Solved

Domain Controller connectivity issues.

Posted on 2014-02-06
4
1,776 Views
Last Modified: 2014-03-03
I am having problems with my Domain Controller that also hosts all the roles in the domain.

Running a DCDIAG gives me this

Performing initial setup:
   Trying to find home server...
   Home Server = xxxxx
   [xxxxx] Directory Binding Error 1722:
   Win32 Error 1722
   This may limit some of the tests that can be performed.
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\xxxxx
      Starting test: Connectivity
         [xxxxx] DsBindWithSpnEx() failed with error 1722,
         Win32 Error 1722.
         ......................... xxxxx failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\xxxxx
      Skipping all tests, because server xxxxx  is not responding to
      directory service requests.

So i restarted DNS, still the same problem. I have ran a ping to my other DC and all 1MS response and 0 dropped packets.

Under the network and sharing center i can see the diagram that says the server has no connection to the domain or internet, but i can browse the web.

The RPC service is running. If i look at the Operation Masters on this machine, it shows them all correctly. If i do it on my other domain controller it says "Error" under all the roles.

dcdiag /e returns this

Warning: xxxx is the Schema Owner, but is not responding to DS
RPC Bind.
Warning: xxxx  is the Domain Owner, but is not responding to DS
RPC Bind.
Warning: xxxx  is the PDC Owner, but is not responding to DS RPC
Bind.
Warning: xxxx  is the Rid Owner, but is not responding to DS RPC
Bind.
Warning: xxxx  is the Infrastructure Update Owner, but is not
responding to DS RPC Bind.

I have ran DCDIAG /TEST:DNS /V /E /F:<filename.log> and attached it xxxx is the faulty DC and ZZZZ is the other DC.

NLTEST /DSGETDC:domain.local returns no errors.

Any ideas what could be causing this? I am considering seizing the roles on my other DC and then demoting / promoting the server again but thought i would see what ideas people had here.

Both DC's are 2008 with DNS trouble machine has DHCP which is working.
logs.txt
0
Comment
Question by:CaptainGiblets
4 Comments
 
LVL 16

Expert Comment

by:gurutc
Comment Utility
It looks like the TCPIP stack is having issues.  You can fix away at this Server, but seizing the roles on the other one, demoting and promoting may give you the cleanest and least corrupt final product.  

- gurutc
0
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
Comment Utility
I think some on the network is not working fine.

Both DC are on same subnet? in case not, check communication between them
Faulty DC has corrected IP address? check
Have you try reboot faulty DC?
Ensure network (cables, ethernet ports, etc) is fine.

In case this DC can not be recovered, only way is:

Seize roles on working DC> http://technet.microsoft.com/es-es/library/cc816779(v=ws.10).aspx
Dcpromo -forceremoval on faulty DC
Metadata cleanup> http://technet.microsoft.com/es-es/library/cc816907(v=ws.10).aspx
Format and reinstall affected DC.
0
 
LVL 12

Expert Comment

by:SreRaj
Comment Utility
Hi,

Please verify that networking components like Client for Microsoft Networks, Files and Printer Sharing for Microsoft Networks and Internet Protocol Version 4 are intact. If they are in corrupted state, then you could repair them using the following link.

http://support.microsoft.com/kb/299357

Please check the DC is having statically assigned IP Address and DNS Hostname registered for this DC is resolving to correct IP Address.

Verify that DNS SRV records exists for this DC in DNS. Following article has information regarding SRV records required for a DC.

http://support.microsoft.com/kb/816587
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 500 total points
Comment Utility
before going to role seizure just try below.

On the affected DC
1.Stop the Kerberos Key Distribution Center service, and then set the startup value to Manual.
2.Run below command:
netdom resetpwd /server:another domain controller /userd:domain\administrator /passwordd:administrator password

Make sure that the netdom command is returned as completed successfully. If it is not, the command did not work. For the domain Contoso, where the affected domain controller is DC1, and a working domain controller is DC2, you run the following netdom command from the console of DC1:

netdom resetpwd /server:DC2 /userd:contoso\administrator /passwordd:administrator password
3.Restart the affected domain controller.
4.Start the Kerberos Key Distribution Center service, and then set the startup setting to Automatic.

Now check if your DC is functioning properly
Original Source:
http://support.microsoft.com/kb/837513

Mahesh
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now