Solved

DNS Active Directory GC not connecting

Posted on 2014-03-21
132
156 Views
Last Modified: 2014-06-07
In a virtual environment, I was enabling jumbo frames. When I enabled it on one vSwitch I lost connection to one of my host machines. I contacted vmWare and they tried to trouble shoot but they said I have to do a network setting reset. So I did but on the wrong host machine that my Primary DC was on. After the reset I had to quickly configure it again just to run the VMs during production time. Then I reset the second host that had the second DC. After completing the settings on it. I was not able to connect to my vCenter, VMware troubleshooted and realized that my DCs are not communication and my GC and active directory are not working. I am stumped and need thelp to get this resolved. I am willing to stay up late to get this fixed. I do not wnat my boss to get upset at me.  The Strangely, the VMs are still runnning.
0
Comment
Question by:j_rameses
  • 81
  • 51
132 Comments
 

Expert Comment

by:sweetness34
Comment Utility
Are jumbo frames enabled on your physical switch?  If not enable Jumbo frames on the physical switch between the hosts.
0
 

Author Comment

by:j_rameses
Comment Utility
I do not have access to the switch, should I then disable the jumbo frames instead
0
 

Expert Comment

by:sweetness34
Comment Utility
I would disable unless you can enable on the physical switch.
0
 

Author Comment

by:j_rameses
Comment Utility
i disbaled them but on one of the DC, i cant ping the DG nor DC1 still.
maybe a restart of that server?
0
 

Expert Comment

by:sweetness34
Comment Utility
can you ping servers on the same host?  Can you ping any devices outside the host like the default gateway?
0
 

Author Comment

by:j_rameses
Comment Utility
primary server can ping DG but not the DC2
DC2 cannot ping DG nor DC1

Both DC1 and DC2 can ping other devices.
0
 

Author Comment

by:j_rameses
Comment Utility
firewall disabled on both DCs
0
 

Expert Comment

by:sweetness34
Comment Utility
I think you have to reboot VMware hosts when changing jumbo frames.  Are you able to do that?
0
 

Author Comment

by:j_rameses
Comment Utility
I could reboot remotely, yes.
Should I leave them as jumbo frames the two DCs even though i have no access to the switches?
0
 

Expert Comment

by:sweetness34
Comment Utility
I would not enable Jumbo frames unless you can enable on the physical switch.
0
 

Author Comment

by:j_rameses
Comment Utility
the other issue with this I can not get DNS or Active Directory to work.
I get an erro mssg about PDC emulator
0
 

Expert Comment

by:sweetness34
Comment Utility
let's see what happens after the reboot of the VMware hosts.
0
 

Author Comment

by:j_rameses
Comment Utility
i do know the two brands of the switches: hp procurve 1810-24g
0
 

Author Comment

by:j_rameses
Comment Utility
i just put one host to reboot.
I'll wait for that one first.
0
 

Author Comment

by:j_rameses
Comment Utility
still waiting for it to reboot
0
 

Author Comment

by:j_rameses
Comment Utility
first host machine is up.
I will check to see if it can still ping DG and other VMs
Then I will restart the second host machine
is that ok?
0
 

Author Comment

by:j_rameses
Comment Utility
is there a method to ping the domain for open IPs, this way I can get the ip address fro the switch?
0
 

Author Comment

by:j_rameses
Comment Utility
i found a way:
for /L %z in (1,1,254) do @ping 10.0.0.%z -w 10 -n 1 | find "Reply"

let the 10.0.0.0.%z represent your ip range
0
 

Author Comment

by:j_rameses
Comment Utility
Both DCs can ping each other as well as the DG.
Now, can can I get my Group policy and AD up and running?
0
 

Expert Comment

by:sweetness34
Comment Utility
where are we at, can you ping?
0
 

Author Comment

by:j_rameses
Comment Utility
When I try to go to AD for users and computers i get the following:
Naming information cannot be located because:   The specified domain either does not exist or could not be contacted. Contact your system administrator to verify that your domain is properly configured and is currently online.

