Solved

Windows 2012 Server Root Domain Controller Backup

Posted on 2014-11-20
14
97 Views
Last Modified: 2014-12-24
I just setup an Active Directory with 2 sites (VA and NY).  Each site had 2 domain and replication is working perfectly without any issues.  I can use a client machine to join the domain without any issues but when I shutdown my VADCroot Domain Controller to see if I can use a client machine to join the domain It fails with the following error:

An Active Directory Domain Controller (AD DC) for the domain "cookie.local" could not be contacted.

Detailed error shows: DNS was successfully queried for the service location (SRV) resources record used to locate a domain controller for domain "cookie.local":

The query was for the SRV record _ldap_tcp.dc._msdcs.cookie.local
The following domain controllers were identified by the query:
vadcroot.cookie.local, vadc2.cookie.local, nydc.cookie.local, nydc2.cookie.local

However no domain controllers could be contacted
Common causes of this error include:
-Host (A) or (AAAA) records that map the names of the domain controllers to their IP address are missing or contain incorrect addresses
-Domain controllers registered in DNS are not connected to the network or are not running.

I have single domain structure and all my DCs are configure as Global Catalog & DNS with the following
TCP/IP Setup for Domains and clients
--------------------------------------------------------------

From VA Site
MachineName: VADCroot
IP Addr: 192.168.3.100
Subnet: 255.255.255.0
Gateway: 192.168.3.1
Pri DNS: 172.30.10.100 (IP of NYDC)
Sec DNS: 127.0.0.1

MachineName: VADC2
IP Addr: 192.168.3.101
Subnet: 255.255.255.0
Gateway: 192.168.3.1
Pri DNS: 192.168.3.100
Sec DNS: 127.0.0.1

From NY Site
MachineName: NYDC
IP Addr: 172.30.10.100
Subnet: 255.255.255.0
Gateway: 172.30.10.1
Pri DNS: 192.168.3.100 (IP of VADCroot)
Sec DNS: 127.0.0.1

MachineName: NYDC2
IP Addr: 172.30.10.101
Subnet: 255.255.255.0
Gateway: 172.30.10.1
Pri DNS: 192.168.3.100
Sec DNS: 127.0.0.1

Thanks
0
Comment
Question by:Anagkazo
  • 7
  • 3
  • 2
  • +1
14 Comments
 
LVL 53

Expert Comment

by:McKnife
ID: 40455862
Hi.

Please write down the IPs that you configured as DNS servers at the client computer, too.
0
 

Author Comment

by:Anagkazo
ID: 40455874
I used DNSs of the Domain Controllers in the following order:

Prim DNS: 192.168.3.100
Sec DNS:  172.30.10.100
Sec DNS2:  192.168.3.101
Sec DNS3:  172.30.10.101
0
 
LVL 53

Expert Comment

by:McKnife
ID: 40455926
Ok. Can the client PC use all of these with nslookup to resolve some test addresses of other domain computers? If yes, please use dcdiag at all DCs and tell us what tests it did not pass successfully.
It would also be interesting to know what
ping cookie.local
returns with that DC online and offline.
0
 
LVL 2

Assisted Solution

by:FinServCo
FinServCo earned 333 total points
ID: 40456075
I believe I read somewhere that 2012 DNS servers should point to themselves first.  It's how I have mine configured.

Your VADC2 is pointing to VADCroot which you had shut down.
0
 
LVL 19

Accepted Solution

by:
compdigit44 earned 167 total points
ID: 40460873
I agree with FinServCo. The primary DNS server the server is pointing to is the one you shut down

Also what FSMO roles does your root server host?
0
 

Author Comment

by:Anagkazo
ID: 40462209
Over the weekend I decided to setup virtualbox to test this out at home.  I did exactly what I explain above then shutdown my root DC (VADCroot).  I configure a virtual Win 7 guest machine with the following IPs (IP Network 10.10.10.0/24 with Prim DNS VADCroot and Sec DNS of NYDC1) and I was able to join the domain without any issues).  I am working on 3 different subnets (192.168.3.0/255, 172.30.10.0/24, and 10.10.0.0/24).  I am working in an environment where multiple client machines with different IP addresses are authenticated through VPN on single forest, single domain, 4 domain controllers.

Frankly,  I don't no much about FSMO roles and I am looking into it to figure it out.  I am a very quick learner and your input is very appreciated.

Thanks
0
 

Author Comment

by:Anagkazo
ID: 40462214
sorry,
I meant 192.168.3.0/24
0
 
LVL 19

Expert Comment

by:compdigit44
ID: 40462450
Can you run dcdiag /v /e >c:\dcdiag.txt on your server so we can see what is going on in your AD environment
0
 

Author Comment

by:Anagkazo
ID: 40462748
Attached is my dcdiag file.

Thanks
dcdiagTEXT.txt
0
 

Author Comment

by:Anagkazo
ID: 40462782
compdigit,

My root server (VADCroot) is hosting all 5 FSMO roles.
0
 
LVL 19

Expert Comment

by:compdigit44
ID: 40463023
Thanks why you cannot add a server / workstation to the domain becuase all FSMO are offline when then server is off.
0
 

Author Comment

by:Anagkazo
ID: 40463061
compdigit44,

I have 2 different simulation similar to the one described above in the virtual environment and when I shutdown the VADCroot (contains all 5 FSMO roles) I am still able to join a workstation without any issues.  It is a single-forest/single-domain AD Infrastructure.  Configured as Site-to-Site replication from VA-Site to NY-Site.  

Thanks
0
 
LVL 2

Assisted Solution

by:FinServCo
FinServCo earned 333 total points
ID: 40463144
A RID master allocates IDs to domain controllers in batches of 500.  If a DC runs out of IDs and can't contact the RID master then you won't be able to join objects to the domain.

Have you configured your DNS servers to point to their selves first?  If the server with all of the FSMO roles is down, and it's the server all of your other servers are pointing to for DNS, well, you're going to run into issues.  

What if any event log errors are you getting?
0
 

Author Comment

by:Anagkazo
ID: 40516643
Close it.  I rebuild the domain
0

Join & Write a Comment

Starting in Windows Server 2008, Microsoft introduced the Group Policy Central Store. This automatically replicating location allows IT administrators to have the latest and greatest Group Policy (GP) configuration settings available. Let’s expl…
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now