• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 15456
  • Last Modified:

How can I fix "the domain could not be found because: the server is not operational" error in AD 2008 server.

We added a secondary domain controller to our domain that is a Server 2008 R2 std.  There are 3 domains in the forest.  Our main location, Domain1.com consists of 2 Server 2003 DCs and 1 Server 2008 DC.   The 2k3 servers in Domain1.com are replicating with Domain2.com and Domain3.com but the 2008 server cannot communicate with Domain2 and Domain3 on the domain level.  I am able to ping the DC's at the 2nd and 3rd locations from the 2008 server.

If I try to view the other domains from the 2k8 server in Group Policy Management or Active Directory Users and Computers, I am prompted with the error "the domain could not be found because: the server is not operational" or "the specified domain either does not exist or cannot be contacted."  

The DCs at Domain2 and Domain3 seem to have no problem communicating with the 2k8 in Domain1.  I ran repadmin to check for replication errors and the only errors are when 2k8 Server tries to replicate to DC's in domain2 and domain3.  The DCs in domain2 and domain3 are both 2k8 servers.  I have tried turning off the firewall completely do see if that was part of the problem and there were no changes in the issue.   I have also checked DNS info and can't seem to find the issue.

Thanks for your assistance.
0
pccbryan
Asked:
pccbryan
  • 13
  • 5
  • 2
  • +4
1 Solution
 
pccbryanAuthor Commented:
Correction to my post, domain2 and 3 DCs are server 2k3 boxes.  I have also noticed on the server 2008 DC there are no reverse lookup zones created whereas they exist on the functional servers.
0
 
Gareth GudgerCommented:
When you introduced Server 2008 as a DC, did you run all the Schema Updates first?
0
 
pccbryanAuthor Commented:
Yes.  Also, after checking the dom2 and dom3 servers, they did not have the reverse lookup zones implemented so that should not affect this situation.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
pccbryanAuthor Commented:
After running some DNS tests it appears that may be where the problem resides.  The server can resolve the IP and the Hostname of the dom2 and dom3 servers.  

I am unable to view the results of net view \\dom2server from the problem DC.  I can view the result on my good DC at domain1 and I can also see the result between the two DC's on domain1.  This is odd because I am logging on with the same user on both DC's.
0
 
Gareth GudgerCommented:
Any firewalls in play? Windows Firewall? Or a firewall from an antivirus product, etc.
0
 
pccbryanAuthor Commented:
I tried turning off the windows firewall and removed the AV that was installed.  Still getting the same results.
0
 
pccbryanAuthor Commented:
Can I get some assistance with this issue?  It has been stale for a week now.  Thank you.
0
 
MASTechnical Department HeadCommented:
Can you give remote access? you can see my email address in my profile.
if yes please let me know.

If not as suggested above first you make sure all the DCs connect to each other.
0
 
wolfcamelCommented:
does each system have itself as dns in network settings, or each other listed as alternate dns.?
0
 
MaheshArchitectCommented:
Can you pl run dcdiag /v and repadmin /showrepl on problematic 2008 DC and share output here please
0
 
MaheshArchitectCommented:
Many things you need to check

very 1st step, point 2008 server to itself (not 127.0.0.1) in tcp/ip network card properties and restart netlogon service, keep another DC IP in alternative
Check DNS on 2008 server if you have all NS records for all DC servers are correct in main domain.com and _msdcs.domain.com dns zone
Check Host(A) records for all DCs are correct in main domain.com and _msdcs.domain.com dns zone
Under _msdcs.domain.com zone you will find CNAME for all domain controllers, try to ping each alise and see if its resolve to proper \ correct IP address
On 2008 server go to ad sites services \ sitename \ servers \ servername \ ntds settings and on general tab find out CNAME for 2008 server, ping this and verify if its resolve \ ping to correct IP
If pings properly, replace it with one found in _msdcs.domain.com zone
Try to replicate manually connection objetcs in AD sites and services between domain controllers and check if it works
One alternative could be navigate to %systemroot%\system32\config on 2008 DC and rename netlogon.dns file to netlogon.dnsold and then restart netlogon service, this will create any srv records if missing
Then check

Mahesh
0
 
MaheshArchitectCommented:
Also since you have multiple domains, do you have conditional forwarding, secondary zones of other two domains on 2008 DC ?