Here is a silly question:
For DC1 it's DNS order is DC1, DC2?
For DC2 it's DNS order is DC2, DC1?
0
 

Expert Comment

by:sweetness34
Comment Utility
are both hosts rebooted?
0
 

Author Comment

by:j_rameses
Comment Utility
yes.

When I try to go to AD for users and computers i get the following:
Naming information cannot be located because:   The specified domain either does not exist or could not be contacted. Contact your system administrator to verify that your domain is properly configured and is currently online.

Here is a silly question:
For DC1 it's DNS order is DC1, DC2?
For DC2 it's DNS order is DC2, DC1?
0
 

Expert Comment

by:sweetness34
Comment Utility
are you able to ping between  DCs?
0
 

Author Comment

by:j_rameses
Comment Utility
yes, but my Domain controller is down, not recognized as the domain controller
0
 

Author Comment

by:j_rameses
Comment Utility
i can logged into it but the network does not recognize it as the DC
0
 

Expert Comment

by:sweetness34
Comment Utility
that has nothing to do with Jumbo frames.  Are all automatic
services started?
0
 

Expert Comment

by:sweetness34
Comment Utility
what does DCDIAG say?
0
 

Expert Comment

by:sweetness34
Comment Utility
does nslookup allow you to resolve the domain?
0
 

Author Comment

by:j_rameses
Comment Utility
i will check that
0
 

Author Comment

by:j_rameses
Comment Utility
remote registry and
software ? was not started so I started them
0
 

Author Comment

by:j_rameses
Comment Utility
I am looking in DNS Manager and under: domain-->forward lookup zone-->_msdcs.domainName.local -->DC --> sites -->
well those all sections has listed both domian contorollers as well as section: PDC & GC
0
 

Author Comment

by:j_rameses
Comment Utility
dcdiag = error 1355
0
 

Author Comment

by:j_rameses
Comment Utility
if I do a nsloopup for each DC, I get the name of the DC and If I do nslookup of the other DC , i get the server name as well
0
 

Expert Comment

by:sweetness34
Comment Utility
I would reboot the GC and see if the domain controller comes up.
0
 

Author Comment

by:j_rameses
Comment Utility
reboot the DC again then?
0
 

Expert Comment

by:sweetness34
Comment Utility
I would clear event logs and reboot DC.  If it does not come up I would start reviewing the event logs and see where the problem is.  Sounds like the problem is not the network at this point.
0
 

Author Comment

by:j_rameses
Comment Utility
i am rebooting the first DC, then I will reboot the second DC.

I still did not get a response regarding:

Here is a silly question:
For DC1 it's DNS order is DC1, DC2?
For DC2 it's DNS order is DC2, DC1?

for example:
DC1 = 192.168.20.1
DC2 = 192.168.20.2

So on DC1 for alternate DNS should it be:
Primary = 192.168.20.1
Secondary = 192.168.20.2

and the opposite for the other DC?

or should DC1 be:
Primary = 192.168.20.2
Secondary = 192.168.20.1
0
 

Expert Comment

by:sweetness34
Comment Utility
I think your DNS setup  is fine and proper.  You may want to add
 127.0.0.1 as the third DNS.
0
 

Author Comment

by:j_rameses
Comment Utility
i cleared up the logs under WINDOWS but not able to under CUSTOM VIEWS.
0
 

Author Comment

by:j_rameses
Comment Utility
AD is still not accessible
0
 

Expert Comment

by:sweetness34
Comment Utility
event log show anything?
0
 

Author Comment

by:j_rameses
Comment Utility
under-->Custome Views --> Server Roles --> Active Directory Domain Services:

AD D Services was unable to establish a connection with the global catalog.
Additional Data:  1355 The Specified domain either does not exist or could not be contacted.
INternal ID:  3200e24

User Action:
Make Sure the global catalog is available in the forest, and is reachable from this DC. You may use the nltest utility to diagnose the problem.

