Authentication fails when turning of a Domain Controller with no fsmo roles

Posted on 2011-02-23
Last Modified: 2012-06-27
Hi I was wondering if you could help.

I am trying to take a ghost image of one of my domain controllers (1 of 5) which has no fsmo roles and is no longer a Global Catalog server. I thought because it has no roles and is not a GC. My users would be able to authenticate against AD and use Outlook Web App.

The only things I can think of is that users shared profile and home directories are on that server. Would that matter?

My question is can I take that server down for upgrading without users being affected?

Thanks in Advanced.
Question by:RMGS
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34960891
If you are sure that it is not GC and FSMO holder, ensure that at least one GC and DNS server is available. Please, check if any DHCP configuration or static configuration for DNS don't rely on that DC which you want to shut down. Then everything would be fine.

Before DC shut down, run on it

dcdiag /v

and review output to check if there is no errors. If so, then fixed them first


Author Comment

ID: 34961437

I have run the command and it did come up with the following errors:

Warning: DC1 is not advertising as a time server.
......................... DC1 failed test Advertising
Starting test: frsevent
   * The File Replication Service Event log test
   There are warning or error events within the last 24 hours after the
   SYSVOL has been shared.  Failing SYSVOL replication problems may cause
   Group Policy problems.
   An Warning Event occured.  EventID: 0x800034C4
      Time Generated: 02/23/2011   09:12:21
      (Event String could not be retrieved)
   ......................... DC1 failed test frsevent
Starting test: systemlog
   * The System Event log test
   An Error Event occured.  EventID: 0x00000457
      Time Generated: 02/23/2011   14:25:33
      (Event String could not be retrieved)
   An Error Event occured.  EventID: 0x00000457
      Time Generated: 02/23/2011   14:25:34
      (Event String could not be retrieved)
   An Error Event occured.  EventID: 0x00000457
      Time Generated: 02/23/2011   14:25:34
      (Event String could not be retrieved)
   An Error Event occured.  EventID: 0x00000457
      Time Generated: 02/23/2011   14:25:36
      (Event String could not be retrieved)
   ......................... DC1 failed test systemlog

I believe the above errors are just notifications and not very big issues but I still cannot shutdown the server without disruptions to my users.

Do you have any other suggestions?
LVL 39

Accepted Solution

Krzysztof Pytko earned 500 total points
ID: 34962515
How did you configure DNS list on your DCs? And what DNS IPs are you issuing in DHCP scope option no 006 ?
Could you post here also

ipconfig /all
from DC to be shut down, any other DC and one client OS. please?


Author Closing Comment

ID: 34995090
The reason why users could not authenticate is because:-

1. User profiles were kept on that DC
2. Also DC was a DNS server.

Once I moved profiles and added another DNS server. All was fine.

Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question