DNS Active Directory GC not connecting

In a virtual environment, I was enabling jumbo frames. When I enabled it on one vSwitch I lost connection to one of my host machines. I contacted vmWare and they tried to trouble shoot but they said I have to do a network setting reset. So I did but on the wrong host machine that my Primary DC was on. After the reset I had to quickly configure it again just to run the VMs during production time. Then I reset the second host that had the second DC. After completing the settings on it. I was not able to connect to my vCenter, VMware troubleshooted and realized that my DCs are not communication and my GC and active directory are not working. I am stumped and need thelp to get this resolved. I am willing to stay up late to get this fixed. I do not wnat my boss to get upset at me.  The Strangely, the VMs are still runnning.
j_ramesesInfo Sys MngrAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

sweetness34Commented:
Are jumbo frames enabled on your physical switch?  If not enable Jumbo frames on the physical switch between the hosts.
0
j_ramesesInfo Sys MngrAuthor Commented:
I do not have access to the switch, should I then disable the jumbo frames instead
0
sweetness34Commented:
I would disable unless you can enable on the physical switch.
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

j_ramesesInfo Sys MngrAuthor Commented:
i disbaled them but on one of the DC, i cant ping the DG nor DC1 still.
maybe a restart of that server?
0
sweetness34Commented:
can you ping servers on the same host?  Can you ping any devices outside the host like the default gateway?
0
j_ramesesInfo Sys MngrAuthor Commented:
primary server can ping DG but not the DC2
DC2 cannot ping DG nor DC1

Both DC1 and DC2 can ping other devices.
0
j_ramesesInfo Sys MngrAuthor Commented:
firewall disabled on both DCs
0
sweetness34Commented:
I think you have to reboot VMware hosts when changing jumbo frames.  Are you able to do that?
0
j_ramesesInfo Sys MngrAuthor Commented:
I could reboot remotely, yes.
Should I leave them as jumbo frames the two DCs even though i have no access to the switches?
0
sweetness34Commented:
I would not enable Jumbo frames unless you can enable on the physical switch.
0
j_ramesesInfo Sys MngrAuthor Commented:
the other issue with this I can not get DNS or Active Directory to work.
I get an erro mssg about PDC emulator
0
sweetness34Commented:
let's see what happens after the reboot of the VMware hosts.
0
j_ramesesInfo Sys MngrAuthor Commented:
i do know the two brands of the switches: hp procurve 1810-24g
0
j_ramesesInfo Sys MngrAuthor Commented:
i just put one host to reboot.
I'll wait for that one first.
0
j_ramesesInfo Sys MngrAuthor Commented:
still waiting for it to reboot
0
j_ramesesInfo Sys MngrAuthor Commented:
first host machine is up.
I will check to see if it can still ping DG and other VMs
Then I will restart the second host machine
is that ok?
0
j_ramesesInfo Sys MngrAuthor Commented:
is there a method to ping the domain for open IPs, this way I can get the ip address fro the switch?
0
j_ramesesInfo Sys MngrAuthor Commented:
i found a way:
for /L %z in (1,1,254) do @ping 10.0.0.%z -w 10 -n 1 | find "Reply"

let the 10.0.0.0.%z represent your ip range
0
j_ramesesInfo Sys MngrAuthor Commented:
Both DCs can ping each other as well as the DG.
Now, can can I get my Group policy and AD up and running?
0
sweetness34Commented:
where are we at, can you ping?
0
j_ramesesInfo Sys MngrAuthor Commented:
When I try to go to AD for users and computers i get the following:
Naming information cannot be located because:   The specified domain either does not exist or could not be contacted. Contact your system administrator to verify that your domain is properly configured and is currently online.

Here is a silly question:
For DC1 it's DNS order is DC1, DC2?
For DC2 it's DNS order is DC2, DC1?
0
sweetness34Commented:
are both hosts rebooted?
0
j_ramesesInfo Sys MngrAuthor Commented:
yes.

When I try to go to AD for users and computers i get the following:
Naming information cannot be located because:   The specified domain either does not exist or could not be contacted. Contact your system administrator to verify that your domain is properly configured and is currently online.

