DavidRS4
asked on
Windows 2008 DC not accessible
We had two DCs in the domain. One died. It did not have any FSMO roles. Now none of the member servers can contact the primary DC for any DC requests. Can not get lists of users, nletest /query fails - can not find domain.
However I can browse to dcserver/sysvol and dcserver/netlogon fiine and the nltests work fine from the DC. I can ping as well.
from member servers:
nltest /sc_query:domain.local (with domain name)
flags: 0
trusted dc name
trusted dc connection status status = 1311 0x51f ERROR_NO_LOGON_SERVERS
Any ideas what I should be looking at? Can not seem to figure out why the member servers can not access the dc..
However I can browse to dcserver/sysvol and dcserver/netlogon fiine and the nltests work fine from the DC. I can ping as well.
from member servers:
nltest /sc_query:domain.local (with domain name)
flags: 0
trusted dc name
trusted dc connection status status = 1311 0x51f ERROR_NO_LOGON_SERVERS
Any ideas what I should be looking at? Can not seem to figure out why the member servers can not access the dc..
I think chakko is spot on the money here - ckeck all your DNS setup.
You may also like to follow these instructions to ensure the old DC is properly removed from AD http://www.petri.co.il/delete_failed_dcs_from_ad.htm
You may also like to follow these instructions to ensure the old DC is properly removed from AD http://www.petri.co.il/delete_failed_dcs_from_ad.htm
ASKER
The active domain controller (dc1) does have dns. I have checked and I can ping dc1 from any system and it resolves fine. I can browse to \\dc1\sysvol from any system.
I checked and the SRV records are listed correctly in the dns.
All systems have the dns from dc1.
The dc2 died but I can still get it running for short periods of time(15-20 min - hardware issue). I did not want to fully pull it out of the domain until I resolve why the member servers can not check with the dc1.
I appreciate any insight.
I checked and the SRV records are listed correctly in the dns.
All systems have the dns from dc1.
The dc2 died but I can still get it running for short periods of time(15-20 min - hardware issue). I did not want to fully pull it out of the domain until I resolve why the member servers can not check with the dc1.
I appreciate any insight.
from dc1 please do a dcdiag and post restults back here.
Please post results as an attached file NOT in the body of the post
from command prompt
#> dcdiag /v > dcdiag.txt
post dcdiag.txt here.
Please post results as an attached file NOT in the body of the post
from command prompt
#> dcdiag /v > dcdiag.txt
post dcdiag.txt here.
ASKER
File is attached. I did do a replace from actual company name to say "company"
Thank you.
dcdiag.txt
Thank you.
dcdiag.txt
On the bright side it looks like this DC has a valid copy of AD... so that's good?
this is an interesting error......
* The System Event log test
An Error Event occurred. EventID: 0xC00010DF
Time Generated: 05/21/2011 22:37:06
Event String:
A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see...
Has the server got multiple active NICs? (i.e. multi homed)
I am still leaning towards a dns issue. Can you please post
#> DCDIAG /TEST:DNS > dcdiag_dns.txt
this is an interesting error......
* The System Event log test
An Error Event occurred. EventID: 0xC00010DF
Time Generated: 05/21/2011 22:37:06
Event String:
A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see...
Has the server got multiple active NICs? (i.e. multi homed)
I am still leaning towards a dns issue. Can you please post
#> DCDIAG /TEST:DNS > dcdiag_dns.txt
ASKER
Yes, that is why I am having trouble. its fine on the DC but no one else can see it correctly. It does have 2 active NICs. It is a Hyper-V server - the .2 is used for the DC1 and the hypers go through .3.
I think it is a DNS issue of some type as well - but not sure how to fix :)
File attached.
dcdiag-dns.txt
I think it is a DNS issue of some type as well - but not sure how to fix :)
File attached.
dcdiag-dns.txt
ASKER
Also - IPv6 is disabled on both NICs. Noticed some IPv6 errors.
I saw this several times:
The guid-based DNS name aa68f3cb-3e9b-4981-a9d7-75
Can you do a ipconfig /registerdns on the DC1
See if that makes any difference.
Also, in the DNS records (DC1) do you see any obvious incorrect records related to DC1
The guid-based DNS name aa68f3cb-3e9b-4981-a9d7-75
Can you do a ipconfig /registerdns on the DC1
See if that makes any difference.
Also, in the DNS records (DC1) do you see any obvious incorrect records related to DC1
I've seen problems with disabling ip6. Any reason to have it disabled? you can try to enable on the LAN interface.
ASKER
I did the ipconfig and still get the same ERROR_NO_LOGON_SERVERS on the member server. But the member server can still ping company1.company.local fine.
I looked at all the dns records and didnt see anything that seemed to be wrong for dc1.. also took out all the records for dc2.
I looked at all the dns records and didnt see anything that seemed to be wrong for dc1.. also took out all the records for dc2.
try this:
nltest /dsgetdc: < DomainName >
what is the result. If looks good, then try from a PC
nltest /dsgetdc: < DomainName >
what is the result. If looks good, then try from a PC
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
nslookup dc1 was trying to find a server at .1 which was the old server. I went through the dns and find 2 places that still had a .1 and removed them.
Now the nslookup dc1 resolves fine but nltest /query still shows no logon servers.
The nltest /dsgetdc:company.local shows error_no_such_domain on the member server. It works fine on the dc1.
Now the nslookup dc1 resolves fine but nltest /query still shows no logon servers.
The nltest /dsgetdc:company.local shows error_no_such_domain on the member server. It works fine on the dc1.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
is DC1 a global catalog server?
ASKER
Thank you! Between the two of you I was able to track down the problem, resolve it and get everything working!
From the dcdiag
> The DS company1 is advertising as a GC.
Are the two NICS on the same subnet? if so disable one and make sure DNS entries only point to the remaining active NIC.
> The DS company1 is advertising as a GC.
Are the two NICS on the same subnet? if so disable one and make sure DNS entries only point to the remaining active NIC.
ASKER
Thank you both. I restarted the NETLOGON service (I had restarted the full dc1 earlier today but guess I had to do it after the DNS issue was fixed). I then had to do a nltest /sc_reset:company.local and then everything started working (resolving requests to the server for security for users, etc...).
> Thank you! Between the two of you I was able to track down the problem, resolve it and get everything working!
So what was the eventual "thing" that fixed it?
So what was the eventual "thing" that fixed it?
ASKER
Nic issue - the two nics are on the same subnet but I can not disable one. The .2 is used for the company1 server which is a Hyper-V server. All the traffic for the virtual servers goes over .3.
ASKER
Eventual "thing" -
Remove all entries in DNS that listed company2 server or .1 address.
Restart DNS.
Restart NETLOGON service.
Run nltest /sc_reset:company.local on member servers.
Everything works.!
Remove all entries in DNS that listed company2 server or .1 address.
Restart DNS.
Restart NETLOGON service.
Run nltest /sc_reset:company.local on member servers.
Everything works.!
What DNS server is setup in TCP/IP in the active server and the PC's. You should have all DNS going to the active server.
In the Active server is the DNS zone for your domain (internal domain) there and does it have records in it?