Are you able to resolve other domain DCs from 2008 server ?

You have to have some mechanism in place so that all 3 domains DCs can communicate with each other, otherwise replication will fail

You may create secondary zones, conditional forwarders, stub zones to establish name resolution
In case of parent child domain, you need to enable dns delegation on parent and conditional forwarding from child to parent for name resolution

Mahesh
0
 
gurutcCommented:
I agree with the secondary zones comment.  I'd also do a netdiag /fix on the 2k3 DCs once that's created.

- gurutc
0
 
pccbryanAuthor Commented:
Domain Controller Diagnosis

Performing initial setup:
   * Verifying that the local machine LunaTwo, is a DC.
   * Connecting to directory service on server LunaTwo.
   * Collecting site info.
   * Identifying all servers.
   * Identifying all NC cross-refs.
   * Found 5 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\LUNATWO
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         ......................... LUNATWO passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\LUNATWO
      Starting test: Replications
         * Replications Check
         [Replications Check,LUNATWO] A recent replication attempt failed:
            From ZEUS to LUNATWO
            Naming Context: DC=ForestDnsZones,DC=abcd,DC=com
            The replication generated an error (1256):
            The remote system is not available. For information about network troubleshooting, see Windows Help.
            The failure occurred at 2014-06-03 10:55:19.
            The last success occurred at 2014-05-14 02:54:34.
            490 failures have occurred since the last success.
         [ZEUS] DsBindWithSpnEx() failed with error 1722,
         The RPC server is unavailable..
         Printing RPC Extended Error Info:
         Error Record 1, ProcessID is 24660 (DcDiag)        
            System Time is: 6/3/2014 16:1:37:771
            Generating component is 2 (RPC runtime)
            Status is 1722: The RPC server is unavailable.
            Detection location is 501
            NumberOfParameters is 4
            Unicode string: ncacn_ip_tcp
            Unicode string: 59a7679b-cf82-41c2-a7ea-f7aa6f0f8465._msdcs.abcd.com
            Long val: -481213899
            Long val: 1722
         Error Record 2, ProcessID is 24660 (DcDiag)        
            System Time is: 6/3/2014 16:1:37:771
            Generating component is 18 (unknown)
            Status is 1722: The RPC server is unavailable.
            Detection location is 1442
            NumberOfParameters is 1
            Unicode string: 59a7679b-cf82-41c2-a7ea-f7aa6f0f8465._msdcs.abcd.com
         Error Record 3, ProcessID is 24660 (DcDiag)        
            System Time is: 6/3/2014 16:1:37:771
            Generating component is 18 (unknown)
            Status is 1722: The RPC server is unavailable.
            Detection location is 322
         Error Record 4, ProcessID is 24660 (DcDiag)        
            System Time is: 6/3/2014 16:1:37:771
            Generating component is 18 (unknown)
            Status is 11004: The requested name is valid, but no data of the requested type was found.
            Detection location is 320
            NumberOfParameters is 1
            Unicode string: 59a7679b-cf82-41c2-a7ea-f7aa6f0f8465._msdcs.abcd.com
         [Replications Check,LUNATWO] A recent replication attempt failed:
            From ATHENA to LUNATWO
            Naming Context: DC=ForestDnsZones,DC=abcd,DC=com
            The replication generated an error (1256):
            The remote system is not available. For information about network troubleshooting, see Windows Help.
            The failure occurred at 2014-06-03 10:55:19.
            The last success occurred at 2014-04-29 21:54:15.
            832 failures have occurred since the last success.
         [ATHENA] DsBindWithSpnEx() failed with error 1722,
         The RPC server is unavailable..
         Printing RPC Extended Error Info:
         Error Record 1, ProcessID is 24660 (DcDiag)        
            System Time is: 6/3/2014 16:1:37:787
            Generating component is 2 (RPC runtime)
            Status is 1722: The RPC server is unavailable.
            Detection location is 501
            NumberOfParameters is 4
            Unicode string: ncacn_ip_tcp
            Unicode string: 0ef54fe8-daac-46a6-8050-cfff7ae40157._msdcs.abcd.com
            Long val: -481213899
            Long val: 1722
         Error Record 2, ProcessID is 24660 (DcDiag)        
            System Time is: 6/3/2014 16:1:37:787
            Generating component is 18 (unknown)
            Status is 1722: The RPC server is unavailable.
            Detection location is 1442
            NumberOfParameters is 1
            Unicode string: 0ef54fe8-daac-46a6-8050-cfff7ae40157._msdcs.abcd.com
         Error Record 3, ProcessID is 24660 (DcDiag)        
            System Time is: 6/3/2014 16:1:37:787
            Generating component is 18 (unknown)
            Status is 1722: The RPC server is unavailable.
            Detection location is 322
         Error Record 4, ProcessID is 24660 (DcDiag)        
            System Time is: 6/3/2014 16:1:37:787
            Generating component is 18 (unknown)
            Status is 11004: The requested name is valid, but no data of the requested type was found.
            Detection location is 320
            NumberOfParameters is 1
            Unicode string: 0ef54fe8-daac-46a6-8050-cfff7ae40157._msdcs.abcd.com
         [Replications Check,LUNATWO] A recent replication attempt failed:
            From ZEUS to LUNATWO
            Naming Context: CN=Schema,CN=Configuration,DC=abcd,DC=com
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2014-06-03 10:55:20.
