Solved

Primary 2008 DC Naming information cannot be located

Posted on 2010-08-25
24
2,948 Views
Last Modified: 2012-05-10
I am having an occasional problem with my main domain controller.  As far as domain controllers go, we have 3 servers in the picture:

1

Primary DC, GC, DNS server, running 2008 (the one having problems).

2

Backup DC, GC, DNS server, running 2008.  Also has other file server roles.

3

Exchange 2007 server, running 2008.
This seems to happen about once every couple weeks.  Right now, I am having the problem.  My primary DC starts acting weird.  I can't access AD users and computers, I can't import users into Exchange, but I do have access to AD users and computers through RSAT.  When I have this problem, rebooting the server usually fixes the problem, but only for a couple weeks.

Problem Details:
While trying to access Active Directory users and computers from the DC, I get this error message:
"Naming information cannot be located for the following reason: The server is not operational.
If you are trying to connect to a Domain Controller running Windows 2000, verify that Windows 2000 Server SP3 or later is installed on the DC, or use the Windows 2000 administration tools.  For more information about connecting to DCs running Windows 2000, see Help and Support."


In my system event log, I have a lot of these events:
1054 - "The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly."

We used to have a 2000 DC in the picture, but it had SP4 on it from the get go.  And it has been completely removed from the schema for months.  Does anyone have any ideas what the issue could be?  This also happens to our other 2008 domain controller on a regular basis.  It seems like it's one DC on one week.  And rebooting the problem server temporarily fixes the issue.

When one server is like this, here are the things that don't really work:
You cannot add a computer to the domain
You cannot create a new user on that DC
You cannot import an AD user into a new exchange mailbox
A user cannot change their own password.  It must be set by me, manually on RSAT, once on each DC

Any help from you Microsoft gurus would be greatly appreciated.
0
Comment
Question by:Jake Pratt
  • 13
  • 8
  • 2
  • +1
24 Comments
 
LVL 29

Expert Comment

by:mass2612
Comment Utility
Hi,

I would start by running DCDIAG on all your domain controllers and see what it reports? Do you have any logs in the event logs at the time and just before you have to reboot your DC?

With Dcdiag also run with the DNS tests since many many AD problems are a result of problems with DNS.

http://technet.microsoft.com/en-us/library/cc731968(WS.10).aspx

0
 
LVL 11

Expert Comment

by:sighar
Comment Utility
Run "netdom /query fmso" in cmd as admin. This will give you a list of which servers hold which FMSO roles.
My guess is that the 2000 DC  you had was holding the roles and that they were not transferred when you removed it. See http://www.petri.co.il/seizing_fsmo_roles.htm on how to seize the roles back to a working DC.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
Make sure all DCs  are only pointing to other functioing DCs in their TCP\IP properties there should be no external DNS servers in the TCP\IP properties either.

Run metadata cleanup to make sure that there are no lingering objects for dead DCs.

http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Post dcdiag
0
 

Author Comment

by:Jake Pratt
Comment Utility
Thanks for all your replies!  I haven't got to your solution yet, dariusg.  But in response to mass2612 and sighar...

Just to better understand our environment:  Our 2 DC's are "wiggum" (primary) and "yoda" (backup).  Their local IP addresses are as follows:
wiggum:  10.1.2.6
yoda:       10.1.2.10

I ran dcdiag, and everything passed.
I ran dcdiag /test:DNS, and I came up with a bunch of "missing AAAA record" errors.  I followed the steps in this article: http://www.experts-exchange.com/Networking/Protocols/DNS/Q_24420880.html to disable IPv6 and flush and re-register the DNS.  After doing that, I still get the errors.

When I run it on wiggum (primary), here are the results (I have replaced my domain name with #domain#:
TEST: Basic (Basc)
   Warning: The AAAA record for this DC was not found

Warning:
Missing AAAA record at DNS server 10.1.2.6:
wiggum.#domain#.com

Warning:
Missing AAAA record at DNS server 10.1.2.6:
gc._msdcs.#domain#.com

Warning:
Missing AAAA record at DNS server 10.1.2.10:
wiggum.#domain#.com

Warning:
Missing AAAA record at DNS server 10.1.2.10:
gc._msdcs.#domain#.com

Warning:
Missing AAAA record at DNS server 10.1.2.6:
wiggum.#domain#.com

Warning:
Missing AAAA record at DNS server 10.1.2.6:
gc._msdcs.#domain#.com

And when I run it on Yoda, these are the results:

TEST: Basic (Basc)
   Warning: The AAAA record for this DC was not found
Warning:
Missing AAAA record at DNS server 10.1.2.10:
yoda..com

Warning:
Missing AAAA record at DNS server 10.1.2.10:
gc._msdcs..com

Warning:
Missing AAAA record at DNS server 10.1.2.6:
yoda..com

Warning:
Missing AAAA record at DNS server 10.1.2.6:
gc._msdcs..com

Warning:
Missing AAAA record at DNS server 10.1.2.10:
yoda..com

Warning:
Missing AAAA record at DNS server 10.1.2.10:
gc._msdcs..com

It's interesting how when I run it on wiggum, it associates "wiggum" with both 10.1.2.6 and 10.1.2.10.  And when I run it on yoda, it associates "yoda" with both 10.1.2.6 and 10.1.2.10.  Anyway, I don't know if that's a problem or not.

