Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Second server not trusted by Domain Controller since DC replacement

Posted on 2011-09-12
14
Medium Priority
?
644 Views
Last Modified: 2012-05-12
Hi All,

I have a client with 2 servers.  1 is a Windows Server 2003 server just running an Oracle Database. The second server is a brand new 2008SBS server which is the only DC.  This 2008 Server is a replacement for their old server which went bang a few months ago.

Since I replaced the DC we have had all-sorts of problems getting clients connected to the Oracle Server.  I've just logged onto the Oracle Server and have noticed the following 2 events in the log:

The Security System detected an authentication error for the server DNS/DOMAINSERVER.COMPANY.LOCAL The failure code from authentication protocol Kerberos was "The specified user does not exist. (0xc0000064)"

The computer was not able to set up a secure session with a domain controller in domain DOMAINNAME due to the following:
There are currently no logon servers available to service the logon request.  This may lead to authentication problems.

Now bear in mind that when I replaced the domain controller I haven't done anything on the Oracle server to tell it about the new set up (apart from adding it to the domain) as I wasn't entirely sure what to do. I'm pretty sure this is a trust/permissions issue but I'm still rather new at this and wanted to ask what basics I need to do so that domain users have the appropriate access to everything on the Oracle Server.

Many thanks

Adam
0
Comment
Question by:amlydiate
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
14 Comments
 
LVL 4

Expert Comment

by:Andrew Cliff
ID: 36521817
Sounds like the 2003 Server may be trying to register it's SVR record with the old DC.
Do you have 'Do not register in DNS' selected on the interface? Also do you have one or two NIC's installed on the 2003 Server?
0
 

Author Comment

by:amlydiate
ID: 36522182
Hi,

We  only have one NIC enabled. When I go to the adapter properties and click on the DNS tab it has an entry in the DNS server addresses box which is the Ip address of the DC. The Register this connection's addresses in DNS box is ticked and the Use this connection's DNS suffix in DNS registration is not ticked.

If I click on Advanced on the adapter settings (to get to the bit with IP Settings, DNS, WINS and Options Tabs and look at Ip Settings I've got 2 IP addresses in the Ip Addresses box:
192.168.16.4.......255.255.255.0
192.168.15.3.......255.255.255.0

Could that second IP address in the list be causing problems as it's in the wrong subnet?

(Sorry I'm not really up to speed with subnets e.t.c. so grasping at straws.)

I can confirm that I cannot browse the DC by name from the Database server and the same problem the other way round.

Thanks

Adam
0
 
LVL 10

Expert Comment

by:BloodRed
ID: 36522314
Are either of those IP addresses correct for the new DC?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 4

Expert Comment

by:Andrew Cliff
ID: 36522727
Definitely check those two IP's. If the second one is in the wrong subnet then remove it (you should the IP of the new DC as the only one).
Also what records do you have in DNS under <domain>, _msdcs, dc, _tcp?
0
 

Author Comment

by:amlydiate
ID: 36527750
HI All,

The .16.4 address is the DC. No idea where the other one came from. Is it o.k. to remove the other one?

Also just checked and the DNS role of this particular servfer is not installed.  Again because nothing changed on the database server, it was the DC we changed I assumed there wouldn't be anything glaringly wrong with the database server. Do we need to have DNS installed on it?

Please excuse my ignorance and I really appreciate your help so far.
0
 
LVL 4

Expert Comment

by:Andrew Cliff
ID: 36527803
You don't need to install DNS on the database server.
And I think it is safe to remove that IP (xxx.xxx.16.4) from the adapter settings. Make a note of it and monitor.
0
 

Author Comment

by:amlydiate
ID: 36527887
OK have removed the second IP address. I also noted that Netbios had been turned off on the database server, I've turned that on and I can now ping the database by both name and IP address from client machines but I cannot view shares. When I try to open the dbserver using \\db-server in the run line I get "\\db-server is not accessible. You might not have permission to use this network resource. There are currently no logon servers available to service the logon request.
0
 
LVL 4

Expert Comment

by:Andrew Cliff
ID: 36530358
From the database server can you run ipconfig/ registerdns and give it 15 minutes. Then from the client try and access the share using the IP (\\xxx.xxx.xxx.xxx\) then the nodename.
0
 

Author Comment

by:amlydiate
ID: 36561084
Thanks for the suggestion, have just done this and will report back after 15 minutes
0
 

Author Comment

by:amlydiate
ID: 36561129
I;'ve spotted a lot of the following errors in the log recently: Don't know if it's relevant

Error 1053 Windows cannot determine the user or computer name. (Access is denied. ). Group Policy processing aborted.
0
 

Author Comment

by:amlydiate
ID: 36563405
OK a bit of progress but still not working. I can browse and read files shared on the DC from the database server, however I still can't do the important thing which is browse shares on the database server from the DC or domain clients. The db server is visible from the dc server if you view the whole network but if you double click on it you get an error saying: DBServer is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.

0
 
LVL 4

Accepted Solution

by:
Andrew Cliff earned 2000 total points
ID: 36565931
Is it possible for you to remove the DB server from the domain then re-join.
0
 

Author Comment

by:amlydiate
ID: 36566386
I was thinking that but whoever setup the server is long gone and I'm afraid if I did that I wouldn't know the local password. Is there a way of resetting the local password or creating a new local user account from the server while part of the domain?
0
 

Author Closing Comment

by:amlydiate
ID: 36915179
Thank you, that did the trick!
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question