            The last success occurred at 2014-05-14 02:54:33.
            490 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [Replications Check,LUNATWO] A recent replication attempt failed:
            From ATHENA to LUNATWO
            Naming Context: CN=Schema,CN=Configuration,DC=abcd,DC=com
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2014-06-03 10:55:20.
            The last success occurred at 2014-04-29 21:54:15.
            832 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [Replications Check,LUNATWO] A recent replication attempt failed:
            From ZEUS to LUNATWO
            Naming Context: CN=Configuration,DC=abcd,DC=com
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2014-06-03 10:55:19.
            The last success occurred at 2014-05-14 02:54:33.
            661 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [Replications Check,LUNATWO] A recent replication attempt failed:
            From ATHENA to LUNATWO
            Naming Context: CN=Configuration,DC=abcd,DC=com
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2014-06-03 10:55:19.
            The last success occurred at 2014-04-29 21:54:15.
            1123 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [Replications Check,LUNATWO] A recent replication attempt failed:
            From ZEUS to LUNATWO
            Naming Context: DC=abcd-hat,DC=com
            The replication generated an error (1256):
            The remote system is not available. For information about network troubleshooting, see Windows Help.
            The failure occurred at 2014-06-03 10:55:19.
            The last success occurred at 2014-05-14 02:54:34.
            536 failures have occurred since the last success.
         [Replications Check,LUNATWO] A recent replication attempt failed:
            From ATHENA to LUNATWO
            Naming Context: DC=abcd-hat,DC=com
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2014-06-03 10:58:31.
            The last success occurred at 2014-04-29 22:37:01.
            4174 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [Replications Check,LUNATWO] A recent replication attempt failed:
            From ZEUS to LUNATWO
            Naming Context: DC=abcd-gc,DC=com
            The replication generated an error (1256):
            The remote system is not available. For information about network troubleshooting, see Windows Help.
            The failure occurred at 2014-06-03 10:55:19.
            The last success occurred at 2014-05-14 03:17:42.
            4930 failures have occurred since the last success.
         [Replications Check,LUNATWO] A recent replication attempt failed:
            From ATHENA to LUNATWO
            Naming Context: DC=abcd-gc,DC=com
            The replication generated an error (1256):
            The remote system is not available. For information about network troubleshooting, see Windows Help.
            The failure occurred at 2014-06-03 10:55:19.
            The last success occurred at 2014-04-29 21:54:16.
            1035 failures have occurred since the last success.
         * Replication Latency Check
            DC=DomainDnsZones,DC=abcd,DC=com
               Latency information for 4 entries in the vector were ignored.
                  4 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=ForestDnsZones,DC=abcd,DC=com
               Latency information for 4 entries in the vector were ignored.
                  4 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Schema,CN=Configuration,DC=abcd,DC=com
               Latency information for 8 entries in the vector were ignored.
                  8 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Configuration,DC=abcd,DC=com
               Latency information for 8 entries in the vector were ignored.
                  8 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=abcd,DC=com
               Latency information for 8 entries in the vector were ignored.
                  8 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=abcd-hat,DC=com
               Latency information for 3 entries in the vector were ignored.
                  0 were retired Invocations.  3 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=abcd-gc,DC=com
               Latency information for 3 entries in the vector were ignored.
                  0 were retired Invocations.  3 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
         ......................... LUNATWO passed test Replications
      Test omitted by user request: Topology
      Test omitted by user request: CutoffServers
      Starting test: NCSecDesc
         * Security Permissions check for all NC's on DC LUNATWO.
         * Security Permissions Check for
           DC=DomainDnsZones,DC=abcd,DC=com
            (NDNC,Version 2)
         * Security Permissions Check for
           DC=ForestDnsZones,DC=abcd,DC=com
            (NDNC,Version 2)
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=abcd,DC=com
            (Schema,Version 2)
         * Security Permissions Check for
           CN=Configuration,DC=abcd,DC=com
            (Configuration,Version 2)
         * Security Permissions Check for
           DC=abcd,DC=com
            (Domain,Version 2)
         * Security Permissions Check for
           DC=abcd-gc,DC=com
            (Domain,Version 2)
         * Security Permissions Check for
           DC=abcd-hat,DC=com
            (Domain,Version 2)
         ......................... LUNATWO passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         Verified share \\LUNATWO\netlogon
         Verified share \\LUNATWO\sysvol
         ......................... LUNATWO passed test NetLogons
      Starting test: Advertising
         The DC LUNATWO is advertising itself as a DC and having a DS.
