Solved

Why some servers have to rejoin the domain again?

Posted on 2013-11-24
7
309 Views
Last Modified: 2013-12-01
This is using MS W2K3 AD Domain. Recently, due to some reason, I got no choice but to change the DC's IP from .8 to .9. After that, I did some clean-up on the AD, DNS, to make sure that DC is using .9 for all the communications.

Recently, users stated to feedback to me that they are not able to logon to the domain. Secondly, I also found that few servers, have to be remove and then re-join to the domain, why? What went wrong? How to solve it? The DC was originally a physical server, and has since been converted to be a hyperv VM.

Shall I setup a second VM DC (a clean setup), to take over the above DC?
0
Comment
Question by:MichaelBalack
7 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39672675
When you said you did some cleanup, what did you do?  What IP were clients (static an DHCP) using for DNS?  Have they all been updated to the new .9 address?  

Make sure the networking is setup properly in the virtualization infrastructure too.


Thanks

Mike
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39673460
Typically I never virtualize DCs. Normally because it is so easy to just throw up another one. I would just build a new DC in the virtual environment like you said.

Also, I assume the DC was also acting as a DNS server? Is there any chance that the DHCP scopes are still listing the old address to clients for DNS? Or static entries on servers?
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 500 total points
ID: 39673630
Most of the time above issue indicates that secure channel between the DC and client is broken,can you post what error message you recieve when the issue occur before you join machine/server to domain,most of the time it is due to dns misconfig.Also verify the health of existing dc to by dcdiag /q and repadmin /replsum and post the log if error is reported.

(1) Check the DNS & WINS entries?
Best practices for DNS client settings on DC and domain members.
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/

(2) Check whether the Firewall service is ON of OFF?
Refer link this to diable the firewall: http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx

(3) Check the status of the machines account in the AD?(It may be disabled)
If the Machine account is disable enable the same.

(4) Remove the server from the domain & readd it to the domain else try using netdom utility to reset the secure channel between the server & the domain controller?
http://support.microsoft.com/kb/260575

(5)Also check the DNS console for duplicate record for the host machine and remove the same.

(6)It could be due to AV(McAfee,Symantec, Trend, etc) or 3rd party security application which act as firewall and block AD communuctaion.AV like Symantec,trend,etc have new features to "protect network traffic".Please check AV setting and disable the same if defined.

(7)If the system were prepared by imaging ensure that sysprep is executed.Disjoin the PC from domain run sysyperp and the add machine to domain.
Please refer to the following two Microsoft TechNet blogs for more information.

The Machine SID Duplication Myth (and Why Sysprep Matters)http://blogs.technet.com/b/markrussinovich/archive/2009/11/03/3291024.aspx

Sysprep, Machine SIDs and Other Myths
http://blogs.technet.com/b/deploymentguys/archive/2009/12/03/sysprep-machine-sids-and-other-myths.aspx
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 1

Author Comment

by:MichaelBalack
ID: 39677632
Hi MKline71,

The dc was virtualized from a HP physical server. It seems that there are 1 hidden NIC that holding on .8, beside the .9 on an "regconised NIC".

Shall I have to remove the hidden nic?
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39683458
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 39688022
Hi Sandeshdubey,

The link no more working.
0
 
LVL 1

Author Closing Comment

by:MichaelBalack
ID: 39688024
Excellence
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
google apps AD sync for groups 3 46
Unable to log into domain computer 4 39
Question about Authentication Domain 6 71
SBS 2003 RWW Login 3 18
Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now