Solved

Domain Controller connectivity issues.

Posted on 2014-02-06
4
1,849 Views
Last Modified: 2014-03-03
I am having problems with my Domain Controller that also hosts all the roles in the domain.

Running a DCDIAG gives me this

Performing initial setup:
   Trying to find home server...
   Home Server = xxxxx
   [xxxxx] Directory Binding Error 1722:
   Win32 Error 1722
   This may limit some of the tests that can be performed.
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\xxxxx
      Starting test: Connectivity
         [xxxxx] DsBindWithSpnEx() failed with error 1722,
         Win32 Error 1722.
         ......................... xxxxx failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\xxxxx
      Skipping all tests, because server xxxxx  is not responding to
      directory service requests.

So i restarted DNS, still the same problem. I have ran a ping to my other DC and all 1MS response and 0 dropped packets.

Under the network and sharing center i can see the diagram that says the server has no connection to the domain or internet, but i can browse the web.

The RPC service is running. If i look at the Operation Masters on this machine, it shows them all correctly. If i do it on my other domain controller it says "Error" under all the roles.

dcdiag /e returns this

Warning: xxxx is the Schema Owner, but is not responding to DS
RPC Bind.
Warning: xxxx  is the Domain Owner, but is not responding to DS
RPC Bind.
Warning: xxxx  is the PDC Owner, but is not responding to DS RPC
Bind.
Warning: xxxx  is the Rid Owner, but is not responding to DS RPC
Bind.
Warning: xxxx  is the Infrastructure Update Owner, but is not
responding to DS RPC Bind.

I have ran DCDIAG /TEST:DNS /V /E /F:<filename.log> and attached it xxxx is the faulty DC and ZZZZ is the other DC.

NLTEST /DSGETDC:domain.local returns no errors.

Any ideas what could be causing this? I am considering seizing the roles on my other DC and then demoting / promoting the server again but thought i would see what ideas people had here.

Both DC's are 2008 with DNS trouble machine has DHCP which is working.
logs.txt
0
Comment
Question by:CaptainGiblets
4 Comments
 
LVL 16

Expert Comment

by:gurutc
ID: 39838613
It looks like the TCPIP stack is having issues.  You can fix away at this Server, but seizing the roles on the other one, demoting and promoting may give you the cleanest and least corrupt final product.  

- gurutc
0
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 39838621
I think some on the network is not working fine.

Both DC are on same subnet? in case not, check communication between them
Faulty DC has corrected IP address? check
Have you try reboot faulty DC?
Ensure network (cables, ethernet ports, etc) is fine.

In case this DC can not be recovered, only way is:

Seize roles on working DC> http://technet.microsoft.com/es-es/library/cc816779(v=ws.10).aspx
Dcpromo -forceremoval on faulty DC
Metadata cleanup> http://technet.microsoft.com/es-es/library/cc816907(v=ws.10).aspx
Format and reinstall affected DC.
0
 
LVL 12

Expert Comment

by:SreRaj
ID: 39838650
Hi,

Please verify that networking components like Client for Microsoft Networks, Files and Printer Sharing for Microsoft Networks and Internet Protocol Version 4 are intact. If they are in corrupted state, then you could repair them using the following link.

http://support.microsoft.com/kb/299357

Please check the DC is having statically assigned IP Address and DNS Hostname registered for this DC is resolving to correct IP Address.

Verify that DNS SRV records exists for this DC in DNS. Following article has information regarding SRV records required for a DC.

http://support.microsoft.com/kb/816587
0
 
LVL 36

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39839824
before going to role seizure just try below.

On the affected DC
1.Stop the Kerberos Key Distribution Center service, and then set the startup value to Manual.
2.Run below command:
netdom resetpwd /server:another domain controller /userd:domain\administrator /passwordd:administrator password

Make sure that the netdom command is returned as completed successfully. If it is not, the command did not work. For the domain Contoso, where the affected domain controller is DC1, and a working domain controller is DC2, you run the following netdom command from the console of DC1:

netdom resetpwd /server:DC2 /userd:contoso\administrator /passwordd:administrator password
3.Restart the affected domain controller.
4.Start the Kerberos Key Distribution Center service, and then set the startup setting to Automatic.

Now check if your DC is functioning properly
Original Source:
http://support.microsoft.com/kb/837513

Mahesh
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question