         The DC LUNATWO is advertising as an LDAP server
         The DC LUNATWO is advertising as having a writeable directory
         The DC LUNATWO is advertising as a Key Distribution Center
         Warning: LUNATWO is not advertising as a time server.
         The DS LUNATWO is advertising as a GC.
         ......................... LUNATWO failed test Advertising
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=MERCURY,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=abcd,DC=com
         Role Domain Owner = CN=NTDS Settings,CN=MERCURY,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=abcd,DC=com
         Role PDC Owner = CN=NTDS Settings,CN=MERCURY,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=abcd,DC=com
         Role Rid Owner = CN=NTDS Settings,CN=MERCURY,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=abcd,DC=com
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=MERCURY,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=abcd,DC=com
         ......................... LUNATWO passed test KnowsOfRoleHolders
      Starting test: RidManager
         * Available RID Pool for the Domain is 7445 to 1073741823
         * MERCURY.abcd.com is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 6945 to 7444
         * rIDPreviousAllocationPool is 6945 to 7444
         * rIDNextRID: 6960
         ......................... LUNATWO passed test RidManager
      Starting test: MachineAccount
         Checking machine account for DC LUNATWO on DC LUNATWO.
         * SPN found :LDAP/LunaTwo.abcd.com/abcd.com
         * SPN found :LDAP/LunaTwo.abcd.com
         * SPN found :LDAP/LUNATWO
         * SPN found :LDAP/LunaTwo.abcd.com/ABCD
         * SPN found :LDAP/b3755312-b569-46e6-982c-0ec8e9b1bc15._msdcs.abcd.com
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/b3755312-b569-46e6-982c-0ec8e9b1bc15/abcd.com
         * SPN found :HOST/LunaTwo.abcd.com/abcd.com
         * SPN found :HOST/LunaTwo.abcd.com
         * SPN found :HOST/LUNATWO
         * SPN found :HOST/LunaTwo.abcd.com/ABCD
         * SPN found :GC/LunaTwo.abcd.com/abcd.com
         ......................... LUNATWO passed test MachineAccount
      Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... LUNATWO passed test Services
      Test omitted by user request: OutboundSecureChannels
      Starting test: ObjectsReplicated
         LUNATWO is in domain DC=abcd,DC=com
         Checking for CN=LUNATWO,OU=Domain Controllers,DC=abcd,DC=com in domain DC=abcd,DC=com on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=LUNATWO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=abcd,DC=com in domain CN=Configuration,DC=abcd,DC=com on 1 servers
            Object is up-to-date on all servers.
         ......................... LUNATWO passed test ObjectsReplicated
      Starting test: frssysvol
         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... LUNATWO passed test frssysvol
      Starting test: frsevent
         * The File Replication Service Event log test
         ......................... LUNATWO passed test frsevent
      Starting test: kccevent
         * The KCC Event log test
         Found no KCC errors in Directory Service Event log in the last 15 minutes.
         ......................... LUNATWO passed test kccevent
      Starting test: systemlog
         * The System Event log test
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/03/2014   10:25:35
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/03/2014   10:25:36
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/03/2014   10:25:37
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/03/2014   10:25:38
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/03/2014   10:25:41
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/03/2014   10:25:42
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/03/2014   10:26:01
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/03/2014   10:26:02
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/03/2014   10:26:03
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/03/2014   10:26:04
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/03/2014   10:26:07
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x000016AD
            Time Generated: 06/03/2014   10:40:56
            Event String: The session setup from the computer BN0511 failed
to authenticate. The following error occurred:
%%5
         ......................... LUNATWO failed test systemlog
      Test omitted by user request: VerifyReplicas
      Starting test: VerifyReferences
         The system object reference (serverReference)
         CN=LUNATWO,OU=Domain Controllers,DC=abcd,DC=com and backlink on
         CN=LUNATWO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=abcd,DC=com
         are correct.
         The system object reference (frsComputerReferenceBL)
         CN=LUNATWO,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=abcd,DC=com
         and backlink on CN=LUNATWO,OU=Domain Controllers,DC=abcd,DC=com are
         correct.
         The system object reference (serverReferenceBL)
         CN=LUNATWO,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=abcd,DC=com
         and backlink on
         CN=NTDS Settings,CN=LUNATWO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=abcd,DC=com
         are correct.
         ......................... LUNATWO passed test VerifyReferences
      Test omitted by user request: VerifyEnterpriseReferences
      Test omitted by user request: CheckSecurityError
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : abcd
      Starting test: CrossRefValidation
         ......................... abcd passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... abcd passed test CheckSDRefDom
   
