Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Domain Controller in same VLAN do not take pat in authentication

Posted on 2011-09-13
14
Medium Priority
?
450 Views
Last Modified: 2012-05-12
Its a DR site 4th DC .
Global Catalog > yes.
AD integrated DNS > yes
pinging from client .09ms successful.

loging from client fails to login , the message I am getting is
"System can not log you on because the domain <my domain name> is not available

FYI the same client can login in main site , there is no problem in client . DC is not responding,

OS : windows 2003 Server  enterprise edition with SP2 ( domain controller)
client : xp pro sp3.
0
Comment
Question by:sulu999
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 5
14 Comments
 

Author Comment

by:sulu999
ID: 36528435
does it need to run dcpromo again ??
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 36528450
Have you run a dcdiag on the problem DC?

i.e. dcdiag /v /c /f:dcdiag.txt
0
 

Author Comment

by:sulu999
ID: 36529458
Hi

i have found out that the "netlogon " and "SYSVOL" shares are missing ,  if I create manually then the dcdiag test is passing but after rebooting these shares vanishes.

What could be the cause .


FYI
I had configured the DFSR between two file servers in the same AD.  my three domain controllers are fine.

which are in a.b.c.0 network the 4th Dc is in a.b.y.0 network across two firewalls
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
LVL 21

Expert Comment

by:snusgubben
ID: 36530853
Have you checked for errors in the FRS (or DFSR) event log?
0
 

Author Comment

by:sulu999
ID: 36531222
Hi

now server has stoped login ; domain controller for this domain can not be found.

what I did , I will update you . I had restored the old syslog backup . and rebooted . so finally it killed the AD .


Now guide me how to reinstall the same DC04 ,

1) way to remove the dc04 from existing setup .
2) installing new machine and dcpromo .  

OR can I get it back by some other way ???

0
 

Author Comment

by:sulu999
ID: 36531241
Hi

SYSVOL backup not syslog   correction
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 36534182
You have a DR site with 4 DCs, and DC04 is not working?

Can you log into DC04?

It's "common" that DCs are missing SYSVOL, and it is normally easy to get back. You should not create the share yourself. The NtFrs service should create the folders, while Netlogon service should share it out.

If you want to uninstall it: dcpromo /forceremoval
To remove DC04 from the domain: http://www.petri.co.il/delete_failed_dcs_from_ad.htm

0
 

Author Comment

by:sulu999
ID: 36534323
Hi

where should I run dcpromo /forceremoval ?/

on dc01,02,03 because DC04 is dead.  or I should start second option as per given link?

with rgds
sulu999

0
 
LVL 21

Expert Comment

by:snusgubben
ID: 36534595
If DC04 is dead, you only need to run a Metadata clean from a working DC (to remove DC04 out of the domain).
0
 

Author Comment

by:sulu999
ID: 36541824
Hi

good  news . I left the server running but it was not authenticating pop up was " Domain name not does  not exist"

Surprisingly now it is allowing me to login but still netlogon and sysvol shares are missing .

the error in other DC is 13565 ,  


How can I get the shares on DC04 ???
0
 

Author Comment

by:sulu999
ID: 36541833
I am waiting for your feed back .

there is some registry fix for BurFlags  to set it to D4 on one and rest as D2.  how is this???
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 36541846
You should verify that the DC04 points to a valid DNS (on the nic), then you could try a non-authoritative restore of SYSVOL (Burflags = D2).

http://adfordummiez.com/?p=61
0
 

Accepted Solution

by:
sulu999 earned 0 total points
ID: 36555498
It does not work , I have cleaned metadata and reinstalling the server.

thanks for your kind support.
0
 

Author Closing Comment

by:sulu999
ID: 36579019
partially helpful,  after all its Microsoft as you know .
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question