Solved

DC cannot recognize itself as GC

Posted on 2010-11-17
16
4,905 Views
Last Modified: 2012-05-10
Hi There,
I have following setup:

Old Windows 2003 as DC - holding no FSMO roles, no GC - I want to remove that server
New Windows 2008 R2 as DC - holding all FSMO roles, GC.

On the new Windows 2008 Server im experiencing problem with Exchange server that cannot locate any GC. If I try to select DC in Active Directory Users and Computers, the new server is unavailable - as you can see on the picture attached. But if I try IP, it is online... nslookup tool recognizes the name benu.koppa.cz as 192.168.1.5 successfully.

Each DC have DNS server configured to store koppa.cz domain in active directory, each DC is pointing to its DNS server.

DCs are normally replicating between them. Also DNS records are replicated.

Im attaching the DCDiag log.
Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = BENU

   * Identified AD Forest. 
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Vychozi-nazev-prvni-site\BENU

      Starting test: Connectivity

         ......................... BENU passed test Connectivity



Doing primary tests

   
   Testing server: Vychozi-nazev-prvni-site\BENU

      Starting test: Advertising

         Warning: DsGetDcName returned information for \\black.koppa.cz, when

         we were trying to reach BENU.

         SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.

         ......................... BENU failed test Advertising

      Starting test: FrsEvent

         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems. 
         ......................... BENU passed test FrsEvent

      Starting test: DFSREvent

         ......................... BENU passed test DFSREvent

      Starting test: SysVolCheck

         ......................... BENU passed test SysVolCheck

      Starting test: KccEvent

         ......................... BENU passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... BENU passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... BENU passed test MachineAccount

      Starting test: NCSecDesc

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have 

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=ForestDnsZones,DC=koppa,DC=cz
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have 

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=DomainDnsZones,DC=koppa,DC=cz
         ......................... BENU failed test NCSecDesc

      Starting test: NetLogons

         Unable to connect to the NETLOGON share! (\\BENU\netlogon)

         [BENU] An net use or LsaPolicy operation failed with error 67,

         The network name cannot be found..

         ......................... BENU failed test NetLogons

      Starting test: ObjectsReplicated

         ......................... BENU passed test ObjectsReplicated

      Starting test: Replications

         [Replications Check,BENU] A recent replication attempt failed:

            From BLACK to BENU

            Naming Context: DC=ForestDnsZones,DC=koppa,DC=cz

            The replication generated an error (1753):

            There are no more endpoints available from the endpoint mapper.

            The failure occurred at 2010-11-17 22:01:19.

            The last success occurred at 2010-11-17 21:51:35.

            2 failures have occurred since the last success.

            The directory on BLACK is in the process.

            of starting up or shutting down, and is not available.

            Verify machine is not hung during boot.

         [Replications Check,BENU] A recent replication attempt failed:

            From BLACK to BENU

            Naming Context: CN=Schema,CN=Configuration,DC=koppa,DC=cz

            The replication generated an error (8524):

            The DSA operation is unable to proceed because of a DNS lookup failure.

            

            The failure occurred at 2010-11-17 21:58:32.

            The last success occurred at 2010-11-17 21:51:35.

            1 failures have occurred since the last success.

            The guid-based DNS name

            73f53741-e266-4d71-92cc-2eb5ba2bd84a._msdcs.koppa.cz

            is not registered on one or more DNS servers.

