Solved

DNS Active Directory GC not connecting

Posted on 2014-03-21
132
161 Views
Last Modified: 2014-06-07
In a virtual environment, I was enabling jumbo frames. When I enabled it on one vSwitch I lost connection to one of my host machines. I contacted vmWare and they tried to trouble shoot but they said I have to do a network setting reset. So I did but on the wrong host machine that my Primary DC was on. After the reset I had to quickly configure it again just to run the VMs during production time. Then I reset the second host that had the second DC. After completing the settings on it. I was not able to connect to my vCenter, VMware troubleshooted and realized that my DCs are not communication and my GC and active directory are not working. I am stumped and need thelp to get this resolved. I am willing to stay up late to get this fixed. I do not wnat my boss to get upset at me.  The Strangely, the VMs are still runnning.
0
Comment
Question by:j_rameses
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 81
  • 51
132 Comments
 

Expert Comment

by:sweetness34
ID: 39946819
Are jumbo frames enabled on your physical switch?  If not enable Jumbo frames on the physical switch between the hosts.
0
 

Author Comment

by:j_rameses
ID: 39946821
I do not have access to the switch, should I then disable the jumbo frames instead
0
 

Expert Comment

by:sweetness34
ID: 39946826
I would disable unless you can enable on the physical switch.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 

Author Comment

by:j_rameses
ID: 39946828
i disbaled them but on one of the DC, i cant ping the DG nor DC1 still.
maybe a restart of that server?
0
 

Expert Comment

by:sweetness34
ID: 39946830
can you ping servers on the same host?  Can you ping any devices outside the host like the default gateway?
0
 

Author Comment

by:j_rameses
ID: 39946831
primary server can ping DG but not the DC2
DC2 cannot ping DG nor DC1

Both DC1 and DC2 can ping other devices.
0
 

Author Comment

by:j_rameses
ID: 39946833
firewall disabled on both DCs
0
 

Expert Comment

by:sweetness34
ID: 39946834
I think you have to reboot VMware hosts when changing jumbo frames.  Are you able to do that?
0
 

Author Comment

by:j_rameses
ID: 39946837
I could reboot remotely, yes.
Should I leave them as jumbo frames the two DCs even though i have no access to the switches?
0
 

Expert Comment

by:sweetness34
ID: 39946842
I would not enable Jumbo frames unless you can enable on the physical switch.
0
 

Author Comment

by:j_rameses
ID: 39946843
the other issue with this I can not get DNS or Active Directory to work.
I get an erro mssg about PDC emulator
0
 

Expert Comment

by:sweetness34
ID: 39946845
let's see what happens after the reboot of the VMware hosts.
0
 

Author Comment

by:j_rameses
ID: 39946846
i do know the two brands of the switches: hp procurve 1810-24g
0
 

Author Comment

by:j_rameses
ID: 39946850
i just put one host to reboot.
I'll wait for that one first.
0
 

Author Comment

by:j_rameses
ID: 39946853
still waiting for it to reboot
0
 

Author Comment

by:j_rameses
ID: 39946859
first host machine is up.
I will check to see if it can still ping DG and other VMs
Then I will restart the second host machine
is that ok?
0
 

Author Comment

by:j_rameses
ID: 39946864
is there a method to ping the domain for open IPs, this way I can get the ip address fro the switch?
0
 

Author Comment

by:j_rameses
ID: 39946876
i found a way:
for /L %z in (1,1,254) do @ping 10.0.0.%z -w 10 -n 1 | find "Reply"

let the 10.0.0.0.%z represent your ip range
0
 

Author Comment

by:j_rameses
ID: 39946881
Both DCs can ping each other as well as the DG.
Now, can can I get my Group policy and AD up and running?
0
 

Expert Comment

by:sweetness34
ID: 39946882
where are we at, can you ping?
0
 

Author Comment

by:j_rameses
ID: 39946886
When I try to go to AD for users and computers i get the following:
Naming information cannot be located because:   The specified domain either does not exist or could not be contacted. Contact your system administrator to verify that your domain is properly configured and is currently online.

