We help IT Professionals succeed at work.

Windows 2012 Server Root Domain Controller Backup

Anagkazo
Anagkazo asked
on
122 Views
Last Modified: 2014-12-24
I just setup an Active Directory with 2 sites (VA and NY).  Each site had 2 domain and replication is working perfectly without any issues.  I can use a client machine to join the domain without any issues but when I shutdown my VADCroot Domain Controller to see if I can use a client machine to join the domain It fails with the following error:

An Active Directory Domain Controller (AD DC) for the domain "cookie.local" could not be contacted.

Detailed error shows: DNS was successfully queried for the service location (SRV) resources record used to locate a domain controller for domain "cookie.local":

The query was for the SRV record _ldap_tcp.dc._msdcs.cookie.local
The following domain controllers were identified by the query:
vadcroot.cookie.local, vadc2.cookie.local, nydc.cookie.local, nydc2.cookie.local

However no domain controllers could be contacted
Common causes of this error include:
-Host (A) or (AAAA) records that map the names of the domain controllers to their IP address are missing or contain incorrect addresses
-Domain controllers registered in DNS are not connected to the network or are not running.

I have single domain structure and all my DCs are configure as Global Catalog & DNS with the following
TCP/IP Setup for Domains and clients
--------------------------------------------------------------

From VA Site
MachineName: VADCroot
IP Addr: 192.168.3.100
Subnet: 255.255.255.0
Gateway: 192.168.3.1
Pri DNS: 172.30.10.100 (IP of NYDC)
Sec DNS: 127.0.0.1

MachineName: VADC2
IP Addr: 192.168.3.101
Subnet: 255.255.255.0
Gateway: 192.168.3.1
Pri DNS: 192.168.3.100
Sec DNS: 127.0.0.1

From NY Site
MachineName: NYDC
IP Addr: 172.30.10.100
Subnet: 255.255.255.0
Gateway: 172.30.10.1
Pri DNS: 192.168.3.100 (IP of VADCroot)
Sec DNS: 127.0.0.1

MachineName: NYDC2
IP Addr: 172.30.10.101
Subnet: 255.255.255.0
Gateway: 172.30.10.1
Pri DNS: 192.168.3.100
Sec DNS: 127.0.0.1

Thanks
Comment
Watch Question

CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Hi.

Please write down the IPs that you configured as DNS servers at the client computer, too.
AnagkazoSystems Engineer

Author

Commented:
I used DNSs of the Domain Controllers in the following order:

Prim DNS: 192.168.3.100
Sec DNS:  172.30.10.100
Sec DNS2:  192.168.3.101
Sec DNS3:  172.30.10.101
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Ok. Can the client PC use all of these with nslookup to resolve some test addresses of other domain computers? If yes, please use dcdiag at all DCs and tell us what tests it did not pass successfully.
It would also be interesting to know what
ping cookie.local
returns with that DC online and offline.
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
AnagkazoSystems Engineer

Author

Commented:
Over the weekend I decided to setup virtualbox to test this out at home.  I did exactly what I explain above then shutdown my root DC (VADCroot).  I configure a virtual Win 7 guest machine with the following IPs (IP Network 10.10.10.0/24 with Prim DNS VADCroot and Sec DNS of NYDC1) and I was able to join the domain without any issues).  I am working on 3 different subnets (192.168.3.0/255, 172.30.10.0/24, and 10.10.0.0/24).  I am working in an environment where multiple client machines with different IP addresses are authenticated through VPN on single forest, single domain, 4 domain controllers.

Frankly,  I don't no much about FSMO roles and I am looking into it to figure it out.  I am a very quick learner and your input is very appreciated.

Thanks
AnagkazoSystems Engineer

Author

Commented:
sorry,
I meant 192.168.3.0/24
Can you run dcdiag /v /e >c:\dcdiag.txt on your server so we can see what is going on in your AD environment
AnagkazoSystems Engineer

Author

Commented:
Attached is my dcdiag file.

Thanks
dcdiagTEXT.txt
AnagkazoSystems Engineer

Author

Commented:
compdigit,

My root server (VADCroot) is hosting all 5 FSMO roles.
Thanks why you cannot add a server / workstation to the domain becuase all FSMO are offline when then server is off.
AnagkazoSystems Engineer

Author

Commented:
compdigit44,

I have 2 different simulation similar to the one described above in the virtual environment and when I shutdown the VADCroot (contains all 5 FSMO roles) I am still able to join a workstation without any issues.  It is a single-forest/single-domain AD Infrastructure.  Configured as Site-to-Site replication from VA-Site to NY-Site.  

Thanks
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
AnagkazoSystems Engineer

Author

Commented:
Close it.  I rebuild the domain

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.