Solved

AD Redundency

Posted on 2012-03-19
16
479 Views
Last Modified: 2012-03-19
I have two AD Servers on site.  The first AD server had some AD issues and even though the second AD server was working properly, users were not able to log into our network.  What could be the possible cause of this issue?  Both AD servers are running Windows 2008 Server R2 and replication seems to be fine.  We have workstations setup with DNS settings from both servers.  The first AD server is listed first and then the second.
0
Comment
Question by:christcorp
  • 6
  • 5
  • 3
  • +2
16 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37737940
Check the health of the DCs (dcdiag, repadmin, event logs).   Is the second box a global catalog sever?  

Your DNS seems to be setup fine.

Thanks

Mike
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37737963
Run dcdiag post results.

Both servers should be Global Catalog servers
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 37737980
Yes MOST probable cause is that the healthy AD Server is NOT a Global Catalog Server. Make sure BOTH DC's are marked as GC's
0
 
LVL 3

Expert Comment

by:IT-Shrek
ID: 37738056
Hello,

please run the following commands after installing the  Windows Server Ressource Kit Tools and Windows Support Tools

DCDiag /v
FRSDiag for all DCs
netdiag
repadmin
replmon

Please also post the contents of the administrative Events view in Event Viewer.

Shrek
0
 

Author Comment

by:christcorp
ID: 37738081
Both servers are Global Catalog servers.