Here is a silly question:
For DC1 it's DNS order is DC1, DC2?
For DC2 it's DNS order is DC2, DC1?
0
sweetness34Commented:
are you able to ping between  DCs?
0
j_ramesesInfo Sys MngrAuthor Commented:
yes, but my Domain controller is down, not recognized as the domain controller
0
j_ramesesInfo Sys MngrAuthor Commented:
i can logged into it but the network does not recognize it as the DC
0
sweetness34Commented:
that has nothing to do with Jumbo frames.  Are all automatic
services started?
0
sweetness34Commented:
what does DCDIAG say?
0
sweetness34Commented:
does nslookup allow you to resolve the domain?
0
j_ramesesInfo Sys MngrAuthor Commented:
i will check that
0
j_ramesesInfo Sys MngrAuthor Commented:
remote registry and
software ? was not started so I started them
0
j_ramesesInfo Sys MngrAuthor Commented:
I am looking in DNS Manager and under: domain-->forward lookup zone-->_msdcs.domainName.local -->DC --> sites -->
well those all sections has listed both domian contorollers as well as section: PDC & GC
0
j_ramesesInfo Sys MngrAuthor Commented:
dcdiag = error 1355
0
j_ramesesInfo Sys MngrAuthor Commented:
if I do a nsloopup for each DC, I get the name of the DC and If I do nslookup of the other DC , i get the server name as well
0
sweetness34Commented:
I would reboot the GC and see if the domain controller comes up.
0
j_ramesesInfo Sys MngrAuthor Commented:
reboot the DC again then?
0
sweetness34Commented:
I would clear event logs and reboot DC.  If it does not come up I would start reviewing the event logs and see where the problem is.  Sounds like the problem is not the network at this point.
0
j_ramesesInfo Sys MngrAuthor Commented:
i am rebooting the first DC, then I will reboot the second DC.

I still did not get a response regarding:

Here is a silly question:
For DC1 it's DNS order is DC1, DC2?
For DC2 it's DNS order is DC2, DC1?

for example:
DC1 = 192.168.20.1
DC2 = 192.168.20.2

So on DC1 for alternate DNS should it be:
Primary = 192.168.20.1
Secondary = 192.168.20.2

and the opposite for the other DC?

or should DC1 be:
Primary = 192.168.20.2
Secondary = 192.168.20.1
0
sweetness34Commented:
I think your DNS setup  is fine and proper.  You may want to add
 127.0.0.1 as the third DNS.
0
j_ramesesInfo Sys MngrAuthor Commented:
i cleared up the logs under WINDOWS but not able to under CUSTOM VIEWS.
0
j_ramesesInfo Sys MngrAuthor Commented:
AD is still not accessible
0
sweetness34Commented:
event log show anything?
0
j_ramesesInfo Sys MngrAuthor Commented:
under-->Custome Views --> Server Roles --> Active Directory Domain Services:

AD D Services was unable to establish a connection with the global catalog.
Additional Data:  1355 The Specified domain either does not exist or could not be contacted.
INternal ID:  3200e24

User Action:
Make Sure the global catalog is available in the forest, and is reachable from this DC. You may use the nltest utility to diagnose the problem.

This wa event ID 1126
user: anonymous logon
0
sweetness34Commented:
\\DCservername have netlogon and sysvol?
0
sweetness34Commented:
0
sweetness34Commented:
0
j_ramesesInfo Sys MngrAuthor Commented:
What do you mean by:

\\DCservername have netlogon and sysvol?
0
j_ramesesInfo Sys MngrAuthor Commented:
I am unfamiliar with:
\\DCservername have netlogon and sysvol?
0
sweetness34Commented:
if you go to start then run and type \\DC1 or \\DC2 do you see sysvol or netlogon as a share?
0
j_ramesesInfo Sys MngrAuthor Commented:
I am running windows 2012 server.
I get an empty folder that opens up under network
0
j_ramesesInfo Sys MngrAuthor Commented:
on DC1 i get a folder called "CertEnroll"
on the DC2 I get an empty folder
0
sweetness34Commented:
I would look at the articles  above
0
j_ramesesInfo Sys MngrAuthor Commented:
if ound it its under windows.
So i should move it then
0
j_ramesesInfo Sys MngrAuthor Commented:
What if it doesn't allow me to move all the contents of the folder?
It won't allow me when I drag and drop
0
sweetness34Commented:
what are you trying to drag and drop?
0
j_ramesesInfo Sys MngrAuthor Commented:
Can you help me with that article regarding the SYSVOL, I am confused.
I think I need further explanation.
0
j_ramesesInfo Sys MngrAuthor Commented:
it says the folders inside the SYSVOL folder
0
sweetness34Commented:
what does BPA say under server manager under AD DS?
0
j_ramesesInfo Sys MngrAuthor Commented:
It's blank o both of the DCs
0
sweetness34Commented:
so if you run BPA under Task is still is blank?
0
j_ramesesInfo Sys MngrAuthor Commented:
Correct, it's blank
0
sweetness34Commented:
on both domain controllers?  You run BPA and is comes up blank?
0
j_ramesesInfo Sys MngrAuthor Commented:
DC2, some things showed up compliant results = 33 of 42.