This wa event ID 1126
user: anonymous logon
0
 

Expert Comment

by:sweetness34
Comment Utility
\\DCservername have netlogon and sysvol?
0
 

Expert Comment

by:sweetness34
Comment Utility
0
 

Expert Comment

by:sweetness34
Comment Utility
0
 

Author Comment

by:j_rameses
Comment Utility
What do you mean by:

\\DCservername have netlogon and sysvol?
0
 

Author Comment

by:j_rameses
Comment Utility
I am unfamiliar with:
\\DCservername have netlogon and sysvol?
0
 

Expert Comment

by:sweetness34
Comment Utility
if you go to start then run and type \\DC1 or \\DC2 do you see sysvol or netlogon as a share?
0
 

Author Comment

by:j_rameses
Comment Utility
I am running windows 2012 server.
I get an empty folder that opens up under network
0
 

Author Comment

by:j_rameses
Comment Utility
on DC1 i get a folder called "CertEnroll"
on the DC2 I get an empty folder
0
 

Expert Comment

by:sweetness34
Comment Utility
I would look at the articles  above
0
 

Author Comment

by:j_rameses
Comment Utility
if ound it its under windows.
So i should move it then
0
 

Author Comment

by:j_rameses
Comment Utility
What if it doesn't allow me to move all the contents of the folder?
It won't allow me when I drag and drop
0
 

Expert Comment

by:sweetness34
Comment Utility
what are you trying to drag and drop?
0
 

Author Comment

by:j_rameses
Comment Utility
Can you help me with that article regarding the SYSVOL, I am confused.
I think I need further explanation.
0
 

Author Comment

by:j_rameses
Comment Utility
it says the folders inside the SYSVOL folder
0
 

Expert Comment

by:sweetness34
Comment Utility
what does BPA say under server manager under AD DS?
0
 

Author Comment

by:j_rameses
Comment Utility
It's blank o both of the DCs
0
 

Expert Comment

by:sweetness34
Comment Utility
so if you run BPA under Task is still is blank?
0
 

Author Comment

by:j_rameses
Comment Utility
Correct, it's blank
0
 

Expert Comment

by:sweetness34
Comment Utility
on both domain controllers?  You run BPA and is comes up blank?
0
 

Author Comment

by:j_rameses
Comment Utility
DC2, some things showed up compliant results = 33 of 42.

Some are: The AD DS BPA shuld be able to collect data about the hostname of the forest root pds from the forest root pdc
0
 

Author Comment

by:j_rameses
Comment Utility
Correct the errors that showed up are 9 out of 42. It took a while for it to populate
0
 

Author Comment

by:j_rameses
Comment Utility
THE DC! nothing pops up, it is blank
0
 

Expert Comment

by:sweetness34
Comment Utility
any critical errors you can share?
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:j_rameses
Comment Utility
Two erros: I took a snippet pic but deleted it by mistake so i will type it:
Error: THE AD DS BPA....(i wrote that one already)
Error: The default DCs policy in the domain domainname.local should be applied toto the OU=Domain Controllers, DC=domainname,DC=local
0
 

Author Comment

by:j_rameses
Comment Utility
they are not critical errors bbut regular errors
0
 

Expert Comment

by:sweetness34
Comment Utility
Did you have this problem before you changed to Jumbo frames?
0
 

Author Comment

by:j_rameses
Comment Utility
no, i did not.
It all happened today.
0
 

Author Comment

by:j_rameses
Comment Utility
VMware said it's a DNS issue
0
 

Expert Comment

by:sweetness34
Comment Utility
type cmd
nslookup enter
yourdomainname enter


does it resolve?
0
 

Author Comment

by:j_rameses
Comment Utility
I could open up DNS on both DCs
I can not open up GPO, Active Directories

I need this up and running so I can spend time with my wife this weekend.
She is pregnant and 6 weekd before she is due and I would like this resolved so I can rest before the big day.
Would like to have the network set up with jumbo frmaes before i take off for two weeks after the birth
0
 

