Solved

re- connect server/active directory

Posted on 2012-03-13
22
731 Views
Last Modified: 2013-12-24
Cannot get Active Directory back online.  Does not "bind" with LDAP using SPN when running dcdiag tests.  on netdiag test it can't find the server, but does register the DNS & Gateway properly.
I  founf something from MS 329887 about 'cannot interact with active direcotry mmc snap-ins and tried to do those commands
Secedit /configure /cfg c:\winnt\repair\secsetup.inf /db secsetup.sdb
Secedit /configure /cfg c:\winnt\repair\secdc.inf /db secdc.sdb

but they did not complete successfully, but I have attached the Scesrv.log for help.
Which looks like I need to go into registry and change settings?
0
Comment
Question by:ARservice
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 8
  • 2
22 Comments
 

Author Comment

by:ARservice
ID: 37726786
Do I need to use the 'seize' command for FSMO to get AD working again?
I could sure use some help on this pesky issue.
Thank-you
0
 
LVL 29

Expert Comment

by:pwindell
ID: 37733094
Did you make sure that the clocks are all the same on all the machine,...including Time Zones being correct and DST being considered?
0
 

Author Comment

by:ARservice
ID: 37733546
Yes, also verified with "netdom time workstations" then "netdom time server" then"netdom time with name of server.
I am thinking I just need to delete active directory and reinstall as I am getting no where with any fix and keep getting the same error message.  It is very very frustrating as I am sure it is probably a simple few keystrokes somewhere but don't know where.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 29

Expert Comment

by:pwindell
ID: 37734048
Nothing is ever "just a few keystrokes" with AD problems.
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 37734943
Has anything change in your enviroment recently?
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 37734955
Have you checked to make sure all of the required DNS A.D records in present? If they are missing you can run the following command from the Windows 2000 Resource Kit to rebuild the DNS SRV records...

nltest /dsregdns
0
 

Author Comment

by:ARservice
ID: 37740319
the dsregdns command is not a valid command for server 2000, works on 2003 server.

I did run  most of the other commands available with success

In running netdiag.exe - failure to bind LDAP

Same binding failure (passwrod etc) when running dcdiag.exe.

Tried to seize roles using ntdsutil.tool. but could not get past trying to get the 'connect to server" as it would keep back invalid credentials/password.

I just need to figure out how to change the password for ldap to bind

If there is not a way to change this password (in registry?) or an .ini file? then do I just delte AD using dcpromo and reinstall?
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 37742811
in order to run nltest on WIndows 2000 you need to download the resource tool kit
0
 

Author Comment

by:ARservice
ID: 37743611
I HAVE HAD IT DOWNLOADED for over a couple years now and that command is not listed on the listing when you type
nltest /?

I will go online and Redownload it and see if the command options change to include the
 nltest /dsregdns
thanks
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 37743723
0
 

Author Comment

by:ARservice
ID: 37744110
No that command is not there, but I can dsderegdns the dns - Isn't that wierd; can not register it but can deregister it!  Go figure.
0
 

Author Comment

by:ARservice
ID: 37744135
The link is for Widnows 2003 Server, I am running Windows 2000.  I can try and see if they will work for this system.
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 37744188
I know the link was for 2003 but some tools and work on 2000.. some not all..

Can you send a snap shot of some of core DNS AD records so we can if if they look correct
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 37744195
also try to the dcdiag with the follow switches and paste your results... dcdiag /e /v
0
 

Author Comment

by:ARservice
ID: 37745184
I downloaded the 2003 and it would not install said it needed Windows XP or newer to run.

But I have attached more than I think you wanted on DNS screenshots and dcdiag /e /v along with a netdiag.log.

The whole issue is that AD is not being allowed back to the DNS via LDAP bind error.
Should I just call it a a day and reinstall AD via DCpromo?

I really do appreciate the help, I'm just frustrated that I can not get this corrected - how DNS magically disappeared from the server 3 weeks ago is still a mystery and no one is talkin'!  But this whole thing is a result of having to reinstall DNS then, then I ended up with 2 TCP/IP addresses for it which was fouling it up, so I had to delete that and reinstall a 2nd time, at that point AD would not connect to DNS and this is where I'm at today.
dnstabs.pdf
forwardzoneproperties-ns1.pdf
fileinfpbytabs.pdf
dcdiag-run-twice.pdf
NetDiag.log
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 37748257
Have you tried the fix in this KB article: http://support.microsoft.com/kb/826902
0
 

Author Comment

by:ARservice
ID: 37750565
well that was exciting just in the anticipation that it would work, but still cannot open AD, same error message of logon failure
Ran dcdiag with same error code 31 via LDPD bind error.
0
 
LVL 20

Accepted Solution

by:
compdigit44 earned 500 total points
ID: 37772636
Have you read this KB article yet: http://support.microsoft.com/kb/837513
0
 

Author Closing Comment

by:ARservice
ID: 37790939
AT LAST!  I had read and been referred to similar articles, but no other articles had the Method #5 Fix the Derberos realm which took all of 2 minutes, rebooted and voila'..  4 weeks of agony, dispair and half -baked system running on bandaid fixes.  THANK-YOU!
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
A Stored Procedure in Microsoft SQL Server is a powerful feature that it can be used to execute the Data Manipulation Language (DML) or Data Definition Language (DDL). Depending on business requirements, a single Stored Procedure can return differe…
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question