   Running enterprise tests on : abcd.com
      Starting test: Intersite
         Skipping site Default-First-Site-Name, this site is outside the scope
         provided by the command line arguments provided.
         ......................... abcd.com passed test Intersite
      Starting test: FsmoCheck
         GC Name: \\LunaTwo.abcd.com
         Locator Flags: 0xe00031bc
         PDC Name: \\MERCURY.abcd.com
         Locator Flags: 0xe00001bd
         Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
         A Time Server could not be located.
         The server holding the PDC role is down.
         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355
         A Good Time Server could not be located.
         KDC Name: \\LunaTwo.abcd.com
         Locator Flags: 0xe00031bc
         ......................... abcd.com failed test FsmoCheck
      Test omitted by user request: DNS
      Test omitted by user request: DNS










repadmin running command /showrepl against server localhost

Default-First-Site-Name\LUNATWO
DC Options: IS_GC
Site Options: (none)
DC object GUID: b3755312-b569-46e6-982c-0ec8e9b1bc15
DC invocationID: 054f0c08-dbe0-4625-a5c4-38104c6e0dd8

==== INBOUND NEIGHBORS ======================================

DC=abcd,DC=com
    Default-First-Site-Name\MERCURY via RPC
        DC object GUID: 32b7b999-5365-4a04-afb3-39f87d70733a
        Last attempt @ 2014-06-03 11:02:55 was successful.
    Default-First-Site-Name\JUPITER via RPC
        DC object GUID: 5c97ed90-e2b9-4b2b-ae27-e95214897f16
        Last attempt @ 2014-06-03 11:05:59 was successful.