         ......................... BENU failed test Replications

      Starting test: RidManager

         ......................... BENU passed test RidManager

      Starting test: Services

         ......................... BENU passed test Services

      Starting test: SystemLog

         An error event occurred.  EventID: 0x00000457

            Time Generated: 11/17/2010   21:37:24

            Event String:

            Driver Send To Microsoft OneNote 2010 Driver required for printer Odeslat do aplikace OneNote 2010 is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 11/17/2010   21:37:25

            Event String:

            Driver Dell MFP Laser 3115cn PCL6 required for printer !!vertigo!Dell MFP Laser 3115cn PCL6 is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 11/17/2010   21:37:25

            Event String:

            Driver KONICA MINOLTA Universal PCL required for printer !!black!KONICA MINOLTA Universal PCL is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 11/17/2010   21:37:26

            Event String:

            Driver CutePDF Writer required for printer CutePDF Writer is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 11/17/2010   21:37:26

            Event String:

            Driver Dell Color Laser 1320c required for printer Dell Color Laser 1320c is unknown. Contact the administrator to install the driver before you log in again.

         A warning event occurred.  EventID: 0x8000001D

            Time Generated: 11/17/2010   21:50:00

            Event String:

            The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.

         A warning event occurred.  EventID: 0x00001695

            Time Generated: 11/17/2010   21:50:33

            Event String:

            Dynamic registration or deletion of one or more DNS records associated with DNS domain 'koppa.cz.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  


         A warning event occurred.  EventID: 0x00001695

            Time Generated: 11/17/2010   21:51:36

            Event String:

            Dynamic registration or deletion of one or more DNS records associated with DNS domain 'koppa.cz.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  


         A warning event occurred.  EventID: 0x00001695

            Time Generated: 11/17/2010   21:51:36

            Event String:

            Dynamic registration or deletion of one or more DNS records associated with DNS domain 'ForestDnsZones.koppa.cz.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  


         A warning event occurred.  EventID: 0x00001695

            Time Generated: 11/17/2010   21:51:36

            Event String:

            Dynamic registration or deletion of one or more DNS records associated with DNS domain 'DomainDnsZones.koppa.cz.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  


         A warning event occurred.  EventID: 0x8000001D

            Time Generated: 11/17/2010   21:53:48

            Event String:

            The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.

         An error event occurred.  EventID: 0x0000041F

            Time Generated: 11/17/2010   21:54:02

            Event String:

            The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 


         An error event occurred.  EventID: 0xC0001B58

            Time Generated: 11/17/2010   21:54:04

            Event String:

            The BlackBerry Administration Service - Native Code Container service failed to start due to the following error: 


         An error event occurred.  EventID: 0xC0001B58

            Time Generated: 11/17/2010   21:54:04

            Event String:

            The BlackBerry Controller service failed to start due to the following error: 


         An error event occurred.  EventID: 0xC0001B58

            Time Generated: 11/17/2010   21:54:04

            Event String:

            The BlackBerry MDS Connection Service service failed to start due to the following error: 


         An error event occurred.  EventID: 0xC0001B58

            Time Generated: 11/17/2010   21:54:04

            Event String:

            The BlackBerry Router service failed to start due to the following error: 


         An error event occurred.  EventID: 0xC0001B59

            Time Generated: 11/17/2010   21:54:18

            Event String:

            The BlackBerry Administration Service - Application Server service depends on the BlackBerry Administration Service - Native Code Container service which failed to start because of the following error: 


         A warning event occurred.  EventID: 0x000003F6

            Time Generated: 11/17/2010   21:54:18

            Event String:

            Name resolution for the name _ldap._tcp.Vychozi-nazev-prvni-site._sites.dc._msdcs.koppa.cz timed out after none of the configured DNS servers responded.

         A warning event occurred.  EventID: 0x00002724

            Time Generated: 11/17/2010   21:54:23

            Event String:

            This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 11/17/2010   21:54:30

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         An error event occurred.  EventID: 0x00000423

            Time Generated: 11/17/2010   21:54:37

            Event String:

            The DHCP service failed to see a directory server for authorization.

         A warning event occurred.  EventID: 0x000003F6

            Time Generated: 11/17/2010   21:54:36

            Event String:

            Name resolution for the name koppa.cz timed out after none of the configured DNS servers responded.

