Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

DC not communicating with each other (Windows 2008 R2 & 2102R2)

Posted on 2015-02-18
3
Medium Priority
?
192 Views
Last Modified: 2015-03-23
I had three Domain Controllers:
LPIDC1 (Windows 2012 R2) local
LPIDC2 (Windows 2008 R2) local removed from domain
LPIDC3 (Windows 2008 R2) remote location

LPIDC2 has failed and removed from the domain by dcpromo.
LPIDC1 & LPIDC3 are not communicating with each other.

I am not sure what to do to resolve this issue. I have included dcdiags from yesterday and today.

Thank you for any help.
lpidc1-20150217.log
lpidc120150218.log
lpidc3-20150217.log
0
Comment
Question by:jzaino
3 Comments
 

Author Comment

by:jzaino
ID: 40617156
I believe it may be our Windows 2012 R2 server causing the errors. I have this message happen when I try to connect to our webmail.

Active Directory operation failed on lpidc1.lusterproducts.com. The supplied credential for 'NT AUTHORITY\SYSTEM' on Bind operation is invalid. Error Code: 0x31.
0
 
LVL 17

Expert Comment

by:OriNetworks
ID: 40617785
Do you know if the failed server held any FSMO roles?
Do you have a backup of the failed server?

I would recommend temporarily restoring the failed server to bring active directory into a stable state and gracefully removing if possible
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 2000 total points
ID: 40619227
I would run the following commands...

repadmin /replsum
repadmin /showrepl
repadmin /bridgeheads

netdom query fsmo
netdom query dc

dcdiag /v

You said that your DC's are not communicating and they are in different sites. You KCC might not be working correctly. Temporarily manually create a connection from Site1 to Site2. Once replication has started remove the connection and allow KCC to automatically make the connections.

I would also recommend running the active directory BPA.
https://technet.microsoft.com/en-us/library/dd391875(v=ws.10).aspx

Will.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This applies to Dell but may also apply to other manufacturers as well. We ran across a few machines that just dropped recently it trust relationship with the server. After doing the basic removing and joining the domain again, it changed to No logo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question