• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 315
  • Last Modified:

New Domain Controller

On the weekend, I moved my Exchange 2003 and DC roles to new hardware. Exchange worked fine..

Today I'm noticing that the new domain controller is failing.. The replication is failing, netlogon and sysvol shares are gone.. Netdiag and dcdiag are giving me errors.. I'm trying things I find on EE and google but nothings working... I'm posting netdiag and dcdiag.. PLease Help ASAP!!! Thank you!!!

H:\>netdiag

.....................................

    Computer Name: DC1
    DNS Host Name: dc1.ijwhite.com
    System info : Microsoft Windows Server 2003 R2 (Build 3790)
    Processor : x86 Family 15 Model 4 Stepping 1, GenuineIntel
    List of installed hotfixes :
        KB923561
        KB924667-v2
        KB925398_WMP64
        KB925902-v2
        KB926122
        KB927891
        KB929123
        KB930178
        KB932168
        KB933854
        KB936357
        KB938127
        KB941569
        KB943055
        KB943460
        KB944338-v2
        KB944653
        KB945553
        KB946026
        KB948496
        KB950762
        KB950974
        KB951066
        KB951748
        KB952004
        KB952069
        KB952954
        KB953298
        KB954155
        KB955069
        KB955759
        KB956572
        KB956802
        KB956803
        KB956844
        KB957097
        KB958469
        KB958644
        KB958687
        KB958869
        KB959426
        KB960225
        KB960803
        KB960859
        KB961063
        KB961371-v2
        KB961501
        KB967715
        KB967723
        KB968389
        KB968816
        KB969059
        KB969947
        KB970238
        KB970430
        KB971032
        KB971486
        KB971557
        KB971633
        KB971657
        KB971737
        KB971961
        KB971961-IE8
        KB973037
        KB973354
        KB973507
        KB973525
        KB973540
        KB973687
        KB973815
        KB973869
        KB973904
        KB974112
        KB974318
        KB974392
        KB974571
        KB975025
        KB975364-IE8
        KB975467
        KB976098-v2
        KB976325
        KB976325-IE8
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : dc1
        IP Address . . . . . . . . : 192.168.22.10
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.22.1
        Dns Servers. . . . . . . . : 127.0.0.1
                                     192.168.22.240


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Failed
    [WARNING] Ths system volume has not been completely replicated to the local
machine. This machine is not working properly as a DC.


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{64A99190-70A2-432A-9D2A-BB81BC2E4CA6}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '127.0.0.1' a
nd other DCs also have some of the names registered.
    PASS - All the DNS entries for DC are registered on DNS server '192.168.22.2
40' and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{64A99190-70A2-432A-9D2A-BB81BC2E4CA6}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{64A99190-70A2-432A-9D2A-BB81BC2E4CA6}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

H:\>dcdiag

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\DC1
      Starting test: Connectivity
         ......................... DC1 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\DC1
      Starting test: Replications
         [Replications Check,DC1] A recent replication attempt failed:
            From IJWHITE-PDC to DC1
            Naming Context: DC=DomainDnsZones,DC=ijwhite,DC=com
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2009-12-21 10:00:33.
            The last success occurred at 2009-12-21 09:41:58.
            2 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [Replications Check,DC1] A recent replication attempt failed:
            From IJWHITE-PDC to DC1
            Naming Context: CN=Schema,CN=Configuration,DC=ijwhite,DC=com
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2009-12-21 09:58:21.
            The last success occurred at 2009-12-21 09:41:59.
            2 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [Replications Check,DC1] A recent replication attempt failed:
            From IJWHITE-PDC to DC1
            Naming Context: CN=Configuration,DC=ijwhite,DC=com
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2009-12-21 09:57:09.
            The last success occurred at 2009-12-21 09:41:59.
            2 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         ......................... DC1 passed test Replications
      Starting test: NCSecDesc
         ......................... DC1 passed test NCSecDesc
      Starting test: NetLogons
         Unable to connect to the NETLOGON share! (\\DC1\netlogon)
         [DC1] An net use or LsaPolicy operation failed with error 1203, No net
ork provider accepted the given network path..
         ......................... DC1 failed test NetLogons
      Starting test: Advertising
         Warning: DsGetDcName returned information for \\IJWHITE-PDC.ijwhite.co
, when we were trying to reach DC1.
         Server is not responding or is not considered suitable.
         Warning: DC1 is not advertising as a global catalog.
         Check that server finished GC promotion.
         Check the event log on server that enough source replicas for the GC a
e available.
         ......................... DC1 failed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... DC1 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... DC1 passed test RidManager
      Starting test: MachineAccount
         ......................... DC1 passed test MachineAccount
      Starting test: Services
         ......................... DC1 passed test Services
      Starting test: ObjectsReplicated
         ......................... DC1 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... DC1 passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... DC1 failed test frsevent
      Starting test: kccevent
         An Warning Event occured.  EventID: 0x8000072D
            Time Generated: 12/21/2009   10:01:34
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0000466
            Time Generated: 12/21/2009   10:09:17
            (Event String could not be retrieved)
         ......................... DC1 failed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0xC0002719
            Time Generated: 12/21/2009   09:42:21
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0002719
            Time Generated: 12/21/2009   09:42:43
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000423
            Time Generated: 12/21/2009   09:55:19
            Event String: The DHCP service failed to see a directory server
         An Error Event occured.  EventID: 0x00000416
            Time Generated: 12/21/2009   09:55:19
            Event String: The DHCP/BINL service on the local machine,
         An Error Event occured.  EventID: 0x00000423
            Time Generated: 12/21/2009   09:55:43
            Event String: The DHCP service failed to see a directory server
         ......................... DC1 failed test systemlog
      Starting test: VerifyReferences
         ......................... DC1 passed test VerifyReferences

