Avatar of Anagkazo
Anagkazo
Flag for United States of America asked on

Windows 2012 Server Root Domain Controller Backup

I just setup an Active Directory with 2 sites (VA and NY).  Each site had 2 domain and replication is working perfectly without any issues.  I can use a client machine to join the domain without any issues but when I shutdown my VADCroot Domain Controller to see if I can use a client machine to join the domain It fails with the following error:

An Active Directory Domain Controller (AD DC) for the domain "cookie.local" could not be contacted.

Detailed error shows: DNS was successfully queried for the service location (SRV) resources record used to locate a domain controller for domain "cookie.local":

The query was for the SRV record _ldap_tcp.dc._msdcs.cookie.local
The following domain controllers were identified by the query:
vadcroot.cookie.local, vadc2.cookie.local, nydc.cookie.local, nydc2.cookie.local

However no domain controllers could be contacted
Common causes of this error include:
-Host (A) or (AAAA) records that map the names of the domain controllers to their IP address are missing or contain incorrect addresses
-Domain controllers registered in DNS are not connected to the network or are not running.

I have single domain structure and all my DCs are configure as Global Catalog & DNS with the following
TCP/IP Setup for Domains and clients
--------------------------------------------------------------

From VA Site
MachineName: VADCroot
IP Addr: 192.168.3.100
Subnet: 255.255.255.0
Gateway: 192.168.3.1
Pri DNS: 172.30.10.100 (IP of NYDC)
Sec DNS: 127.0.0.1

MachineName: VADC2
IP Addr: 192.168.3.101
Subnet: 255.255.255.0
Gateway: 192.168.3.1
Pri DNS: 192.168.3.100
Sec DNS: 127.0.0.1

From NY Site
MachineName: NYDC
IP Addr: 172.30.10.100
Subnet: 255.255.255.0
Gateway: 172.30.10.1
Pri DNS: 192.168.3.100 (IP of VADCroot)
Sec DNS: 127.0.0.1

MachineName: NYDC2
IP Addr: 172.30.10.101
Subnet: 255.255.255.0
Gateway: 172.30.10.1
Pri DNS: 192.168.3.100
Sec DNS: 127.0.0.1

Thanks
Active Directory

Avatar of undefined
Last Comment
Anagkazo

8/22/2022 - Mon
McKnife

Hi.

Please write down the IPs that you configured as DNS servers at the client computer, too.
Anagkazo

ASKER
I used DNSs of the Domain Controllers in the following order:

Prim DNS: 192.168.3.100
Sec DNS:  172.30.10.100
Sec DNS2:  192.168.3.101
Sec DNS3:  172.30.10.101
McKnife

Ok. Can the client PC use all of these with nslookup to resolve some test addresses of other domain computers? If yes, please use dcdiag at all DCs and tell us what tests it did not pass successfully.
It would also be interesting to know what
ping cookie.local
returns with that DC online and offline.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
SOLUTION
FinServCo

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER CERTIFIED SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Anagkazo

ASKER
Over the weekend I decided to setup virtualbox to test this out at home.  I did exactly what I explain above then shutdown my root DC (VADCroot).  I configure a virtual Win 7 guest machine with the following IPs (IP Network 10.10.10.0/24 with Prim DNS VADCroot and Sec DNS of NYDC1) and I was able to join the domain without any issues).  I am working on 3 different subnets (192.168.3.0/255, 172.30.10.0/24, and 10.10.0.0/24).  I am working in an environment where multiple client machines with different IP addresses are authenticated through VPN on single forest, single domain, 4 domain controllers.

Frankly,  I don't no much about FSMO roles and I am looking into it to figure it out.  I am a very quick learner and your input is very appreciated.

Thanks
Anagkazo

ASKER
sorry,
I meant 192.168.3.0/24
compdigit44

Can you run dcdiag /v /e >c:\dcdiag.txt on your server so we can see what is going on in your AD environment
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Anagkazo

ASKER
Attached is my dcdiag file.

Thanks
dcdiagTEXT.txt
Anagkazo

ASKER
compdigit,

My root server (VADCroot) is hosting all 5 FSMO roles.
compdigit44

Thanks why you cannot add a server / workstation to the domain becuase all FSMO are offline when then server is off.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Anagkazo

ASKER
compdigit44,

I have 2 different simulation similar to the one described above in the virtual environment and when I shutdown the VADCroot (contains all 5 FSMO roles) I am still able to join a workstation without any issues.  It is a single-forest/single-domain AD Infrastructure.  Configured as Site-to-Site replication from VA-Site to NY-Site.  

Thanks
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Anagkazo

ASKER
Close it.  I rebuild the domain