New Domain Controller
On the weekend, I moved my Exchange 2003 and DC roles to new hardware. Exchange worked fine..
Today I'm noticing that the new domain controller is failing.. The replication is failing, netlogon and sysvol shares are gone.. Netdiag and dcdiag are giving me errors.. I'm trying things I find on EE and google but nothings working... I'm posting netdiag and dcdiag.. PLease Help ASAP!!! Thank you!!!
H:\>netdiag
..........................
Computer Name: DC1
DNS Host Name: dc1.ijwhite.com
System info : Microsoft Windows Server 2003 R2 (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 1, GenuineIntel
List of installed hotfixes :
KB923561
KB924667-v2
KB925398_WMP64
KB925902-v2
KB926122
KB927891
KB929123
KB930178
KB932168
KB933854
KB936357
KB938127
KB941569
KB943055
KB943460
KB944338-v2
KB944653
KB945553
KB946026
KB948496
KB950762
KB950974
KB951066
KB951748
KB952004
KB952069
KB952954
KB953298
KB954155
KB955069
KB955759
KB956572
KB956802
KB956803
KB956844
KB957097
KB958469
KB958644
KB958687
KB958869
KB959426
KB960225
KB960803
KB960859
KB961063
KB961371-v2
KB961501
KB967715
KB967723
KB968389
KB968816
KB969059
KB969947
KB970238
KB970430
KB971032
KB971486
KB971557
KB971633
KB971657
KB971737
KB971961
KB971961-IE8
KB973037
KB973354
KB973507
KB973525
KB973540
KB973687
KB973815
KB973869
KB973904
KB974112
KB974318
KB974392
KB974571
KB975025
KB975364-IE8
KB975467
KB976098-v2
KB976325
KB976325-IE8
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : dc1
IP Address . . . . . . . . : 192.168.22.10
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.22.1
Dns Servers. . . . . . . . : 127.0.0.1
192.168.22.240
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Failed
[WARNING] Ths system volume has not been completely replicated to the local
machine. This machine is not working properly as a DC.
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{64A99190-70A2
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '127.0.0.1' a
nd other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server '192.168.22.2
40' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{64A99190-70A2
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{64A99190-70A2
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
H:\>dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC
Starting test: Connectivity
......................... DC1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC
Starting test: Replications
[Replications Check,DC1] A recent replication attempt failed:
From IJWHITE-PDC to DC1
Naming Context: DC=DomainDnsZones,DC=ijwhi
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2009-12-21 10:00:33.
The last success occurred at 2009-12-21 09:41:58.
2 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,DC1] A recent replication attempt failed:
From IJWHITE-PDC to DC1
Naming Context: CN=Schema,CN=Configuration
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2009-12-21 09:58:21.
The last success occurred at 2009-12-21 09:41:59.
2 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,DC1] A recent replication attempt failed:
From IJWHITE-PDC to DC1
Naming Context: CN=Configuration,DC=ijwhit
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2009-12-21 09:57:09.
The last success occurred at 2009-12-21 09:41:59.
2 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
......................... DC1 passed test Replications
Starting test: NCSecDesc
......................... DC1 passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\DC1\netlogon)
[DC1] An net use or LsaPolicy operation failed with error 1203, No net
ork provider accepted the given network path..
......................... DC1 failed test NetLogons
Starting test: Advertising
Warning: DsGetDcName returned information for \\IJWHITE-PDC.ijwhite.co
, when we were trying to reach DC1.
Server is not responding or is not considered suitable.
Warning: DC1 is not advertising as a global catalog.
Check that server finished GC promotion.
Check the event log on server that enough source replicas for the GC a
e available.
