Solved

Authentication fails when turning of a Domain Controller with no fsmo roles

Posted on 2011-02-23
4
326 Views
Last Modified: 2012-06-27
Hi I was wondering if you could help.

I am trying to take a ghost image of one of my domain controllers (1 of 5) which has no fsmo roles and is no longer a Global Catalog server. I thought because it has no roles and is not a GC. My users would be able to authenticate against AD and use Outlook Web App.

The only things I can think of is that users shared profile and home directories are on that server. Would that matter?

My question is can I take that server down for upgrading without users being affected?

Thanks in Advanced.
0
Comment
Question by:RMGS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34960891
If you are sure that it is not GC and FSMO holder, ensure that at least one GC and DNS server is available. Please, check if any DHCP configuration or static configuration for DNS don't rely on that DC which you want to shut down. Then everything would be fine.

Before DC shut down, run on it

dcdiag /v

and review output to check if there is no errors. If so, then fixed them first

Regards,
Krzysztof
0
 

Author Comment

by:RMGS
ID: 34961437
Krzysztof,

I have run the command and it did come up with the following errors:

Warning: DC1 is not advertising as a time server.
......................... DC1 failed test Advertising
Starting test: frsevent
   * The File Replication Service Event log test
   There are warning or error events within the last 24 hours after the
   SYSVOL has been shared.  Failing SYSVOL replication problems may cause
   Group Policy problems.
   An Warning Event occured.  EventID: 0x800034C4
      Time Generated: 02/23/2011   09:12:21
      (Event String could not be retrieved)
   ......................... DC1 failed test frsevent
Starting test: systemlog
   * The System Event log test
   An Error Event occured.  EventID: 0x00000457
      Time Generated: 02/23/2011   14:25:33
      (Event String could not be retrieved)
   An Error Event occured.  EventID: 0x00000457
      Time Generated: 02/23/2011   14:25:34
      (Event String could not be retrieved)
   An Error Event occured.  EventID: 0x00000457
      Time Generated: 02/23/2011   14:25:34
      (Event String could not be retrieved)
   An Error Event occured.  EventID: 0x00000457
      Time Generated: 02/23/2011   14:25:36
      (Event String could not be retrieved)
   ......................... DC1 failed test systemlog

I believe the above errors are just notifications and not very big issues but I still cannot shutdown the server without disruptions to my users.

Do you have any other suggestions?
0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 500 total points
ID: 34962515
How did you configure DNS list on your DCs? And what DNS IPs are you issuing in DHCP scope option no 006 ?
Could you post here also

ipconfig /all
from DC to be shut down, any other DC and one client OS. please?

Krzysztof
0
 

Author Closing Comment

by:RMGS
ID: 34995090
The reason why users could not authenticate is because:-

1. User profiles were kept on that DC
2. Also DC was a DNS server.

Once I moved profiles and added another DNS server. All was fine.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In-place Upgrading Dirsync to Azure AD Connect
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question