Author Comment

by:j_rameses
Comment Utility
this is the message I get if i try to open active directory users and computersactive directory error
0
 

Author Comment

by:j_rameses
Comment Utility
If i click ok this is what i see with nothing in the pane:
view after clicking 'ok' button
0
 

Expert Comment

by:sweetness34
Comment Utility
what happens when you right click on ADUC and select change domain controllers?
0
 

Author Comment

by:j_rameses
Comment Utility
I get this:

nslookup
0
 

Author Comment

by:j_rameses
Comment Utility
i see this:

change name of DC
0
 

Author Comment

by:j_rameses
Comment Utility
Can i enter the DC1 here and if yes, what port do i use?
0
 

Expert Comment

by:sweetness34
Comment Utility
389
0
 

Expert Comment

by:sweetness34
Comment Utility
type nslookup then enter
then type domainame.local

does it resolve to an IP?
0
 

Expert Comment

by:sweetness34
Comment Utility
if it does not then it is a dns issue
0
 

Author Comment

by:j_rameses
Comment Utility
I get RPC server is not available.
will check to see if service is on.
0
 

Author Comment

by:j_rameses
Comment Utility
it's running the RPC servicerpc error mmsg
0
 

Expert Comment

by:sweetness34
Comment Utility
on server 10.1.1.75 do you see port 389 open
cmd prompt

netstat -an

do you see port  389 listening?
0
 

Author Comment

by:j_rameses
Comment Utility
for some strange reason it can not contact the domain. I tried changing the domain name and i get an error mssg:

The domain domainName.local could not be found because:  The specified Domain either does not exists or could not be contacted.
0
 

Expert Comment

by:sweetness34
Comment Utility
type nslookup then enter
then type domainame.local

does it resolve to an IP?
0
 

Author Comment

by:j_rameses
Comment Utility
here is a picnetstat
0
 

Author Comment

by:j_rameses
Comment Utility
yes, it resolves to an ip address
0
 

Expert Comment

by:sweetness34
Comment Utility
port 389 is TCP  (towards the top)
0
 

Author Comment

by:j_rameses
Comment Utility
trying to stop it from scrolling all the way to the bottom but do not know how to stop it from rolling all the entries
0
 

Expert Comment

by:sweetness34
Comment Utility
if you look under DNS manager do you see under forward lookup zone?
0
 

Expert Comment

by:sweetness34
Comment Utility
netstat -an |more
0
 

Author Comment

by:j_rameses
Comment Utility
yes, it is there, TCP     0.0.0.0:389 is listening
0
 

Author Comment

by:j_rameses
Comment Utility
under DNS manager everything there looks the same as before this issue
0
 

Author Comment

by:j_rameses
Comment Utility
Under forward loooking zone:

_msdcs.DomainName.local
DomainName.local
www.websitename.com

and some other stuff we use for our virtual desktops for remote entry
0
 

Expert Comment

by:sweetness34
Comment Utility
do you have


_msdcs
_sites
_tcp
_udp

etc.. under the zone?
0
 

Author Comment

by:j_rameses
Comment Utility
Here is the tree structure:

dns manager tree structure
0
 

Author Comment

by:j_rameses
Comment Utility
here is a collapsed view:

collapse view of dns
0
 

Expert Comment

by:sweetness34
Comment Utility
in the event viewer

under application and services log

do you see anything under directory service?
0
 

Expert Comment

by:sweetness34
Comment Utility
check that you on the server that holds your fsmo roles
0
 

Author Comment

by:j_rameses
Comment Utility
directory services
0
 

Author Comment

by:j_rameses
Comment Utility
FSMO roles?
I believe that is on the DC is it?
Are you asking if it's on the server or are you asking if it's still available?
Either which way, how can i find out where to find the fsmo
0
 

Author Comment

by:j_rameses
Comment Utility
i got this error mssg looking for fsmo rolsesfsmo roles error
0
 

