Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Authentication fails when turning of a Domain Controller with no fsmo roles

Posted on 2011-02-23
Medium Priority
Last Modified: 2012-06-27
Hi I was wondering if you could help.

I am trying to take a ghost image of one of my domain controllers (1 of 5) which has no fsmo roles and is no longer a Global Catalog server. I thought because it has no roles and is not a GC. My users would be able to authenticate against AD and use Outlook Web App.

The only things I can think of is that users shared profile and home directories are on that server. Would that matter?

My question is can I take that server down for upgrading without users being affected?

Thanks in Advanced.
Question by:RMGS
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34960891
If you are sure that it is not GC and FSMO holder, ensure that at least one GC and DNS server is available. Please, check if any DHCP configuration or static configuration for DNS don't rely on that DC which you want to shut down. Then everything would be fine.

Before DC shut down, run on it

dcdiag /v

and review output to check if there is no errors. If so, then fixed them first


Author Comment

ID: 34961437

I have run the command and it did come up with the following errors:

Warning: DC1 is not advertising as a time server.
......................... DC1 failed test Advertising
Starting test: frsevent
   * The File Replication Service Event log test
   There are warning or error events within the last 24 hours after the
   SYSVOL has been shared.  Failing SYSVOL replication problems may cause
   Group Policy problems.
   An Warning Event occured.  EventID: 0x800034C4
      Time Generated: 02/23/2011   09:12:21
      (Event String could not be retrieved)
   ......................... DC1 failed test frsevent
Starting test: systemlog
   * The System Event log test
   An Error Event occured.  EventID: 0x00000457
      Time Generated: 02/23/2011   14:25:33
      (Event String could not be retrieved)
   An Error Event occured.  EventID: 0x00000457
      Time Generated: 02/23/2011   14:25:34
      (Event String could not be retrieved)
   An Error Event occured.  EventID: 0x00000457
      Time Generated: 02/23/2011   14:25:34
      (Event String could not be retrieved)
   An Error Event occured.  EventID: 0x00000457
      Time Generated: 02/23/2011   14:25:36
      (Event String could not be retrieved)
   ......................... DC1 failed test systemlog

I believe the above errors are just notifications and not very big issues but I still cannot shutdown the server without disruptions to my users.

Do you have any other suggestions?
LVL 39

Accepted Solution

Krzysztof Pytko earned 1500 total points
ID: 34962515
How did you configure DNS list on your DCs? And what DNS IPs are you issuing in DHCP scope option no 006 ?
Could you post here also

ipconfig /all
from DC to be shut down, any other DC and one client OS. please?


Author Closing Comment

ID: 34995090
The reason why users could not authenticate is because:-

1. User profiles were kept on that DC
2. Also DC was a DNS server.

Once I moved profiles and added another DNS server. All was fine.

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Backups and Disaster RecoveryIn this post, we’ll look at strategies for backups and disaster recovery.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question