Solved

Issue with Domain after server fail

Posted on 2013-11-08
5
726 Views
Last Modified: 2013-11-17
I've got a problem.  I had a Hyper-V Host server fail on me and it was a Domain Controller, it hosted a VM which was also a domain controller.  I had to reinstall the Hyper-V Host OS, I've tried to get the guest VM to run but it fails with an error 0xc0000145.
Boot Error for VMNow I don't NEED this VM as it didn't have anything on it that I can't replace.

But this issue is the status of my domain.  I've got another VM running on a different machine that is a DC and still runs.  The VM that I can't get to boot was the Primary FSMO Holder for all roles.  I've run ntdsutil and seized all roles onto the running DC.  I then tried to join the new Hyper-V Host to the domain and it failed with the error "An Active Directory Domain Controller (AD DC) for the domain 'mydomain.net' could not be contacted.  Ensure that the domain name is typed correctly. if the name is correct, click details for troubleshooting information"

Clicking on the Detail Button gives this...
---------------------------------------------------------------------------------------------
Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.

DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "rsforbes.net":

The query was for the SRV record for _ldap._tcp.dc._msdcs.mydomain.net

The following domain controllers were identified by the query:
ad-dns2.mydomain.net


However no domain controllers could be contacted.

Common causes of this error include:

- Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses.

- Domain controllers registered in DNS are not connected to the network or are not running.
---------------------------------------------------------------------------------------------
I've edited the dns and removed all entrys for the 2 servers that failed so only the currently running one is listed.  It's A record is correct and I can ping it from other computers by name.

I've tried going into Active Directory Users and Computers but it fails to connect to the domain with the error Error when opening Active Directory Users and Computers When I right click and try to 'connect to domain controller' I put in the name of the DC and get this error Error when specifing domain controller to connect toI've run dcdiag /e /c /v and this is the output of that...dcdiagLogText.txt
That still shows the 2 server that have failed, I can't get into AD UC to remove them.  So I used ADSIEdit.msc and deleted them that way.  Reran dcdiag /e /c /v and the output is ...
dcdiagLogText2.txt
As you can see it's still trying to find the two servers that should have been deleted.

How can I get this fixed?  I don't what to have to dump the whole domain and rebuild.
0
Comment
Question by:semperfi89
  • 3
  • 2
5 Comments
 
LVL 24

Assisted Solution

by:Sandeshdubey
Sandeshdubey earned 250 total points
Comment Utility
You need to first ensure that instances of old server is removed from AD database and dns for that you need to perfrom metadata cleanup.http://www.msserverpro.com/metadata-cleanup-using-ntdsutil-in-windows-server-2008-r2/

Also configure authorative time server role on PDC role holder server DC.http://support.microsoft.com/kb/816042

Once done ensure correct dns setting on DC and member server as this:http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
0
 

Author Comment

by:semperfi89
Comment Utility
Sandeshdubey, I followed all 3 links you sent me, but I still get the same errors and the newest dcdiag report is attached.

I've even rebooted to make sure every thing took hold.  It's strange that after following the 2nd link it still says no time server avail...  But then it also says the PDC is unavail.
dcdiagLogText3.txt
0
 
LVL 24

Expert Comment

by:Sandeshdubey
Comment Utility
......................... AD-DNS2 passed test NCSecDesc      Starting test: NetLogons         * Network Logons Privileges Check
         Unable to connect to the NETLOGON share! (\\AD-DNS2\netlogon)         [AD-DNS2] An net use or LsaPolicy operation failed with error 67,

Indicates that netlogon share is missing.Check the sysvol and netlogon share are available or not.Ran net share command to check the same.

Check the sysvol folder are the policies and script folder replicated or not.If it is not replicated you need to perfrom authorative(D4) and non authorative(D2) of sysvol folder to fix the same.If you have single DC then only authorative restore of sysvol(D4)
Refer below link:http://support.microsoft.com/kb/290762

Take the backup of policies and script folder from DCs and copy the same to alternate location before you proceed.

Also configure auhorative time server role on PDC role holder server:http://support.microsoft.com/kb/816042
0
 

Accepted Solution

by:
semperfi89 earned 0 total points
Comment Utility
I tried doing to authorative restore but it wouldn't do it.  I'm not sure why.

But I was able to get the VM that wouldn't boot to boot up and I was able to get AD some what working.  Problem is that once I joined the Hyper-V host back to the domain and promoted it back to a DC it was the same way.  The netlogon and sysvol shares were missing.  So at this point I thought I could just get the Exchange VM backup and run a backup of the mail but most of the Exchange services won't start, or quit right away.  So I think what I'm going to do is just dump the whole domain are recreate it from scratch.
0
 

Author Closing Comment

by:semperfi89
Comment Utility
I'm closing this question with only 1/2 points awarded due to the issue not being completly resolved by the experts.  The Expert's comments did help, but not bring complete resolution.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

Know what services you can and cannot, should and should not combine on your server.
A procedure for exporting installed hotfix details of remote computers using powershell
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now