         An error event occurred.  EventID: 0x00000423

            Time Generated: 11/17/2010   21:54:51

            Event String:

            The DHCP service failed to see a directory server for authorization.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 11/17/2010   21:54:57

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 11/17/2010   21:55:24

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 11/17/2010   21:55:51

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         An error event occurred.  EventID: 0xC0001B70

            Time Generated: 11/17/2010   21:56:10

            EvtFormatMessage failed (second call), error 15030 The description string for parameter reference (%1) could not be found..
            (Event String (event log = System) could not be retrieved, error

            0x3ab6)

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 11/17/2010   21:56:18

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         An error event occurred.  EventID: 0xC0001B61

            Time Generated: 11/17/2010   21:56:40

            Event String:

            A timeout was reached (30000 milliseconds) while waiting for the Microsoft Exchange File Distribution service to connect.

         An error event occurred.  EventID: 0xC0001B58

            Time Generated: 11/17/2010   21:56:40

            Event String:

            The Microsoft Exchange File Distribution service failed to start due to the following error: 


         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 11/17/2010   21:56:45

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 11/17/2010   21:57:12

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         An error event occurred.  EventID: 0xC0001B61

            Time Generated: 11/17/2010   21:57:13

            Event String:

            A timeout was reached (30000 milliseconds) while waiting for the Microsoft Exchange Protected Service Host service to connect.

         An error event occurred.  EventID: 0xC0001B58

            Time Generated: 11/17/2010   21:57:13

            Event String:

            The Microsoft Exchange Protected Service Host service failed to start due to the following error: 


         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 11/17/2010   21:57:39

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         An error event occurred.  EventID: 0xC0001B61

            Time Generated: 11/17/2010   21:57:44

            Event String:

            A timeout was reached (30000 milliseconds) while waiting for the Microsoft Exchange Service Host service to connect.

         An error event occurred.  EventID: 0xC0001B58

            Time Generated: 11/17/2010   21:57:44

            Event String:

            The Microsoft Exchange Service Host service failed to start due to the following error: 


         An error event occurred.  EventID: 0xC0001B59

            Time Generated: 11/17/2010   21:57:44

            Event String:

            The BlackBerry Dispatcher service depends on the Microsoft Exchange Information Store service which failed to start because of the following error: 


         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 11/17/2010   21:58:06

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 11/17/2010   21:58:33

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 11/17/2010   21:59:01

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         A warning event occurred.  EventID: 0x00001695

            Time Generated: 11/17/2010   21:59:50

            Event String:

            Dynamic registration or deletion of one or more DNS records associated with DNS domain 'koppa.cz.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  


         A warning event occurred.  EventID: 0x00001695

            Time Generated: 11/17/2010   22:01:43

            Event String:

            Dynamic registration or deletion of one or more DNS records associated with DNS domain 'koppa.cz.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  


         An error event occurred.  EventID: 0xC0001B6E

            Time Generated: 11/17/2010   22:06:05

            Event String:

            The Microsoft Exchange Address Book service hung on starting.

         An error event occurred.  EventID: 0xC0001B6E

            Time Generated: 11/17/2010   22:06:05

            Event String:

            The Microsoft Exchange Throttling service hung on starting.

         An error event occurred.  EventID: 0xC0001B6E

            Time Generated: 11/17/2010   22:07:35

            Event String:

            The Microsoft Exchange Transport service hung on starting.

         An error event occurred.  EventID: 0xC0001B77

            Time Generated: 11/17/2010   22:07:35

            Event String:

            The Microsoft Exchange Throttling service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

         An error event occurred.  EventID: 0xC0001B77

            Time Generated: 11/17/2010   22:07:35

            Event String:

            The Microsoft Exchange Address Book service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

         An error event occurred.  EventID: 0xC0001B77

            Time Generated: 11/17/2010   22:07:35

            Event String:

            The Microsoft Exchange Transport service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

         An error event occurred.  EventID: 0xC0001B77

            Time Generated: 11/17/2010   22:07:35

            Event String:

            The Microsoft Exchange Information Store service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

         A warning event occurred.  EventID: 0x0000000C

            Time Generated: 11/17/2010   22:07:36

            Event String:

            Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.

