Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Issue with Domain after server fail

Posted on 2013-11-08
Medium Priority
Last Modified: 2013-11-17
I've got a problem.  I had a Hyper-V Host server fail on me and it was a Domain Controller, it hosted a VM which was also a domain controller.  I had to reinstall the Hyper-V Host OS, I've tried to get the guest VM to run but it fails with an error 0xc0000145.
Boot Error for VMNow I don't NEED this VM as it didn't have anything on it that I can't replace.

But this issue is the status of my domain.  I've got another VM running on a different machine that is a DC and still runs.  The VM that I can't get to boot was the Primary FSMO Holder for all roles.  I've run ntdsutil and seized all roles onto the running DC.  I then tried to join the new Hyper-V Host to the domain and it failed with the error "An Active Directory Domain Controller (AD DC) for the domain 'mydomain.net' could not be contacted.  Ensure that the domain name is typed correctly. if the name is correct, click details for troubleshooting information"

Clicking on the Detail Button gives this...
Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.

DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "rsforbes.net":

The query was for the SRV record for _ldap._tcp.dc._msdcs.mydomain.net

The following domain controllers were identified by the query:

However no domain controllers could be contacted.

Common causes of this error include:

- Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses.

- Domain controllers registered in DNS are not connected to the network or are not running.
I've edited the dns and removed all entrys for the 2 servers that failed so only the currently running one is listed.  It's A record is correct and I can ping it from other computers by name.

I've tried going into Active Directory Users and Computers but it fails to connect to the domain with the error Error when opening Active Directory Users and Computers When I right click and try to 'connect to domain controller' I put in the name of the DC and get this error Error when specifing domain controller to connect toI've run dcdiag /e /c /v and this is the output of that...dcdiagLogText.txt
That still shows the 2 server that have failed, I can't get into AD UC to remove them.  So I used ADSIEdit.msc and deleted them that way.  Reran dcdiag /e /c /v and the output is ...
As you can see it's still trying to find the two servers that should have been deleted.

How can I get this fixed?  I don't what to have to dump the whole domain and rebuild.
Question by:semperfi89
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 24

Assisted Solution

Sandeshdubey earned 500 total points
ID: 39635119
You need to first ensure that instances of old server is removed from AD database and dns for that you need to perfrom metadata cleanup.http://www.msserverpro.com/metadata-cleanup-using-ntdsutil-in-windows-server-2008-r2/

Also configure authorative time server role on PDC role holder server DC.http://support.microsoft.com/kb/816042

Once done ensure correct dns setting on DC and member server as this:http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/

Author Comment

ID: 39635337
Sandeshdubey, I followed all 3 links you sent me, but I still get the same errors and the newest dcdiag report is attached.

I've even rebooted to make sure every thing took hold.  It's strange that after following the 2nd link it still says no time server avail...  But then it also says the PDC is unavail.
LVL 24

Expert Comment

ID: 39635346
......................... AD-DNS2 passed test NCSecDesc      Starting test: NetLogons         * Network Logons Privileges Check
         Unable to connect to the NETLOGON share! (\\AD-DNS2\netlogon)         [AD-DNS2] An net use or LsaPolicy operation failed with error 67,

Indicates that netlogon share is missing.Check the sysvol and netlogon share are available or not.Ran net share command to check the same.

Check the sysvol folder are the policies and script folder replicated or not.If it is not replicated you need to perfrom authorative(D4) and non authorative(D2) of sysvol folder to fix the same.If you have single DC then only authorative restore of sysvol(D4)
Refer below link:http://support.microsoft.com/kb/290762

Take the backup of policies and script folder from DCs and copy the same to alternate location before you proceed.

Also configure auhorative time server role on PDC role holder server:http://support.microsoft.com/kb/816042

Accepted Solution

semperfi89 earned 0 total points
ID: 39642940
I tried doing to authorative restore but it wouldn't do it.  I'm not sure why.

But I was able to get the VM that wouldn't boot to boot up and I was able to get AD some what working.  Problem is that once I joined the Hyper-V host back to the domain and promoted it back to a DC it was the same way.  The netlogon and sysvol shares were missing.  So at this point I thought I could just get the Exchange VM backup and run a backup of the mail but most of the Exchange services won't start, or quit right away.  So I think what I'm going to do is just dump the whole domain are recreate it from scratch.

Author Closing Comment

ID: 39654335
I'm closing this question with only 1/2 points awarded due to the issue not being completly resolved by the experts.  The Expert's comments did help, but not bring complete resolution.

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question