active directory server 2008 issues
Posted on 2011-04-24
Ok so i am having sort of a big problem that i am trying to work through.
How this all started was i had a domain controller that had a bad name, it was one of those windows auto generated ones were its like WIN-9m9..... the random generated ones.
I wanted to obviously change this to a correct naming scheme. What i did was bring up a vmware server 2008 system and added it to the forest. Once i did this i dcpromo'd out the initial domain controller so that i could change its name.
Once i did this i had many problems, first of which resided because everyone was using the old dns servers... Once i figured that out i changed the dns servers in the dhcp setup.
This sort of fixed my problem.
Then i went ahead and fully reinstalled the initial server with the OS again. Once that was done i installed the AD role and re added it to the forest. At the end of the dcpromo addition, i got a message along the lines of it not being able to create DNS records and that i should create them manually.
I did not think much of this at the time but i think this coupled with other stuff is causing problems.
The way i figured out i actually had a problem was when i tried to access a network drive that uses Single sign on to authenticate.
It comes up with a message "\\10.0.5.22 is not accessible. You might not have permissions to use this network resource. Contact the administrator of this server to find out if you have access permissions.
There are currently no logon servers available to service the logon request."
After i saw this i googled it and then once i went into the event vwr i realized i have a problem.
I have numerous errors from NETLOGON which are only found on the second domain controller JJDAD02, on JJDAD01 which is the initial one i reinstalled i do not find these errors.
One of these errors is as follows:
"The session setup for the computer JJDAD01 failed to authenticate. The following error occured: Access is denied"
"The session setup from computer 'JJDAD01' failed because the security database does not contain a trust account 'JJDAD01$' referenced by the specified computer.
If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time. If this is a Read-Only Domain Controller and 'JJDAD01$' is a legitimate machine account for the computer 'JJDAD01' then 'JJDAD01' should be marked cacheable for this location if appropriate or otherwise ensure connectivity to a domain controller capable of servicing the request (for example a writable domain controller). Otherwise, the following steps may be taken to resolve this problem:
If 'JJDAD01$' is a legitimate machine account for the computer 'JJDAD01', then 'JJDAD01' should be rejoined to the domain.
If 'JJDAD01$' is a legitimate interdomain trust account, then the trust should be recreated.
Otherwise, assuming that 'JJDAD01$' is not a legitimate account, the following action should be taken on 'JJDAD01':
If 'JJDAD01' is a Domain Controller, then the trust associated with 'JJDAD01$' should be deleted.
If 'JJDAD01' is not a Domain Controller, it should be disjoined from the domain."
The intresting thing is these errors are from earlier in the day before i wiped the domain controller jjdad01. I tried to just dcpromo it out, change the name, and dcpromo it in but it did not work.
This is why i decided to wipe the system and start fresh.
As i said once i added it the second time it only told me the message about the DNS not registering and how i should do it manually.
maybe this is my issue?
So my that is my issue. Essentialy at this point i do not know were to start to fully rectify this issue, so any guidance is very much appreciated.
Let me know if you need any error messages or logs so that you can help me out.