         An error event occurred.  EventID: 0x00000469

            Time Generated: 11/17/2010   22:07:38

            Event String:

            The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

         A warning event occurred.  EventID: 0x000003F6

            Time Generated: 11/17/2010   22:07:54

            Event String:

            Name resolution for the name koppa.cz timed out after none of the configured DNS servers responded.

         A warning event occurred.  EventID: 0x000003F6

            Time Generated: 11/17/2010   22:08:06

            Event String:

            Name resolution for the name koppa.cz timed out after none of the configured DNS servers responded.

         A warning event occurred.  EventID: 0x000727AA

            Time Generated: 11/17/2010   22:09:37

            Event String:

            The WinRM service failed to create the following SPNs: WSMAN/BENU.koppa.cz; WSMAN/BENU. 


         An error event occurred.  EventID: 0x00000457

            Time Generated: 11/17/2010   22:14:05

            Event String:

            Driver Dell MFP Laser 3115cn PCL6 required for printer !!vertigo!Dell MFP Laser 3115cn PCL6 is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 11/17/2010   22:14:05

            Event String:

            Driver Send To Microsoft OneNote 2010 Driver required for printer Odeslat do aplikace OneNote 2010 is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 11/17/2010   22:14:06

            Event String:

            Driver KONICA MINOLTA Universal PCL required for printer !!black!KONICA MINOLTA Universal PCL is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 11/17/2010   22:14:06

            Event String:

            Driver CutePDF Writer required for printer CutePDF Writer is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 11/17/2010   22:14:07

            Event String:

            Driver Dell Color Laser 1320c required for printer Dell Color Laser 1320c is unknown. Contact the administrator to install the driver before you log in again.

         ......................... BENU failed test SystemLog

      Starting test: VerifyReferences

         ......................... BENU passed test VerifyReferences

   
   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : koppa

      Starting test: CheckSDRefDom

         ......................... koppa passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... koppa passed test CrossRefValidation

   
   Running enterprise tests on : koppa.cz

      Starting test: LocatorCheck

         Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355

         A Global Catalog Server could not be located - All GC's are down.

         ......................... koppa.cz failed test LocatorCheck

      Starting test: Intersite

         ......................... koppa.cz passed test Intersite

Open in new window

koppa.png
0
Comment
Question by:Jan Vojtech Vanicek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 2
  • +1
16 Comments
 
LVL 5

Expert Comment

by:rotech_IT
ID: 34160013
What version of Exchange are you running? Please include version and SP info.

Also, where is the Exchange server installed?  Please include the exchange server's OS version.

Can you ping the new Windows Server 2008 by DNS name on any other system?

Out of curiosity, what is your domain functional level?  I'm assuming it's set to Windows 2003?  You can use this link to check the functional level:  http://www.windowsnetworking.com/articles_tutorials/Determining-Functional-Level-Windows-Server-2003.html

0
 
LVL 6

Author Comment

by:Jan Vojtech Vanicek
ID: 34160060
Its exchange 2010 x64, without servicepack.

Exchange server is installed on the Windows 2008 R2 (benu) server.

Yes - name resolution works correctly in whole network to name benu.koppa.cz.

Forest as well as domain functional level are Windows 2003
0
 
LVL 16

Expert Comment

by:Bruno PACI
ID: 34160339
Hi,

Does your new DC is a "multi-homed" server, meaning does it have more than one NIC ? Does it have a secondary NIC for a dedicated backup network as an example ?

If yes, can you retry your tests after disabling the secondary NIC and removed the DNS records for this NIC in the DNS zone ?

Have a good day.
0
MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

 
LVL 5

Expert Comment

by:rotech_IT
ID: 34160392
Good point there PaciB.