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidatio

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidatio

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : ijwhite
      Starting test: CrossRefValidation
         ......................... ijwhite passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ijwhite passed test CheckSDRefDom

   Running enterprise tests on : ijwhite.com
      Starting test: Intersite
         ......................... ijwhite.com passed test Intersite
      Starting test: FsmoCheck
         Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
         A Global Catalog Server could not be located - All GC's are down.
         ......................... ijwhite.com failed test FsmoCheck
0
TJacoberger1
Asked:
TJacoberger1
  • 2
  • 2
  • 2
  • +1
1 Solution
 
Henrik JohanssonSystems engineerCommented:
Is firewall enabled on DCs? If so, either disable it or open the necessary port exceptions
http://support.microsoft.com/kb/555381

Instead of using 127.0.0.1, use the real IP 192.168.22.10 as DNS server.
0
 
TJacoberger1Author Commented:
I have disabled the firewalls on Both servers, and added the IP addresses instead of the loopback.. Still nothing.. I even ran repadmin, unless i did somethig wrong.. I;m sure I did  it correctly...
0
 
jgpdCommented:
could you please run dcdiag /fix and netdiag /fix?
Regards,
Jose
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
jgpdCommented:
check if the new DC server have  the FSMO roles  you can do that  using Ntdsutil
follow this link to complete the task
http://www.petri.co.il/seizing_fsmo_roles.htm
Regards,
Jose
0
 
Henrik JohanssonSystems engineerCommented:
Re-read the output in the question and see that it can't find directory server.

On the new DC, remove its own IP from the DNS list so it only use the original DC/DNS as DNS server until replication works. It will not become a fully DC until it can share SYSVOL after replication completes.
0
 
Texas_BillyCommented:
You don't have a firewall issue here, your Active Directory is in a journal wrap state.  Look in your File Replication System event log for Event ID 13568 or 5719, either of these will specify if you are indeed experiencing the journal wrap error.  If you are, stop right here and don't try any other fixes - this is a serious problem, you are at risk of reaching tombstone states on your DC(s), which could blow away exchange.  

The good news is that this is very fixable, provided you work with a top-notch active directory expert.  I recommend a group out of Austin called Xirtix; I've worked with them on this exact issue, they were great.  They got MS on the phone, together with MS they resolved it and got me back up and running in about 7 hours.  

But DO NOT be fooling around in your AD, you are to a point where your AD can be irrecoverably lost if you do.  I don't mean to be dramatic, but this is no joke; you need an authoritative restore of your sysvol tree (http://support.microsoft.com/default.aspx?scid=kb;en-us;315457), but this is a very complex fix and you need someone who has been there and done that over and over again.  This article leaves out many items that you'll not know, such as stopping the kerberos service on your DC(s) before initially bringing the FRS service back up.  I made this mistake by just trying to follow this article, and it wound up getting the secure channel password between my DCs out of sync.  Xirtix could have fixed the problem in minutes had I called them; becuase I tried this myself, it took MS all day and was not at all inexpensive, as you might imagine.

Do not just follow the steps of this article yourself; give up on an easy fix; this isn't a simple firewall or dns issue.  Call Xirtix, they'll help you right there on the spot and get you back online.  Do yourself a favor here man, work with someone who makes a living doing this and this alone.  --TX
0
 
TJacoberger1Author Commented:
You were absoulely correct, the replication service was way beyond damaged and I contacted Microsoft. They had to tools to repair it and getting back to normal. I was on the phone with them for almost 4 or 5 hours. All is good now!! Thank you for the reponse..
0
 
Texas_BillyCommented:
You are most welcome, I'm glad it's back to a working state for you.  I wish I could find that ntfrs.exe tool that MS uses.  They say it's in the support tools pack with netdom, but it's not - I can't find it anywhere.  Go Horns.  --TX
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now