cmatchett
asked on
DNS / Replication issues Active Directory
A situation has arisen were domain controllers were p2v. One of the old physical domain controllers has come back on and caused an issue with replication and the DNS forward lookup zones don't show on one of the Domain controllers....i have gone through the steps od dcdaig and netdiag which has not solved the issues
ASKER
C:\Program Files\Support Tools>dcdiag /v
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine duncrue1, is a DC.
* Connecting to directory service on server duncrue1.
Server duncrue1 resolved to this IP address 192.168.4.2,
but the address couldn't be reached(pinged), so check the network.
The error returned was: Error due to lack of resources.
This error more often means that the targeted server is
shutdown or disconnected from the network
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 4 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: DUNCRUE\DUNCRUE1
Starting test: Connectivity
* Active Directory LDAP Services Check
The host f2de88d6-a1a5-4478-87ac-ff 8d5afa6ad6 ._msdcs.do main.local could
not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(f2de88d6-a1a5-4478-87ac-f f8d5afa6ad 6._msdcs.d omain.loca l) couldn't be
resolved, the server name (duncrue1.domain.local) resolved to the IP
address (192.168.2.100) and was pingable. Check that the IP address
is registered correctly with the DNS server.
......................... DUNCRUE1 failed test Connectivity
Doing primary tests
Testing server: DUNCRUE\DUNCRUE1
Skipping all tests, because server DUNCRUE1 is
not responding to directory service requests
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: VerifyReplicas
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : domain
Starting test: CrossRefValidation
......................... domain passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... domain passed test CheckSDRefDom
Running enterprise tests on : domain.local
Starting test: Intersite
Skipping site DUNCRUE, this site is outside the scope provided by the
command line arguments provided.
Skipping site PHILIPRUSSELLS, this site is outside the scope provided
by the command line arguments provided.
Skipping site MCCABES, this site is outside the scope provided by the
command line arguments provided.
......................... domain.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\duncrue1.domain.local
Locator Flags: 0xe00001fc
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Time Server Name: \\duncrue1.domain.local
Locator Flags: 0xe00001fc
Preferred Time Server Name: \\duncrue1.domain.local
Locator Flags: 0xe00001fc
KDC Name: \\duncrue1.domain.local
Locator Flags: 0xe00001fc
......................... domain.local failed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS
C:\Program Files\Support Tools>
the IP Address 192.168.4.2 is the ip address of the old machine,...i have done ip config registerdns to correct this and it does not help
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine duncrue1, is a DC.
* Connecting to directory service on server duncrue1.
Server duncrue1 resolved to this IP address 192.168.4.2,
but the address couldn't be reached(pinged), so check the network.
The error returned was: Error due to lack of resources.
This error more often means that the targeted server is
shutdown or disconnected from the network
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 4 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: DUNCRUE\DUNCRUE1
Starting test: Connectivity
* Active Directory LDAP Services Check
The host f2de88d6-a1a5-4478-87ac-ff
not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(f2de88d6-a1a5-4478-87ac-f
resolved, the server name (duncrue1.domain.local) resolved to the IP
address (192.168.2.100) and was pingable. Check that the IP address
is registered correctly with the DNS server.
......................... DUNCRUE1 failed test Connectivity
Doing primary tests
Testing server: DUNCRUE\DUNCRUE1
Skipping all tests, because server DUNCRUE1 is
not responding to directory service requests
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: VerifyReplicas
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : domain
Starting test: CrossRefValidation
......................... domain passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... domain passed test CheckSDRefDom
Running enterprise tests on : domain.local
Starting test: Intersite
Skipping site DUNCRUE, this site is outside the scope provided by the
command line arguments provided.
Skipping site PHILIPRUSSELLS, this site is outside the scope provided
by the command line arguments provided.
Skipping site MCCABES, this site is outside the scope provided by the
command line arguments provided.
......................... domain.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\duncrue1.domain.local
Locator Flags: 0xe00001fc
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Time Server Name: \\duncrue1.domain.local
Locator Flags: 0xe00001fc
Preferred Time Server Name: \\duncrue1.domain.local
Locator Flags: 0xe00001fc
KDC Name: \\duncrue1.domain.local
Locator Flags: 0xe00001fc
......................... domain.local failed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS
C:\Program Files\Support Tools>
the IP Address 192.168.4.2 is the ip address of the old machine,...i have done ip config registerdns to correct this and it does not help
Seems like the IP address can't be pinged. Did you turn on a server that has this IP address as well?
ASKER
that address is like an intergrated card for the x series servers.....the correct ip address for the server is 192.168.2.xxx
in the forestdnszones there's a record for the wrong ip and the proper ip
in the forestdnszones there's a record for the wrong ip and the proper ip
Remove the wrong IP address
ASKER
i also have an error in the event log 40960 saying there's an authentication error....maybe the old computer account of the old server password has expired...maybe a simple computer password reset is required also?
You are going to have to demote this server seems like one the other way was turned on this caused a UPN rollback. Easiest way is to demote the run metadata cleanup then repromote
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
doing this action solved it
The best might be to demote the troubled DC then repromote the server after a metadata cleanup to make sure you removed any lingering objects behind
http://www.petri.co.il/delete_failed_dcs_from_ad.htm