• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1871
  • Last Modified:

Primary Domain Controller Completely Crashed - Secondary DC not working - Server 2008

Hi All,

My Primary DC has completely failed.  I had to seize the PDC, RID, Schema Master, Domain Naming Master, and Infrastructure role.

I verified the seizure and I see the FSMO list the working server by using the Ntdsutil utility and netdom tools.  

The problem is:
1. Under AC sites and services my working GC states it on
2.  However, when I call it using dcdiag  it doesn't see the GC even though it is on the same computer.  I continue to get Call failed, error 1355 - a kdc could not be located - all kdc's are down.  And NO DOMAIN FOUND
3.  When in domain's and trust mmc snap in.  I see a red cross on the title.
4.  The server is on it doesn't see the Global Catalog which is itself.
5. None of the computers can access the shared drives (HUGE)
6. Unable to properly load GPO or modify it and see the change across network

How to repair this?


I go to sites
  • 3
  • 2
2 Solutions
Is DNS installed on the other DC?
Are the clients set to use the other DC as their preferred or alternate DNS server ?
Will SzymkowskiSenior Solution ArchitectCommented:
When you Seize the domain/forest roles you need to manaully remove the old SRV records for the crashed DC. DO the following... (these records are automatically removed only when the DC has been gracefully decommissioned)

- Open DNS Manager
- Expand Forward Lookup Zone
- Expand _msdcs.domain.com
- Expand all folders, dc, domains, gc, pdc (until you reach the SRV records)
- Make sure that there are no records associated with the old DC (if there are delete them)
- Make sure that you see the new DC SRV records ( if they are not there you need to create them)
- Once that is complete, restart the DNS service on the DC
- Restart the AD DS service as well

Check the Logs and verify if there are any more errors. Clients need to have DNS point to the new DC, if its a secondary entry on the client it will work but there might be a delay due to Round Robin trying to hit the primany DC IP first (which will have a timeout value of 30 seconds).

Run repadmin /replsum and repadmin /showrepl also dcdiag /v and ensure that the logs a clean.

Once your authentication is back up and running correctly you are also going to have to set an external Time Source for the new PDC.

PDC External Time Source: http://technet.microsoft.com/en-us/library/cc784800(v=ws.10).aspx


timarnold000Author Commented:
Thanks Spec01. After spending literally 16 hours on this domain and attempting to figure out what was wrong I finally got down to the root of the problem.  The problem was the SYSVOL folder had a shortcut to the old DC that completely failed.  I don't know why I didn't check this earlier.  Possibly haste of trying to find a solution without completely understanding where to go.  Anyways I had to rebuild the SYSVOL using this tread:  

I couldn't completely follow the tread but things because its not completely finished but I was able to decipher and then F* it i need the old sysvol and let me pull from backup.

Went to a old backup and grabbed the SYSVOL from the old server and copied and pasted it into the location found in the how to within the link above.

I moved over the files, then did what Spec01 suggested and rebooted.  

Lord and behold it worked!  

I might add that every machine in this network was using the netbios domain name. I changed the domain name to <domain.local\username> and I was again able to access folders on the server.  

I don't know if this will completely help the public but after looking and looking and looking I thought it would be good to share what I did to repair the network.
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Will SzymkowskiSenior Solution ArchitectCommented:
Why not just accept your answer and then put mine as the assist?
Will SzymkowskiSenior Solution ArchitectCommented:
Why not accept your answer and assist me for the question?
timarnold000Author Commented:
I have added more detailed information on my findings.  I want the public to read it as it was super hard to find a answer to my domain issue
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now