CN=Configuration,DC=abcd,DC=com
    Default-First-Site-Name\ZEUS via RPC
        DC object GUID: 59a7679b-cf82-41c2-a7ea-f7aa6f0f8465
        Last attempt @ 2014-06-03 10:55:19 failed, result 1908 (0x774):
            Could not find the domain controller for this domain.
        661 consecutive failure(s).
        Last success @ 2014-05-14 02:54:33.
    Default-First-Site-Name\MERCURY via RPC
        DC object GUID: 32b7b999-5365-4a04-afb3-39f87d70733a
        Last attempt @ 2014-06-03 10:55:19 was successful.
    Default-First-Site-Name\ATHENA via RPC
        DC object GUID: 0ef54fe8-daac-46a6-8050-cfff7ae40157
        Last attempt @ 2014-06-03 10:55:19 failed, result 1908 (0x774):
            Could not find the domain controller for this domain.
        1123 consecutive failure(s).
        Last success @ 2014-04-29 21:54:15.
    Default-First-Site-Name\JUPITER via RPC
        DC object GUID: 5c97ed90-e2b9-4b2b-ae27-e95214897f16
        Last attempt @ 2014-06-03 10:55:19 was successful.

CN=Schema,CN=Configuration,DC=abcd,DC=com
    Default-First-Site-Name\MERCURY via RPC
        DC object GUID: 32b7b999-5365-4a04-afb3-39f87d70733a
        Last attempt @ 2014-06-03 10:55:19 was successful.
    Default-First-Site-Name\ZEUS via RPC
        DC object GUID: 59a7679b-cf82-41c2-a7ea-f7aa6f0f8465
        Last attempt @ 2014-06-03 10:55:20 failed, result 1908 (0x774):
            Could not find the domain controller for this domain.
        490 consecutive failure(s).
        Last success @ 2014-05-14 02:54:33.
    Default-First-Site-Name\ATHENA via RPC
        DC object GUID: 0ef54fe8-daac-46a6-8050-cfff7ae40157
        Last attempt @ 2014-06-03 10:55:20 failed, result 1908 (0x774):
            Could not find the domain controller for this domain.
        832 consecutive failure(s).
        Last success @ 2014-04-29 21:54:15.
    Default-First-Site-Name\JUPITER via RPC
        DC object GUID: 5c97ed90-e2b9-4b2b-ae27-e95214897f16
        Last attempt @ 2014-06-03 10:55:20 was successful.

DC=ForestDnsZones,DC=abcd,DC=com
    Default-First-Site-Name\ZEUS via RPC
        DC object GUID: 59a7679b-cf82-41c2-a7ea-f7aa6f0f8465
        Last attempt @ 2014-06-03 10:55:19 failed, result 1256 (0x4e8):
            The remote system is not available. For information about network troubleshooting, see Windows Help.
        490 consecutive failure(s).
        Last success @ 2014-05-14 02:54:34.
    Default-First-Site-Name\ATHENA via RPC
        DC object GUID: 0ef54fe8-daac-46a6-8050-cfff7ae40157
        Last attempt @ 2014-06-03 10:55:19 failed, result 1256 (0x4e8):
            The remote system is not available. For information about network troubleshooting, see Windows Help.
        832 consecutive failure(s).
        Last success @ 2014-04-29 21:54:15.
    Default-First-Site-Name\MERCURY via RPC
        DC object GUID: 32b7b999-5365-4a04-afb3-39f87d70733a
        Last attempt @ 2014-06-03 10:55:20 was successful.
    Default-First-Site-Name\JUPITER via RPC
        DC object GUID: 5c97ed90-e2b9-4b2b-ae27-e95214897f16
        Last attempt @ 2014-06-03 10:55:21 was successful.

