• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 780
  • Last Modified:

Issue with Domain after server fail

I've got a problem.  I had a Hyper-V Host server fail on me and it was a Domain Controller, it hosted a VM which was also a domain controller.  I had to reinstall the Hyper-V Host OS, I've tried to get the guest VM to run but it fails with an error 0xc0000145.
Boot Error for VMNow I don't NEED this VM as it didn't have anything on it that I can't replace.

But this issue is the status of my domain.  I've got another VM running on a different machine that is a DC and still runs.  The VM that I can't get to boot was the Primary FSMO Holder for all roles.  I've run ntdsutil and seized all roles onto the running DC.  I then tried to join the new Hyper-V Host to the domain and it failed with the error "An Active Directory Domain Controller (AD DC) for the domain 'mydomain.net' could not be contacted.  Ensure that the domain name is typed correctly. if the name is correct, click details for troubleshooting information"

Clicking on the Detail Button gives this...
---------------------------------------------------------------------------------------------
Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.

DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "rsforbes.net":

The query was for the SRV record for _ldap._tcp.dc._msdcs.mydomain.net

The following domain controllers were identified by the query:
ad-dns2.mydomain.net


However no domain controllers could be contacted.

Common causes of this error include:

- Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses.

- Domain controllers registered in DNS are not connected to the network or are not running.
---------------------------------------------------------------------------------------------
I've edited the dns and removed all entrys for the 2 servers that failed so only the currently running one is listed.  It's A record is correct and I can ping it from other computers by name.

I've tried going into Active Directory Users and Computers but it fails to connect to the domain with the error Error when opening Active Directory Users and Computers When I right click and try to 'connect to domain controller' I put in the name of the DC and get this error Error when specifing domain controller to connect toI've run dcdiag /e /c /v and this is the output of that...dcdiagLogText.txt
That still shows the 2 server that have failed, I can't get into AD UC to remove them.  So I used ADSIEdit.msc and deleted them that way.  Reran dcdiag /e /c /v and the output is ...
dcdiagLogText2.txt
As you can see it's still trying to find the two servers that should have been deleted.

How can I get this fixed?  I don't what to have to dump the whole domain and rebuild.
0
semperfi89
Asked:
semperfi89
  • 3
  • 2
2 Solutions
 
SandeshdubeyCommented:
You need to first ensure that instances of old server is removed from AD database and dns for that you need to perfrom metadata cleanup.http://www.msserverpro.com/metadata-cleanup-using-ntdsutil-in-windows-server-2008-r2/

Also configure authorative time server role on PDC role holder server DC.http://support.microsoft.com/kb/816042

Once done ensure correct dns setting on DC and member server as this:http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
0
 
semperfi89Author Commented:
Sandeshdubey, I followed all 3 links you sent me, but I still get the same errors and the newest dcdiag report is attached.

I've even rebooted to make sure every thing took hold.  It's strange that after following the 2nd link it still says no time server avail...  But then it also says the PDC is unavail.
dcdiagLogText3.txt
0
 
SandeshdubeyCommented:
......................... AD-DNS2 passed test NCSecDesc      Starting test: NetLogons         * Network Logons Privileges Check
         Unable to connect to the NETLOGON share! (\\AD-DNS2\netlogon)         [AD-DNS2] An net use or LsaPolicy operation failed with error 67,

Indicates that netlogon share is missing.Check the sysvol and netlogon share are available or not.Ran net share command to check the same.

Check the sysvol folder are the policies and script folder replicated or not.If it is not replicated you need to perfrom authorative(D4) and non authorative(D2) of sysvol folder to fix the same.If you have single DC then only authorative restore of sysvol(D4)
Refer below link:http://support.microsoft.com/kb/290762

Take the backup of policies and script folder from DCs and copy the same to alternate location before you proceed.

Also configure auhorative time server role on PDC role holder server:http://support.microsoft.com/kb/816042
0
 
semperfi89Author Commented:
I tried doing to authorative restore but it wouldn't do it.  I'm not sure why.

But I was able to get the VM that wouldn't boot to boot up and I was able to get AD some what working.  Problem is that once I joined the Hyper-V host back to the domain and promoted it back to a DC it was the same way.  The netlogon and sysvol shares were missing.  So at this point I thought I could just get the Exchange VM backup and run a backup of the mail but most of the Exchange services won't start, or quit right away.  So I think what I'm going to do is just dump the whole domain are recreate it from scratch.
0
 
semperfi89Author Commented:
I'm closing this question with only 1/2 points awarded due to the issue not being completly resolved by the experts.  The Expert's comments did help, but not bring complete resolution.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now