Solved

No Logon servers available.

Posted on 2014-02-20
14
1,459 Views
Last Modified: 2016-03-14
Hello EE's

Just now i demote my secondary domain controller. I am sure my FSMO masters are primary domain controller and I checked with dsquery.

After demote of secondary server my domain joined other servers cannot login. came up with an error

" No logon server available ".

Please help me on this.

Thank you.

Shamil
0
Comment
Question by:Shamil Mohamed
  • 5
  • 3
  • 3
  • +3
14 Comments
 
LVL 30

Expert Comment

by:Gareth Gudger
ID: 39875895
Did you just move the FSMO roles before you demoted it? Or were the FSMO roles always on another server?

If you moved the FSMO roles before demoting, did you give it adequate time to replicate? Did you use the force removal switch?

When you demoted it, did you also remove DNS? Is DNS on servers/clients still pointing to the old DC?

Does the DC still show up in Active Directory Sites and Services?

What happens when you run DCDIAG from a command prompt on your working DCs? Any errors?
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 39875906
And one additional question to those above. Is your remaining DC also  global catalog server?
0
 

Author Comment

by:Shamil Mohamed
ID: 39875908
ya gave around 1 week of time. I didnt use force removal switch. Ya DNS & Global catalog also removed. My primary DC still up in Active Directory sited and services.

Just now i check dcdiag saw some errors.. can u please go through the attachments..

Pleas help me..

Thank you
dsdiag01.jpg
dsdiag02.jpg
dsdiag03.jpg
dsdiag04.jpg
0
 
LVL 30

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 166 total points
ID: 39875919
If you browse the shares on the server, do you have a NETLOGON and SYSVOL share?

The Advertising errors concerns me the most. The system log errors can usually be ignored. You have a fair few replication errors, but unlikely causing this problem.

Run IPCONFIG /REGISTERDNS from a command prompt.

And restart the NETLOGON service.
0
 
LVL 30

Expert Comment

by:Gareth Gudger
ID: 39875923
Check and make sure the old server isn't listed anywhere in AD Sites and Services. Check under every section of it. That will likely clean up some of the replication errors.
0
 
LVL 14

Assisted Solution

by:Schnell Solutions
Schnell Solutions earned 250 total points
ID: 39875929
You could be facing a name resolution issue. How did you handle your DNS Service?

For example, the computers and servers from your network are configured to use a DNS server. Do you have Domain Controllers, Member servers or workstations pointing to the decommisioned DNS? If this is the case you need to Update the DNS client Configuration for your DCs, servers and workstations to point to the new DNS

If the DNS resolution is not working fine ... AD is not going to work

Additionally of verifying that all your servers and computers are using the new DNS, can you ensure that if you open your DNS zone the different ADDS records are present there?
0
 

Author Comment

by:Shamil Mohamed
ID: 39875936
Ya its done.. that server name is not mentioned anywhere its removed automatically after the demote of the server.

above mentioned also done.. ( ipconfig/registerdns and net start & stop netlogon = also done ).
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 30

Expert Comment

by:Gareth Gudger
ID: 39875942
I probably should have asked what DCs level these are.

Check out this article for 2003. This is regarding the Advertising Error.
http://support.microsoft.com/kb/958804
0
 

Author Comment

by:Shamil Mohamed
ID: 39875945
according to DHCP server this secondary domain controller IP is still populated as Secondary DNS server.. is that would be a problem.. ??? Primary DNS server ip is there and still running up..
0
 
LVL 14

Assisted Solution

by:Schnell Solutions
Schnell Solutions earned 250 total points
ID: 39875950
Hello

I am not clear if you answered my previous question...

As far as you took out one DC/DNS and you staid with a new one. Do you have all your servers and clients pointing to the new DC ad the DNS server? Which one is the server that you are using as the DNS server for your DC/Member servers and worstations?

If you open the DNS zone for the new server, are you able to see the ADDS Service records inside the dns zone _msdcs.yourdomain?
0
 
LVL 30

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 166 total points
ID: 39875952
You definitely should remove the old decommissioned server from DHCP. That can cause problems should the IP stack determine to use that one. Make sure the servers don't have that statically set in their network properties either.
0
 
LVL 14

Accepted Solution

by:
Schnell Solutions earned 250 total points
ID: 39875954
Better switch the primary DNS that your DCs/Servers/Clients use to the new DC. Because as far as the old server is online without the DNS server role working/synchronized, your clients can try working with that one and not switching to the secondary one
0
 
LVL 17

Assisted Solution

by:Sikhumbuzo Ntsada
Sikhumbuzo Ntsada earned 84 total points
ID: 39876104
Hi There,

Take one server, disconnect the network cable, then login - it should go in from the last remembered domain.

Then check which domain controller it's log on to.

Open an elevated command prompt and type "echo %logonserver%, it should list the current domain controller used.

Put the cable back and add the machine to the domain again, do "ipconfig /flushdns" then "ipconfig /registerdns"
0
 

Expert Comment

by:MugoMudzi
ID: 41506053
spent a week struggling with this, the internet let me down until I figured it out by myself. Go to another server and open up power shell. After that, remote log in using power shell, apparently the admin password still works through this and then run power shell commands to reset all passwords or that particular local account. This problem is brought by the fact that your DNS server might have been sitting on that particular server it was not referenced properly after demotion. The script is down here for the reset although it will reset all local passwords
####
Get-WmiObject win32_useraccount | Foreach-Object {
([adsi](“WinNT://”+$_.caption).replace(“\”,”/”)).SetPassword(“FluxCapacitor!11-5-1955”)
}
###
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

Table of Contents: Lesson 1 - Installing Windows Server 2012 (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2012/A_11592-Become-an-Administrator-Installing-Windows-Server-2012.html) Lesson 2 - Configuring Ser…
The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now