One of the Windows 2008 Domain Controller does not find any other Windows servers

Hello everyone,

I have 2 Windows 2008 DC, one on VMware host and another one standalone. I recently found out that the standalone DC server does not recognize anything and any server. I am attaching a screen shot for more detail.
I synced then DCs, I also changed the IP setting of the malfunctioning Domain Controller (DC1) to Dynamic, with no luck. I put the IP back to Static, nothing changed for better. I also un-installed the Symantec Endpoint antivirus client from it, no good results.
I can ping the File Server from DC1 and also I can use remote desktop on DC1 to connect to File  Server.
Jay555IT DirectorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Is DC1 pointing to the correct DNS SERVER(s)?
Will SzymkowskiSenior Solution ArchitectCommented:
The DC's need to be able to communicate. You need to be able to ping via IP and Name. They should ONLY be sset s static and not DHCP. You also need to make sure that your firewalls are allowing traffic through or have them disabled completely.

I would also make sure that you run the following commands below...
repadmin /replsum
repadmin /showrepl
repadmin /bridgeheads
DCDiag /v

Jay555IT DirectorAuthor Commented:
I can ping each Domain Controller from another one by IP or Server name. I mean I can ping DC1 from DC2 by name and Vice-versa. On all servers DC2 and DC1 static IPs are set as DNSs.
repadmin /replsum    No Errors  on both DCs
repadmin /showrepl   Successful  on both DCs
repadmin /bridgeheads   No errors on both DCs. Default-first-site-name displayed.

DCDIAG /v resulted to Errors on both DCs. I took a picture of the last page using my smart phone for each DC. DC1 is the problematic one. I should add this was working for over a year and suddenly I found it is not working anymore. I turnd off Windows Firewall on both servers. I also disabled Symantec Endpoint antivirus on DC1 and un-installed from the sick DC (Imean DC1)
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

Jay555IT DirectorAuthor Commented:
I meant to say "I disabled symantec endpoint on DC2 the good one)
Will SzymkowskiSenior Solution ArchitectCommented:
DC1 error message is stating that it cannot located a good time server.

Can you run netdom query fsmo?

Also have you configured an external time source on the DC holding the PDC FSMO role?

Jay555IT DirectorAuthor Commented:
FSMO Query on DC1 attached.
Will SzymkowskiSenior Solution ArchitectCommented:
Have you setup and external times source on this domain controller?

Jay555IT DirectorAuthor Commented:
On DC1 or the DC2 the operational one?
Will SzymkowskiSenior Solution ArchitectCommented:
You need to configure the External Time source on the DC that is holding the PDC role which i believe is DC2, based on the screenshots provided.

Jay555IT DirectorAuthor Commented:
Thank you for your prompt responses. I did not have any problem for a very long time. This suddenly happened. I guess the DC1 gives the time server error because it cannot browse to \\mcca-dc2 .
Jay555IT DirectorAuthor Commented:
There were more error in DCDIAG; I just took a picture of the last page.
Jay555IT DirectorAuthor Commented:
How about I demote the DC1 then create it again?
Will SzymkowskiSenior Solution ArchitectCommented:
How about I demote the DC1 then create it again?

You could go that route which might be the quicker method. You just need to make sure that it is not being blocked by a firewall or something like that. If you still have complete access without any issues then demoting and re-promoting might be the quickest solution.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jay555IT DirectorAuthor Commented:
Attached is the result of running DCDiag without /v.
Seth SimmonsSr. Systems AdministratorCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.