• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 447
  • Last Modified:

Domain Controller.


We have Active Directory Domain Controller installed on Windows Server 2008R2 in our office with domain name jbboda.local, where hostname JBBDC-1 IP is primary domain controller and hostname JBBDC-2 IP is the backup domain controller. Few days ago our primary DC i.e. JBBDC-1 went down due to hardware failure. To restore the Domain Services we had Seizing FSMO Roles and tried to do Metadata cleanup through command prompt but we did not found broken JBBDC-1 in the list.  To clear the metadata we had deleted JBBDC-1 from Active Directory Users and Computer > Domain Controllers list, Active Directory Sites and Services and DNS entry related to JBBDC-1 with the help of GUI.

To test the Seizing FSMO Roles is completed successfully we had used nltest /dclist:jbboda.local and netdom query fsmo

Output: nltest /dclist:jbboda.local
Get list of DCs in domain 'jbboda.local' from '\\JBBDC-2.jbboda.local'.
    JBBDC-2.jbboda.local [PDC]  [DS] Site: Site1
The command completed successfully

Output: netdom query fsmo
Schema master                  JBBDC-2.jbboda.local
Domain naming master            JBBDC-2.jbboda.local
PDC                        JBBDC-2.jbboda.local
RID pool manager            JBBDC-2.jbboda.local
Infrastructure master            JBBDC-2.jbboda.local
The command completed successfully.

We had logged in with local administrator and changed the primary DNS IP and used command ipconfig /flushDNS in all client system.

After completion of the above process we tried to login with the domain users, but still users are not able to login to domain as it is taking very long time in Applying Windows Settings, Applying Group Policy around 15 to 20min.

When we assign the DC1 IP to the new PDC as alias IP, domain users are able to login properly but some time some policies are not getting applied, we need to run gpupdate /fore to apply the policy.

Can anyone help us how to resolve the above said issue.

Ronak Sheth
System Administrator
Silcom Solutions Pvt. Ltd.
  • 2
  • 2
1 Solution
Will SzymkowskiSenior Solution ArchitectCommented:
If you had to manually seize the roles to a backup DC then what you probably should check is your SRV records in DNS. These will not get cleaned up automatically if the DC was not removed gracefully.

Do the following...
- open DNS Manager
- Expand Forward Lookup Zone, Expand _msdcs.domain.local
- Expand all of the folders dc, domains, gc, and pdc
- Make sure that there are no service records that are still pointing to the failed DC
- If you do see SRV records that are pointing to the failed DC  you can simply delete them
SandeshdubeySenior Server EngineerCommented:
To start with can you post the dcdiag /q output of current DC.Check the event log too for any errors and warnings.Check the sysvol folder content policy and script folder should be present.

Ensure that client dns setting is pointing to online DC and there is no public ip address added as DNS setting.http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
silcomAuthor Commented:

I have cross verified there is no SRV records in DNS server also pleas find dcdiag logs as attached.

Still some policy are not getting applied to some computer.

Ronak Sheth
SandeshdubeySenior Server EngineerCommented:
The dcdiag output indicates that health of DC is good but in system log there are errors reported which need to be fix.One thing to look is this error A duplicate name has been detected on the TCP network.  The IP address of the computer that sent the message is in the data.

It seems that DC IP address is assigned to some other workstation/Server.This will cause name resolution issue,etc.
silcomAuthor Commented:

how do i identify which is the duplicate name in the network as per the dcdiad logs i have executed the command nbtstat -n and the Output is as below

Local Area Connection:
Node IpAddress: [] Scope Id: []

                NetBIOS Local Name Table

       Name               Type         Status
    JBBDC-2        <00>  UNIQUE      Registered
    JBBODA         <00>  GROUP       Registered
    JBBODA         <1C>  GROUP       Registered
    JBBDC-2        <20>  UNIQUE      Registered
    JBBODA         <1B>  UNIQUE      Registered
    JBBODA         <1E>  GROUP       Registered
    JBBODA         <1D>  UNIQUE      Registered
    ..__MSBROWSE__.<01>  GROUP       Registered

I have also verified event log it stats the same "A duplicate name has been detected on the TCP network.  The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state." with the Event ID: 4319.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now