String:

            Driver RICOH Aficio MP 6500 PCL 6 required for printer !!rcawinprtsrv!Executive is unknown. Contact the administrator to install the driver before you log in again.

         An Error Event occurred.  EventID: 0x00000457

            Time Generated: 04/14/2009   08:25:56

            Event String:

            Driver HP LaserJet 4050 Series PCL 6 required for printer !!rcawinprtsrv!Purchasing is unknown. Contact the administrator to install the driver before you log in again.

         An Error Event occurred.  EventID: 0x00000457

            Time Generated: 04/14/2009   08:25:58

            Event String:

            Driver RICOH Aficio 2238C PCL 5c required for printer !!rcawinprtsrv!Executive Side is unknown. Contact the administrator to install the driver before you log in again.

         An Error Event occurred.  EventID: 0x00000457

            Time Generated: 04/14/2009   08:26:02

            Event String:

            Driver RICOH Aficio MP 5500 PCL 5e required for printer !!rcawinprtsrv!South-Floor is unknown. Contact the administrator to install the driver before you log in again.

         An Error Event occurred.  EventID: 0x00000457

            Time Generated: 04/14/2009   08:26:05

            Event String:

            Driver RICOH Aficio MP 5500 PCL 5e required for printer !!rcawinprtsrv!North-Floor is unknown. Contact the administrator to install the driver before you log in again.

         ......................... IUWINCC failed test SystemLog

      Starting test: VerifyReferences

         ......................... IUWINCC passed test VerifyReferences

   
   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : ruffalo

      Starting test: CheckSDRefDom

         ......................... ruffalo passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ruffalo passed test CrossRefValidation

   
   Running enterprise tests on : ruffalo.int

      Starting test: LocatorCheck

         ......................... ruffalo.int passed test LocatorCheck

      Starting test: Intersite

         ......................... ruffalo.int passed test Intersite

0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility

You've hit the tombstone time, which is undoubtedly what is causing all your issues.

If it were me, I'd pull then network plug out the wall, then demote it forcefully using dcpromo /forceremoval. This will demote it to a member server and will need a restart or two.

In the meantime, run a metadata cleanup on another working DC on the network to remove this DC's attributes from Active Directory: http://technet.microsoft.com/en-us/library/cc736378.aspx. Also seize any FSMO roles it may have had.

Once replication has taken place between all DCs, reconnect it to the network and boot it back up. You can then attempt to repromote it as a DC again.

-Matt
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
I agree with Matt.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:ruffalocody
Comment Utility
Ok, well I am removing it off the domain right now.

I will let you know how it goes.
0
 

Author Comment

by:ruffalocody
Comment Utility
Well here is alittle update. I was able to force removal the domain controller, clean up the metadata and then repromo the server. Later in the afternoon, the problem came back. This time I tried a couple more things:

Logged into a local computer at the site as the local admin. Tried to go to \\servername\d$. I could not.

I tried from my computer and was able to get to the d$ share on the remote DC.

So I am thinking it is a possible local LAN network issue. But after a reboot everything is ok again. I am going to try in the morning to change to a different network port on the server, see if that makes any difference.

0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility

If the problem comes back, try disabling TCP/UDP Checksum Offload on the NIC card.

-Matt
0
 

Author Comment

by:ruffalocody
Comment Utility
I have disabled TCP/UDP on the NIC, still the same problem. We can now fix the issue by repairing the NIC.

Any other ideas?
Thanks!
0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility

My next best suggestion would be to fully uninstall your AV software, and re-test. I've not heard of any problems with Kaspersky AV and Server 2008, but it's possible.

-Matt
0
 

Accepted Solution

by:
ruffalocody earned 0 total points
Comment Utility
Ok... well I may have found a possible solution. I was researching Windows Server 2008 DC problems and founds these reports of problems.

http://blogs.technet.com/sbs/archive/2009/02/12/you-may-lose-network-connectivity-on-sbs-2008-when-using-a-driver-which-utilizes-tdi.aspx

http://web2.minasi.com/forum/topic.asp?whichpage=1&TOPIC_ID=29197&#146056

I installed the Hotfix kb961775 last night. Since then no one has reported a problem. Has anyone else experienced this issue?

I am *Hoping* that is fixed the issue.


0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility

I've not seen that one before myself. Give it a test over a few days and see what happens.

-Matt
0
 
LVL 1

Expert Comment

by:Colin_A_Moulder
Comment Utility
Have you configured a global catalogue in each site?
Failing that, if you do not want GC's in each site, try Universal Group Caching which is enabled at site level.
Have you tried using replmon to test replication connectivity. The tool is in the server resource kit
 
0

Featured Post

Are your corporate email signatures appalling?

Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

Join & Write a Comment

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now