Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Domain Controller connectivity issues.

Posted on 2014-02-06
4
Medium Priority
?
2,013 Views
Last Modified: 2014-03-03
I am having problems with my Domain Controller that also hosts all the roles in the domain.

Running a DCDIAG gives me this

Performing initial setup:
   Trying to find home server...
   Home Server = xxxxx
   [xxxxx] Directory Binding Error 1722:
   Win32 Error 1722
   This may limit some of the tests that can be performed.
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\xxxxx
      Starting test: Connectivity
         [xxxxx] DsBindWithSpnEx() failed with error 1722,
         Win32 Error 1722.
         ......................... xxxxx failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\xxxxx
      Skipping all tests, because server xxxxx  is not responding to
      directory service requests.

So i restarted DNS, still the same problem. I have ran a ping to my other DC and all 1MS response and 0 dropped packets.

Under the network and sharing center i can see the diagram that says the server has no connection to the domain or internet, but i can browse the web.

The RPC service is running. If i look at the Operation Masters on this machine, it shows them all correctly. If i do it on my other domain controller it says "Error" under all the roles.

dcdiag /e returns this

Warning: xxxx is the Schema Owner, but is not responding to DS
RPC Bind.
Warning: xxxx  is the Domain Owner, but is not responding to DS
RPC Bind.
Warning: xxxx  is the PDC Owner, but is not responding to DS RPC
Bind.
Warning: xxxx  is the Rid Owner, but is not responding to DS RPC
Bind.
Warning: xxxx  is the Infrastructure Update Owner, but is not
responding to DS RPC Bind.

I have ran DCDIAG /TEST:DNS /V /E /F:<filename.log> and attached it xxxx is the faulty DC and ZZZZ is the other DC.

NLTEST /DSGETDC:domain.local returns no errors.

Any ideas what could be causing this? I am considering seizing the roles on my other DC and then demoting / promoting the server again but thought i would see what ideas people had here.

Both DC's are 2008 with DNS trouble machine has DHCP which is working.
logs.txt
0
Comment
Question by:CaptainGiblets
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 16

Expert Comment

by:gurutc
ID: 39838613
It looks like the TCPIP stack is having issues.  You can fix away at this Server, but seizing the roles on the other one, demoting and promoting may give you the cleanest and least corrupt final product.  

- gurutc
0
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 39838621
I think some on the network is not working fine.

Both DC are on same subnet? in case not, check communication between them
Faulty DC has corrected IP address? check
Have you try reboot faulty DC?
Ensure network (cables, ethernet ports, etc) is fine.

In case this DC can not be recovered, only way is:

Seize roles on working DC> http://technet.microsoft.com/es-es/library/cc816779(v=ws.10).aspx
Dcpromo -forceremoval on faulty DC
Metadata cleanup> http://technet.microsoft.com/es-es/library/cc816907(v=ws.10).aspx
Format and reinstall affected DC.
0
 
LVL 12

Expert Comment

by:SreRaj
ID: 39838650
Hi,

Please verify that networking components like Client for Microsoft Networks, Files and Printer Sharing for Microsoft Networks and Internet Protocol Version 4 are intact. If they are in corrupted state, then you could repair them using the following link.

http://support.microsoft.com/kb/299357

Please check the DC is having statically assigned IP Address and DNS Hostname registered for this DC is resolving to correct IP Address.

Verify that DNS SRV records exists for this DC in DNS. Following article has information regarding SRV records required for a DC.

http://support.microsoft.com/kb/816587
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 39839824
before going to role seizure just try below.

On the affected DC
1.Stop the Kerberos Key Distribution Center service, and then set the startup value to Manual.
2.Run below command:
netdom resetpwd /server:another domain controller /userd:domain\administrator /passwordd:administrator password

Make sure that the netdom command is returned as completed successfully. If it is not, the command did not work. For the domain Contoso, where the affected domain controller is DC1, and a working domain controller is DC2, you run the following netdom command from the console of DC1:

netdom resetpwd /server:DC2 /userd:contoso\administrator /passwordd:administrator password
3.Restart the affected domain controller.
4.Start the Kerberos Key Distribution Center service, and then set the startup setting to Automatic.

Now check if your DC is functioning properly
Original Source:
http://support.microsoft.com/kb/837513

Mahesh
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

661 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question