Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Why some servers have to rejoin the domain again?

Posted on 2013-11-24
7
Medium Priority
?
320 Views
Last Modified: 2013-12-01
This is using MS W2K3 AD Domain. Recently, due to some reason, I got no choice but to change the DC's IP from .8 to .9. After that, I did some clean-up on the AD, DNS, to make sure that DC is using .9 for all the communications.

Recently, users stated to feedback to me that they are not able to logon to the domain. Secondly, I also found that few servers, have to be remove and then re-join to the domain, why? What went wrong? How to solve it? The DC was originally a physical server, and has since been converted to be a hyperv VM.

Shall I setup a second VM DC (a clean setup), to take over the above DC?
0
Comment
Question by:MichaelBalack
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39672675
When you said you did some cleanup, what did you do?  What IP were clients (static an DHCP) using for DNS?  Have they all been updated to the new .9 address?  

Make sure the networking is setup properly in the virtualization infrastructure too.


Thanks

Mike
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39673460
Typically I never virtualize DCs. Normally because it is so easy to just throw up another one. I would just build a new DC in the virtual environment like you said.

Also, I assume the DC was also acting as a DNS server? Is there any chance that the DHCP scopes are still listing the old address to clients for DNS? Or static entries on servers?
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 2000 total points
ID: 39673630
Most of the time above issue indicates that secure channel between the DC and client is broken,can you post what error message you recieve when the issue occur before you join machine/server to domain,most of the time it is due to dns misconfig.Also verify the health of existing dc to by dcdiag /q and repadmin /replsum and post the log if error is reported.

(1) Check the DNS & WINS entries?
Best practices for DNS client settings on DC and domain members.
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/

(2) Check whether the Firewall service is ON of OFF?
Refer link this to diable the firewall: http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx

(3) Check the status of the machines account in the AD?(It may be disabled)
If the Machine account is disable enable the same.

(4) Remove the server from the domain & readd it to the domain else try using netdom utility to reset the secure channel between the server & the domain controller?
http://support.microsoft.com/kb/260575

(5)Also check the DNS console for duplicate record for the host machine and remove the same.

(6)It could be due to AV(McAfee,Symantec, Trend, etc) or 3rd party security application which act as firewall and block AD communuctaion.AV like Symantec,trend,etc have new features to "protect network traffic".Please check AV setting and disable the same if defined.

(7)If the system were prepared by imaging ensure that sysprep is executed.Disjoin the PC from domain run sysyperp and the add machine to domain.
Please refer to the following two Microsoft TechNet blogs for more information.

The Machine SID Duplication Myth (and Why Sysprep Matters)http://blogs.technet.com/b/markrussinovich/archive/2009/11/03/3291024.aspx

Sysprep, Machine SIDs and Other Myths
http://blogs.technet.com/b/deploymentguys/archive/2009/12/03/sysprep-machine-sids-and-other-myths.aspx
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 1

Author Comment

by:MichaelBalack
ID: 39677632
Hi MKline71,

The dc was virtualized from a HP physical server. It seems that there are 1 hidden NIC that holding on .8, beside the .9 on an "regconised NIC".

Shall I have to remove the hidden nic?
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39683458
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 39688022
Hi Sandeshdubey,

The link no more working.
0
 
LVL 1

Author Closing Comment

by:MichaelBalack
ID: 39688024
Excellence
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question