[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 321
  • Last Modified:

Why some servers have to rejoin the domain again?

This is using MS W2K3 AD Domain. Recently, due to some reason, I got no choice but to change the DC's IP from .8 to .9. After that, I did some clean-up on the AD, DNS, to make sure that DC is using .9 for all the communications.

Recently, users stated to feedback to me that they are not able to logon to the domain. Secondly, I also found that few servers, have to be remove and then re-join to the domain, why? What went wrong? How to solve it? The DC was originally a physical server, and has since been converted to be a hyperv VM.

Shall I setup a second VM DC (a clean setup), to take over the above DC?
0
MichaelBalack
Asked:
MichaelBalack
1 Solution
 
Mike KlineCommented:
When you said you did some cleanup, what did you do?  What IP were clients (static an DHCP) using for DNS?  Have they all been updated to the new .9 address?  

Make sure the networking is setup properly in the virtualization infrastructure too.


Thanks

Mike
0
 
Gareth GudgerCommented:
Typically I never virtualize DCs. Normally because it is so easy to just throw up another one. I would just build a new DC in the virtual environment like you said.

Also, I assume the DC was also acting as a DNS server? Is there any chance that the DHCP scopes are still listing the old address to clients for DNS? Or static entries on servers?
0
 
SandeshdubeyCommented:
Most of the time above issue indicates that secure channel between the DC and client is broken,can you post what error message you recieve when the issue occur before you join machine/server to domain,most of the time it is due to dns misconfig.Also verify the health of existing dc to by dcdiag /q and repadmin /replsum and post the log if error is reported.

(1) Check the DNS & WINS entries?
Best practices for DNS client settings on DC and domain members.
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/

(2) Check whether the Firewall service is ON of OFF?
Refer link this to diable the firewall: http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx

(3) Check the status of the machines account in the AD?(It may be disabled)
If the Machine account is disable enable the same.

(4) Remove the server from the domain & readd it to the domain else try using netdom utility to reset the secure channel between the server & the domain controller?
http://support.microsoft.com/kb/260575

(5)Also check the DNS console for duplicate record for the host machine and remove the same.

(6)It could be due to AV(McAfee,Symantec, Trend, etc) or 3rd party security application which act as firewall and block AD communuctaion.AV like Symantec,trend,etc have new features to "protect network traffic".Please check AV setting and disable the same if defined.

(7)If the system were prepared by imaging ensure that sysprep is executed.Disjoin the PC from domain run sysyperp and the add machine to domain.
Please refer to the following two Microsoft TechNet blogs for more information.

The Machine SID Duplication Myth (and Why Sysprep Matters)http://blogs.technet.com/b/markrussinovich/archive/2009/11/03/3291024.aspx

Sysprep, Machine SIDs and Other Myths
http://blogs.technet.com/b/deploymentguys/archive/2009/12/03/sysprep-machine-sids-and-other-myths.aspx
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
MichaelBalackAuthor Commented:
Hi MKline71,

The dc was virtualized from a HP physical server. It seems that there are 1 hidden NIC that holding on .8, beside the .9 on an "regconised NIC".

Shall I have to remove the hidden nic?
0
 
MichaelBalackAuthor Commented:
Hi Sandeshdubey,

The link no more working.
0
 
MichaelBalackAuthor Commented:
Excellence
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now