Windows 2012 Server Root Domain Controller Backup

I just setup an Active Directory with 2 sites (VA and NY).  Each site had 2 domain and replication is working perfectly without any issues.  I can use a client machine to join the domain without any issues but when I shutdown my VADCroot Domain Controller to see if I can use a client machine to join the domain It fails with the following error:

An Active Directory Domain Controller (AD DC) for the domain "cookie.local" could not be contacted.

Detailed error shows: DNS was successfully queried for the service location (SRV) resources record used to locate a domain controller for domain "cookie.local":

The query was for the SRV record _ldap_tcp.dc._msdcs.cookie.local
The following domain controllers were identified by the query:
vadcroot.cookie.local, vadc2.cookie.local, nydc.cookie.local, nydc2.cookie.local

However no domain controllers could be contacted
Common causes of this error include:
-Host (A) or (AAAA) records that map the names of the domain controllers to their IP address are missing or contain incorrect addresses
-Domain controllers registered in DNS are not connected to the network or are not running.

I have single domain structure and all my DCs are configure as Global Catalog & DNS with the following
TCP/IP Setup for Domains and clients
--------------------------------------------------------------

From VA Site
MachineName: VADCroot
IP Addr: 192.168.3.100
Subnet: 255.255.255.0
Gateway: 192.168.3.1
Pri DNS: 172.30.10.100 (IP of NYDC)
Sec DNS: 127.0.0.1

MachineName: VADC2
IP Addr: 192.168.3.101
Subnet: 255.255.255.0
Gateway: 192.168.3.1
Pri DNS: 192.168.3.100
Sec DNS: 127.0.0.1

From NY Site
MachineName: NYDC
IP Addr: 172.30.10.100
Subnet: 255.255.255.0
Gateway: 172.30.10.1
Pri DNS: 192.168.3.100 (IP of VADCroot)
Sec DNS: 127.0.0.1

MachineName: NYDC2
IP Addr: 172.30.10.101
Subnet: 255.255.255.0
Gateway: 172.30.10.1
Pri DNS: 192.168.3.100
Sec DNS: 127.0.0.1

Thanks
AnagkazoSystems EngineerAsked:
Who is Participating?
 
compdigit44Commented:
I agree with FinServCo. The primary DNS server the server is pointing to is the one you shut down

Also what FSMO roles does your root server host?
0
 
McKnifeCommented:
Hi.

Please write down the IPs that you configured as DNS servers at the client computer, too.
0
 
AnagkazoSystems EngineerAuthor Commented:
I used DNSs of the Domain Controllers in the following order:

Prim DNS: 192.168.3.100
Sec DNS:  172.30.10.100
Sec DNS2:  192.168.3.101
Sec DNS3:  172.30.10.101
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
McKnifeCommented:
Ok. Can the client PC use all of these with nslookup to resolve some test addresses of other domain computers? If yes, please use dcdiag at all DCs and tell us what tests it did not pass successfully.
It would also be interesting to know what
ping cookie.local
returns with that DC online and offline.
0
 
FinServCoCommented:
I believe I read somewhere that 2012 DNS servers should point to themselves first.  It's how I have mine configured.

Your VADC2 is pointing to VADCroot which you had shut down.
0
 
AnagkazoSystems EngineerAuthor Commented:
Over the weekend I decided to setup virtualbox to test this out at home.  I did exactly what I explain above then shutdown my root DC (VADCroot).  I configure a virtual Win 7 guest machine with the following IPs (IP Network 10.10.10.0/24 with Prim DNS VADCroot and Sec DNS of NYDC1) and I was able to join the domain without any issues).  I am working on 3 different subnets (192.168.3.0/255, 172.30.10.0/24, and 10.10.0.0/24).  I am working in an environment where multiple client machines with different IP addresses are authenticated through VPN on single forest, single domain, 4 domain controllers.

Frankly,  I don't no much about FSMO roles and I am looking into it to figure it out.  I am a very quick learner and your input is very appreciated.

Thanks
0
 
AnagkazoSystems EngineerAuthor Commented:
sorry,
I meant 192.168.3.0/24
0
 
compdigit44Commented:
Can you run dcdiag /v /e >c:\dcdiag.txt on your server so we can see what is going on in your AD environment
0
 
AnagkazoSystems EngineerAuthor Commented:
Attached is my dcdiag file.

Thanks
dcdiagTEXT.txt
0
 
AnagkazoSystems EngineerAuthor Commented:
compdigit,

My root server (VADCroot) is hosting all 5 FSMO roles.
0
 
compdigit44Commented:
Thanks why you cannot add a server / workstation to the domain becuase all FSMO are offline when then server is off.
0
 
AnagkazoSystems EngineerAuthor Commented:
compdigit44,

I have 2 different simulation similar to the one described above in the virtual environment and when I shutdown the VADCroot (contains all 5 FSMO roles) I am still able to join a workstation without any issues.  It is a single-forest/single-domain AD Infrastructure.  Configured as Site-to-Site replication from VA-Site to NY-Site.  

Thanks
0
 
FinServCoCommented:
A RID master allocates IDs to domain controllers in batches of 500.  If a DC runs out of IDs and can't contact the RID master then you won't be able to join objects to the domain.

Have you configured your DNS servers to point to their selves first?  If the server with all of the FSMO roles is down, and it's the server all of your other servers are pointing to for DNS, well, you're going to run into issues.  

What if any event log errors are you getting?
0
 
AnagkazoSystems EngineerAuthor Commented:
Close it.  I rebuild the domain
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.