Solved

Second server not trusted by Domain Controller since DC replacement

Posted on 2011-09-12
14
609 Views
Last Modified: 2012-05-12
Hi All,

I have a client with 2 servers.  1 is a Windows Server 2003 server just running an Oracle Database. The second server is a brand new 2008SBS server which is the only DC.  This 2008 Server is a replacement for their old server which went bang a few months ago.

Since I replaced the DC we have had all-sorts of problems getting clients connected to the Oracle Server.  I've just logged onto the Oracle Server and have noticed the following 2 events in the log:

The Security System detected an authentication error for the server DNS/DOMAINSERVER.COMPANY.LOCAL The failure code from authentication protocol Kerberos was "The specified user does not exist. (0xc0000064)"

The computer was not able to set up a secure session with a domain controller in domain DOMAINNAME due to the following:
There are currently no logon servers available to service the logon request.  This may lead to authentication problems.

Now bear in mind that when I replaced the domain controller I haven't done anything on the Oracle server to tell it about the new set up (apart from adding it to the domain) as I wasn't entirely sure what to do. I'm pretty sure this is a trust/permissions issue but I'm still rather new at this and wanted to ask what basics I need to do so that domain users have the appropriate access to everything on the Oracle Server.

Many thanks

Adam
0
Comment
Question by:amlydiate
  • 8
  • 5
14 Comments
 
LVL 4

Expert Comment

by:Andrew Cliff
ID: 36521817
Sounds like the 2003 Server may be trying to register it's SVR record with the old DC.
Do you have 'Do not register in DNS' selected on the interface? Also do you have one or two NIC's installed on the 2003 Server?
0
 

Author Comment

by:amlydiate
ID: 36522182
Hi,

We  only have one NIC enabled. When I go to the adapter properties and click on the DNS tab it has an entry in the DNS server addresses box which is the Ip address of the DC. The Register this connection's addresses in DNS box is ticked and the Use this connection's DNS suffix in DNS registration is not ticked.

If I click on Advanced on the adapter settings (to get to the bit with IP Settings, DNS, WINS and Options Tabs and look at Ip Settings I've got 2 IP addresses in the Ip Addresses box:
192.168.16.4.......255.255.255.0
192.168.15.3.......255.255.255.0

Could that second IP address in the list be causing problems as it's in the wrong subnet?

(Sorry I'm not really up to speed with subnets e.t.c. so grasping at straws.)

I can confirm that I cannot browse the DC by name from the Database server and the same problem the other way round.

Thanks

Adam
0
 
LVL 10

Expert Comment

by:BloodRed
ID: 36522314
Are either of those IP addresses correct for the new DC?
0
 
LVL 4

Expert Comment

by:Andrew Cliff
ID: 36522727
Definitely check those two IP's. If the second one is in the wrong subnet then remove it (you should the IP of the new DC as the only one).
Also what records do you have in DNS under <domain>, _msdcs, dc, _tcp?
0
 

Author Comment

by:amlydiate
ID: 36527750
HI All,

The .16.4 address is the DC. No idea where the other one came from. Is it o.k. to remove the other one?

Also just checked and the DNS role of this particular servfer is not installed.  Again because nothing changed on the database server, it was the DC we changed I assumed there wouldn't be anything glaringly wrong with the database server. Do we need to have DNS installed on it?

Please excuse my ignorance and I really appreciate your help so far.
0
 
LVL 4

Expert Comment

by:Andrew Cliff
ID: 36527803
You don't need to install DNS on the database server.
And I think it is safe to remove that IP (xxx.xxx.16.4) from the adapter settings. Make a note of it and monitor.
0
 

Author Comment

by:amlydiate
ID: 36527887
OK have removed the second IP address. I also noted that Netbios had been turned off on the database server, I've turned that on and I can now ping the database by both name and IP address from client machines but I cannot view shares. When I try to open the dbserver using \\db-server in the run line I get "\\db-server is not accessible. You might not have permission to use this network resource. There are currently no logon servers available to service the logon request.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 4

Expert Comment

by:Andrew Cliff
ID: 36530358
From the database server can you run ipconfig/ registerdns and give it 15 minutes. Then from the client try and access the share using the IP (\\xxx.xxx.xxx.xxx\) then the nodename.
0
 

Author Comment

by:amlydiate
ID: 36561084
Thanks for the suggestion, have just done this and will report back after 15 minutes
0
 

Author Comment

by:amlydiate
ID: 36561129
I;'ve spotted a lot of the following errors in the log recently: Don't know if it's relevant

Error 1053 Windows cannot determine the user or computer name. (Access is denied. ). Group Policy processing aborted.
0
 

Author Comment

by:amlydiate
ID: 36563405
OK a bit of progress but still not working. I can browse and read files shared on the DC from the database server, however I still can't do the important thing which is browse shares on the database server from the DC or domain clients. The db server is visible from the dc server if you view the whole network but if you double click on it you get an error saying: DBServer is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.

0
 
LVL 4

Accepted Solution

by:
Andrew Cliff earned 500 total points
ID: 36565931
Is it possible for you to remove the DB server from the domain then re-join.
0
 

Author Comment

by:amlydiate
ID: 36566386
I was thinking that but whoever setup the server is long gone and I'm afraid if I did that I wouldn't know the local password. Is there a way of resetting the local password or creating a new local user account from the server while part of the domain?
0
 

Author Closing Comment

by:amlydiate
ID: 36915179
Thank you, that did the trick!
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
Learn about cloud computing and its benefits for small business owners.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now