DCDIAG results:
C:\Users\administrator.XXXXXX>dcdiag
Directory Server Diagnosis
Performing initial setup:
   Trying to find home server...
   Home Server = XXXXXX
   * Identified AD Forest.
   Done gathering initial info.
Doing initial required tests
   Testing server:
   Default-First-Site-Name\XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0
      Starting test: Connectivity
         .........................
         XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0 passed test
         Connectivity
Doing primary tests
   Testing server:
   Default-First-Site-Name\XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0
      Starting test: Advertising
         Fatal Error:DsGetDcName
         (XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0) call failed,
         error 123
         The Locator could not find the server.
         .........................
         XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0 failed test
         Advertising
      Starting test: FrsEvent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         .........................
         XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0 passed test
         FrsEvent
      Starting test: DFSREvent
         .........................
         XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0 passed test
         DFSREvent
      Starting test: SysVolCheck
         [XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0] An net use or
         LsaPolicy operation failed with error 67,
         The network name cannot be found..
         .........................
         XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0 failed test
         SysVolCheck
      Starting test: KccEvent
         .........................
         XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0 passed test
         KccEvent
      Starting test: KnowsOfRoleHolders
         .........................
         XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0 passed test
         KnowsOfRoleHolders
      Starting test: MachineAccount
         ***Error: The server
         XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0 is missing its
         machine account.  Try running with the /repairmachineaccount option.
         * The current DC is not in the domain controller's OU
         Could not open pipe with
         [XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0]:failed with 67:
         The network name cannot be found.
         Could not get NetBIOSDomainName
         Failed can not test for HOST SPN
         Failed can not test for HOST SPN
         * Missing SPN
         :LDAP/XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0
         * Missing SPN
         :HOST/XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0
         .........................
         XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0 failed test
         MachineAccount
      Starting test: NCSecDesc
         Ldap search capabality attribute search failed on server
         XXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0, return value = 81
         .........................
         XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0 failed test
         NCSecDesc
      Starting test: NetLogons
         [XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0] An net use or
         LsaPolicy operation failed with error 67,
         The network name cannot be found..
         .........................
         XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0 failed test
         NetLogons
      Starting test: ObjectsReplicated
         .........................
         XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0 passed test
         ObjectsReplicated
      Starting test: Replications
         .........................
         XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0 passed test
         Replications
      Starting test: RidManager
         Failed with 8481:
         The search failed to retrieve attributes from the database.
         Warning: attribute rIdSetReferences missing from (null)
         Could not get Rid set Reference :failed with 8481:
         The search failed to retrieve attributes from the database.
         .........................
         XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0 failed test
         RidManager
      Starting test: Services
         .........................
         XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0 passed test
         Services
      Starting test: SystemLog
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 03/19/2012   10:21:42
            Event String:
            Driver HP Color LaserJet CP3525 PCL6 required for printer HP Color L
aserJet CP3525 PCL6 (Copy 1) is unknown. Contact the administrator to install th
e driver before you log in again.
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 03/19/2012   10:21:43
            Event String:
            Driver Amyuni Document Converter 400 required for printer Amyuni Doc
ument Converter is unknown. Contact the administrator to install the driver befo
re you log in again.
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 03/19/2012   10:21:44
            Event String:
            Driver Adobe PDF Converter required for printer Adobe PDF is unknown
. Contact the administrator to install the driver before you log in again.
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 03/19/2012   10:21:45
            Event String:
            Driver deskPDF required for printer deskPDF is unknown. Contact the
administrator to install the driver before you log in again.
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 03/19/2012   10:21:47
            Event String:
            Driver HP Color LaserJet 4730mfp PCL 6 required for printer HP Color
 LaserJet 4730mfp - 2 (Cenie) is unknown. Contact the administrator to install t
he driver before you log in again.
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 03/19/2012   10:21:48
            Event String:
            Driver HP Color LaserJet 4730mfp PCL 6 required for printer HP Color
 LaserJet 4730mfp PCL 6 is unknown. Contact the administrator to install the dri
ver before you log in again.
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 03/19/2012   10:21:49
            Event String:
            Driver Send To Microsoft OneNote 2010 Driver required for printer Se
nd To OneNote 2010 is unknown. Contact the administrator to install the driver b
efore you log in again.
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 03/19/2012   10:21:50
            Event String:
            Driver HP Color LaserJet CP3525 PCL6 required for printer HP Color L
aserJet CP3525 PCL6 is unknown. Contact the administrator to install the driver
before you log in again.
         An Warning Event occurred.  EventID: 0x80000008
            Time Generated: 03/19/2012   10:40:44
            Event String:
            The jobs in the print queue for printer Fax (redirected 2) were dele
ted. No user action is required.
         An Warning Event occurred.  EventID: 0x80000004
            Time Generated: 03/19/2012   10:40:44
            Event String:
            Printer Fax (redirected 2) will be deleted. No user action is requir
ed.
         An Warning Event occurred.  EventID: 0x80000003
            Time Generated: 03/19/2012   10:40:44
            Event String:
            Printer Fax (redirected 2) was deleted, and users will no longer be
able to print to this printer. No user action is required.
         An Warning Event occurred.  EventID: 0x80000008
            Time Generated: 03/19/2012   10:40:44
            Event String:
            The jobs in the print queue for printer Microsoft XPS Document Write
r (redirected 2) were deleted. No user action is required.
         An Warning Event occurred.  EventID: 0x80000004
            Time Generated: 03/19/2012   10:40:44
            Event String:
            Printer Microsoft XPS Document Writer (redirected 2) will be deleted
. No user action is required.
         An Warning Event occurred.  EventID: 0x80000003
            Time Generated: 03/19/2012   10:40:44
            Event String:
            Printer Microsoft XPS Document Writer (redirected 2) was deleted, an
d users will no longer be able to print to this printer. No user action is requi
red.
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 03/19/2012   10:40:57
            Event String:
            Driver Adobe PDF Converter required for printer Adobe PDF is unknown
. Contact the administrator to install the driver before you log in again.
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 03/19/2012   10:40:58
            Event String:
            Driver HP Color LaserJet CP3525 PCL6 required for printer HP Color L
aserJet CP3525 PCL6 (Copy 1) is unknown. Contact the administrator to install th
e driver before you log in again.
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 03/19/2012   10:40:59
            Event String:
            Driver Amyuni Document Converter 400 required for printer Amyuni Doc
ument Converter is unknown. Contact the administrator to install the driver befo
re you log in again.
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 03/19/2012   10:41:00
            Event String:
            Driver deskPDF required for printer deskPDF is unknown. Contact the
administrator to install the driver before you log in again.
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 03/19/2012   10:41:02
            Event String:
            Driver HP Color LaserJet 4730mfp PCL 6 required for printer HP Color
 LaserJet 4730mfp - 2 (Cenie) is unknown. Contact the administrator to install t
he driver before you log in again.
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 03/19/2012   10:41:05
            Event String:
            Driver HP Color LaserJet CP3525 PCL6 required for printer HP Color L
aserJet CP3525 PCL6 is unknown. Contact the administrator to install the driver
before you log in again.
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 03/19/2012   10:41:06
            Event String:
            Driver HP Color LaserJet 4730mfp PCL 6 required for printer HP Color
 LaserJet 4730mfp PCL 6 is unknown. Contact the administrator to install the dri
ver before you log in again.
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 03/19/2012   10:41:07
            Event String:
            Driver Send To Microsoft OneNote 2010 Driver required for printer Se
nd To OneNote 2010 is unknown. Contact the administrator to install the driver b
efore you log in again.
         .........................
         XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0 failed test
         SystemLog
      Starting test: VerifyReferences
         .........................
         XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0 passed test
         VerifyReferences
   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation
   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation
   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
   Running partition tests on : XXXXXX
      Starting test: CheckSDRefDom
         ......................... XXXXXX passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... XXXXXX passed test CrossRefValidation
   Running enterprise tests on : XXXXXX.org
      Starting test: LocatorCheck
         Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 123
         A Global Catalog Server could not be located - All GC's are down.
         Warning: DcGetDcName(PDC_REQUIRED) call failed, error 123
         A Primary Domain Controller could not be located.
         The server holding the PDC role is down.
         Warning: DcGetDcName(TIME_SERVER) call failed, error 123
         A Time Server could not be located.
         The server holding the PDC role is down.
         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
         123
         A Good Time Server could not be located.
         Warning: DcGetDcName(KDC_REQUIRED) call failed, error 123
         A KDC could not be located - All the KDCs are down.
         ......................... XXXXXX.org failed test LocatorCheck
      Starting test: Intersite
         ......................... XXXXXX.org passed test Intersite
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37738118
You are getting errors. I need to see the full unedited dcdiag.