DC=DomainDnsZones,DC=abcd,DC=com
    Default-First-Site-Name\MERCURY via RPC
        DC object GUID: 32b7b999-5365-4a04-afb3-39f87d70733a
        Last attempt @ 2014-06-03 10:55:21 was successful.
    Default-First-Site-Name\JUPITER via RPC
        DC object GUID: 5c97ed90-e2b9-4b2b-ae27-e95214897f16
        Last attempt @ 2014-06-03 10:55:21 was successful.

DC=abcd-hat,DC=com
    Default-First-Site-Name\ZEUS via RPC
        DC object GUID: 59a7679b-cf82-41c2-a7ea-f7aa6f0f8465
        Last attempt @ 2014-06-03 10:55:19 failed, result 1256 (0x4e8):
            The remote system is not available. For information about network troubleshooting, see Windows Help.
        536 consecutive failure(s).
        Last success @ 2014-05-14 02:54:34.
    Default-First-Site-Name\MERCURY via RPC
        DC object GUID: 32b7b999-5365-4a04-afb3-39f87d70733a
        Last attempt @ 2014-06-03 10:55:21 was successful.
    Default-First-Site-Name\JUPITER via RPC
        DC object GUID: 5c97ed90-e2b9-4b2b-ae27-e95214897f16
        Last attempt @ 2014-06-03 10:55:21 was successful.
    Default-First-Site-Name\ATHENA via RPC
        DC object GUID: 0ef54fe8-daac-46a6-8050-cfff7ae40157
        Last attempt @ 2014-06-03 10:58:31 failed, result 1908 (0x774):
            Could not find the domain controller for this domain.
        4174 consecutive failure(s).
        Last success @ 2014-04-29 22:37:01.

DC=abcd-gc,DC=com
    Default-First-Site-Name\ZEUS via RPC
        DC object GUID: 59a7679b-cf82-41c2-a7ea-f7aa6f0f8465
        Last attempt @ 2014-06-03 10:55:19 failed, result 1256 (0x4e8):
            The remote system is not available. For information about network troubleshooting, see Windows Help.
        4930 consecutive failure(s).
        Last success @ 2014-05-14 03:17:42.
    Default-First-Site-Name\ATHENA via RPC
        DC object GUID: 0ef54fe8-daac-46a6-8050-cfff7ae40157
        Last attempt @ 2014-06-03 10:55:19 failed, result 1256 (0x4e8):
            The remote system is not available. For information about network troubleshooting, see Windows Help.
        1035 consecutive failure(s).
        Last success @ 2014-04-29 21:54:16.
    Default-First-Site-Name\MERCURY via RPC
        DC object GUID: 32b7b999-5365-4a04-afb3-39f87d70733a
        Last attempt @ 2014-06-03 10:55:21 was successful.
    Default-First-Site-Name\JUPITER via RPC
        DC object GUID: 5c97ed90-e2b9-4b2b-ae27-e95214897f16
        Last attempt @ 2014-06-03 10:55:21 was successful.

Source: Default-First-Site-Name\ZEUS
******* 4930 CONSECUTIVE FAILURES since 2014-05-14 03:17:42
Last error: 1256 (0x4e8):
            The remote system is not available. For information about network troubleshooting, see Windows Help.

Source: Default-First-Site-Name\ATHENA
******* 4174 CONSECUTIVE FAILURES since 2014-04-29 22:37:01
Last error: 1256 (0x4e8):
            The remote system is not available. For information about network troubleshooting, see Windows Help.
0
 
pccbryanAuthor Commented:
Results from steps in your second post:

very 1st step, point 2008 server to itself (not 127.0.0.1) in tcp/ip network card properties and restart netlogon service, keep another DC IP in alternative
-This setting was correct.