Here is a silly question:
For DC1 it's DNS order is DC1, DC2?
For DC2 it's DNS order is DC2, DC1?
0
 

Expert Comment

by:sweetness34
ID: 39946893
are both hosts rebooted?
0
 

Author Comment

by:j_rameses
ID: 39946894
yes.

When I try to go to AD for users and computers i get the following:
Naming information cannot be located because:   The specified domain either does not exist or could not be contacted. Contact your system administrator to verify that your domain is properly configured and is currently online.

Here is a silly question:
For DC1 it's DNS order is DC1, DC2?
For DC2 it's DNS order is DC2, DC1?
0
 

Expert Comment

by:sweetness34
ID: 39946897
are you able to ping between  DCs?
0
 

Author Comment

by:j_rameses
ID: 39946898
yes, but my Domain controller is down, not recognized as the domain controller
0
 

Author Comment

by:j_rameses
ID: 39946900
i can logged into it but the network does not recognize it as the DC
0
 

Expert Comment

by:sweetness34
ID: 39946911
that has nothing to do with Jumbo frames.  Are all automatic
services started?
0
 

Expert Comment

by:sweetness34
ID: 39946912
what does DCDIAG say?
0
 

Expert Comment

by:sweetness34
ID: 39946914
does nslookup allow you to resolve the domain?
0
 

Author Comment

by:j_rameses
ID: 39946915
i will check that
0
 

Author Comment

by:j_rameses
ID: 39946917
remote registry and
software ? was not started so I started them
0
 

Author Comment

by:j_rameses
ID: 39946923
I am looking in DNS Manager and under: domain-->forward lookup zone-->_msdcs.domainName.local -->DC --> sites -->
well those all sections has listed both domian contorollers as well as section: PDC & GC
0
 

Author Comment

by:j_rameses
ID: 39946926
dcdiag = error 1355
0
 

Author Comment

by:j_rameses
ID: 39946928
if I do a nsloopup for each DC, I get the name of the DC and If I do nslookup of the other DC , i get the server name as well
0
 

Expert Comment

by:sweetness34
ID: 39946929
I would reboot the GC and see if the domain controller comes up.
0
 

Author Comment

by:j_rameses
ID: 39946930
reboot the DC again then?
0
 

Expert Comment

by:sweetness34
ID: 39946934
I would clear event logs and reboot DC.  If it does not come up I would start reviewing the event logs and see where the problem is.  Sounds like the problem is not the network at this point.
0
 

Author Comment

by:j_rameses
ID: 39946935
i am rebooting the first DC, then I will reboot the second DC.

I still did not get a response regarding:

Here is a silly question:
For DC1 it's DNS order is DC1, DC2?
For DC2 it's DNS order is DC2, DC1?

for example:
DC1 = 192.168.20.1
DC2 = 192.168.20.2

So on DC1 for alternate DNS should it be:
Primary = 192.168.20.1
Secondary = 192.168.20.2

and the opposite for the other DC?

or should DC1 be:
Primary = 192.168.20.2
Secondary = 192.168.20.1
0
 

Expert Comment

by:sweetness34
ID: 39946937
I think your DNS setup  is fine and proper.  You may want to add
 127.0.0.1 as the third DNS.
0
 

Author Comment

by:j_rameses
ID: 39946939
i cleared up the logs under WINDOWS but not able to under CUSTOM VIEWS.
0
 

Author Comment

by:j_rameses
ID: 39946946
AD is still not accessible
0
 

Expert Comment

by:sweetness34
ID: 39946947
event log show anything?
0
 

Author Comment

by:j_rameses
ID: 39946954
under-->Custome Views --> Server Roles --> Active Directory Domain Services:

AD D Services was unable to establish a connection with the global catalog.
Additional Data:  1355 The Specified domain either does not exist or could not be contacted.
INternal ID:  3200e24

User Action:
Make Sure the global catalog is available in the forest, and is reachable from this DC. You may use the nltest utility to diagnose the problem.

