Domain Not Available

We have two sites connected via VPN.

Site 1: Existing 2003 domain controller
Site 2: New 2008 R2 server joined to the domain and dcpromo to new domain controller.

Connections are showing in Sites and Services for each domain controller. DNS is replicating between the two servers.

We have another server at site 2 with ip settings (DNS) configured for the new 2008 domain controller. However, when trying to login to the server we get a message stating: "The specified domain either does not exist or could not be contacted."

Trying to manage the server to add user permissions also does not allow us to specify domain users.
PlaiceAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JaniLSCommented:
If you have two sites as in Active Directory Sites and not just two physically seperate sites, than you require a Global Catalog server on both sites. Make the second DC a GC server and you should be fine if AD is replicating properly as you say.
0
PlaiceAuthor Commented:
We only have one site in Sites and Services, the two domain controllers are just two physically separate sites.
0
JaniLSCommented:
On the effected server.. Ensure only Domain DNS servers are listed on the nic card settings. No ISP DNS servers.

If that is all good... Isolate your DNS issue with NSLOOKUP from cmd prompt:

Assuming:
 domain name is domain.local
 serverA at site1 is named DC1 with IP address of 192.168.100.10
 serverB at site2 is named DC2 with IP address of 10.10.10.10
 and the problem server is Member1 at site2 with IP of 10.10.10.20

Try these commands from CMD Prompt
PING DC1 (to confirm connectivity)
if not pinging PING 192.168.100.10

PING DC2 (to confirm connectivity)
if not pinging PING 10.10.10.10

If you can ping domain controllers / DNS servers confirm DNS works:

NSLOOKUP  
SERVER 10.10.10.10
domain.local


this should output the IP Addresses of your domain controllers 10.10.10.10, 192.168.100.10

SERVER 192.168.100.10
domain.local


this should output the IP Addresses of your domain controllers 10.10.10.10, 192.168.100.10

If all of this produces the expected results then we can move forward but if you don't have connectivity to your desired DNS server from Member1 then there is a larger issue.
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

PlaiceAuthor Commented:
Member1 has connectivity to ServerB.

It can't ping or perform an nslookup on ServerA.
0
PlaiceAuthor Commented:
And, just to clarify, Member1 can perform an nslookup on ServerB.
0
JaniLSCommented:
set server b as the primary and only dns on member1. this will ensure it is talking to a domain dns server that we know it can reach.

If it still bawks when logging in, then the dns zone file in DC2 should be examined.

Is the VPN 'site to site' as in the firewalls handle the vpn or is it server to server and only DC1 & DC2 can talk to each other?
0
JaniLSCommented:
As a side note.. check the Active Directory  event logs on DC2 to ensure AD has started.
0
PlaiceAuthor Commented:
ServerB is the only DNS on Member1. Same error when trying to login.

AD event logs on ServerB show AD has started.
0
JaniLSCommented:
Can you elaborate on the VPN connectivity between DC1 & DC2?

If you are running the VPN directly from DC2, then disconnect the vpn and attempt to login from member1 again. I would like to rule out the VPN connection.
0
PlaiceAuthor Commented:
VPN is direct from DC2. I've disconnected this, retested, and received the same error.
0
JaniLSCommented:
On DC2 (2008R2) server-

Does the network location awareness service report you are on a domain network? (should say domain network in network center) If it says public your DC may not accept incoming requests of any kind?

Is the firewall turned off or disabled on DC2 as this plays havoc in 2008r2 servers as well?
0
PlaiceAuthor Commented:
DC2 says domain network for local area connection.

Firewall is on.
0
PlaiceAuthor Commented:
Looking at DC2 Sysvol and Netlogon are not available, think this might be the cause of the issue.
0
PlaiceAuthor Commented:
Looks like it's all working now, fix was:

Navigate to the following key;

 KLM\SYSTEM\CurrentControlSet\Services\Ntfrs\Parameters\Backup/Restore\Process at Startup

 Then set the BurFlags entry to D4.

Then restart the Ntfrs service.

This then replicated the Sysvol and Netlogon shares and allowed logins and management.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PlaiceAuthor Commented:
Issue was resolved in house.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server Apps

From novice to tech pro — start learning today.