Our Primary DC offline- server.domain.local can't find nl: non-existent domain

Good Evening All,

During routine server updates our primary DC became unreachable.
We tried rebooting various servers and our ISA server, but that did not solve the problem.
An old DC that has been shut off for 6-9 months was still listed.
While this may have not been the smartest move, we forced the removal of the old dc and seized the Schema master and the Domain naming master FSMO roles.
We went through DNS and manually removed every entry of the old DC to try and resolve the problem.  Through various support sites and offsite help we have attempted many things and it partially seems worse than before.
Unfortunately we do have a functioning backup to restore to.

We need a fresh approach and a fresh set of eyes for this problem.  Thank you for you help.

Also please let me know what diagnostic information you might need.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mike KlineCommented:
Where did you seize the roles to?  Did you seize them to the DC that had been shut off for 9 months?

Did you cleanup the dead DC (metadata cleanup)  http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Are you currently running with only 1 DC now?

When you say things have gotten worse what do you mean?  This might be one that if you don't get help you may want to open a ticket with Microsoft to get your business back up.  

Experts will be around, but I'm going home, and have to eat and spend some time with the family so I'll be on and off.


tclark777Author Commented:
We seized the roles to the current DC that has been and is operational and we are only running 1 DC now.

We will try the cleanup the dead DC (metadata cleanup)  http://www.petri.co.il/delete_failed_dcs_from_ad.htm

I say it is worse because now when we try to open AD Users and Computers we receive an error.  Fortunately if I open Active Directory Domains and Trusts I am able to Right click and select Manage to open the users and computers.

Have a great night with your family.
I hope to see mine tonight.

tclark777Author Commented:
When I run netdiag I receive the following report.

Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : DCComputerName
        IP Address . . . . . . . . :
        Subnet Mask. . . . . . . . :
        Default Gateway. . . . . . :
        Dns Servers. . . . . . . . :

        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:

Domain membership test . . . . . . : Failed
    [WARNING] Ths system volume has not been completely replicated to the local
machine. This machine is not working properly as a DC.

NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
    1 NetBt transport currently configured.

Autonet address test . . . . . . . : Passed

IP loopback ping test. . . . . . . : Passed

Default gateway test . . . . . . . : Passed

NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.

Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server ''
and other DCs also have some of the names registered.

Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
    The browser is bound to 1 NetBt transport.

DC discovery test. . . . . . . . . : Failed
        [FATAL] Cannot find DC in domain 'Domain'. [ERROR_NO_SUCH_DOMAIN]

DC list test . . . . . . . . . . . : Failed
        'Domain': Cannot find DC to get DC list from [test skipped].

Trust relationship test. . . . . . : Skipped

Kerberos test. . . . . . . . . . . : Skipped
        'Domain': Cannot find DC to get DC list from [test skipped].

LDAP test. . . . . . . . . . . . . : Failed
    Cannot find DC to run LDAP tests on. The error occurred was: The specified d
omain either does not exist or could not be contacted.

        [WARNING] Cannot find DC in domain 'Domain'. [ERROR_NO_SUCH_DOMAIN]

Bindings test. . . . . . . . . . . : Passed

WAN configuration test . . . . . . : Skipped
    No active remote access connections.

Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information

The command completed successfully
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

tclark777Author Commented:
The problem has been solved.
Its difficult to say what the complete solution was, but we made a registry edit followed by a reboot and it was finally solved.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mike KlineCommented:
What was the registry edit?   Was it a burflag entry?

Glad you are up...tomorrow get a second DC up


tclark777Author Commented:
The final solution is listed below and found at http://support.microsoft.com/kb/290762
Its difficult to say if this would have resolved the problem from the beginning, but I think that the multiple steps we took trying to solve this brought about the final the solution.

Thank you again.

To complete an authoritative restore, stop the FRS service, configure the
 registry key, and then restart the FRS service. To do so: 1.Click Start, and then click Run.
2.In the Open box, type cmd and then press ENTER.
3.In the Command box, type net stop ntfrs.
4.Click Start, and then click Run.
5.In the Open box, type regedit and then press ENTER.
6.Locate the following subkey in the registry:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup

7.In the right pane, double click BurFlags.
8.In the Edit DWORD Value dialog box, type D4 and then click OK.
9.Quit Registry Editor, and then switch to the Command box.
10.In the Command box, type net start ntfrs.
11.Quit the Command box.
tclark777Author Commented:
Personally found a solution outside of Experts Exchange
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.