No Logon servers available.

Hello EE's

Just now i demote my secondary domain controller. I am sure my FSMO masters are primary domain controller and I checked with dsquery.

After demote of secondary server my domain joined other servers cannot login. came up with an error

" No logon server available ".

Please help me on this.

Thank you.

Shamil MohamedIT Infrastructure Engineer/IT Systems ManagerAsked:
Who is Participating?
Schnell SolutionsSystems Infrastructure EngineerCommented:
Better switch the primary DNS that your DCs/Servers/Clients use to the new DC. Because as far as the old server is online without the DNS server role working/synchronized, your clients can try working with that one and not switching to the secondary one
Gareth GudgerCommented:
Did you just move the FSMO roles before you demoted it? Or were the FSMO roles always on another server?

If you moved the FSMO roles before demoting, did you give it adequate time to replicate? Did you use the force removal switch?

When you demoted it, did you also remove DNS? Is DNS on servers/clients still pointing to the old DC?

Does the DC still show up in Active Directory Sites and Services?

What happens when you run DCDIAG from a command prompt on your working DCs? Any errors?
Cliff GaliherCommented:
And one additional question to those above. Is your remaining DC also  global catalog server?
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Shamil MohamedIT Infrastructure Engineer/IT Systems ManagerAuthor Commented:
ya gave around 1 week of time. I didnt use force removal switch. Ya DNS & Global catalog also removed. My primary DC still up in Active Directory sited and services.

Just now i check dcdiag saw some errors.. can u please go through the attachments..

Pleas help me..

Thank you
Gareth GudgerCommented:
If you browse the shares on the server, do you have a NETLOGON and SYSVOL share?

The Advertising errors concerns me the most. The system log errors can usually be ignored. You have a fair few replication errors, but unlikely causing this problem.

Run IPCONFIG /REGISTERDNS from a command prompt.

And restart the NETLOGON service.
Gareth GudgerCommented:
Check and make sure the old server isn't listed anywhere in AD Sites and Services. Check under every section of it. That will likely clean up some of the replication errors.
Schnell SolutionsSystems Infrastructure EngineerCommented:
You could be facing a name resolution issue. How did you handle your DNS Service?

For example, the computers and servers from your network are configured to use a DNS server. Do you have Domain Controllers, Member servers or workstations pointing to the decommisioned DNS? If this is the case you need to Update the DNS client Configuration for your DCs, servers and workstations to point to the new DNS

If the DNS resolution is not working fine ... AD is not going to work

Additionally of verifying that all your servers and computers are using the new DNS, can you ensure that if you open your DNS zone the different ADDS records are present there?
Shamil MohamedIT Infrastructure Engineer/IT Systems ManagerAuthor Commented:
Ya its done.. that server name is not mentioned anywhere its removed automatically after the demote of the server.

above mentioned also done.. ( ipconfig/registerdns and net start & stop netlogon = also done ).
Gareth GudgerCommented:
I probably should have asked what DCs level these are.

Check out this article for 2003. This is regarding the Advertising Error.
Shamil MohamedIT Infrastructure Engineer/IT Systems ManagerAuthor Commented:
according to DHCP server this secondary domain controller IP is still populated as Secondary DNS server.. is that would be a problem.. ??? Primary DNS server ip is there and still running up..
Schnell SolutionsSystems Infrastructure EngineerCommented:

I am not clear if you answered my previous question...

As far as you took out one DC/DNS and you staid with a new one. Do you have all your servers and clients pointing to the new DC ad the DNS server? Which one is the server that you are using as the DNS server for your DC/Member servers and worstations?

If you open the DNS zone for the new server, are you able to see the ADDS Service records inside the dns zone _msdcs.yourdomain?
Gareth GudgerCommented:
You definitely should remove the old decommissioned server from DHCP. That can cause problems should the IP stack determine to use that one. Make sure the servers don't have that statically set in their network properties either.
Sikhumbuzo NtsadaSenior IT TechnicianCommented:
Hi There,

Take one server, disconnect the network cable, then login - it should go in from the last remembered domain.

Then check which domain controller it's log on to.

Open an elevated command prompt and type "echo %logonserver%, it should list the current domain controller used.

Put the cable back and add the machine to the domain again, do "ipconfig /flushdns" then "ipconfig /registerdns"
spent a week struggling with this, the internet let me down until I figured it out by myself. Go to another server and open up power shell. After that, remote log in using power shell, apparently the admin password still works through this and then run power shell commands to reset all passwords or that particular local account. This problem is brought by the fact that your DNS server might have been sitting on that particular server it was not referenced properly after demotion. The script is down here for the reset although it will reset all local passwords
Get-WmiObject win32_useraccount | Foreach-Object {
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.