Check DNS on 2008 server if you have all NS records for all DC servers are correct in main domain.com and _msdcs.domain.com dns zone
-no NS records exist in the _msdcs folder.  Only CNAME records

Check Host(A) records for all DCs are correct in main domain.com and _msdcs.domain.com dns zone
-The servers at location B and C are not showing a Host(A) record under abcd.com folder.  Host(A) records exist for all DC's in the _msdcs\gc folder.  The root _msdcs folder does not contain Host(A) records.

Under _msdcs.domain.com zone you will find CNAME for all domain controllers, try to ping each alise and see if its resolve to proper \ correct IP address
-Only the DC's in location A are returning pings using the CNAME information.  I can ping using the server names Zeus and Athena.

On 2008 server go to ad sites services \ sitename \ servers \ servername \ ntds settings and on general tab find out CNAME for 2008 server, ping this and verify if its resolve \ ping to correct IP
-It resolves correctly.
0
 
pccbryanAuthor Commented:
I'm not sure how to go about adding the secondary/stub zones you are asking about.  The DNS settings I have are replicated from the 2k3 PDC in location A.  The PDC in location A has no problems replicating with B and C locations.  Why would the 2008 AD need more info in DNS than the 2k3 AD?
0
 
pccbryanAuthor Commented:
The 2k3 DC at site A has a secondary zone setup for site B and site C.  The 2008 does not have any secondary's setup.  Assuming this is part of the problem.

I attempted to add the secondary zones found on the 2k3 machine and I am looking at an error "Zone not loaded by DNS server.  The DNS server encountered a problem while attempting to load the zone. The transfer of zone data from the master server failed."

The master setup for that zone is the DC from site C.
0
 
pccbryanAuthor Commented:
It appears the issue was on the site B and C DNS servers.  The NS entry was not in the zone info for lunatwo (2008 dc).  Once lunatwo was added to the name servers list, everything started to populate.  This has fixed my issue.  Thank you very much for the help.
0
 
pccbryanAuthor Commented:
Mahesh guided me to the fact that we did not have secondary zones setup in the new server.  I was under the impression that these propagated to the new DNS server but I was mistaken.  After setting up the secondary zones and adding my new server to the name servers list on the other dns servers, we were up and running.  Thanks for taking the time to help me.
0
 
MaheshArchitectCommented:
You have really quickly got hold on bad situation, really appreciate your hard work
Missing NS record and secondary zone is key point in your case.

Just FYI,
_msdcs.domain.com zone must contains NS records for all domain controllers in entire forest (all domains) and also CNAME records from all domain controllers in entire forest. This zone originates from forest root domain and get replicated to all domains in forest by default
The CNAME record is the very important because it is the one through which domain controllers can identify each other and it is unique

Thanks
0
 
pccbryanAuthor Commented:
Mahesh,

I am not sure how to add NS records to the _msdcs zone.  I see _msdcs listed under my forward lookup zones\abcd.com zone but I do not see an option to add NS records.  I can add A records, cname records, mx records or "other records".  Maybe I am looking in the wrong place.
0
 
DrDave242Commented:
If _msdcs is a folder beneath the abcd.com zone, don't worry about it; it only needs to contain NS records if it's a separate zone (_msdcs.abcd.com).
0
 
MaheshArchitectCommented:
Yes, that is absolutely right

What might be occurred in your case is that some body has deleted _msdcs.domain.com zone and then also delete _msdcs delegation under domain.com zone and then restarted netlogon service some time back
Check below article for more info
http://www.experts-exchange.com/Software/Server_Software/Active_Directory/Q_28415910.html
0
 
pccbryanAuthor Commented:
Ok great that looks like what has happened in the past.  Thanks again for the help on this issue.
0
 
gurutcCommented:
Hi, the netdiag /fix run on the 2k3 boxes will re-create all those records.

- gurutc
0

Featured Post

Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

  • 13
  • 5
  • 2
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now