Solved

Our Primary DC offline- server.domain.local  can't find nl: non-existent domain

Posted on 2012-03-28
7
442 Views
Last Modified: 2012-08-13
Good Evening All,

During routine server updates our primary DC became unreachable.
We tried rebooting various servers and our ISA server, but that did not solve the problem.
An old DC that has been shut off for 6-9 months was still listed.
While this may have not been the smartest move, we forced the removal of the old dc and seized the Schema master and the Domain naming master FSMO roles.
We went through DNS and manually removed every entry of the old DC to try and resolve the problem.  Through various support sites and offsite help we have attempted many things and it partially seems worse than before.
Unfortunately we do have a functioning backup to restore to.

We need a fresh approach and a fresh set of eyes for this problem.  Thank you for you help.

Also please let me know what diagnostic information you might need.
0
Comment
Question by:tclark777
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
7 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37779523
Where did you seize the roles to?  Did you seize them to the DC that had been shut off for 9 months?

Did you cleanup the dead DC (metadata cleanup)  http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Are you currently running with only 1 DC now?

When you say things have gotten worse what do you mean?  This might be one that if you don't get help you may want to open a ticket with Microsoft to get your business back up.  

Experts will be around, but I'm going home, and have to eat and spend some time with the family so I'll be on and off.

Thanks

Mike
0
 

Author Comment

by:tclark777
ID: 37779541
We seized the roles to the current DC that has been and is operational and we are only running 1 DC now.

We will try the cleanup the dead DC (metadata cleanup)  http://www.petri.co.il/delete_failed_dcs_from_ad.htm

I say it is worse because now when we try to open AD Users and Computers we receive an error.  Fortunately if I open Active Directory Domains and Trusts I am able to Right click and select Manage to open the users and computers.

Have a great night with your family.
I hope to see mine tonight.

Brian
0
 

Author Comment

by:tclark777
ID: 37779636
When I run netdiag I receive the following report.

Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : DCComputerName
        IP Address . . . . . . . . : 192.168.0.220
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.0.2
        Dns Servers. . . . . . . . : 192.168.0.220


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.

 


Global results:


Domain membership test . . . . . . : Failed
    [WARNING] Ths system volume has not been completely replicated to the local
machine. This machine is not working properly as a DC.


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{8D776DD4-26A9-497D-8F5E-F7EF43EA1431}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '192.168.0.220'
and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{8D776DD4-26A9-497D-8F5E-F7EF43EA1431}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{8D776DD4-26A9-497D-8F5E-F7EF43EA1431}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Failed
        [FATAL] Cannot find DC in domain 'Domain'. [ERROR_NO_SUCH_DOMAIN]


DC list test . . . . . . . . . . . : Failed
        'Domain': Cannot find DC to get DC list from [test skipped].


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Skipped
        'Domain': Cannot find DC to get DC list from [test skipped].


LDAP test. . . . . . . . . . . . . : Failed
    Cannot find DC to run LDAP tests on. The error occurred was: The specified d
omain either does not exist or could not be contacted.

        [WARNING] Cannot find DC in domain 'Domain'. [ERROR_NO_SUCH_DOMAIN]



Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 

Accepted Solution

by:
tclark777 earned 0 total points
ID: 37780138
The problem has been solved.
Its difficult to say what the complete solution was, but we made a registry edit followed by a reboot and it was finally solved.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37780144
What was the registry edit?   Was it a burflag entry?

Glad you are up...tomorrow get a second DC up

Thanks

Mike
0
 

Author Comment

by:tclark777
ID: 37782764
The final solution is listed below and found at http://support.microsoft.com/kb/290762
Its difficult to say if this would have resolved the problem from the beginning, but I think that the multiple steps we took trying to solve this brought about the final the solution.

Thank you again.

To complete an authoritative restore, stop the FRS service, configure the
BurFlags
 registry key, and then restart the FRS service. To do so: 1.Click Start, and then click Run.
2.In the Open box, type cmd and then press ENTER.
3.In the Command box, type net stop ntfrs.
4.Click Start, and then click Run.
5.In the Open box, type regedit and then press ENTER.
6.Locate the following subkey in the registry:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup

7.In the right pane, double click BurFlags.
8.In the Edit DWORD Value dialog box, type D4 and then click OK.
9.Quit Registry Editor, and then switch to the Command box.
10.In the Command box, type net start ntfrs.
11.Quit the Command box.
0
 

Author Closing Comment

by:tclark777
ID: 37795236
Personally found a solution outside of Experts Exchange
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question