Solved

DNS / Replication issues Active Directory

Posted on 2011-09-21
9
209 Views
Last Modified: 2012-05-12
A situation has arisen were domain controllers were p2v.  One of the old physical domain controllers has come back on and caused an issue with replication and the DNS forward lookup zones don't show on one of the Domain controllers....i have gone through the steps od dcdaig and netdiag which has not solved the issues
0
Comment
Question by:cmatchett
  • 5
  • 4
9 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 36573742
Can you please post dcdiag

The best might be to demote the troubled DC  then repromote the server after a metadata cleanup to make sure you removed any lingering objects behind

http://www.petri.co.il/delete_failed_dcs_from_ad.htm
0
 

Author Comment

by:cmatchett
ID: 36573870
C:\Program Files\Support Tools>dcdiag /v

Domain Controller Diagnosis

Performing initial setup:
   * Verifying that the local machine duncrue1, is a DC.
   * Connecting to directory service on server duncrue1.
   Server duncrue1 resolved to this IP address 192.168.4.2,
   but the address couldn't be reached(pinged), so check the network.
   The error returned was: Error due to lack of resources.
   This error more often means that the targeted server is
   shutdown or disconnected from the network
   * Collecting site info.
   * Identifying all servers.
   * Identifying all NC cross-refs.
   * Found 4 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests

   Testing server: DUNCRUE\DUNCRUE1
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         The host f2de88d6-a1a5-4478-87ac-ff8d5afa6ad6._msdcs.domain.local could
 not be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name
         (f2de88d6-a1a5-4478-87ac-ff8d5afa6ad6._msdcs.domain.local) couldn't be
         resolved, the server name (duncrue1.domain.local) resolved to the IP
         address (192.168.2.100) and was pingable.  Check that the IP address
         is registered correctly with the DNS server.
         ......................... DUNCRUE1 failed test Connectivity

Doing primary tests

   Testing server: DUNCRUE\DUNCRUE1
      Skipping all tests, because server DUNCRUE1 is
      not responding to directory service requests
      Test omitted by user request: Topology
      Test omitted by user request: CutoffServers
      Test omitted by user request: OutboundSecureChannels
      Test omitted by user request: VerifyReplicas
      Test omitted by user request: VerifyEnterpriseReferences
      Test omitted by user request: CheckSecurityError

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : domain
      Starting test: CrossRefValidation
         ......................... domain passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... domain passed test CheckSDRefDom

   Running enterprise tests on : domain.local
      Starting test: Intersite
         Skipping site DUNCRUE, this site is outside the scope provided by the
         command line arguments provided.
         Skipping site PHILIPRUSSELLS, this site is outside the scope provided
         by the command line arguments provided.
         Skipping site MCCABES, this site is outside the scope provided by the
         command line arguments provided.
         ......................... domain.local passed test Intersite
      Starting test: FsmoCheck
         GC Name: \\duncrue1.domain.local
         Locator Flags: 0xe00001fc
         Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
         A Primary Domain Controller could not be located.
         The server holding the PDC role is down.
         Time Server Name: \\duncrue1.domain.local
         Locator Flags: 0xe00001fc
         Preferred Time Server Name: \\duncrue1.domain.local
         Locator Flags: 0xe00001fc
         KDC Name: \\duncrue1.domain.local
         Locator Flags: 0xe00001fc
         ......................... domain.local failed test FsmoCheck
      Test omitted by user request: DNS
      Test omitted by user request: DNS

C:\Program Files\Support Tools>


the IP Address 192.168.4.2 is the ip address of the old machine,...i have done ip config registerdns to correct this and it does not help
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 36573879
Seems like the IP address can't be pinged. Did you turn on a server that has this IP address as well?
0
 

Author Comment

by:cmatchett
ID: 36573945
that address is like an intergrated card for the x series servers.....the correct ip address for the server is 192.168.2.xxx

in the forestdnszones there's a record for the wrong ip and the proper ip
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 36573958
Remove the wrong IP address
0
 

Author Comment

by:cmatchett
ID: 36574044
i also have an error in the event log 40960 saying there's an authentication error....maybe the old computer account of the old server password has expired...maybe a simple computer password reset is required also?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 36575293
You are going to have to demote this server seems like one the other way was turned on this caused a UPN rollback. Easiest way is to demote the run metadata cleanup then repromote
0
 

Accepted Solution

by:
cmatchett earned 0 total points
ID: 36576353
i reset the computer password and it resolved it...thanks for you help all the same
0
 

Author Closing Comment

by:cmatchett
ID: 36597799
doing this action solved it
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now