active directory server 2008 issues

Posted on 2011-04-24
Last Modified: 2012-05-11
Ok so i am having sort of a big problem that i am trying to work through.

How this all started was i had a domain controller that had a bad name, it was one of those windows auto generated ones were its like WIN-9m9..... the random generated ones.

I wanted to obviously change this to a correct naming scheme. What i did was bring up a vmware server 2008 system and added it to the forest. Once i did this i dcpromo'd out the initial domain controller so that i could change its name.

Once i did this i had many problems, first of which resided because everyone was using the old dns servers... Once i figured that out i changed the dns servers in the dhcp setup.

This sort of fixed my problem.

Then i went ahead and fully reinstalled the initial server with the OS again. Once that was done i installed the AD role and re added it to the forest. At the end of the dcpromo addition, i got a message along the lines of it not being able to create DNS records and that i should create them manually.

I did not think much of this at the time but i think this coupled with other stuff is causing problems.

The way i figured out i actually had a problem was when i tried to access a network drive that uses Single sign on to authenticate.

It comes up with a message "\\ is not accessible. You might not have permissions to use this network resource. Contact the administrator of this server to find out if you have access permissions.

There are currently no logon servers available to service the logon request."

After i saw this i googled it and then once i went into the event vwr i realized i have a  problem.

I have numerous errors from NETLOGON which are only found on the second domain controller JJDAD02, on JJDAD01 which is the initial one i reinstalled i do not find these errors.

One of these errors is as follows:

"The session setup for the computer JJDAD01 failed to authenticate. The following error occured: Access is denied"

"The session setup from computer 'JJDAD01' failed because the security database does not contain a trust account 'JJDAD01$' referenced by the specified computer.  

If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time.  If this is a Read-Only Domain Controller and 'JJDAD01$' is a legitimate machine account for the computer 'JJDAD01' then 'JJDAD01' should be marked cacheable for this location if appropriate or otherwise ensure connectivity to a domain controller  capable of servicing the request (for example a writable domain controller).  Otherwise, the following steps may be taken to resolve this problem:  

If 'JJDAD01$' is a legitimate machine account for the computer 'JJDAD01', then 'JJDAD01' should be rejoined to the domain.  

If 'JJDAD01$' is a legitimate interdomain trust account, then the trust should be recreated.  

Otherwise, assuming that 'JJDAD01$' is not a legitimate account, the following action should be taken on 'JJDAD01':  

If 'JJDAD01' is a Domain Controller, then the trust associated with 'JJDAD01$' should be deleted.  

If 'JJDAD01' is not a Domain Controller, it should be disjoined from the domain."

The intresting thing is these errors are from earlier in the day before i wiped the domain controller jjdad01. I tried to just dcpromo it out, change the name, and dcpromo it in but it did not work.

This is why i decided to wipe the system and start fresh.

As i said once i added it the second time it only told me the message about the DNS not registering and how i should do it manually.

maybe this is my issue?

So my that is my issue. Essentialy at this point i do not know were to start to fully rectify this issue, so any guidance is very much appreciated.

Let me know if you need any error messages or logs so that you can help me out.


Question by:silviotucciarone
    LVL 33

    Expert Comment

    Someone may be more authoritative on this, but I suspect the original instantiation of the DC wasn't completely gone from AD/DNS when you wiped it and rebuilt it.

    If it were me, I'd take down the new DC again, comb through AD and DNS for any traces of it, then maybe bring it back in again.  I might even consider using a different host name.

    Author Comment

    so let me clarify...

    JJDAD02 was the new one i brought into the foreset when the old WIN-9M9... server was the main DC.

    After JJDAD02 was brought in, i dcpromo'd WIN-9M9 out but if i remeber right i didnt remove dns...

    Then i brought the new JJDAD01 into the forest.

    So your saying take JJDAD02 out again leaving JJDAD01?
    LVL 33

    Expert Comment

    Thanks for clarifying.  I was under the impression you brought AD02 in, took it out, then brought it back in again.

    So you had AD02 as the sole DC and no DNS in the domain?  I wouldn't have thought that was possible, unless you forcibly removed the old 9M9 DC.

    Did 9M9 end up becoming AD01?  Did you wipe it, reinstall, then DCPromo it?

    Ultimately, all items in AD are known by thier SID.  What I'm suggesting is that there's some confusion in AD regarding SIDs, but I may very well be wrong about that.


    Author Comment

    AD02 was also a DC and DNS... i checked after i removed 9M9 it had all my records...

    yes 9M9 did become AD01 after i wiped and reinstlled yes...


    Accepted Solution

    i have solved this issue on my own yet again...

    I solved it by removing all the old records for the AD servers in the DNS. There were stale records of the old domain controller still stuck in the DNS. Once these fixes were made it worked...

    Author Closing Comment

    problem solved on my own after more research.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Free book by J.Peter Bruzzese, Microsoft MVP

    Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

    I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
    Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
    To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
    This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now