Some are: The AD DS BPA shuld be able to collect data about the hostname of the forest root pds from the forest root pdc
0
j_ramesesInfo Sys MngrAuthor Commented:
Correct the errors that showed up are 9 out of 42. It took a while for it to populate
0
j_ramesesInfo Sys MngrAuthor Commented:
THE DC! nothing pops up, it is blank
0
sweetness34Commented:
any critical errors you can share?
0
j_ramesesInfo Sys MngrAuthor Commented:
Two erros: I took a snippet pic but deleted it by mistake so i will type it:
Error: THE AD DS BPA....(i wrote that one already)
Error: The default DCs policy in the domain domainname.local should be applied toto the OU=Domain Controllers, DC=domainname,DC=local
0
j_ramesesInfo Sys MngrAuthor Commented:
they are not critical errors bbut regular errors
0
sweetness34Commented:
Did you have this problem before you changed to Jumbo frames?
0
j_ramesesInfo Sys MngrAuthor Commented:
no, i did not.
It all happened today.
0
j_ramesesInfo Sys MngrAuthor Commented:
VMware said it's a DNS issue
0
sweetness34Commented:
type cmd
nslookup enter
yourdomainname enter


does it resolve?
0
j_ramesesInfo Sys MngrAuthor Commented:
I could open up DNS on both DCs
I can not open up GPO, Active Directories

I need this up and running so I can spend time with my wife this weekend.
She is pregnant and 6 weekd before she is due and I would like this resolved so I can rest before the big day.
Would like to have the network set up with jumbo frmaes before i take off for two weeks after the birth
0
j_ramesesInfo Sys MngrAuthor Commented:
this is the message I get if i try to open active directory users and computersactive directory error
0
j_ramesesInfo Sys MngrAuthor Commented:
If i click ok this is what i see with nothing in the pane:
view after clicking 'ok' button
0
sweetness34Commented:
what happens when you right click on ADUC and select change domain controllers?
0
j_ramesesInfo Sys MngrAuthor Commented:
I get this:

nslookup
0
j_ramesesInfo Sys MngrAuthor Commented:
i see this:

change name of DC
0
j_ramesesInfo Sys MngrAuthor Commented:
Can i enter the DC1 here and if yes, what port do i use?
0
sweetness34Commented:
389
0
sweetness34Commented:
type nslookup then enter
then type domainame.local

does it resolve to an IP?
0
sweetness34Commented:
if it does not then it is a dns issue
0
j_ramesesInfo Sys MngrAuthor Commented:
I get RPC server is not available.
will check to see if service is on.
0
j_ramesesInfo Sys MngrAuthor Commented:
it's running the RPC servicerpc error mmsg
0
sweetness34Commented:
on server 10.1.1.75 do you see port 389 open
cmd prompt

netstat -an

do you see port  389 listening?
0
j_ramesesInfo Sys MngrAuthor Commented:
for some strange reason it can not contact the domain. I tried changing the domain name and i get an error mssg:

The domain domainName.local could not be found because:  The specified Domain either does not exists or could not be contacted.
0
sweetness34Commented:
type nslookup then enter
then type domainame.local

does it resolve to an IP?
0
j_ramesesInfo Sys MngrAuthor Commented:
here is a picnetstat
0
j_ramesesInfo Sys MngrAuthor Commented:
yes, it resolves to an ip address
0
sweetness34Commented:
port 389 is TCP  (towards the top)
0
j_ramesesInfo Sys MngrAuthor Commented:
trying to stop it from scrolling all the way to the bottom but do not know how to stop it from rolling all the entries
0
sweetness34Commented:
if you look under DNS manager do you see under forward lookup zone?
0
sweetness34Commented:
netstat -an |more
0
j_ramesesInfo Sys MngrAuthor Commented:
yes, it is there, TCP     0.0.0.0:389 is listening
0
j_ramesesInfo Sys MngrAuthor Commented:
under DNS manager everything there looks the same as before this issue
0
j_ramesesInfo Sys MngrAuthor Commented:
Under forward loooking zone:

_msdcs.DomainName.local
DomainName.local
www.websitename.com

and some other stuff we use for our virtual desktops for remote entry
0
sweetness34Commented:
do you have


_msdcs
_sites
_tcp
_udp

etc.. under the zone?
0
j_ramesesInfo Sys MngrAuthor Commented:
Here is the tree structure:

dns manager tree structure
0
j_ramesesInfo Sys MngrAuthor Commented:
here is a collapsed view:

collapse view of dns
0
sweetness34Commented:
in the event viewer

under application and services log

do you see anything under directory service?
0
sweetness34Commented:
check that you on the server that holds your fsmo roles
0
j_ramesesInfo Sys MngrAuthor Commented:
directory services
0
j_ramesesInfo Sys MngrAuthor Commented:
FSMO roles?
I believe that is on the DC is it?
Are you asking if it's on the server or are you asking if it's still available?
Either which way, how can i find out where to find the fsmo
0
j_ramesesInfo Sys MngrAuthor Commented:
i got this error mssg looking for fsmo rolsesfsmo roles error
0
j_ramesesInfo Sys MngrAuthor Commented:
cant get access to see if i have the fsmo
0
sweetness34Commented:
can you post dcdiag?
0
j_ramesesInfo Sys MngrAuthor Commented:
Are you referring for me to post it on this page or attach it some how?
0
sweetness34Commented:
not sure I just want to see it.
0
j_ramesesInfo Sys MngrAuthor Commented:
here is the bottom portion:

capture of dcdiag-aprt1
0
sweetness34Commented:
can you restart netlogon?
0
j_ramesesInfo Sys MngrAuthor Commented:
top part of capture

top part of capture
0
j_ramesesInfo Sys MngrAuthor Commented:
did a restart of netlogon svs
0
sweetness34Commented:
run dcdiag, same output?
0
j_ramesesInfo Sys MngrAuthor Commented:
same output
0
sweetness34Commented:
what do you see under dns manger

forward lookup zone > _domain.local msdcs > pdc > _tcp
0
j_ramesesInfo Sys MngrAuthor Commented:
I have a VM backup seed for my DC2?
can I upload this one to replace the one that is already there and then DC2 can replicate itself to DC1?
0
j_ramesesInfo Sys MngrAuthor Commented:
I see the following:

capture
0
sweetness34Commented:
sounds plausible.  

what do you see under dns manger

forward lookup zone > _domain.local msdcs > pdc > _tcp
0
sweetness34Commented:
so DNS looks good. you are able able to communicate with all devices via ping from each DC?
0
j_ramesesInfo Sys MngrAuthor Commented:
here is a picimage
0
j_ramesesInfo Sys MngrAuthor Commented:
I can ping except for the exchange server
0
sweetness34Commented:
exchange server a DC?
0
j_ramesesInfo Sys MngrAuthor Commented:
Exchange server is our mail on a different vm machine, not on the DC
0
sweetness34Commented:
dc1 can ping dc2
dc2 can ping dc1
exchange cannot ping dc or dc2?
dc1 or DC2 can't ping exchange?
is exchange on the same host as DC2 or Dc1?
0
sweetness34Commented:
Not sure if this is appropriate (new to the site) but are you interested in remote session?
0
j_ramesesInfo Sys MngrAuthor Commented:
dc1 can ping dc2 and vice versa
dc1 cant ping Filemaker nor Exchange
dc2 cant ping Exchange but can ping Filemaker
Filemaker cant ping DC1 but can ping DC2
Filemaker cannot ping Exchange

Exchange decided to do its updates not but failed and is reverting back to its previous settings


DC2 is on same host as Filemaker and Exchange
0
j_ramesesInfo Sys MngrAuthor Commented:
sure i am interested in remote session
0
sweetness34Commented:
you want to do it tonight or tomorrow?  As I am sure you are, I am getting pretty tired.
0
j_ramesesInfo Sys MngrAuthor Commented:
would like to do tonight so tomorrow get to relax.
maybe with u driving it would be faster than typing
0
j_ramesesInfo Sys MngrAuthor Commented:
if its ok with u
0
j_ramesesInfo Sys MngrAuthor Commented:
My apologies for late response. Forgot about this.
I was unable to resolve this and had to pay Microsoft money t assit me. About $500.
I know now not to play with something I am unfamiliar with.
Thanks all for assistance.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
j_ramesesInfo Sys MngrAuthor Commented:
I learned very little and had to pay MS money.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.