Solved

Why some servers have to rejoin the domain again?

Posted on 2013-11-24
7
308 Views
Last Modified: 2013-12-01
This is using MS W2K3 AD Domain. Recently, due to some reason, I got no choice but to change the DC's IP from .8 to .9. After that, I did some clean-up on the AD, DNS, to make sure that DC is using .9 for all the communications.

Recently, users stated to feedback to me that they are not able to logon to the domain. Secondly, I also found that few servers, have to be remove and then re-join to the domain, why? What went wrong? How to solve it? The DC was originally a physical server, and has since been converted to be a hyperv VM.

Shall I setup a second VM DC (a clean setup), to take over the above DC?
0
Comment
Question by:MichaelBalack
7 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39672675
When you said you did some cleanup, what did you do?  What IP were clients (static an DHCP) using for DNS?  Have they all been updated to the new .9 address?  

Make sure the networking is setup properly in the virtualization infrastructure too.


Thanks

Mike
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39673460
Typically I never virtualize DCs. Normally because it is so easy to just throw up another one. I would just build a new DC in the virtual environment like you said.

Also, I assume the DC was also acting as a DNS server? Is there any chance that the DHCP scopes are still listing the old address to clients for DNS? Or static entries on servers?
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 500 total points
ID: 39673630
Most of the time above issue indicates that secure channel between the DC and client is broken,can you post what error message you recieve when the issue occur before you join machine/server to domain,most of the time it is due to dns misconfig.Also verify the health of existing dc to by dcdiag /q and repadmin /replsum and post the log if error is reported.

(1) Check the DNS & WINS entries?
Best practices for DNS client settings on DC and domain members.
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/

(2) Check whether the Firewall service is ON of OFF?
Refer link this to diable the firewall: http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx

(3) Check the status of the machines account in the AD?(It may be disabled)
If the Machine account is disable enable the same.

(4) Remove the server from the domain & readd it to the domain else try using netdom utility to reset the secure channel between the server & the domain controller?
http://support.microsoft.com/kb/260575

(5)Also check the DNS console for duplicate record for the host machine and remove the same.

(6)It could be due to AV(McAfee,Symantec, Trend, etc) or 3rd party security application which act as firewall and block AD communuctaion.AV like Symantec,trend,etc have new features to "protect network traffic".Please check AV setting and disable the same if defined.

(7)If the system were prepared by imaging ensure that sysprep is executed.Disjoin the PC from domain run sysyperp and the add machine to domain.
Please refer to the following two Microsoft TechNet blogs for more information.

The Machine SID Duplication Myth (and Why Sysprep Matters)http://blogs.technet.com/b/markrussinovich/archive/2009/11/03/3291024.aspx

Sysprep, Machine SIDs and Other Myths
http://blogs.technet.com/b/deploymentguys/archive/2009/12/03/sysprep-machine-sids-and-other-myths.aspx
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 39677632
Hi MKline71,

The dc was virtualized from a HP physical server. It seems that there are 1 hidden NIC that holding on .8, beside the .9 on an "regconised NIC".

Shall I have to remove the hidden nic?
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39683458
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 39688022
Hi Sandeshdubey,

The link no more working.
0
 
LVL 1

Author Closing Comment

by:MichaelBalack
ID: 39688024
Excellence
0

Join & Write a Comment

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now