......................... DC1 failed test Advertising
Starting test: KnowsOfRoleHolders
......................... DC1 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... DC1 passed test RidManager
Starting test: MachineAccount
......................... DC1 passed test MachineAccount
Starting test: Services
......................... DC1 passed test Services
Starting test: ObjectsReplicated
......................... DC1 passed test ObjectsReplicated
Starting test: frssysvol
......................... DC1 passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... DC1 failed test frsevent
Starting test: kccevent
An Warning Event occured. EventID: 0x8000072D
Time Generated: 12/21/2009 10:01:34
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000466
Time Generated: 12/21/2009 10:09:17
(Event String could not be retrieved)
......................... DC1 failed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0xC0002719
Time Generated: 12/21/2009 09:42:21
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0002719
Time Generated: 12/21/2009 09:42:43
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000423
Time Generated: 12/21/2009 09:55:19
Event String: The DHCP service failed to see a directory server
An Error Event occured. EventID: 0x00000416
Time Generated: 12/21/2009 09:55:19
Event String: The DHCP/BINL service on the local machine,
An Error Event occured. EventID: 0x00000423
Time Generated: 12/21/2009 09:55:43
Event String: The DHCP service failed to see a directory server
......................... DC1 failed test systemlog
Starting test: VerifyReferences
......................... DC1 passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidatio
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidatio
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : ijwhite
Starting test: CrossRefValidation
......................... ijwhite passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ijwhite passed test CheckSDRefDom
Running enterprise tests on : ijwhite.com
Starting test: Intersite
......................... ijwhite.com passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQU
A Global Catalog Server could not be located - All GC's are down.
......................... ijwhite.com failed test FsmoCheck
Today I'm noticing that the new domain controller is failing.. The replication is failing, netlogon and sysvol shares are gone.. Netdiag and dcdiag are giving me errors.. I'm trying things I find on EE and google but nothings working... I'm posting netdiag and dcdiag.. PLease Help ASAP!!! Thank you!!!
H:\>netdiag
..........................
Computer Name: DC1
DNS Host Name: dc1.ijwhite.com
System info : Microsoft Windows Server 2003 R2 (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 1, GenuineIntel
List of installed hotfixes :
KB923561
KB924667-v2
KB925398_WMP64
KB925902-v2
KB926122
KB927891
KB929123
KB930178
KB932168
KB933854
KB936357
KB938127
KB941569
KB943055
KB943460
KB944338-v2
KB944653
KB945553
KB946026
KB948496
KB950762
KB950974
KB951066
KB951748
KB952004
KB952069
KB952954
KB953298
KB954155
KB955069
KB955759
KB956572
KB956802
KB956803
KB956844
KB957097
KB958469
KB958644
KB958687
KB958869
KB959426
KB960225
KB960803
KB960859
KB961063
KB961371-v2
KB961501
KB967715
KB967723
KB968389
KB968816
KB969059
KB969947
KB970238
KB970430
KB971032
KB971486
KB971557
KB971633
KB971657
KB971737
KB971961
KB971961-IE8
KB973037
KB973354
KB973507
KB973525
KB973540
KB973687
KB973815
KB973869
KB973904
KB974112
KB974318
KB974392
KB974571
KB975025
KB975364-IE8
KB975467
KB976098-v2
KB976325
KB976325-IE8
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : dc1
IP Address . . . . . . . . : 192.168.22.10
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.22.1
Dns Servers. . . . . . . . : 127.0.0.1
192.168.22.240
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Failed
[WARNING] Ths system volume has not been completely replicated to the local
machine. This machine is not working properly as a DC.
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{64A99190-70A2
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '127.0.0.1' a
nd other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server '192.168.22.2
40' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{64A99190-70A2
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{64A99190-70A2
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
H:\>dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC
Starting test: Connectivity
......................... DC1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC
Starting test: Replications
[Replications Check,DC1] A recent replication attempt failed:
From IJWHITE-PDC to DC1
Naming Context: DC=DomainDnsZones,DC=ijwhi
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2009-12-21 10:00:33.
The last success occurred at 2009-12-21 09:41:58.
2 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,DC1] A recent replication attempt failed:
From IJWHITE-PDC to DC1
Naming Context: CN=Schema,CN=Configuration
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2009-12-21 09:58:21.
The last success occurred at 2009-12-21 09:41:59.