This wa event ID 1126
user: anonymous logon
0
 

Expert Comment

by:sweetness34
ID: 39946956
\\DCservername have netlogon and sysvol?
0
 

Author Comment

by:j_rameses
ID: 39946961
What do you mean by:

\\DCservername have netlogon and sysvol?
0
 

Author Comment

by:j_rameses
ID: 39946962
I am unfamiliar with:
\\DCservername have netlogon and sysvol?
0
 

Expert Comment

by:sweetness34
ID: 39946963
if you go to start then run and type \\DC1 or \\DC2 do you see sysvol or netlogon as a share?
0
 

Author Comment

by:j_rameses
ID: 39946966
I am running windows 2012 server.
I get an empty folder that opens up under network
0
 

Author Comment

by:j_rameses
ID: 39946967
on DC1 i get a folder called "CertEnroll"
on the DC2 I get an empty folder
0
 

Expert Comment

by:sweetness34
ID: 39946968
I would look at the articles  above
0
 

Author Comment

by:j_rameses
ID: 39946970
if ound it its under windows.
So i should move it then
0
 

Author Comment

by:j_rameses
ID: 39946974
What if it doesn't allow me to move all the contents of the folder?
It won't allow me when I drag and drop
0
 

Expert Comment

by:sweetness34
ID: 39946975
what are you trying to drag and drop?
0
 

Author Comment

by:j_rameses
ID: 39946976
Can you help me with that article regarding the SYSVOL, I am confused.
I think I need further explanation.
0
 

Author Comment

by:j_rameses
ID: 39946977
it says the folders inside the SYSVOL folder
0
 

Expert Comment

by:sweetness34
ID: 39946979
what does BPA say under server manager under AD DS?
0
 

Author Comment

by:j_rameses
ID: 39946980
It's blank o both of the DCs
0
 

Expert Comment

by:sweetness34
ID: 39946981
so if you run BPA under Task is still is blank?
0
 

Author Comment

by:j_rameses
ID: 39946982
Correct, it's blank
0
 

Expert Comment

by:sweetness34
ID: 39946985
on both domain controllers?  You run BPA and is comes up blank?
0
 

Author Comment

by:j_rameses
ID: 39946986
DC2, some things showed up compliant results = 33 of 42.

Some are: The AD DS BPA shuld be able to collect data about the hostname of the forest root pds from the forest root pdc
0
 

Author Comment

by:j_rameses
ID: 39946989
Correct the errors that showed up are 9 out of 42. It took a while for it to populate
0
 

Author Comment

by:j_rameses
ID: 39946990
THE DC! nothing pops up, it is blank
0
 

Expert Comment

by:sweetness34
ID: 39946991
any critical errors you can share?
0
 

Author Comment

by:j_rameses
ID: 39946996
Two erros: I took a snippet pic but deleted it by mistake so i will type it:
Error: THE AD DS BPA....(i wrote that one already)
Error: The default DCs policy in the domain domainname.local should be applied toto the OU=Domain Controllers, DC=domainname,DC=local
0
 

Author Comment

by:j_rameses
ID: 39946999
they are not critical errors bbut regular errors
0
 

Expert Comment

by:sweetness34
ID: 39947001
Did you have this problem before you changed to Jumbo frames?
0
 

Author Comment

by:j_rameses
ID: 39947003
no, i did not.
It all happened today.
0
 

Author Comment

by:j_rameses
ID: 39947004
VMware said it's a DNS issue
0
 

Expert Comment

by:sweetness34
ID: 39947008
type cmd
nslookup enter
yourdomainname enter


does it resolve?
0
 

Author Comment

by:j_rameses
ID: 39947009
I could open up DNS on both DCs
I can not open up GPO, Active Directories

I need this up and running so I can spend time with my wife this weekend.
She is pregnant and 6 weekd before she is due and I would like this resolved so I can rest before the big day.
Would like to have the network set up with jumbo frmaes before i take off for two weeks after the birth
0
 

Author Comment

by:j_rameses
ID: 39947011
this is the message I get if i try to open active directory users and computersactive directory error
0
 