Also, can you run this command which will tell you all of the GC's in your domain.

nslookup gc._msdcs.MYDOMAIN.com    on the exchange server.  Also run it on a random domain member server (non exchange server).  Does it display the GC on your exchange server and on the random domain member server?

Please note that MYDOMAIN should be the name of your domain.
0
 
LVL 9

Expert Comment

by:Trackhappy
ID: 34160396
Check your dns server under the local domain name, site name, for gc_ entry. Also intenal domain, _msdcs,  gc should have the server listed. I assume you can still use netdiag, so try Run netdiag /fix. Netdiag used to be under support tools.
0
 
LVL 6

Author Comment

by:Jan Vojtech Vanicek
ID: 34160404
No my new DC have only one NIC... Only one IP
0
 
LVL 6

Author Comment

by:Jan Vojtech Vanicek
ID: 34160431
rotech_IT: your test works, GC is visible on new as well as on old server
TrackHappy: yes, DNS records seems to be ok
0
 
LVL 9

Expert Comment

by:Trackhappy
ID: 34160504
Have a careful look at the DC event logs. I'd suggest a reboot and follow the logs through carefully, checking for the very first error that appears. The error in DCDIAG.log suggests that the netlogon service has failed on your DC (from Microsoft article). Maybe domainprep didn't complete properly or something. The GC reference may be a partial symptom  of the bigger pitcure.
0
 
LVL 5

Expert Comment

by:rotech_IT
ID: 34160937
Disable IPv6 on the windows server 2008, which is also the exchange server as I understand it.  I know it sounds completely unrelated but give it a shot.  You may follow this step up with a reboot.

Also verify your Active Directory looks sound as it pertains to Windows Server 2008:

http://technet.microsoft.com/en-us/library/dd464018%28WS.10%29.aspx

Have you considered upgrading exchange 2010 to SP1?  You may find that simply upgrading will fix the issue,  or at least point you in the right direction.  Although I don't see any features added that would address a 2008 GC issue, but perhaps there's other things happening here.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=50b32685-4356-49cc-8b37-d9c9d4ea3f5b&displaylang=en


0
 
LVL 6

Author Comment

by:Jan Vojtech Vanicek
ID: 34182913
It looks like disabling IPv6 do the trick :-) now both DC are online. But some of errors remains in dcdiag...
Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = BENU

   * Identified AD Forest. 
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Vychozi-nazev-prvni-site\BENU

      Starting test: Connectivity

         ......................... BENU passed test Connectivity



Doing primary tests

   
   Testing server: Vychozi-nazev-prvni-site\BENU

      Starting test: Advertising

         Warning: DsGetDcName returned information for \\black.koppa.cz, when

         we were trying to reach BENU.

         SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.

         ......................... BENU failed test Advertising

      Starting test: FrsEvent

         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems. 
         ......................... BENU passed test FrsEvent

      Starting test: DFSREvent

         ......................... BENU passed test DFSREvent

      Starting test: SysVolCheck

         ......................... BENU passed test SysVolCheck

      Starting test: KccEvent

         ......................... BENU passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... BENU passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... BENU passed test MachineAccount

      Starting test: NCSecDesc

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have 

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=ForestDnsZones,DC=koppa,DC=cz
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have 

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=DomainDnsZones,DC=koppa,DC=cz
         ......................... BENU failed test NCSecDesc

      Starting test: NetLogons

         Unable to connect to the NETLOGON share! (\\BENU\netlogon)

         [BENU] An net use or LsaPolicy operation failed with error 67,

         The network name cannot be found..

