Solved

Our Primary DC offline- server.domain.local  can't find nl: non-existent domain

Posted on 2012-03-28
7
428 Views
Last Modified: 2012-08-13
Good Evening All,

During routine server updates our primary DC became unreachable.
We tried rebooting various servers and our ISA server, but that did not solve the problem.
An old DC that has been shut off for 6-9 months was still listed.
While this may have not been the smartest move, we forced the removal of the old dc and seized the Schema master and the Domain naming master FSMO roles.
We went through DNS and manually removed every entry of the old DC to try and resolve the problem.  Through various support sites and offsite help we have attempted many things and it partially seems worse than before.
Unfortunately we do have a functioning backup to restore to.

We need a fresh approach and a fresh set of eyes for this problem.  Thank you for you help.

Also please let me know what diagnostic information you might need.
0
Comment
Question by:tclark777
  • 5
  • 2
7 Comments
 
LVL 57

Expert Comment

by:Mike Kline
Comment Utility
Where did you seize the roles to?  Did you seize them to the DC that had been shut off for 9 months?

Did you cleanup the dead DC (metadata cleanup)  http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Are you currently running with only 1 DC now?

When you say things have gotten worse what do you mean?  This might be one that if you don't get help you may want to open a ticket with Microsoft to get your business back up.  

Experts will be around, but I'm going home, and have to eat and spend some time with the family so I'll be on and off.

Thanks

Mike
0
 

Author Comment

by:tclark777
Comment Utility
We seized the roles to the current DC that has been and is operational and we are only running 1 DC now.

We will try the cleanup the dead DC (metadata cleanup)  http://www.petri.co.il/delete_failed_dcs_from_ad.htm

I say it is worse because now when we try to open AD Users and Computers we receive an error.  Fortunately if I open Active Directory Domains and Trusts I am able to Right click and select Manage to open the users and computers.

Have a great night with your family.
I hope to see mine tonight.

Brian
0
 

Author Comment

by:tclark777
Comment Utility
When I run netdiag I receive the following report.

Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : DCComputerName
        IP Address . . . . . . . . : 192.168.0.220
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.0.2
        Dns Servers. . . . . . . . : 192.168.0.220


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.

 


Global results:


Domain membership test . . . . . . : Failed
    [WARNING] Ths system volume has not been completely replicated to the local
machine. This machine is not working properly as a DC.


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{8D776DD4-26A9-497D-8F5E-F7EF43EA1431}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '192.168.0.220'
and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{8D776DD4-26A9-497D-8F5E-F7EF43EA1431}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{8D776DD4-26A9-497D-8F5E-F7EF43EA1431}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Failed
        [FATAL] Cannot find DC in domain 'Domain'. [ERROR_NO_SUCH_DOMAIN]


DC list test . . . . . . . . . . . : Failed
        'Domain': Cannot find DC to get DC list from [test skipped].


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Skipped
        'Domain': Cannot find DC to get DC list from [test skipped].


LDAP test. . . . . . . . . . . . . : Failed
    Cannot find DC to run LDAP tests on. The error occurred was: The specified d
omain either does not exist or could not be contacted.

        [WARNING] Cannot find DC in domain 'Domain'. [ERROR_NO_SUCH_DOMAIN]



Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully
0
Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

 

Accepted Solution

by:
tclark777 earned 0 total points
Comment Utility
The problem has been solved.
Its difficult to say what the complete solution was, but we made a registry edit followed by a reboot and it was finally solved.
0
 
LVL 57

Expert Comment

by:Mike Kline
Comment Utility
What was the registry edit?   Was it a burflag entry?

Glad you are up...tomorrow get a second DC up

Thanks

Mike
0
 

Author Comment

by:tclark777
Comment Utility
The final solution is listed below and found at http://support.microsoft.com/kb/290762
Its difficult to say if this would have resolved the problem from the beginning, but I think that the multiple steps we took trying to solve this brought about the final the solution.

Thank you again.

To complete an authoritative restore, stop the FRS service, configure the
BurFlags
 registry key, and then restart the FRS service. To do so: 1.Click Start, and then click Run.
2.In the Open box, type cmd and then press ENTER.
3.In the Command box, type net stop ntfrs.
4.Click Start, and then click Run.
5.In the Open box, type regedit and then press ENTER.
6.Locate the following subkey in the registry:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup

7.In the right pane, double click BurFlags.
8.In the Edit DWORD Value dialog box, type D4 and then click OK.
9.Quit Registry Editor, and then switch to the Command box.
10.In the Command box, type net start ntfrs.
11.Quit the Command box.
0
 

Author Closing Comment

by:tclark777
Comment Utility
Personally found a solution outside of Experts Exchange
0

Featured Post

Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

Join & Write a Comment

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now