I also ran the netdom /QUERY FSMO command on both servers.  And on both servers, these were the results (it appears wiggum has all roles necessary):
Schema master                      wiggum.#domain#.com
Domain naming master        wiggum.#domain#.com
PDC                                           wiggum.#domain#.com
RID pool manager                  wiggum.#domain#.com
Infrastructure master              wiggum.#domain#.com

I will continue on, trying dariusg's suggestion.  But if this information provides any more insight, I would love some more ideas.  Thanks!
0
 

Author Comment

by:Jake Pratt
Comment Utility
Sorry, in the last post, instead of typing #domain# on the second set of results, I made them look like HTML tags, and it created all those closing tags at the bottom.  You still get the idea.
0
 

Author Comment

by:Jake Pratt
Comment Utility
To dariusg, I ran the ntdsutil and followed the instructions in the link you sent, but the only two servers listed when I run "list servers in site" are wiggum and yoda.  There is no record of my old 2000 DC in there.

I should also mention that I rebooted my server last night, so while I am doing all this testing, both servers are working correctly.  I don't know if I need to wait until one my servers stops working to try these tests again.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
To disable IPv6 you need to disable in registry.

http://support.microsoft.com/kb/929852
0
 

Author Comment

by:Jake Pratt
Comment Utility
Thank you.  That actually is the method I used to disable IPv6: in the registry.  After adding the new key to both DC's, and running the following commands on both dc's: ipconfig /flushdns, ipconfig /registerdns, and dcdiag /fix, I still received the missing AAAA record references.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
Post ipconfig /all
0
 

Author Comment

by:Jake Pratt
Comment Utility
Here is my ipconfig /all (domain name changed)

Windows IP Configuration

   Host Name . . . . . . . . . . . . : wiggum
   Primary Dns Suffix  . . . . . . . : #domain#.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : #domain#.com

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
 VBD Client) #2
   Physical Address. . . . . . . . . : 00-1E-C9-B5-1C-C1
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
 VBD Client)
   Physical Address. . . . . . . . . : 00-1E-C9-B5-1C-BF
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.1.2.6(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.1.2.1
   DNS Servers . . . . . . . . . . . : 10.1.2.6
                                       10.1.2.10
                                       127.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 8:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{8CFD5E21-CA72-443D-9235-BCCE476B7
A50}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{CE3B85C0-D59F-48DB-8D1B-43D40749E
A36}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
Disable all NICs except for one.
0
 

Author Comment

by:Jake Pratt
Comment Utility
Ok, I only have 2 NICs, I just disable the second one that is disconnected.
0
Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

 

Author Comment

by:Jake Pratt
Comment Utility
Sorry, I meant to say that I just disabled it.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
Run ipconfig /flushdns, ipconfig /registerdns, and dcdiag /fix
0
 

Author Comment

by:Jake Pratt
Comment Utility
As stated in previous comment, I have already run all those commands, after disabling IPv6.  After running those commands I still get the AAAA record errors.  For your sake I just ran them again, and tried again... same errors.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
No, those commands were for disabling the second NIC.

IPv6 is not fully disabled if you are getting the AAA record errors.
0
 

Author Comment

by:Jake Pratt
Comment Utility
Ok, well regardless of what the purpose was, I have done those commands several times.  I disabled IPv6 in the registry, ran those commands, disabled the second NIC, ran those commands again.  I am still getting the AAAA record errors.  But I'm not convinced that IPv6 is the root of the problem.  It may just be something I stumbled upon while troubleshooting the bigger issue.  Thanks for your responses!
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
What did you stumble on?
0
 
LVL 11

Expert Comment

by:sighar
Comment Utility
Is your LDAP port open? Do you have any IP port filtering going on? This sounds a bit like your problem even though it's for Win2000: http://support.microsoft.com/kb/323542
0
 

Author Comment

by:Jake Pratt
Comment Utility
I possibly stumbled upon the IPv6 AAAA record issue.  I don't know if the IPv6 stuff is actually what is causing my DC's to crap out.
0
 

Author Comment

by:Jake Pratt
Comment Utility
Thanks.  I just double checked, and LDAP is allowed through.  We actually have at least 3 other programs that connect to my DC's via LDAP.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
0
 

Author Comment

by:Jake Pratt
Comment Utility
Those look like good leads.  Thanks. I don't have a ton of time today, but I'll look into them both on Monday.  Thanks again.
0
 

Accepted Solution

by:
Jake Pratt earned 0 total points
Comment Utility
Well, I was never able to figure out exactly what the problem was.  The problems on the PDC got way worse.  I ended up opening another question for the additional problems I was having: http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_26479090.html#a33696180.

The solution ended up being a total rebuild of the PDC.  Things seem to be performing much better now.  Thanks for all your suggestions.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now