Authentication fails when turning of a Domain Controller with no fsmo roles

Posted on 2011-02-23
Medium Priority
Last Modified: 2012-06-27
Hi I was wondering if you could help.

I am trying to take a ghost image of one of my domain controllers (1 of 5) which has no fsmo roles and is no longer a Global Catalog server. I thought because it has no roles and is not a GC. My users would be able to authenticate against AD and use Outlook Web App.

The only things I can think of is that users shared profile and home directories are on that server. Would that matter?

My question is can I take that server down for upgrading without users being affected?

Thanks in Advanced.
Question by:RMGS
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34960891
If you are sure that it is not GC and FSMO holder, ensure that at least one GC and DNS server is available. Please, check if any DHCP configuration or static configuration for DNS don't rely on that DC which you want to shut down. Then everything would be fine.

Before DC shut down, run on it

dcdiag /v

and review output to check if there is no errors. If so, then fixed them first


Author Comment

ID: 34961437

I have run the command and it did come up with the following errors:

Warning: DC1 is not advertising as a time server.
......................... DC1 failed test Advertising
Starting test: frsevent
   * The File Replication Service Event log test
   There are warning or error events within the last 24 hours after the
   SYSVOL has been shared.  Failing SYSVOL replication problems may cause
   Group Policy problems.
   An Warning Event occured.  EventID: 0x800034C4
      Time Generated: 02/23/2011   09:12:21
      (Event String could not be retrieved)
   ......................... DC1 failed test frsevent
Starting test: systemlog
   * The System Event log test
   An Error Event occured.  EventID: 0x00000457
      Time Generated: 02/23/2011   14:25:33
      (Event String could not be retrieved)
   An Error Event occured.  EventID: 0x00000457
      Time Generated: 02/23/2011   14:25:34
      (Event String could not be retrieved)
   An Error Event occured.  EventID: 0x00000457
      Time Generated: 02/23/2011   14:25:34
      (Event String could not be retrieved)
   An Error Event occured.  EventID: 0x00000457
      Time Generated: 02/23/2011   14:25:36
      (Event String could not be retrieved)
   ......................... DC1 failed test systemlog

I believe the above errors are just notifications and not very big issues but I still cannot shutdown the server without disruptions to my users.

Do you have any other suggestions?
LVL 39

Accepted Solution

Krzysztof Pytko earned 1500 total points
ID: 34962515
How did you configure DNS list on your DCs? And what DNS IPs are you issuing in DHCP scope option no 006 ?
Could you post here also

ipconfig /all
from DC to be shut down, any other DC and one client OS. please?


Author Closing Comment

ID: 34995090
The reason why users could not authenticate is because:-

1. User profiles were kept on that DC
2. Also DC was a DNS server.

Once I moved profiles and added another DNS server. All was fine.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
New style of hardware planning for Microsoft Exchange server.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question