Author Comment

by:j_rameses
Comment Utility
cant get access to see if i have the fsmo
0
 

Expert Comment

by:sweetness34
Comment Utility
can you post dcdiag?
0
 

Author Comment

by:j_rameses
Comment Utility
Are you referring for me to post it on this page or attach it some how?
0
 

Expert Comment

by:sweetness34
Comment Utility
not sure I just want to see it.
0
 

Author Comment

by:j_rameses
Comment Utility
here is the bottom portion:

capture of dcdiag-aprt1
0
 

Expert Comment

by:sweetness34
Comment Utility
can you restart netlogon?
0
 

Author Comment

by:j_rameses
Comment Utility
top part of capture

top part of capture
0
 

Author Comment

by:j_rameses
Comment Utility
did a restart of netlogon svs
0
 

Expert Comment

by:sweetness34
Comment Utility
run dcdiag, same output?
0
 

Author Comment

by:j_rameses
Comment Utility
same output
0
 

Expert Comment

by:sweetness34
Comment Utility
what do you see under dns manger

forward lookup zone > _domain.local msdcs > pdc > _tcp
0
 

Author Comment

by:j_rameses
Comment Utility
I have a VM backup seed for my DC2?
can I upload this one to replace the one that is already there and then DC2 can replicate itself to DC1?
0
 

Author Comment

by:j_rameses
Comment Utility
I see the following:

capture
0
 

Expert Comment

by:sweetness34
Comment Utility
sounds plausible.  

what do you see under dns manger

forward lookup zone > _domain.local msdcs > pdc > _tcp
0
 

Expert Comment

by:sweetness34
Comment Utility
so DNS looks good. you are able able to communicate with all devices via ping from each DC?
0
 

Author Comment

by:j_rameses
Comment Utility
here is a picimage
0
 

Author Comment

by:j_rameses
Comment Utility
I can ping except for the exchange server
0
 

Expert Comment

by:sweetness34
Comment Utility
exchange server a DC?
0
 

Author Comment

by:j_rameses
Comment Utility
Exchange server is our mail on a different vm machine, not on the DC
0
 

Expert Comment

by:sweetness34
Comment Utility
dc1 can ping dc2
dc2 can ping dc1
exchange cannot ping dc or dc2?
dc1 or DC2 can't ping exchange?
is exchange on the same host as DC2 or Dc1?
0
 

Expert Comment

by:sweetness34
Comment Utility
Not sure if this is appropriate (new to the site) but are you interested in remote session?
0
 

Author Comment

by:j_rameses
Comment Utility
dc1 can ping dc2 and vice versa
dc1 cant ping Filemaker nor Exchange
dc2 cant ping Exchange but can ping Filemaker
Filemaker cant ping DC1 but can ping DC2
Filemaker cannot ping Exchange

Exchange decided to do its updates not but failed and is reverting back to its previous settings


DC2 is on same host as Filemaker and Exchange
0
 

Author Comment

by:j_rameses
Comment Utility
sure i am interested in remote session
0
 

Expert Comment

by:sweetness34
Comment Utility
you want to do it tonight or tomorrow?  As I am sure you are, I am getting pretty tired.
0
 

Author Comment

by:j_rameses
Comment Utility
would like to do tonight so tomorrow get to relax.
maybe with u driving it would be faster than typing
0
 

Author Comment

by:j_rameses
Comment Utility
if its ok with u
0
 

Accepted Solution

by:
j_rameses earned 0 total points
Comment Utility
My apologies for late response. Forgot about this.
I was unable to resolve this and had to pay Microsoft money t assit me. About $500.
I know now not to play with something I am unfamiliar with.
Thanks all for assistance.
0
 

Author Closing Comment

by:j_rameses
Comment Utility
I learned very little and had to pay MS money.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Resolve DNS query failed errors for Exchange
HOW TO: Install and Configure VMware vSphere Hypervisor 6.5 (ESXi 6.5), Step by Step Tutorial with screenshots. From Download, Checking Media, to Completed Installation.
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now