Solved

additional windows 2008 R2 DC does not work

Posted on 2010-09-21
3
1,837 Views
Last Modified: 2012-06-27
Hi everyone

I recently upgraded both my W2K3 domain controllers to W2K8 R2 . after that , when i restart the main domain controller , the domain is unavailable !

actually i find out that additional DC does not work as a Domain Controller !

I was run DCDIAG on additional DC and that's the result :

please attention :
SAPDC1 : MAIN DOMAIN CONTROLLER                    172.31.16.1
SAPDC2 : ADDITIONAL  DOMAIN CONTROLLER        172.31.16.2

Both of DC's Are DNS Server , And DNS integrated with Active Directory

Domain : Sapco.com
----------------------------------------------------------------------------------------
Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = sapdc2
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SAPDC2
      Starting test: Connectivity
         ......................... SAPDC2 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SAPDC2
      Starting test: Advertising
         Warning: DsGetDcName returned information for \\SAPDC1.sapco.com, when
         we were trying to reach SAPDC2.
         SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
         ......................... SAPDC2 failed test Advertising
      Starting test: FrsEvent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... SAPDC2 passed test FrsEvent
      Starting test: DFSREvent
         ......................... SAPDC2 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... SAPDC2 passed test SysVolCheck
      Starting test: KccEvent
         ......................... SAPDC2 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... SAPDC2 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... SAPDC2 passed test MachineAccount
      Starting test: NCSecDesc
         ......................... SAPDC2 passed test NCSecDesc
      Starting test: NetLogons
         Unable to connect to the NETLOGON share! (\\SAPDC2\netlogon)
         [SAPDC2] An net use or LsaPolicy operation failed with error 67,
         The network name cannot be found..
         ......................... SAPDC2 failed test NetLogons
      Starting test: ObjectsReplicated
         ......................... SAPDC2 passed test ObjectsReplicated
      Starting test: Replications
         ......................... SAPDC2 passed test Replications
      Starting test: RidManager
         ......................... SAPDC2 passed test RidManager
      Starting test: Services
         ......................... SAPDC2 passed test Services
      Starting test: SystemLog
         A warning event occurred.  EventID: 0x80050004
            Time Generated: 09/21/2010   23:46:22
            Event String:
            Broadcom NetXtreme Gigabit Ethernet #2: The network link is down.  C
heck to make sure the network cable is properly connected.
         A warning event occurred.  EventID: 0x8000001D
            Time Generated: 09/21/2010   23:46:32
            Event String:
            The Key Distribution Center (KDC) cannot find a suitable certificate
 to use for smart card logons, or the KDC certificate could not be verified. Sma
rt card logon may not function correctly if this problem is not resolved. To cor
rect this problem, either verify the existing KDC certificate using certutil.exe
 or enroll for a new KDC certificate.
         A warning event occurred.  EventID: 0x000003F6
            Time Generated: 09/21/2010   23:46:41
            Event String:
            Name resolution for the name _ldap._tcp.dc._msdcs.sapco.com timed ou
t after none of the configured DNS servers responded.
         An error event occurred.  EventID: 0xC0FF05DC
            Time Generated: 09/21/2010   23:47:07
            Event String:
            The SNMP Service encountered an error while accessing the registry k
ey SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
         A warning event occurred.  EventID: 0x0000043D
            Time Generated: 09/21/2010   23:47:31
            Event String:
            Windows failed to apply the Microsoft Disk Quota settings. Microsoft
 Disk Quota settings might have its own log file. Please click on the "More info
rmation" link.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 09/21/2010   23:48:47
            Event String:
            Driver Brother DCP-8065DN USB Printer required for printer Brother D
CP-8065DN USB Printer is unknown. Contact the administrator to install the drive
r before you log in again.
         A warning event occurred.  EventID: 0x000003F6
            Time Generated: 09/22/2010   00:08:08
            Event String:
            Name resolution for the name www.microsoft.com timed out after none
of the configured DNS servers responded.
         ......................... SAPDC2 failed test SystemLog
      Starting test: VerifyReferences
         ......................... SAPDC2 passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : sapco
      Starting test: CheckSDRefDom
         ......................... sapco passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... sapco passed test CrossRefValidation

   Running enterprise tests on : sapco.com
      Starting test: LocatorCheck
         ......................... sapco.com passed test LocatorCheck
      Starting test: Intersite
         ......................... sapco.com passed test Intersite
0
Comment
Question by:sapco
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33730370
Not sure if you have seen this link about the new DC advertising

http://support.microsoft.com/kb/967336/en-us

Thanks

Mike
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 33730400
ok saw this question that Darius helped with, some other links info in there

http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_26265586.html

Thanks

Mike
0
 

Author Comment

by:sapco
ID: 33742640
Thank you very much.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Event 4515 - DNS Server Service - Another copy of zone in DomainDnsZones 3 51
VMWare 101 9 101
temp profile 5 23
Server has incorrect time 21 15
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question