Author Comment

by:j_rameses
ID: 39947012
If i click ok this is what i see with nothing in the pane:
view after clicking 'ok' button
0
 

Expert Comment

by:sweetness34
ID: 39947014
what happens when you right click on ADUC and select change domain controllers?
0
 

Author Comment

by:j_rameses
ID: 39947015
I get this:

nslookup
0
 

Author Comment

by:j_rameses
ID: 39947017
i see this:

change name of DC
0
 

Author Comment

by:j_rameses
ID: 39947018
Can i enter the DC1 here and if yes, what port do i use?
0
 

Expert Comment

by:sweetness34
ID: 39947021
389
0
 

Expert Comment

by:sweetness34
ID: 39947022
type nslookup then enter
then type domainame.local

does it resolve to an IP?
0
 

Expert Comment

by:sweetness34
ID: 39947023
if it does not then it is a dns issue
0
 

Author Comment

by:j_rameses
ID: 39947024
I get RPC server is not available.
will check to see if service is on.
0
 

Author Comment

by:j_rameses
ID: 39947026
it's running the RPC servicerpc error mmsg
0
 

Expert Comment

by:sweetness34
ID: 39947029
on server 10.1.1.75 do you see port 389 open
cmd prompt

netstat -an

do you see port  389 listening?
0
 

Author Comment

by:j_rameses
ID: 39947033
for some strange reason it can not contact the domain. I tried changing the domain name and i get an error mssg:

The domain domainName.local could not be found because:  The specified Domain either does not exists or could not be contacted.
0
 

Expert Comment

by:sweetness34
ID: 39947038
type nslookup then enter
then type domainame.local

does it resolve to an IP?
0
 

Author Comment

by:j_rameses
ID: 39947040
here is a picnetstat
0
 

Author Comment

by:j_rameses
ID: 39947043
yes, it resolves to an ip address
0
 

Expert Comment

by:sweetness34
ID: 39947045
port 389 is TCP  (towards the top)
0
 

Author Comment

by:j_rameses
ID: 39947046
trying to stop it from scrolling all the way to the bottom but do not know how to stop it from rolling all the entries
0
 

Expert Comment

by:sweetness34
ID: 39947047
if you look under DNS manager do you see under forward lookup zone?
0
 

Expert Comment

by:sweetness34
ID: 39947048
netstat -an |more
0
 

Author Comment

by:j_rameses
ID: 39947050
yes, it is there, TCP     0.0.0.0:389 is listening
0
 

Author Comment

by:j_rameses
ID: 39947051
under DNS manager everything there looks the same as before this issue
0
 

Author Comment

by:j_rameses
ID: 39947054
Under forward loooking zone:

_msdcs.DomainName.local
DomainName.local
www.websitename.com

and some other stuff we use for our virtual desktops for remote entry
0
 

Expert Comment

by:sweetness34
ID: 39947056
do you have


_msdcs
_sites
_tcp
_udp

etc.. under the zone?
0
 

Author Comment

by:j_rameses
ID: 39947057
Here is the tree structure:

dns manager tree structure
0
 

Author Comment

by:j_rameses
ID: 39947058
here is a collapsed view:

collapse view of dns
0
 

Expert Comment

by:sweetness34
ID: 39947064
in the event viewer

under application and services log

do you see anything under directory service?
0
 

Expert Comment

by:sweetness34
ID: 39947065
check that you on the server that holds your fsmo roles
0
 

Author Comment

by:j_rameses
ID: 39947067
directory services
0
 

Author Comment

by:j_rameses
ID: 39947068
FSMO roles?
I believe that is on the DC is it?
Are you asking if it's on the server or are you asking if it's still available?
Either which way, how can i find out where to find the fsmo
0
 

Author Comment

by:j_rameses
ID: 39947069
i got this error mssg looking for fsmo rolsesfsmo roles error
0
 

Author Comment

by:j_rameses
ID: 39947078
cant get access to see if i have the fsmo
0
 

Expert Comment

by:sweetness34
ID: 39947081
can you post dcdiag?
0
 

Author Comment

by:j_rameses
ID: 39947086
Are you referring for me to post it on this page or attach it some how?
0
 

