RPC server unavailable
I have 2 2008 r2 DC's
One is VM and the other Physical machine
Both DC's seem to not be running the RPC service
I tried net view on both and both say the service has not been started
The RPCSS and DCOM services are greyed out so I cannot restart them
Thoughts?
Thanks!
One is VM and the other Physical machine
Both DC's seem to not be running the RPC service
I tried net view on both and both say the service has not been started
The RPCSS and DCOM services are greyed out so I cannot restart them
Thoughts?
Thanks!
Jeff Perry
Those services are considered vital system services and are thus "protected". Are you just asking because you are curious or is there a particular issue you are encountering?
ASKER
I'm trying to add a computer to the domain (win 10 pro) and it keeps telling me it can't because the RPC server is unavailable
You are likely encountering a firewall issue or a dns issue. Please run the following command in an elevated command prompt and post the results.
DCDIAG /V /C /D /E /s:dcName > c:\dcdiag.log
DCDIAG /V /C /D /E /s:dcName > c:\dcdiag.log
ASKER
Hmmm.... on both DC"s when I attempt to run the dcdiag, after about 5 seconds a box comes up saying
Is this a test domain? You obviously have a larger issue than the rpc service with your dc's.
In server manager are the AD DS and DNS server roles installed and operational without any errors for both dc's?
Edit: Forgot to ask have you checked both dc's to see if the firewall is active? or is there a firewall even on the local machine you are trying to join to the domain or between it and the dc's?
In server manager are the AD DS and DNS server roles installed and operational without any errors for both dc's?
Edit: Forgot to ask have you checked both dc's to see if the firewall is active? or is there a firewall even on the local machine you are trying to join to the domain or between it and the dc's?
ASKER
I believe so....I can access user and computer, ds, DNS just fine.
I do have this DNS event entry
I do have this DNS event entry
Agree with Jeff Perry ... check to see if the firewall is on, either on the PC you are trying to join or on the DCs.
ASKER
The firewall on both DC"s is off
ASKER
I see this entry now....
Ok can you post an ipconfig /all from each dc please?
ASKER
DC (VM)
Physical DC
Physical DC
can you run repadmin /showrepl?
Also restart dns services one at a time starting with the "secondary" server. Which will be the one that does not likely hold any roles as per the following command.
Netdom query fsmo
Also restart dns services one at a time starting with the "secondary" server. Which will be the one that does not likely hold any roles as per the following command.
Netdom query fsmo
ASKER
show repl says everything was successful
all fismo roles show up on the proper DC
Restarted the DNS service on both systems
all fismo roles show up on the proper DC
Restarted the DNS service on both systems
ASKER
I'm still getting the Error 5781 NETLOGON in the event log of both DC's
5781 is common I meant to say that earlier.
In your event logs have you seen a successful replication notification for dns?
if /showrepl reported no issues try repadmin /replsummary
In your event logs have you seen a successful replication notification for dns?
if /showrepl reported no issues try repadmin /replsummary
ASKER
Ran repadmin /replsummary and showing no errors
If replication isn't showing any errors then it almost has to be a firewall issue between the client and the dc's then.
Microsoft has a tool for future reference that I probably should have started with. It is called the Active Directory Replication Status Tool https://www.microsoft.com/en-us/download/details.aspx?id=30005
Another thing I meant to mention was an ip setting change.
I would suggest setting your dc's to have each other as primary dns. I.E. .104's primary dns should be .111 and vice versa. AD likes to have a "reachable" dns server during start up and if it is pointed to itself that service is usually down until after that startup check.
Microsoft has a tool for future reference that I probably should have started with. It is called the Active Directory Replication Status Tool https://www.microsoft.com/en-us/download/details.aspx?id=30005
Another thing I meant to mention was an ip setting change.
I would suggest setting your dc's to have each other as primary dns. I.E. .104's primary dns should be .111 and vice versa. AD likes to have a "reachable" dns server during start up and if it is pointed to itself that service is usually down until after that startup check.
