Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

AD Redundency

Posted on 2012-03-19
16
Medium Priority
?
525 Views
Last Modified: 2012-03-19
I have two AD Servers on site.  The first AD server had some AD issues and even though the second AD server was working properly, users were not able to log into our network.  What could be the possible cause of this issue?  Both AD servers are running Windows 2008 Server R2 and replication seems to be fine.  We have workstations setup with DNS settings from both servers.  The first AD server is listed first and then the second.
0
Comment
Question by:christcorp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 3
  • +2
16 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37737940
Check the health of the DCs (dcdiag, repadmin, event logs).   Is the second box a global catalog sever?  

Your DNS seems to be setup fine.

Thanks

Mike
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37737963
Run dcdiag post results.

Both servers should be Global Catalog servers
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 37737980
Yes MOST probable cause is that the healthy AD Server is NOT a Global Catalog Server. Make sure BOTH DC's are marked as GC's
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 3

Expert Comment

by:IT-Shrek
ID: 37738056
Hello,

please run the following commands after installing the  Windows Server Ressource Kit Tools and Windows Support Tools

DCDiag /v
FRSDiag for all DCs
netdiag
repadmin
replmon

Please also post the contents of the administrative Events view in Event Viewer.

Shrek
0
 

Author Comment

by:christcorp
ID: 37738081
Both servers are Global Catalog servers.