Expert Comment

by:sweetness34
ID: 39947090
not sure I just want to see it.
0
 

Author Comment

by:j_rameses
ID: 39947093
here is the bottom portion:

capture of dcdiag-aprt1
0
 

Expert Comment

by:sweetness34
ID: 39947094
can you restart netlogon?
0
 

Author Comment

by:j_rameses
ID: 39947095
top part of capture

top part of capture
0
 

Author Comment

by:j_rameses
ID: 39947097
did a restart of netlogon svs
0
 

Expert Comment

by:sweetness34
ID: 39947101
run dcdiag, same output?
0
 

Author Comment

by:j_rameses
ID: 39947103
same output
0
 

Expert Comment

by:sweetness34
ID: 39947104
what do you see under dns manger

forward lookup zone > _domain.local msdcs > pdc > _tcp
0
 

Author Comment

by:j_rameses
ID: 39947106
I have a VM backup seed for my DC2?
can I upload this one to replace the one that is already there and then DC2 can replicate itself to DC1?
0
 

Author Comment

by:j_rameses
ID: 39947110
I see the following:

capture
0
 

Expert Comment

by:sweetness34
ID: 39947111
sounds plausible.  

what do you see under dns manger

forward lookup zone > _domain.local msdcs > pdc > _tcp
0
 

Expert Comment

by:sweetness34
ID: 39947113
so DNS looks good. you are able able to communicate with all devices via ping from each DC?
0
 

Author Comment

by:j_rameses
ID: 39947123
here is a picimage
0
 

Author Comment

by:j_rameses
ID: 39947124
I can ping except for the exchange server
0
 

Expert Comment

by:sweetness34
ID: 39947125
exchange server a DC?
0
 

Author Comment

by:j_rameses
ID: 39947126
Exchange server is our mail on a different vm machine, not on the DC
0
 

Expert Comment

by:sweetness34
ID: 39947128
dc1 can ping dc2
dc2 can ping dc1
exchange cannot ping dc or dc2?
dc1 or DC2 can't ping exchange?
is exchange on the same host as DC2 or Dc1?
0
 

Expert Comment

by:sweetness34
ID: 39947131
Not sure if this is appropriate (new to the site) but are you interested in remote session?
0
 

Author Comment

by:j_rameses
ID: 39947135
dc1 can ping dc2 and vice versa
dc1 cant ping Filemaker nor Exchange
dc2 cant ping Exchange but can ping Filemaker
Filemaker cant ping DC1 but can ping DC2
Filemaker cannot ping Exchange

Exchange decided to do its updates not but failed and is reverting back to its previous settings


DC2 is on same host as Filemaker and Exchange
0
 

Author Comment

by:j_rameses
ID: 39947137
sure i am interested in remote session
0
 

Expert Comment

by:sweetness34
ID: 39947140
you want to do it tonight or tomorrow?  As I am sure you are, I am getting pretty tired.
0
 

Author Comment

by:j_rameses
ID: 39947143
would like to do tonight so tomorrow get to relax.
maybe with u driving it would be faster than typing
0
 

Author Comment

by:j_rameses
ID: 39947145
if its ok with u
0
 

Accepted Solution

by:
j_rameses earned 0 total points
ID: 40107700
My apologies for late response. Forgot about this.
I was unable to resolve this and had to pay Microsoft money t assit me. About $500.
I know now not to play with something I am unfamiliar with.
Thanks all for assistance.
0
 

Author Closing Comment

by:j_rameses
ID: 40119065
I learned very little and had to pay MS money.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will show you HOW TO: Suppress Configuration Issues and Warnings Alert displayed in Summary status for ESXi 6.5 after enabling SSH or ESXi Shell.
In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
Teach the user how to use vSphere Update Manager to update the VMware Tools and virtual machine hardware version Open vSphere Client: Review manual processes for updating VMware Tools and virtual hardware versions: Create a new baseline group in vSpā€¦
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question