Agree with Jeff. Perhaps there is something blocking the traffic between the client and the DCs. Maybe look at the client. Is this a brand new endpoint device or are you re-purposing it? Is it trying to use an old IP address? Is it even getting an address? You posted the ipconfigs of the servers, but what about the endpoint that you are trying to join? Let's look at that.
ASKER
I saw a failure in DCDIAG on both DC's...could this be causing my problem??
I don't know but that's a really good quesiton. That's a problem that (i think) involving replication permissions, but those are all set up right when the domain is first created. Did you just now set up this domain or has it been around a while?
ASKER
The domain has been around for years. I recently did transfer FSMO roles from the VM to the Physical DC, but the problem was happening before I did that
ok i went looking and found the below article which might make us think that your dcdiag error isn't really the problem:
https://support.microsoft.com/en-us/help/967482/dcdiag-fails-for-ncsecdesc-test-on-windows-2008-domain-controllers
... it seems to imply that the test is only for RODC permissions although i could certainly be reading it wrong ...
What about the client, are you sure that it's getting a valid address that would enable it to connect to the domain and start talking? it might sound overly simple but I get "RPC server unavailable" erros all the time just because I can't connect to the domain, i.e. the NIC on the PC isn't working or isn't getting an address.
https://support.microsoft.com/en-us/help/967482/dcdiag-fails-for-ncsecdesc-test-on-windows-2008-domain-controllers
... it seems to imply that the test is only for RODC permissions although i could certainly be reading it wrong ...
What about the client, are you sure that it's getting a valid address that would enable it to connect to the domain and start talking? it might sound overly simple but I get "RPC server unavailable" erros all the time just because I can't connect to the domain, i.e. the NIC on the PC isn't working or isn't getting an address.
Jane is correct that error pertains to the adprep /rodcprep schema update.
ASKER
I've confirmed the client is getting a proper IP (over wifi)....
When I attempt to add a computer to the domain, I initially get the "Welcome to the cityhigh.lan" domain, but when I click OK, after about 20-30 seconds,I get the messsage that the RPC server is unavilable. I restart the machine, there is a computer account in AD, but when I try to login with a Domain account, it tells me there is a trust issue .... IDK, but something is starting to smell like a DNS problem.
When I attempt to add a computer to the domain, I initially get the "Welcome to the cityhigh.lan" domain, but when I click OK, after about 20-30 seconds,I get the messsage that the RPC server is unavilable. I restart the machine, there is a computer account in AD, but when I try to login with a Domain account, it tells me there is a trust issue .... IDK, but something is starting to smell like a DNS problem.
Without a more indepth look at the environment I am kinda stumped.
Maybe start by taking a look in AD sites and Services and seeing if there is a latent or decommissioned dc hanging around in the subnet the wireless client is part of.
Can you connect the client to a different subnet or on a wired port and successfully join?
That might at least narrow down where the issue might be.
Maybe start by taking a look in AD sites and Services and seeing if there is a latent or decommissioned dc hanging around in the subnet the wireless client is part of.
Can you connect the client to a different subnet or on a wired port and successfully join?
That might at least narrow down where the issue might be.
Hmm .... so it actually joins the PC, creates an account for it in the AD ... and THEN it says the RPC server won't answer .... I am just about out of ideas .... .... ... when you go to join it again, it's probably for the same hostname and using the same IP address, is that right? Did you already try re-adding it using a different machine account name? Just to see if there is an existing DNS entry that conflicts with the new one? Also, can you see if there are any static DNS entries for either that address or name? Look in both forward and reverse zones.... aside from that I am fresh out of ideas.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
That sounds promising :-) ...
It's always the last thing you check ... lol.
Glad you got it worked out.
Glad you got it worked out.
ASKER
So this morning, I tested the NETBIOS setting with the teacher laptop that was giving me the RPC error and it connected and added to the domain without a problem!!!
I have yet to find any reference online to this issue though.....strange.
Thanks everyone for your assistance
I have yet to find any reference online to this issue though.....strange.
Thanks everyone for your assistance
ASKER
Answer provided in house.