Solved

Domain Controller connectivity issues.

Posted on 2014-02-06
4
1,806 Views
Last Modified: 2014-03-03
I am having problems with my Domain Controller that also hosts all the roles in the domain.

Running a DCDIAG gives me this

Performing initial setup:
   Trying to find home server...
   Home Server = xxxxx
   [xxxxx] Directory Binding Error 1722:
   Win32 Error 1722
   This may limit some of the tests that can be performed.
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\xxxxx
      Starting test: Connectivity
         [xxxxx] DsBindWithSpnEx() failed with error 1722,
         Win32 Error 1722.
         ......................... xxxxx failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\xxxxx
      Skipping all tests, because server xxxxx  is not responding to
      directory service requests.

So i restarted DNS, still the same problem. I have ran a ping to my other DC and all 1MS response and 0 dropped packets.

Under the network and sharing center i can see the diagram that says the server has no connection to the domain or internet, but i can browse the web.

The RPC service is running. If i look at the Operation Masters on this machine, it shows them all correctly. If i do it on my other domain controller it says "Error" under all the roles.

dcdiag /e returns this

Warning: xxxx is the Schema Owner, but is not responding to DS
RPC Bind.
Warning: xxxx  is the Domain Owner, but is not responding to DS
RPC Bind.
Warning: xxxx  is the PDC Owner, but is not responding to DS RPC
Bind.
Warning: xxxx  is the Rid Owner, but is not responding to DS RPC
Bind.
Warning: xxxx  is the Infrastructure Update Owner, but is not
responding to DS RPC Bind.

I have ran DCDIAG /TEST:DNS /V /E /F:<filename.log> and attached it xxxx is the faulty DC and ZZZZ is the other DC.

NLTEST /DSGETDC:domain.local returns no errors.

Any ideas what could be causing this? I am considering seizing the roles on my other DC and then demoting / promoting the server again but thought i would see what ideas people had here.

Both DC's are 2008 with DNS trouble machine has DHCP which is working.
logs.txt
0
Comment
Question by:CaptainGiblets
4 Comments
 
LVL 16

Expert Comment

by:gurutc
ID: 39838613
It looks like the TCPIP stack is having issues.  You can fix away at this Server, but seizing the roles on the other one, demoting and promoting may give you the cleanest and least corrupt final product.  

- gurutc
0
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 39838621
I think some on the network is not working fine.

Both DC are on same subnet? in case not, check communication between them
Faulty DC has corrected IP address? check
Have you try reboot faulty DC?
Ensure network (cables, ethernet ports, etc) is fine.

In case this DC can not be recovered, only way is:

Seize roles on working DC> http://technet.microsoft.com/es-es/library/cc816779(v=ws.10).aspx
Dcpromo -forceremoval on faulty DC
Metadata cleanup> http://technet.microsoft.com/es-es/library/cc816907(v=ws.10).aspx
Format and reinstall affected DC.
0
 
LVL 12

Expert Comment

by:SreRaj
ID: 39838650
Hi,

Please verify that networking components like Client for Microsoft Networks, Files and Printer Sharing for Microsoft Networks and Internet Protocol Version 4 are intact. If they are in corrupted state, then you could repair them using the following link.

http://support.microsoft.com/kb/299357

Please check the DC is having statically assigned IP Address and DNS Hostname registered for this DC is resolving to correct IP Address.

Verify that DNS SRV records exists for this DC in DNS. Following article has information regarding SRV records required for a DC.

http://support.microsoft.com/kb/816587
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39839824
before going to role seizure just try below.

On the affected DC
1.Stop the Kerberos Key Distribution Center service, and then set the startup value to Manual.
2.Run below command:
netdom resetpwd /server:another domain controller /userd:domain\administrator /passwordd:administrator password

Make sure that the netdom command is returned as completed successfully. If it is not, the command did not work. For the domain Contoso, where the affected domain controller is DC1, and a working domain controller is DC2, you run the following netdom command from the console of DC1:

netdom resetpwd /server:DC2 /userd:contoso\administrator /passwordd:administrator password
3.Restart the affected domain controller.
4.Start the Kerberos Key Distribution Center service, and then set the startup setting to Automatic.

Now check if your DC is functioning properly
Original Source:
http://support.microsoft.com/kb/837513

Mahesh
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now