Solved

Second server not trusted by Domain Controller since DC replacement

Posted on 2011-09-12
14
606 Views
Last Modified: 2012-05-12
Hi All,

I have a client with 2 servers.  1 is a Windows Server 2003 server just running an Oracle Database. The second server is a brand new 2008SBS server which is the only DC.  This 2008 Server is a replacement for their old server which went bang a few months ago.

Since I replaced the DC we have had all-sorts of problems getting clients connected to the Oracle Server.  I've just logged onto the Oracle Server and have noticed the following 2 events in the log:

The Security System detected an authentication error for the server DNS/DOMAINSERVER.COMPANY.LOCAL The failure code from authentication protocol Kerberos was "The specified user does not exist. (0xc0000064)"

The computer was not able to set up a secure session with a domain controller in domain DOMAINNAME due to the following:
There are currently no logon servers available to service the logon request.  This may lead to authentication problems.

Now bear in mind that when I replaced the domain controller I haven't done anything on the Oracle server to tell it about the new set up (apart from adding it to the domain) as I wasn't entirely sure what to do. I'm pretty sure this is a trust/permissions issue but I'm still rather new at this and wanted to ask what basics I need to do so that domain users have the appropriate access to everything on the Oracle Server.

Many thanks

Adam
0
Comment
Question by:amlydiate
  • 8
  • 5
14 Comments
 
LVL 4

Expert Comment

by:Andrew Cliff
ID: 36521817
Sounds like the 2003 Server may be trying to register it's SVR record with the old DC.
Do you have 'Do not register in DNS' selected on the interface? Also do you have one or two NIC's installed on the 2003 Server?
0
 

Author Comment

by:amlydiate
ID: 36522182
Hi,

We  only have one NIC enabled. When I go to the adapter properties and click on the DNS tab it has an entry in the DNS server addresses box which is the Ip address of the DC. The Register this connection's addresses in DNS box is ticked and the Use this connection's DNS suffix in DNS registration is not ticked.

If I click on Advanced on the adapter settings (to get to the bit with IP Settings, DNS, WINS and Options Tabs and look at Ip Settings I've got 2 IP addresses in the Ip Addresses box:
192.168.16.4.......255.255.255.0
192.168.15.3.......255.255.255.0

Could that second IP address in the list be causing problems as it's in the wrong subnet?

(Sorry I'm not really up to speed with subnets e.t.c. so grasping at straws.)

I can confirm that I cannot browse the DC by name from the Database server and the same problem the other way round.

Thanks

Adam
0
 
LVL 10

Expert Comment

by:BloodRed
ID: 36522314
Are either of those IP addresses correct for the new DC?
0
 
LVL 4

Expert Comment

by:Andrew Cliff
ID: 36522727
Definitely check those two IP's. If the second one is in the wrong subnet then remove it (you should the IP of the new DC as the only one).
Also what records do you have in DNS under <domain>, _msdcs, dc, _tcp?
0
 

Author Comment

by:amlydiate
ID: 36527750
HI All,

The .16.4 address is the DC. No idea where the other one came from. Is it o.k. to remove the other one?

Also just checked and the DNS role of this particular servfer is not installed.  Again because nothing changed on the database server, it was the DC we changed I assumed there wouldn't be anything glaringly wrong with the database server. Do we need to have DNS installed on it?

Please excuse my ignorance and I really appreciate your help so far.
0
 
LVL 4

Expert Comment

by:Andrew Cliff
ID: 36527803
You don't need to install DNS on the database server.
And I think it is safe to remove that IP (xxx.xxx.16.4) from the adapter settings. Make a note of it and monitor.
0
 

Author Comment

by:amlydiate
ID: 36527887
OK have removed the second IP address. I also noted that Netbios had been turned off on the database server, I've turned that on and I can now ping the database by both name and IP address from client machines but I cannot view shares. When I try to open the dbserver using \\db-server in the run line I get "\\db-server is not accessible. You might not have permission to use this network resource. There are currently no logon servers available to service the logon request.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 4

Expert Comment

by:Andrew Cliff
ID: 36530358
From the database server can you run ipconfig/ registerdns and give it 15 minutes. Then from the client try and access the share using the IP (\\xxx.xxx.xxx.xxx\) then the nodename.
0
 

Author Comment

by:amlydiate
ID: 36561084
Thanks for the suggestion, have just done this and will report back after 15 minutes
0
 

Author Comment

by:amlydiate
ID: 36561129
I;'ve spotted a lot of the following errors in the log recently: Don't know if it's relevant

Error 1053 Windows cannot determine the user or computer name. (Access is denied. ). Group Policy processing aborted.
0
 

Author Comment

by:amlydiate
ID: 36563405
OK a bit of progress but still not working. I can browse and read files shared on the DC from the database server, however I still can't do the important thing which is browse shares on the database server from the DC or domain clients. The db server is visible from the dc server if you view the whole network but if you double click on it you get an error saying: DBServer is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.

0
 
LVL 4

Accepted Solution

by:
Andrew Cliff earned 500 total points
ID: 36565931
Is it possible for you to remove the DB server from the domain then re-join.
0
 

Author Comment

by:amlydiate
ID: 36566386
I was thinking that but whoever setup the server is long gone and I'm afraid if I did that I wouldn't know the local password. Is there a way of resetting the local password or creating a new local user account from the server while part of the domain?
0
 

Author Closing Comment

by:amlydiate
ID: 36915179
Thank you, that did the trick!
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now