Issue with Domain after server fail

Posted on 2013-11-08
Last Modified: 2013-11-17
I've got a problem.  I had a Hyper-V Host server fail on me and it was a Domain Controller, it hosted a VM which was also a domain controller.  I had to reinstall the Hyper-V Host OS, I've tried to get the guest VM to run but it fails with an error 0xc0000145.
Boot Error for VMNow I don't NEED this VM as it didn't have anything on it that I can't replace.

But this issue is the status of my domain.  I've got another VM running on a different machine that is a DC and still runs.  The VM that I can't get to boot was the Primary FSMO Holder for all roles.  I've run ntdsutil and seized all roles onto the running DC.  I then tried to join the new Hyper-V Host to the domain and it failed with the error "An Active Directory Domain Controller (AD DC) for the domain '' could not be contacted.  Ensure that the domain name is typed correctly. if the name is correct, click details for troubleshooting information"

Clicking on the Detail Button gives this...
Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.

DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "":

The query was for the SRV record for

The following domain controllers were identified by the query:

However no domain controllers could be contacted.

Common causes of this error include:

- Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses.

- Domain controllers registered in DNS are not connected to the network or are not running.
I've edited the dns and removed all entrys for the 2 servers that failed so only the currently running one is listed.  It's A record is correct and I can ping it from other computers by name.

I've tried going into Active Directory Users and Computers but it fails to connect to the domain with the error Error when opening Active Directory Users and Computers When I right click and try to 'connect to domain controller' I put in the name of the DC and get this error Error when specifing domain controller to connect toI've run dcdiag /e /c /v and this is the output of that...dcdiagLogText.txt
That still shows the 2 server that have failed, I can't get into AD UC to remove them.  So I used ADSIEdit.msc and deleted them that way.  Reran dcdiag /e /c /v and the output is ...
As you can see it's still trying to find the two servers that should have been deleted.

How can I get this fixed?  I don't what to have to dump the whole domain and rebuild.
Question by:semperfi89
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 24

Assisted Solution

Sandeshdubey earned 250 total points
ID: 39635119
You need to first ensure that instances of old server is removed from AD database and dns for that you need to perfrom metadata cleanup.

Also configure authorative time server role on PDC role holder server DC.

Once done ensure correct dns setting on DC and member server as this:

Author Comment

ID: 39635337
Sandeshdubey, I followed all 3 links you sent me, but I still get the same errors and the newest dcdiag report is attached.

I've even rebooted to make sure every thing took hold.  It's strange that after following the 2nd link it still says no time server avail...  But then it also says the PDC is unavail.
LVL 24

Expert Comment

ID: 39635346
......................... AD-DNS2 passed test NCSecDesc      Starting test: NetLogons         * Network Logons Privileges Check
         Unable to connect to the NETLOGON share! (\\AD-DNS2\netlogon)         [AD-DNS2] An net use or LsaPolicy operation failed with error 67,

Indicates that netlogon share is missing.Check the sysvol and netlogon share are available or not.Ran net share command to check the same.

Check the sysvol folder are the policies and script folder replicated or not.If it is not replicated you need to perfrom authorative(D4) and non authorative(D2) of sysvol folder to fix the same.If you have single DC then only authorative restore of sysvol(D4)
Refer below link:

Take the backup of policies and script folder from DCs and copy the same to alternate location before you proceed.

Also configure auhorative time server role on PDC role holder server:

Accepted Solution

semperfi89 earned 0 total points
ID: 39642940
I tried doing to authorative restore but it wouldn't do it.  I'm not sure why.

But I was able to get the VM that wouldn't boot to boot up and I was able to get AD some what working.  Problem is that once I joined the Hyper-V host back to the domain and promoted it back to a DC it was the same way.  The netlogon and sysvol shares were missing.  So at this point I thought I could just get the Exchange VM backup and run a backup of the mail but most of the Exchange services won't start, or quit right away.  So I think what I'm going to do is just dump the whole domain are recreate it from scratch.

Author Closing Comment

ID: 39654335
I'm closing this question with only 1/2 points awarded due to the issue not being completly resolved by the experts.  The Expert's comments did help, but not bring complete resolution.

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question