Improve company productivity with a Business Account.Sign Up

x
?
Solved

Domain Controller in same VLAN do not take pat in authentication

Posted on 2011-09-13
14
Medium Priority
?
454 Views
Last Modified: 2012-05-12
Its a DR site 4th DC .
Global Catalog > yes.
AD integrated DNS > yes
pinging from client .09ms successful.

loging from client fails to login , the message I am getting is
"System can not log you on because the domain <my domain name> is not available

FYI the same client can login in main site , there is no problem in client . DC is not responding,

OS : windows 2003 Server  enterprise edition with SP2 ( domain controller)
client : xp pro sp3.
0
Comment
Question by:sulu999
  • 9
  • 5
14 Comments
 

Author Comment

by:sulu999
ID: 36528435
does it need to run dcpromo again ??
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 36528450
Have you run a dcdiag on the problem DC?

i.e. dcdiag /v /c /f:dcdiag.txt
0
 

Author Comment

by:sulu999
ID: 36529458
Hi

i have found out that the "netlogon " and "SYSVOL" shares are missing ,  if I create manually then the dcdiag test is passing but after rebooting these shares vanishes.

What could be the cause .


FYI
I had configured the DFSR between two file servers in the same AD.  my three domain controllers are fine.

which are in a.b.c.0 network the 4th Dc is in a.b.y.0 network across two firewalls
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 21

Expert Comment

by:snusgubben
ID: 36530853
Have you checked for errors in the FRS (or DFSR) event log?
0
 

Author Comment

by:sulu999
ID: 36531222
Hi

now server has stoped login ; domain controller for this domain can not be found.

what I did , I will update you . I had restored the old syslog backup . and rebooted . so finally it killed the AD .


Now guide me how to reinstall the same DC04 ,

1) way to remove the dc04 from existing setup .
2) installing new machine and dcpromo .  

OR can I get it back by some other way ???

0
 

Author Comment

by:sulu999
ID: 36531241
Hi

SYSVOL backup not syslog   correction
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 36534182
You have a DR site with 4 DCs, and DC04 is not working?

Can you log into DC04?

It's "common" that DCs are missing SYSVOL, and it is normally easy to get back. You should not create the share yourself. The NtFrs service should create the folders, while Netlogon service should share it out.

If you want to uninstall it: dcpromo /forceremoval
To remove DC04 from the domain: http://www.petri.co.il/delete_failed_dcs_from_ad.htm

0
 

Author Comment

by:sulu999
ID: 36534323
Hi

where should I run dcpromo /forceremoval ?/

on dc01,02,03 because DC04 is dead.  or I should start second option as per given link?

with rgds
sulu999

0
 
LVL 21

Expert Comment

by:snusgubben
ID: 36534595
If DC04 is dead, you only need to run a Metadata clean from a working DC (to remove DC04 out of the domain).
0
 

Author Comment

by:sulu999
ID: 36541824
Hi

good  news . I left the server running but it was not authenticating pop up was " Domain name not does  not exist"

Surprisingly now it is allowing me to login but still netlogon and sysvol shares are missing .

the error in other DC is 13565 ,  


How can I get the shares on DC04 ???
0
 

Author Comment

by:sulu999
ID: 36541833
I am waiting for your feed back .

there is some registry fix for BurFlags  to set it to D4 on one and rest as D2.  how is this???
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 36541846
You should verify that the DC04 points to a valid DNS (on the nic), then you could try a non-authoritative restore of SYSVOL (Burflags = D2).

http://adfordummiez.com/?p=61
0
 

Accepted Solution

by:
sulu999 earned 0 total points
ID: 36555498
It does not work , I have cleaned metadata and reinstalling the server.

thanks for your kind support.
0
 

Author Closing Comment

by:sulu999
ID: 36579019
partially helpful,  after all its Microsoft as you know .
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
If you need to implement application level security in an Access database application or other VBA code, I strongly encourage you to take advantage of Active Directory groups.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

584 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question