         ......................... BENU failed test NetLogons

      Starting test: ObjectsReplicated

         ......................... BENU passed test ObjectsReplicated

      Starting test: Replications

         ......................... BENU passed test Replications

      Starting test: RidManager

         ......................... BENU passed test RidManager

      Starting test: Services

         ......................... BENU passed test Services

      Starting test: SystemLog

         A warning event occurred.  EventID: 0x80000434

            Time Generated: 11/21/2010   13:03:29

            Event String:

            The reason supplied by user KOPPA\Administrator for the last unexpected shutdown of this computer is: Other (Unplanned)


         A warning event occurred.  EventID: 0x80050004

            Time Generated: 11/21/2010   13:08:05

            Event String:

            Broadcom NetXtreme Gigabit Ethernet: The network link is down.  Check to make sure the network cable is properly connected.

         A warning event occurred.  EventID: 0x000003F6

            Time Generated: 11/21/2010   13:08:37

            Event String:

            Name resolution for the name javadl-esd.sun.com timed out after none of the configured DNS servers responded.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 11/21/2010   13:09:51

            Event String:

            Driver Send To Microsoft OneNote 2010 Driver required for printer Odeslat do aplikace OneNote 2010 is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 11/21/2010   13:09:51

            Event String:

            Driver Dell Color Laser 1320c required for printer Dell Color Laser 1320c is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 11/21/2010   13:09:53

            Event String:

            Driver KONICA MINOLTA Universal PCL required for printer !!black!KONICA MINOLTA Universal PCL is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 11/21/2010   13:09:54

            Event String:

            Driver CutePDF Writer required for printer CutePDF Writer is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 11/21/2010   13:09:54

            Event String:

            Driver Dell MFP Laser 3115cn PCL6 required for printer !!vertigo!Dell MFP Laser 3115cn PCL6 is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 11/21/2010   13:09:55

            Event String:

            Driver Dell 2330dn Laser Printer required for printer !!blesk!Dell 2330dn Laser Printer sekretariat is unknown. Contact the administrator to install the driver before you log in again.

         ......................... BENU failed test SystemLog

      Starting test: VerifyReferences

         ......................... BENU passed test VerifyReferences

   
   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : koppa

      Starting test: CheckSDRefDom

         ......................... koppa passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... koppa passed test CrossRefValidation

   
   Running enterprise tests on : koppa.cz

      Starting test: LocatorCheck

         ......................... koppa.cz passed test LocatorCheck

      Starting test: Intersite

         ......................... koppa.cz passed test Intersite

Open in new window

0
 
LVL 6

Author Comment

by:Jan Vojtech Vanicek
ID: 34183221
The old server uninstalllation was unsuccessfull... When Im running dcpromo - the wizard telling me that Im not checked the option "this is last controller in the domain" but no other controller can be contacted...

Also I was upgrade exchange server to SP1.
0
 
LVL 5

Expert Comment

by:rotech_IT
ID: 34183741
Please include the full error message that dcpromo is reporting.

I'm not sure I follow you on your 2nd comment, did you mean to say that you upgraded to exchange sp1?
0
 
LVL 6

Author Comment

by:Jan Vojtech Vanicek
ID: 34186524
I have successfully demoted the old server. But it seems that SYSVOL share was not replicated... After removing the old DC all other functions start working - But SYSVOL
0
 
LVL 5

Expert Comment

by:rotech_IT
ID: 34188912
Have a look here:
http://www.mail-archive.com/ntsysadmin@lyris.sunbelt-software.com/msg44919.html

This is the same problem that you're experiencing.  

The solution was:

"FYI- I had to set  the "BurFlags" value at
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Ba
ckup/Restore\Process At Startup  to jump start FSR for the sysvol on the
first new DC. After that the others followed suit.

-sc"

I'd read through all the posts on that thread first though.  Make sure all the troubleshooting matches up with your situation.
0
 
LVL 5

Accepted Solution

by:
rotech_IT earned 500 total points
ID: 34189153
Here's more information on that registry entry for you:

http://technet.microsoft.com/en-us/library/cc778345%28WS.10%29.aspx
0
 
LVL 6

Author Closing Comment

by:Jan Vojtech Vanicek
ID: 34447535
It was needed to reset all GP and create new ones
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question