?
Solved

No Logon servers available.

Posted on 2014-02-20
14
Medium Priority
?
1,595 Views
Last Modified: 2016-03-14
Hello EE's

Just now i demote my secondary domain controller. I am sure my FSMO masters are primary domain controller and I checked with dsquery.

After demote of secondary server my domain joined other servers cannot login. came up with an error

" No logon server available ".

Please help me on this.

Thank you.

Shamil
0
Comment
Question by:Shamil Mohamed
  • 5
  • 3
  • 3
  • +3
14 Comments
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39875895
Did you just move the FSMO roles before you demoted it? Or were the FSMO roles always on another server?

If you moved the FSMO roles before demoting, did you give it adequate time to replicate? Did you use the force removal switch?

When you demoted it, did you also remove DNS? Is DNS on servers/clients still pointing to the old DC?

Does the DC still show up in Active Directory Sites and Services?

What happens when you run DCDIAG from a command prompt on your working DCs? Any errors?
0
 
LVL 60

Expert Comment

by:Cliff Galiher
ID: 39875906
And one additional question to those above. Is your remaining DC also  global catalog server?
0
 
LVL 1

Author Comment

by:Shamil Mohamed
ID: 39875908
ya gave around 1 week of time. I didnt use force removal switch. Ya DNS & Global catalog also removed. My primary DC still up in Active Directory sited and services.

Just now i check dcdiag saw some errors.. can u please go through the attachments..

Pleas help me..

Thank you
dsdiag01.jpg
dsdiag02.jpg
dsdiag03.jpg
dsdiag04.jpg
0
Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

 
LVL 31

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 498 total points
ID: 39875919
If you browse the shares on the server, do you have a NETLOGON and SYSVOL share?

The Advertising errors concerns me the most. The system log errors can usually be ignored. You have a fair few replication errors, but unlikely causing this problem.

Run IPCONFIG /REGISTERDNS from a command prompt.

And restart the NETLOGON service.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39875923
Check and make sure the old server isn't listed anywhere in AD Sites and Services. Check under every section of it. That will likely clean up some of the replication errors.
0
 
LVL 14

Assisted Solution

by:Schnell Solutions
Schnell Solutions earned 750 total points
ID: 39875929
You could be facing a name resolution issue. How did you handle your DNS Service?

For example, the computers and servers from your network are configured to use a DNS server. Do you have Domain Controllers, Member servers or workstations pointing to the decommisioned DNS? If this is the case you need to Update the DNS client Configuration for your DCs, servers and workstations to point to the new DNS

If the DNS resolution is not working fine ... AD is not going to work

Additionally of verifying that all your servers and computers are using the new DNS, can you ensure that if you open your DNS zone the different ADDS records are present there?
0
 
LVL 1

Author Comment

by:Shamil Mohamed
ID: 39875936
Ya its done.. that server name is not mentioned anywhere its removed automatically after the demote of the server.

above mentioned also done.. ( ipconfig/registerdns and net start & stop netlogon = also done ).
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39875942
I probably should have asked what DCs level these are.

Check out this article for 2003. This is regarding the Advertising Error.
http://support.microsoft.com/kb/958804
0
 
LVL 1

Author Comment

by:Shamil Mohamed
ID: 39875945
according to DHCP server this secondary domain controller IP is still populated as Secondary DNS server.. is that would be a problem.. ??? Primary DNS server ip is there and still running up..
0
 
LVL 14

Assisted Solution

by:Schnell Solutions
Schnell Solutions earned 750 total points
ID: 39875950
Hello

I am not clear if you answered my previous question...

As far as you took out one DC/DNS and you staid with a new one. Do you have all your servers and clients pointing to the new DC ad the DNS server? Which one is the server that you are using as the DNS server for your DC/Member servers and worstations?

If you open the DNS zone for the new server, are you able to see the ADDS Service records inside the dns zone _msdcs.yourdomain?
0
 
LVL 31

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 498 total points
ID: 39875952
You definitely should remove the old decommissioned server from DHCP. That can cause problems should the IP stack determine to use that one. Make sure the servers don't have that statically set in their network properties either.
0
 
LVL 14

Accepted Solution

by:
Schnell Solutions earned 750 total points
ID: 39875954
Better switch the primary DNS that your DCs/Servers/Clients use to the new DC. Because as far as the old server is online without the DNS server role working/synchronized, your clients can try working with that one and not switching to the secondary one
0
 
LVL 17

Assisted Solution

by:Sikhumbuzo Ntsada
Sikhumbuzo Ntsada earned 252 total points
ID: 39876104
Hi There,

Take one server, disconnect the network cable, then login - it should go in from the last remembered domain.

Then check which domain controller it's log on to.

Open an elevated command prompt and type "echo %logonserver%, it should list the current domain controller used.

Put the cable back and add the machine to the domain again, do "ipconfig /flushdns" then "ipconfig /registerdns"
0
 

Expert Comment

by:MugoMudzi
ID: 41506053
spent a week struggling with this, the internet let me down until I figured it out by myself. Go to another server and open up power shell. After that, remote log in using power shell, apparently the admin password still works through this and then run power shell commands to reset all passwords or that particular local account. This problem is brought by the fact that your DNS server might have been sitting on that particular server it was not referenced properly after demotion. The script is down here for the reset although it will reset all local passwords
####
Get-WmiObject win32_useraccount | Foreach-Object {
([adsi](“WinNT://”+$_.caption).replace(“\”,”/”)).SetPassword(“FluxCapacitor!11-5-1955”)
}
###
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Every now and then, Microsoft does something that totally impresses me. It doesn't happen often, but in this case I must say I am thoroughly impressed with Windows Server Backup. One of the long time issues with Windows Backup has been the ability t…
Recently, I was assigned the task of performing a hardware refresh in the datacenter. The previous Windows 2008 systems were connected to the SAN via fiber channel HBA’s and among other thing, had PowerPath installed in order to provide sufficient f…
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question