Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Active Directory management console disconnected on Windows 2003

Posted on 2014-09-27
7
690 Views
Last Modified: 2014-10-02
Admittedly, I am way over my head here, but I hope someone will recognize this issue and be able to guide me.

I am running Active Directory on a Windows 2003 server.  I was adding a user to Active Directory and the AD stopped responding.  When I reopened AD in the Management Console I received a message that Naming information cannot be located because: the specified domain either does not exist or cannot be contacted.  (see file 1 attached)Active Directory error  I tried to reconnect AD to my domain (on the same server) and got a message that it could not connect to  the pre-Windows 2000 domain.

I then went to Active Directory Domains and Trusts in the Management Console and received an error message The configuration information describing the enterprise is not available.  The specified domain either does not exist or could not be contacted (see file 2 attached) Active Directory Domains and Trusts error.

Users are still able to log on to the domain so I am very reluctant to take any further steps without guidance.
0
Comment
Question by:mrken46
7 Comments
 

Author Comment

by:mrken46
ID: 40348222
I just checked the Event Viewer on the server and found these two errors that occurred at the time that I encountered the problem.  

Event Type:      Error
Event Source:      SAM
Event Category:      None
Event ID:      16651
Date:            9/26/2014
Time:            11:43:19 AM
User:            N/A
Computer:      QCSPDC
Description:
The request for a new account-identifier pool failed. The operation   will be retried until the request succeeds. The error is
 " The requested FSMO operation failed. The current FSMO holder could not be contacted.
 "

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.



Event Type:      Error
Event Source:      SAM
Event Category:      None
Event ID:      16645
Date:            9/26/2014
Time:            11:44:38 AM
User:            N/A
Computer:      QCSPDC
Description:
The maximum account identifier allocated to this domain controller has been assigned. The domain controller has failed to obtain a new identifier pool. A possible reason for this is that the domain controller has been unable to contact the master domain controller. Account creation on this controller will fail until a new pool has been allocated. There may be network or connectivity problems in the domain, or the master domain controller may be offline or missing from the domain. Verify that the master domain controller is running and connected to the domain.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: a8 02 00 c0               ¨..À
0
 
LVL 17

Assisted Solution

by:Maen Abu-Tabanjeh
Maen Abu-Tabanjeh earned 125 total points
ID: 40348245
its possible to be DNS problem , check if you can ping domain domain.local , also check configuration in domain by using

nslookup and post results here ;)
0
 
LVL 19

Assisted Solution

by:Peter Hutchison
Peter Hutchison earned 250 total points
ID: 40348512
This is probably down the RID FSMO role, make sure it is assigned to working DC controller.
The RID role gives out blocks of SID values when creating new objects in AD, if its not available and the last block is used up then no more objects can be created.
If you cannot use the AD consoles, using the NTDSUtil command line tool to view and move the role to a DC.

https://support2.microsoft.com/kb/255504?wa=wsignin1.0
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 19

Assisted Solution

by:compdigit44
compdigit44 earned 125 total points
ID: 40348770
Can you run the following command and post results

DC diagnosis /v /e > c:\dcdiag.text
0
 

Author Comment

by:mrken46
ID: 40349179
jordannet

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.QCSPS2>cd\

C:\>ipconfig

Windows IP Configuration


Ethernet adapter Intel Pro 1000 MT Gigabit Ethernet Adapter - Onboard:

   Connection-specific DNS Suffix  . : qcs.org
   IP Address. . . . . . . . . . . . : 10.0.0.6
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.0.0.1

C:\>ping qcs.org

Pinging qcs.org [10.0.0.6] with 32 bytes of data:

Reply from 10.0.0.6: bytes=32 time<1ms TTL=128
Reply from 10.0.0.6: bytes=32 time<1ms TTL=128
Reply from 10.0.0.6: bytes=32 time<1ms TTL=128
Reply from 10.0.0.6: bytes=32 time<1ms TTL=128

Ping statistics for 10.0.0.6:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\>nslookup
Default Server:  qcspdc.qcs.org
Address:  10.0.0.6

>

compdigit44

I have attached the requested dcdiag.text file.  I see that it says "The server holding the PDC role is down." at the end of the file.  The PDC role is on this local server.  Could it be that a service has crashed on this box and all I need to do is reboot it?
dcdiag.txt
0
 
LVL 19

Accepted Solution

by:
Peter Hutchison earned 250 total points
ID: 40349410
I looks like you have two DCs: QCSPDC and QCSFS4 which has not replicated for over 60 days. Hence the Tombstone errors. All the FSMO roles look to be on QCSPDC, so it could do with a reboot.
IS QCSFS4 server up and running or is it an old server? It could have been setup as an additional DC server for resilience.
0
 

Author Comment

by:mrken46
ID: 40349728
QCSFS4 does not exist and has not for years. I reboot the server every two weeks however I have not done so since this problem started last week. I am hesitant to do so since it is still working - users are still able to log on the network, etc., I just can't manage it. I did not want to risk making things worse with a reboot. Do you think a reboot would fix issues I am having?
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question