Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Our Primary DC offline- server.domain.local  can't find nl: non-existent domain

Posted on 2012-03-28
Medium Priority
Last Modified: 2012-08-13
Good Evening All,

During routine server updates our primary DC became unreachable.
We tried rebooting various servers and our ISA server, but that did not solve the problem.
An old DC that has been shut off for 6-9 months was still listed.
While this may have not been the smartest move, we forced the removal of the old dc and seized the Schema master and the Domain naming master FSMO roles.
We went through DNS and manually removed every entry of the old DC to try and resolve the problem.  Through various support sites and offsite help we have attempted many things and it partially seems worse than before.
Unfortunately we do have a functioning backup to restore to.

We need a fresh approach and a fresh set of eyes for this problem.  Thank you for you help.

Also please let me know what diagnostic information you might need.
Question by:tclark777
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
LVL 57

Expert Comment

by:Mike Kline
ID: 37779523
Where did you seize the roles to?  Did you seize them to the DC that had been shut off for 9 months?

Did you cleanup the dead DC (metadata cleanup)

Are you currently running with only 1 DC now?

When you say things have gotten worse what do you mean?  This might be one that if you don't get help you may want to open a ticket with Microsoft to get your business back up.  

Experts will be around, but I'm going home, and have to eat and spend some time with the family so I'll be on and off.



Author Comment

ID: 37779541
We seized the roles to the current DC that has been and is operational and we are only running 1 DC now.

We will try the cleanup the dead DC (metadata cleanup)

I say it is worse because now when we try to open AD Users and Computers we receive an error.  Fortunately if I open Active Directory Domains and Trusts I am able to Right click and select Manage to open the users and computers.

Have a great night with your family.
I hope to see mine tonight.


Author Comment

ID: 37779636
When I run netdiag I receive the following report.

Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : DCComputerName
        IP Address . . . . . . . . :
        Subnet Mask. . . . . . . . :
        Default Gateway. . . . . . :
        Dns Servers. . . . . . . . :

        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:

Domain membership test . . . . . . : Failed
    [WARNING] Ths system volume has not been completely replicated to the local
machine. This machine is not working properly as a DC.

NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
    1 NetBt transport currently configured.

Autonet address test . . . . . . . : Passed

IP loopback ping test. . . . . . . : Passed

Default gateway test . . . . . . . : Passed

NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.

Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server ''
and other DCs also have some of the names registered.

Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
    The browser is bound to 1 NetBt transport.

DC discovery test. . . . . . . . . : Failed
        [FATAL] Cannot find DC in domain 'Domain'. [ERROR_NO_SUCH_DOMAIN]

DC list test . . . . . . . . . . . : Failed
        'Domain': Cannot find DC to get DC list from [test skipped].

Trust relationship test. . . . . . : Skipped

Kerberos test. . . . . . . . . . . : Skipped
        'Domain': Cannot find DC to get DC list from [test skipped].

LDAP test. . . . . . . . . . . . . : Failed
    Cannot find DC to run LDAP tests on. The error occurred was: The specified d
omain either does not exist or could not be contacted.

        [WARNING] Cannot find DC in domain 'Domain'. [ERROR_NO_SUCH_DOMAIN]

Bindings test. . . . . . . . . . . : Passed

WAN configuration test . . . . . . : Skipped
    No active remote access connections.

Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information

The command completed successfully
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.


Accepted Solution

tclark777 earned 0 total points
ID: 37780138
The problem has been solved.
Its difficult to say what the complete solution was, but we made a registry edit followed by a reboot and it was finally solved.
LVL 57

Expert Comment

by:Mike Kline
ID: 37780144
What was the registry edit?   Was it a burflag entry?

Glad you are up...tomorrow get a second DC up



Author Comment

ID: 37782764
The final solution is listed below and found at
Its difficult to say if this would have resolved the problem from the beginning, but I think that the multiple steps we took trying to solve this brought about the final the solution.

Thank you again.

To complete an authoritative restore, stop the FRS service, configure the
 registry key, and then restart the FRS service. To do so: 1.Click Start, and then click Run.
2.In the Open box, type cmd and then press ENTER.
3.In the Command box, type net stop ntfrs.
4.Click Start, and then click Run.
5.In the Open box, type regedit and then press ENTER.
6.Locate the following subkey in the registry:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup

7.In the right pane, double click BurFlags.
8.In the Edit DWORD Value dialog box, type D4 and then click OK.
9.Quit Registry Editor, and then switch to the Command box.
10.In the Command box, type net start ntfrs.
11.Quit the Command box.

Author Closing Comment

ID: 37795236
Personally found a solution outside of Experts Exchange

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question