You can go through do a replace on the document to change the domain name to domain.com but please don't change anything else
0
 

Author Comment

by:christcorp
ID: 37738162
That is what I did on the last one.  Is there something specific that you are not seeing?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37738174
Yeah but I see what the issue is now usually the passed or failed is on line below test
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 37

Expert Comment

by:Neil Russell
ID: 37738209
Have either of these servers been switched off for a while?
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 37738225
If you open ADUC on the servers and look in the DOMAIN CONTROLLERS container, do you see both servers listed? It sounds as if the computer account has gone from AD for one of the DC's
0
 

Author Comment

by:christcorp
ID: 37738268
Yes.  Both are Listed under Domain Controllers.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37738618
DNS issues it seems like as well. Both DCs have these errors?
0
 

Author Comment

by:christcorp
ID: 37738743
No.  Just the secondary one that I posted the dcdiag for.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37738805
You could just demote secondary one then re-promote
0
 

Author Comment

by:christcorp
ID: 37738853
And that will fix all of the DCDiag errors?
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 500 total points
ID: 37738863
If you aren't getting errors on the other server then you can demote this server. Go through the process of metadata cleanup to remove any lingering objects from failed DC.

Go through the promotion process again.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

If you migrate a Terminal Server licenses server inside the 2008 server family, you can takte advantage of the build-in migration tool. If you like to migrate an older 2003 Server (and the installed client CALs) to a 2008 R2 server for example, you …
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now