Solved

Active Directory management console disconnected on Windows 2003

Posted on 2014-09-27
7
702 Views
Last Modified: 2014-10-02
Admittedly, I am way over my head here, but I hope someone will recognize this issue and be able to guide me.

I am running Active Directory on a Windows 2003 server.  I was adding a user to Active Directory and the AD stopped responding.  When I reopened AD in the Management Console I received a message that Naming information cannot be located because: the specified domain either does not exist or cannot be contacted.  (see file 1 attached)Active Directory error  I tried to reconnect AD to my domain (on the same server) and got a message that it could not connect to  the pre-Windows 2000 domain.

I then went to Active Directory Domains and Trusts in the Management Console and received an error message The configuration information describing the enterprise is not available.  The specified domain either does not exist or could not be contacted (see file 2 attached) Active Directory Domains and Trusts error.

Users are still able to log on to the domain so I am very reluctant to take any further steps without guidance.
0
Comment
Question by:mrken46
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 

Author Comment

by:mrken46
ID: 40348222
I just checked the Event Viewer on the server and found these two errors that occurred at the time that I encountered the problem.  

Event Type:      Error
Event Source:      SAM
Event Category:      None
Event ID:      16651
Date:            9/26/2014
Time:            11:43:19 AM
User:            N/A
Computer:      QCSPDC
Description:
The request for a new account-identifier pool failed. The operation   will be retried until the request succeeds. The error is
 " The requested FSMO operation failed. The current FSMO holder could not be contacted.
 "

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.



Event Type:      Error
Event Source:      SAM
Event Category:      None
Event ID:      16645
Date:            9/26/2014
Time:            11:44:38 AM
User:            N/A
Computer:      QCSPDC
Description:
The maximum account identifier allocated to this domain controller has been assigned. The domain controller has failed to obtain a new identifier pool. A possible reason for this is that the domain controller has been unable to contact the master domain controller. Account creation on this controller will fail until a new pool has been allocated. There may be network or connectivity problems in the domain, or the master domain controller may be offline or missing from the domain. Verify that the master domain controller is running and connected to the domain.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: a8 02 00 c0               ¨..À
0
 
LVL 17

Assisted Solution

by:Maen Abu-Tabanjeh
Maen Abu-Tabanjeh earned 125 total points
ID: 40348245
its possible to be DNS problem , check if you can ping domain domain.local , also check configuration in domain by using

nslookup and post results here ;)
0
 
LVL 19

Assisted Solution

by:Peter Hutchison
Peter Hutchison earned 250 total points
ID: 40348512
This is probably down the RID FSMO role, make sure it is assigned to working DC controller.
The RID role gives out blocks of SID values when creating new objects in AD, if its not available and the last block is used up then no more objects can be created.
If you cannot use the AD consoles, using the NTDSUtil command line tool to view and move the role to a DC.

https://support2.microsoft.com/kb/255504?wa=wsignin1.0
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 20

Assisted Solution

by:compdigit44
compdigit44 earned 125 total points
ID: 40348770
Can you run the following command and post results

DC diagnosis /v /e > c:\dcdiag.text
0
 

Author Comment

by:mrken46
ID: 40349179
jordannet

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.QCSPS2>cd\

C:\>ipconfig

Windows IP Configuration


Ethernet adapter Intel Pro 1000 MT Gigabit Ethernet Adapter - Onboard:

   Connection-specific DNS Suffix  . : qcs.org
   IP Address. . . . . . . . . . . . : 10.0.0.6
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.0.0.1

C:\>ping qcs.org

Pinging qcs.org [10.0.0.6] with 32 bytes of data:

Reply from 10.0.0.6: bytes=32 time<1ms TTL=128
Reply from 10.0.0.6: bytes=32 time<1ms TTL=128
Reply from 10.0.0.6: bytes=32 time<1ms TTL=128
Reply from 10.0.0.6: bytes=32 time<1ms TTL=128

Ping statistics for 10.0.0.6:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\>nslookup
Default Server:  qcspdc.qcs.org
Address:  10.0.0.6

>

compdigit44

I have attached the requested dcdiag.text file.  I see that it says "The server holding the PDC role is down." at the end of the file.  The PDC role is on this local server.  Could it be that a service has crashed on this box and all I need to do is reboot it?
dcdiag.txt
0
 
LVL 19

Accepted Solution

by:
Peter Hutchison earned 250 total points
ID: 40349410
I looks like you have two DCs: QCSPDC and QCSFS4 which has not replicated for over 60 days. Hence the Tombstone errors. All the FSMO roles look to be on QCSPDC, so it could do with a reboot.
IS QCSFS4 server up and running or is it an old server? It could have been setup as an additional DC server for resilience.
0
 

Author Comment

by:mrken46
ID: 40349728
QCSFS4 does not exist and has not for years. I reboot the server every two weeks however I have not done so since this problem started last week. I am hesitant to do so since it is still working - users are still able to log on the network, etc., I just can't manage it. I did not want to risk making things worse with a reboot. Do you think a reboot would fix issues I am having?
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question