asked on
Domain controller
Dear All,
We have an issue with one of our domain controllers, let's name it "DC_A". This domain controller is a Windows Server 2008 R2 and is the operations master of our domain. Problems we get are the following:
- The DNS on the server does not work. When we try to open the DNS Manager it gives the following error: "Access was denied. Would you like to add it anyway?". Answering yes displays the DNS Manager with a red X on the domain controller.
- If you open "Operations Master" from Active Directory Users and Computers management console from another domain controller, the operations master field displays "ERROR" for RID, PDC and Infrastructure. This field should show DC_A as the operations master. If you check this from DC_A it correctly shows itself as the operations master.
- All systems that have DC_A as their primary DNS cannot authenticate to active directory and fail to login.
The server started giving these errors without any change to its configuration from our side. What could be the problem causing these issues and how can we troubleshoot?
Thank you.
We have an issue with one of our domain controllers, let's name it "DC_A". This domain controller is a Windows Server 2008 R2 and is the operations master of our domain. Problems we get are the following:
- The DNS on the server does not work. When we try to open the DNS Manager it gives the following error: "Access was denied. Would you like to add it anyway?". Answering yes displays the DNS Manager with a red X on the domain controller.
- If you open "Operations Master" from Active Directory Users and Computers management console from another domain controller, the operations master field displays "ERROR" for RID, PDC and Infrastructure. This field should show DC_A as the operations master. If you check this from DC_A it correctly shows itself as the operations master.
- All systems that have DC_A as their primary DNS cannot authenticate to active directory and fail to login.
The server started giving these errors without any change to its configuration from our side. What could be the problem causing these issues and how can we troubleshoot?
Thank you.
Windows Server 2008Active DirectoryDNS
Last Comment
Guy Lidbetter
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
First thing would be to change your dhcp scope to point to the secondary DNS server so while you are resolving this issue the computers can logon.
Check this
https://social.technet.microsoft.com/Forums/windowsserver/en-US/9f33fc9e-a4aa-4164-a4b0-8a9b0088c8f3/windows-2008-r2-dns-server-mmc-access-was-denied?forum=winserverManagement
also run dcdiag and netdiag, try ryunning them as administrator
Check this
https://social.technet.microsoft.com/Forums/windowsserver/en-US/9f33fc9e-a4aa-4164-a4b0-8a9b0088c8f3/windows-2008-r2-dns-server-mmc-access-was-denied?forum=winserverManagement
also run dcdiag and netdiag, try ryunning them as administrator
Actually... "net start ntds" isn't a bad place to start.... checking the services are running is a basic thing!
Hi,
If this works fine then you don't need to seize or transfer the FSMO Roles. Once Active-Directory is up verify by running the following command and see if FSMO roles are intact
netdom query fsmo
Thanks
Manikandan
If this works fine then you don't need to seize or transfer the FSMO Roles. Once Active-Directory is up verify by running the following command and see if FSMO roles are intact
netdom query fsmo
Thanks
Manikandan
Is there a user account Running the DNS server service in services.msc on the problem child domain?
Can you access the DNS interface remotely from another system.
The issue might be related to the account/profile..
Was any restore performed on this DC system or an issue arose and the system was restored from a backup image? I believe an AD restore would lead to an event?
When you say from your side, who else has access/control over the server?
At this point the remedy is to update the DHCP server to exclude this servers IP as a Name server reference in the scope options.
then you have to decide how to proceed. One way is after removing/transfering files if any. have another system assert that it is the RID, Schema, FSMo, etc. master.
You might have to seize the roles using ntdsutil.
The issue might be related to the account/profile..
Was any restore performed on this DC system or an issue arose and the system was restored from a backup image? I believe an AD restore would lead to an event?
When you say from your side, who else has access/control over the server?
At this point the remedy is to update the DHCP server to exclude this servers IP as a Name server reference in the scope options.
then you have to decide how to proceed. One way is after removing/transfering files if any. have another system assert that it is the RID, Schema, FSMo, etc. master.
You might have to seize the roles using ntdsutil.
Check your hosts file on the Domain Controller, also. Make sure it only has one NIC and that the DNS server is set correctly as mentioned by Manojkumar above.
ASKER
Dear All,
Thank you very much for your suggestions. We have removed DC_A from the DHCP scope as a temporary measure. Run "net start ntds" and it said that the services were already started. We stopped the service and restarted it and after that the problem was resolved. The strange thing about this is that we had already restarted the server several time yesterday but the problem was still there. After manually restarting ntds the problem was resolved.
Thank you All.
Thank you very much for your suggestions. We have removed DC_A from the DHCP scope as a temporary measure. Run "net start ntds" and it said that the services were already started. We stopped the service and restarted it and after that the problem was resolved. The strange thing about this is that we had already restarted the server several time yesterday but the problem was still there. After manually restarting ntds the problem was resolved.
Thank you All.
Hi There,
Very happy you got this resolved.
Keep well!
Very happy you got this resolved.
Keep well!
Check DNS setting on NIC card.
Run command NETDOM QUERY DC & NETDOM QUERY FSMO. (provide the output)
Run dcdiag /q (Provide the output)