Link to home
Create AccountLog in
Avatar of gdsmither
gdsmither

asked on

Error with PDC and Time server win2008 r2

I have been having issues with my Windows 2008 R2 AD DS after having a 2003 AD fail and had to be removed using dcpromo /forceremoval.  The server gives the following information when using the commands listed.  The name of the Domain controller was changed and the domain was changed as seen.  I have tried doing several things with the DNS by manually removing the references to the old Controller.  I have also restarted the time service with net stop w32time and net start w32time which did not fix any problems.  I need to get this fixed prior to adding a second windows 2008 R2 DC.  Please help as I have been working on this for several days.

C:\>dcdiag /q
         Warning: <DOMAIN CONTROLER> is not advertising as a time server.
         ......................... <DOMAIN CONTROLER> failed test Advertising
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... <DOMAIN CONTROLER> failed test FrsEvent
         An error event occurred.  EventID: 0x00000457
            Time Generated: 07/18/2013   13:07:30
            Event String:
            Driver Send to Microsoft OneNote 15 Driver required for printer Send
 To OneNote 2013 is unknown. Contact the administrator to install the driver bef
ore you log in again.
         ......................... <DOMAIN CONTROLER> failed test SystemLog
         Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
         A Time Server could not be located.
         The server holding the PDC role is down.
         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
         1355
         A Good Time Server could not be located.
         ......................... <DOMAIN.NET> failed test LocatorCheck

C:\>repadmin /options

Repadmin: running command /options against full DC localhost
Current DSA Options: IS_GC


C:\>DCDIAG /TEST:NCSecDesc

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = <DOMAIN CONTROLER>
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\<DOMAIN CONTROLER>
      Starting test: Connectivity
         ......................... <DOMAIN CONTROLER> passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\<DOMAIN CONTROLER>
      Starting test: NCSecDesc
         ......................... <DOMAIN CONTROLER> passed test NCSecDesc


   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : texcelinc

   Running enterprise tests on : <DOMAIN.NET>

C:\>repadmin /showrepl

Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\<DOMAIN CONTROLER>
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: fb37fde2-22c1-4a8c-a7cb-b4be1726e71f
DSA invocationID: b091d81c-c07f-47a3-86ee-8300c85ea904
Avatar of HornAlum
HornAlum
Flag of United States of America image

Your PDC looks like it is down? can you confirm? the following command will tell you where your FSMO roles are. if the PDC is indeed down, you need to seize the roles to your new/replacement DC

netdom /query fsmo

Open in new window


Your PDC is the Domain controller that should be running your authoritative time service for your domain. once you get that part fixed, you can fix NTP. I suggest using an external time server for your PDC to query, and pass that down your domain

w32tm /config /manualpeerlist:<peers> /syncfromflags:manual /reliable:yes /update

Open in new window


this basically tells your PDC that it needs to use a specific manual peer, and <peers> would be that manual peer (i use ntp2.usno.navy.mil, or 192.5.41.209). it also says that is now the reliable/authoritative time server for your forest/domain

on your other DC's

w32tm /config /syncfromflags:domhier /update

Open in new window


this says, refer to the domain hierarchy, in this case your PDC, to grab time from. some of your clients may ask these other DC's for the time, rather than going directly to the PDC

you can tell if they are grabbing time properly by doing the following:

w32tm /monitor

Open in new window


this will list the partnered DC's, and give you the RefID of where they are syncing time from. it will tell you which DC (with it's FQDN) is the PDC. it should list the PDC under the refID for each of the DC's, and the manual peer as the RefID for the PDC. the time offset should be no greater than a few milliseconds. if it's way off, then you may need to reset and register the w32time service on those Domain controllers and rerun the w32tm command that syncs from the PDC

other sites have you jacking with the registry, but this is the best/easiest way of doing it. i had nothing but problems messing with the registry, but these commands fixed my issues.

http://technet.microsoft.com/en-us/library/cc794937(v=ws.10).aspx
Avatar of gdsmither
gdsmither

ASKER

This is the result of the command.

C:\>netdom /query fsmo
Schema master               DC1Texcel.texcelinc.net
Domain naming master        DC1Texcel.texcelinc.net
PDC                         DC1Texcel.texcelinc.net                                 NOTE: It says it is the PDC
RID pool manager            DC1Texcel.texcelinc.net
Infrastructure master       DC1Texcel.texcelinc.net
The command completed successfully.

Also I ran the other commands with this as the result:

C:\>w32tm /config /manualpeerlist:ntp2.usno.navy.mil /syncfromflags:manual /reli
able:yes /update
The command completed successfully.

C:\>w32tm /monitor
DC1TEXCEL.texcelinc.net *** PDC ***[[::1]:123]:                        NOTE: it says it is the PDC
    ICMP: 0ms delay
    NTP: +0.0000000s offset from DC1TEXCEL.texcelinc.net
        RefID: 64-132-226-3.static.twtelecom.net [64.132.226.3]
        Stratum: 2

Warning:
Reverse name resolution is best effort. It may not be
correct since RefID field in time packets differs across
NTP implementations and may not be using IP addresses.

C:\>


I then ran dcdiag /q and received the following results:

C:\>dcdiag /q
         Warning: DC1TEXCEL is not advertising as a time server.
         ......................... DC1TEXCEL failed test Advertising
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... DC1TEXCEL failed test FrsEvent
         Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
         A Time Server could not be located.
         The server holding the PDC role is down.
         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
         1355
         A Good Time Server could not be located.
         ......................... texcelinc.net failed test LocatorCheck


This has been very frustrating.
ok, 2 things you can try, on your PDC

net stop w32time
w32tm /unregister

then do
w32tm /register
net start w32time

re-run the command i gave you on your PDC (the one with the manualpeerlist). then rerun your dcdiag /q test

IF that doesn't work and you still have the error message, try some of the registry changes in this article: http://blog.shiraj.com/2009/09/dcgetdcnametime_server-call-failed-error-1355/
Did all that you asked including the website, which I have done in the past, and no change.

Did I mention I HATE computers.

Thanks for your efforts however.  I do appreciate it.
could be a DNS issue or something else.

I would try running some more specific dcdiag tests

try the following

dcdiag /test:<testname>

use the following test names:

FsmoCheck
DnsAll
there's an older question here on experts-exchange with the same issue you are having as well, check this:

https://www.experts-exchange.com/questions/25094646/Warning-DcGetDcName-TIME-SERVER-call-failed-error-1355.html
ASKER CERTIFIED SOLUTION
Avatar of HornAlum
HornAlum
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
The last suggestion with the Group Policy was the issue. I set the time items to Not Configured and ran the dcdiag /q with no more errors on the time service.  

I greatly appreciate it.