2 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,DC1] A recent replication attempt failed:
From IJWHITE-PDC to DC1
Naming Context: CN=Configuration,DC=ijwhit
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2009-12-21 09:57:09.
The last success occurred at 2009-12-21 09:41:59.
2 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
......................... DC1 passed test Replications
Starting test: NCSecDesc
......................... DC1 passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\DC1\netlogon)
[DC1] An net use or LsaPolicy operation failed with error 1203, No net
ork provider accepted the given network path..
......................... DC1 failed test NetLogons
Starting test: Advertising
Warning: DsGetDcName returned information for \\IJWHITE-PDC.ijwhite.co
, when we were trying to reach DC1.
Server is not responding or is not considered suitable.
Warning: DC1 is not advertising as a global catalog.
Check that server finished GC promotion.
Check the event log on server that enough source replicas for the GC a
e available.
......................... DC1 failed test Advertising
Starting test: KnowsOfRoleHolders
......................... DC1 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... DC1 passed test RidManager
Starting test: MachineAccount
......................... DC1 passed test MachineAccount
Starting test: Services
......................... DC1 passed test Services
Starting test: ObjectsReplicated
......................... DC1 passed test ObjectsReplicated
Starting test: frssysvol
......................... DC1 passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... DC1 failed test frsevent
Starting test: kccevent
An Warning Event occured. EventID: 0x8000072D
Time Generated: 12/21/2009 10:01:34
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000466
Time Generated: 12/21/2009 10:09:17
(Event String could not be retrieved)
......................... DC1 failed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0xC0002719
Time Generated: 12/21/2009 09:42:21
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0002719
Time Generated: 12/21/2009 09:42:43
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000423
Time Generated: 12/21/2009 09:55:19
Event String: The DHCP service failed to see a directory server
An Error Event occured. EventID: 0x00000416
Time Generated: 12/21/2009 09:55:19
Event String: The DHCP/BINL service on the local machine,
An Error Event occured. EventID: 0x00000423
Time Generated: 12/21/2009 09:55:43
Event String: The DHCP service failed to see a directory server
......................... DC1 failed test systemlog
Starting test: VerifyReferences
......................... DC1 passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidatio
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidatio
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : ijwhite
Starting test: CrossRefValidation
......................... ijwhite passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ijwhite passed test CheckSDRefDom
Running enterprise tests on : ijwhite.com
Starting test: Intersite
......................... ijwhite.com passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQU
A Global Catalog Server could not be located - All GC's are down.
......................... ijwhite.com failed test FsmoCheck
ASKER
I have disabled the firewalls on Both servers, and added the IP addresses instead of the loopback.. Still nothing.. I even ran repadmin, unless i did somethig wrong.. I;m sure I did it correctly...
could you please run dcdiag /fix and netdiag /fix?
Regards,
Jose
Regards,
Jose
check if the new DC server have the FSMO roles you can do that using Ntdsutil
follow this link to complete the task
http://www.petri.co.il/seizing_fsmo_roles.htm
Regards,
Jose
follow this link to complete the task
http://www.petri.co.il/seizing_fsmo_roles.htm
Regards,
Jose
Re-read the output in the question and see that it can't find directory server.
On the new DC, remove its own IP from the DNS list so it only use the original DC/DNS as DNS server until replication works. It will not become a fully DC until it can share SYSVOL after replication completes.
On the new DC, remove its own IP from the DNS list so it only use the original DC/DNS as DNS server until replication works. It will not become a fully DC until it can share SYSVOL after replication completes.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
You were absoulely correct, the replication service was way beyond damaged and I contacted Microsoft. They had to tools to repair it and getting back to normal. I was on the phone with them for almost 4 or 5 hours. All is good now!! Thank you for the reponse..
You are most welcome, I'm glad it's back to a working state for you. I wish I could find that ntfrs.exe tool that MS uses. They say it's in the support tools pack with netdom, but it's not - I can't find it anywhere. Go Horns. --TX
http://support.microsoft.com/kb/555381
Instead of using 127.0.0.1, use the real IP 192.168.22.10 as DNS server.