Windows 2008 DC not accessible

We had two DCs in the domain.  One died.  It did not have any FSMO roles.  Now none of the member servers can contact the primary DC for any DC requests.  Can not get lists of users, nletest /query fails - can not find domain.

However I can browse to dcserver/sysvol and dcserver/netlogon fiine and the nltests work fine from the DC.  I can ping as well.

from member servers:

nltest /sc_query:domain.local (with domain name)

flags: 0
trusted dc name
trusted dc connection status status = 1311 0x51f ERROR_NO_LOGON_SERVERS

Any ideas what I should be looking at?  Can not seem to figure out why the member servers can not access the dc..
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Do you have DNS server (service) on the still active Domain Controller?

What DNS server is setup in TCP/IP in the active server and the PC's.  You should have all DNS going to the active server.

In the Active server is the DNS zone for your domain (internal domain) there and does it have records in it?
Andrew OakeleyConsultantCommented:
I think chakko is spot on the money here - ckeck all your DNS setup.

You may also like to follow these instructions to ensure the old DC is properly removed from AD 

DavidRS4Author Commented:
The active domain controller (dc1) does have dns.  I have checked and I can ping dc1 from any system and it resolves fine.  I can browse to \\dc1\sysvol from any system.

I checked and the SRV records are listed correctly in the dns.

All systems have the dns from dc1.

The dc2 died but I can still get it running for short periods of time(15-20 min - hardware issue).  I did not want to fully pull it out of the domain until I resolve why the member servers can not check with the dc1.

I appreciate any insight.
PMI ACP® Project Management

Prepare for the PMI Agile Certified Practitioner (PMI-ACP)® exam, which formally recognizes your knowledge of agile principles and your skill with agile techniques.

Andrew OakeleyConsultantCommented:
from dc1 please do a dcdiag and post restults back here.
Please post results as an attached file NOT in the body of the post
from command prompt

#> dcdiag /v > dcdiag.txt

post dcdiag.txt here.
DavidRS4Author Commented:
File is attached.  I did do a replace from actual company name to say "company"

Thank you.
Andrew OakeleyConsultantCommented:
On the bright side it looks like this DC has a valid copy of AD... so that's good?

this is an interesting error......
  * The System Event log test
         An Error Event occurred.  EventID: 0xC00010DF
            Time Generated: 05/21/2011   22:37:06
            Event String:
            A duplicate name has been detected on the TCP network.  The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see...

Has the server got multiple active NICs? (i.e. multi homed)

I am still leaning towards a dns issue. Can you please post

#> DCDIAG /TEST:DNS > dcdiag_dns.txt

DavidRS4Author Commented:
Yes, that is why I am having trouble.  its fine on the DC but no one else can see it correctly.  It does have 2 active NICs.  It is a Hyper-V server - the .2 is used for the DC1 and the hypers go through .3.

I think it is a DNS issue of some type as well - but not sure how to fix :)

File attached.

DavidRS4Author Commented:
Also - IPv6 is disabled on both NICs.  Noticed some IPv6 errors.
I saw this several times:

The guid-based DNS name              is not registered on one or more DNS servers.

Can you do a ipconfig /registerdns on the DC1

See if that makes any difference.
Also, in the DNS records (DC1) do you see any obvious incorrect records related to DC1
I've seen problems with disabling ip6.  Any reason to have it disabled?   you can try to enable on the LAN interface.
DavidRS4Author Commented:
I did the ipconfig and still get the same ERROR_NO_LOGON_SERVERS on the member server.  But the member server can still ping fine.

I looked at all the dns records and didnt see anything that seemed to be wrong for dc1.. also took out all the records for dc2.
try this:

nltest /dsgetdc: < DomainName > 

what is the result.  If looks good, then try from a PC
Andrew OakeleyConsultantCommented:
Did you disable ipv6 properly (as per or did you just untick it?
- if you just unticked it it may pay to turn it back on again

Rathern than using PING to test DNS resolution, what happens when you do

#> nslookup DC1

The reason for not using ping for DNS testing is that it will also broadcast to find the server, thus you can get a ping back for a server even when DNS is incorrectly configured.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DavidRS4Author Commented:
nslookup dc1 was trying to find a server at .1 which was the old server.  I went through the dns and find 2 places that still had a .1 and removed them.

Now the nslookup dc1 resolves fine but nltest /query still shows no logon servers.  

The nltest /dsgetdc:company.local shows error_no_such_domain on the member server.  It works fine on the dc1.

when was the last time you restarted DC1?

you might try to stop and start the NETLOGON service.  That should register records into DNS.

Can also try this (from

Value 1722 (Error code 1722) = "The RPC Server is unavailable" - Usually occurs when DNS servers are not configured properly. There is connectivity but not at the service level. One note here, usually it may appear that DNS is set properly but one has to double-check all the aspects of DNS registration/resolution as the problem may not be that obvious. See also M261007 - It says that this behavior can occur if the address for the configured preferred DNS server on the client is invalid or unreachable.
From a newsgroup post: "Do the following to ensure that the SRV records for the AD servers are in DNS properly: (from the DOS prompt)

server DC1
set type=srv
Server:     <<should return your info>>
Address:   <<should return your IP>>

you should see something like this:

_ldap._tcp.dc._msdcs.YOURDOMAIN.COM       SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = server1.YOURDOMAIN.COM
_ldap._tcp.dc._msdcs.YOURDOMAIN.COM       SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = server2.YOURDOMAIN.COM
server1.YOURDOMAIN.COM       internet address =
server2.YOURDOMAIN.COM  nternet address =

If you don't then you definately have a DNS problem.
is DC1 a global catalog server?
DavidRS4Author Commented:
Thank you! Between the two of you I was able to track down the problem, resolve it and get everything working!
Andrew OakeleyConsultantCommented:
From the dcdiag
> The DS company1 is advertising as a GC.

Are the two NICS on the same subnet? if so disable one and make sure DNS entries only point to the remaining active NIC.

DavidRS4Author Commented:
Thank you both. I restarted the NETLOGON service (I had restarted the full dc1 earlier today but guess I had to do it after the DNS issue was fixed).  I then had to do a nltest /sc_reset:company.local and then everything started working (resolving requests to the server for security for users, etc...).

Andrew OakeleyConsultantCommented:
> Thank you! Between the two of you I was able to track down the problem, resolve it and get everything working!

So what was the eventual "thing" that fixed it?
DavidRS4Author Commented:
Nic issue - the two nics are on the same subnet but I can not disable one.  The .2 is used for the company1 server which is a Hyper-V server.  All the traffic for the virtual servers goes over .3.

DavidRS4Author Commented:
Eventual "thing" -

Remove all entries in DNS that listed company2 server or .1 address.

Restart DNS.

Restart NETLOGON service.

Run nltest /sc_reset:company.local on member servers.

Everything works.!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.