Primary Domain Controller Completely Crashed - Secondary DC not working - Server 2008

Hi All,

My Primary DC has completely failed.  I had to seize the PDC, RID, Schema Master, Domain Naming Master, and Infrastructure role.

I verified the seizure and I see the FSMO list the working server by using the Ntdsutil utility and netdom tools.  

The problem is:
1. Under AC sites and services my working GC states it on
2.  However, when I call it using dcdiag  it doesn't see the GC even though it is on the same computer.  I continue to get Call failed, error 1355 - a kdc could not be located - all kdc's are down.  And NO DOMAIN FOUND
3.  When in domain's and trust mmc snap in.  I see a red cross on the title.
4.  The server is on it doesn't see the Global Catalog which is itself.
5. None of the computers can access the shared drives (HUGE)
6. Unable to properly load GPO or modify it and see the change across network

How to repair this?


I go to sites
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Brian PiercePhotographerCommented:
Is DNS installed on the other DC?
Are the clients set to use the other DC as their preferred or alternate DNS server ?
Will SzymkowskiSenior Solution ArchitectCommented:
When you Seize the domain/forest roles you need to manaully remove the old SRV records for the crashed DC. DO the following... (these records are automatically removed only when the DC has been gracefully decommissioned)

- Open DNS Manager
- Expand Forward Lookup Zone
- Expand
- Expand all folders, dc, domains, gc, pdc (until you reach the SRV records)
- Make sure that there are no records associated with the old DC (if there are delete them)
- Make sure that you see the new DC SRV records ( if they are not there you need to create them)
- Once that is complete, restart the DNS service on the DC
- Restart the AD DS service as well

Check the Logs and verify if there are any more errors. Clients need to have DNS point to the new DC, if its a secondary entry on the client it will work but there might be a delay due to Round Robin trying to hit the primany DC IP first (which will have a timeout value of 30 seconds).

Run repadmin /replsum and repadmin /showrepl also dcdiag /v and ensure that the logs a clean.

Once your authentication is back up and running correctly you are also going to have to set an external Time Source for the new PDC.

PDC External Time Source:


timarnold000Author Commented:
Thanks Spec01. After spending literally 16 hours on this domain and attempting to figure out what was wrong I finally got down to the root of the problem.  The problem was the SYSVOL folder had a shortcut to the old DC that completely failed.  I don't know why I didn't check this earlier.  Possibly haste of trying to find a solution without completely understanding where to go.  Anyways I had to rebuild the SYSVOL using this tread:

I couldn't completely follow the tread but things because its not completely finished but I was able to decipher and then F* it i need the old sysvol and let me pull from backup.

Went to a old backup and grabbed the SYSVOL from the old server and copied and pasted it into the location found in the how to within the link above.

I moved over the files, then did what Spec01 suggested and rebooted.  

Lord and behold it worked!  

I might add that every machine in this network was using the netbios domain name. I changed the domain name to <domain.local\username> and I was again able to access folders on the server.  

I don't know if this will completely help the public but after looking and looking and looking I thought it would be good to share what I did to repair the network.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Will SzymkowskiSenior Solution ArchitectCommented:
Why not just accept your answer and then put mine as the assist?
Will SzymkowskiSenior Solution ArchitectCommented:
Why not accept your answer and assist me for the question?
timarnold000Author Commented:
I have added more detailed information on my findings.  I want the public to read it as it was super hard to find a answer to my domain issue
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.