DCDIAG results:
C:\Users\administrator.XXXXXX>dcdiag
Directory Server Diagnosis
Performing initial setup:
   Trying to find home server...
   Home Server = XXXXXX
   * Identified AD Forest.
   Done gathering initial info.
Doing initial required tests
   Testing server:
   Default-First-Site-Name\XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0
      Starting test: Connectivity
         .........................
         XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0 passed test
         Connectivity
Doing primary tests
   Testing server:
   Default-First-Site-Name\XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0
      Starting test: Advertising
         Fatal Error:DsGetDcName
         (XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0) call failed,
         error 123
         The Locator could not find the server.
         .........................
         XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0 failed test
         Advertising
      Starting test: FrsEvent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         .........................
         XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0 passed test
         FrsEvent
      Starting test: DFSREvent
         .........................
         XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0 passed test
         DFSREvent
      Starting test: SysVolCheck
         [XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0] An net use or
         LsaPolicy operation failed with error 67,
         The network name cannot be found..
         .........................
         XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0 failed test
         SysVolCheck
      Starting test: KccEvent
         .........................
         XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0 passed test
         KccEvent
      Starting test: KnowsOfRoleHolders
         .........................
         XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0 passed test
         KnowsOfRoleHolders
      Starting test: MachineAccount
         ***Error: The server
         XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0 is missing its
         machine account.  Try running with the /repairmachineaccount option.
         * The current DC is not in the domain controller's OU
         Could not open pipe with
         [XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0]:failed with 67:
         The network name cannot be found.
         Could not get NetBIOSDomainName
         Failed can not test for HOST SPN
         Failed can not test for HOST SPN
         * Missing SPN
         :LDAP/XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0
         * Missing SPN
         :HOST/XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0
         .........................
         XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0 failed test
         MachineAccount
      Starting test: NCSecDesc
         Ldap search capabality attribute search failed on server
         XXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0, return value = 81
         .........................
         XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0 failed test
         NCSecDesc
      Starting test: NetLogons
         [XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0] An net use or
         LsaPolicy operation failed with error 67,
         The network name cannot be found..
         .........................
         XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0 failed test
         NetLogons
      Starting test: ObjectsReplicated
         .........................
         XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0 passed test
         ObjectsReplicated
      Starting test: Replications
         .........................
         XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0 passed test
         Replications
      Starting test: RidManager
         Failed with 8481:
         The search failed to retrieve attributes from the database.
         Warning: attribute rIdSetReferences missing from (null)
         Could not get Rid set Reference :failed with 8481:
         The search failed to retrieve attributes from the database.
         .........................
         XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0 failed test
         RidManager
      Starting test: Services
         .........................
         XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0 passed test
         Services
      Starting test: SystemLog
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 03/19/2012   10:21:42
            Event String:
            Driver HP Color LaserJet CP3525 PCL6 required for printer HP Color L
aserJet CP3525 PCL6 (Copy 1) is unknown. Contact the administrator to install th
e driver before you log in again.
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 03/19/2012   10:21:43
            Event String:
            Driver Amyuni Document Converter 400 required for printer Amyuni Doc
ument Converter is unknown. Contact the administrator to install the driver befo
re you log in again.
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 03/19/2012   10:21:44
            Event String:
            Driver Adobe PDF Converter required for printer Adobe PDF is unknown
. Contact the administrator to install the driver before you log in again.
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 03/19/2012   10:21:45
            Event String:
            Driver deskPDF required for printer deskPDF is unknown. Contact the
administrator to install the driver before you log in again.
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 03/19/2012   10:21:47
            Event String:
            Driver HP Color LaserJet 4730mfp PCL 6 required for printer HP Color
 LaserJet 4730mfp - 2 (Cenie) is unknown. Contact the administrator to install t
he driver before you log in again.
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 03/19/2012   10:21:48
            Event String:
            Driver HP Color LaserJet 4730mfp PCL 6 required for printer HP Color
 LaserJet 4730mfp PCL 6 is unknown. Contact the administrator to install the dri
ver before you log in again.
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 03/19/2012   10:21:49
            Event String:
            Driver Send To Microsoft OneNote 2010 Driver required for printer Se
nd To OneNote 2010 is unknown. Contact the administrator to install the driver b
efore you log in again.
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 03/19/2012   10:21:50
            Event String:
            Driver HP Color LaserJet CP3525 PCL6 required for printer HP Color L
aserJet CP3525 PCL6 is unknown. Contact the administrator to install the driver
before you log in again.
         An Warning Event occurred.  EventID: 0x80000008
            Time Generated: 03/19/2012   10:40:44
            Event String:
            The jobs in the print queue for printer Fax (redirected 2) were dele
ted. No user action is required.
         An Warning Event occurred.  EventID: 0x80000004
            Time Generated: 03/19/2012   10:40:44
            Event String:
            Printer Fax (redirected 2) will be deleted. No user action is requir
ed.
         An Warning Event occurred.  EventID: 0x80000003
            Time Generated: 03/19/2012   10:40:44
            Event String:
            Printer Fax (redirected 2) was deleted, and users will no longer be
able to print to this printer. No user action is required.
         An Warning Event occurred.  EventID: 0x80000008
            Time Generated: 03/19/2012   10:40:44
            Event String:
            The jobs in the print queue for printer Microsoft XPS Document Write
r (redirected 2) were deleted. No user action is required.
         An Warning Event occurred.  EventID: 0x80000004
            Time Generated: 03/19/2012   10:40:44
            Event String:
            Printer Microsoft XPS Document Writer (redirected 2) will be deleted
. No user action is required.
         An Warning Event occurred.  EventID: 0x80000003
            Time Generated: 03/19/2012   10:40:44
            Event String:
            Printer Microsoft XPS Document Writer (redirected 2) was deleted, an
d users will no longer be able to print to this printer. No user action is requi
red.
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 03/19/2012   10:40:57
            Event String:
            Driver Adobe PDF Converter required for printer Adobe PDF is unknown
. Contact the administrator to install the driver before you log in again.
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 03/19/2012   10:40:58
            Event String:
            Driver HP Color LaserJet CP3525 PCL6 required for printer HP Color L
aserJet CP3525 PCL6 (Copy 1) is unknown. Contact the administrator to install th
e driver before you log in again.
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 03/19/2012   10:40:59
            Event String:
            Driver Amyuni Document Converter 400 required for printer Amyuni Doc
ument Converter is unknown. Contact the administrator to install the driver befo
re you log in again.
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 03/19/2012   10:41:00
            Event String:
            Driver deskPDF required for printer deskPDF is unknown. Contact the
administrator to install the driver before you log in again.
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 03/19/2012   10:41:02
            Event String:
            Driver HP Color LaserJet 4730mfp PCL 6 required for printer HP Color
 LaserJet 4730mfp - 2 (Cenie) is unknown. Contact the administrator to install t
he driver before you log in again.
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 03/19/2012   10:41:05
            Event String:
            Driver HP Color LaserJet CP3525 PCL6 required for printer HP Color L
aserJet CP3525 PCL6 is unknown. Contact the administrator to install the driver
before you log in again.
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 03/19/2012   10:41:06
            Event String:
            Driver HP Color LaserJet 4730mfp PCL 6 required for printer HP Color
 LaserJet 4730mfp PCL 6 is unknown. Contact the administrator to install the dri
ver before you log in again.
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 03/19/2012   10:41:07
            Event String:
            Driver Send To Microsoft OneNote 2010 Driver required for printer Se
nd To OneNote 2010 is unknown. Contact the administrator to install the driver b
efore you log in again.
         .........................
         XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0 failed test
         SystemLog
      Starting test: VerifyReferences
         .........................
         XXXXXX\0ACNF:74053ef7-6d29-44eb-b66f-c8a4e84d06c0 passed test
         VerifyReferences
   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation
   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation
   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
   Running partition tests on : XXXXXX
      Starting test: CheckSDRefDom
         ......................... XXXXXX passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... XXXXXX passed test CrossRefValidation
   Running enterprise tests on : XXXXXX.org
      Starting test: LocatorCheck
         Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 123
         A Global Catalog Server could not be located - All GC's are down.
         Warning: DcGetDcName(PDC_REQUIRED) call failed, error 123
         A Primary Domain Controller could not be located.
         The server holding the PDC role is down.
         Warning: DcGetDcName(TIME_SERVER) call failed, error 123
         A Time Server could not be located.
         The server holding the PDC role is down.
         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
         123
         A Good Time Server could not be located.
         Warning: DcGetDcName(KDC_REQUIRED) call failed, error 123
         A KDC could not be located - All the KDCs are down.
         ......................... XXXXXX.org failed test LocatorCheck
      Starting test: Intersite
         ......................... XXXXXX.org passed test Intersite
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37738118
You are getting errors. I need to see the full unedited dcdiag.

You can go through do a replace on the document to change the domain name to domain.com but please don't change anything else
0
 

Author Comment

by:christcorp
ID: 37738162
That is what I did on the last one.  Is there something specific that you are not seeing?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37738174
Yeah but I see what the issue is now usually the passed or failed is on line below test
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 37738209
Have either of these servers been switched off for a while?
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 37738225
If you open ADUC on the servers and look in the DOMAIN CONTROLLERS container, do you see both servers listed? It sounds as if the computer account has gone from AD for one of the DC's
0
 

Author Comment

by:christcorp
ID: 37738268
Yes.  Both are Listed under Domain Controllers.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37738618
DNS issues it seems like as well. Both DCs have these errors?
0
 

Author Comment

by:christcorp
ID: 37738743
No.  Just the secondary one that I posted the dcdiag for.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37738805
You could just demote secondary one then re-promote
0
 

Author Comment

by:christcorp
ID: 37738853
And that will fix all of the DCDiag errors?
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 2000 total points
ID: 37738863
If you aren't getting errors on the other server then you can demote this server. Go through the process of metadata cleanup to remove any lingering objects from failed DC.

Go through the promotion process again.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question