asked on Primary AD not accessible . Windows Server 2008 Enterprise Sp1
Hi,
One fine morning I have started facing issue on my primary dc of my exchange .
I'm getting below error while opening active directory also Please refer the Attachments .
I have tried restarting DNS server service and Netlogon service . Nothing helped .
error 1 .
""
C:\Users\Administrator>dcd
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = OFFICEDC
Ldap search capabality attribute search failed on server OFFICEDC, return
value = 81
C:\Users\Administrator>
""
error 2 :
C:\Users\Administrator>rep
Repadmin can't connect to a "home server", because of the following error. Try
specifying a different
home server with /homeserver:[dns name]
Error: An LDAP lookup operation failed with the following error:
LDAP Error 81(0x51): Server Down
Server Win32 Error 0(0x0):
Extended Information:
C:\Users\Administrator>
""
Error 3
""
C:\Users\Administrator>rep
Replication Summary Start Time: 2017-10-31 16:02:54
Repadmin can't connect to a "home server", because of the following error. Try
specifying a different
home server with /homeserver:[dns name]
Error: An LDAP lookup operation failed with the following error:
LDAP Error 81(0x51): Server Down
Server Win32 Error 0(0x0):
Extended Information:
Source DSA largest delta fails/total %% error
Destination DSA largest delta fails/total %% error
C:\Users\Administrator>
""
Active-directory-Users-and-computers.bmp
2.jpg
One fine morning I have started facing issue on my primary dc of my exchange .
I'm getting below error while opening active directory also Please refer the Attachments .
I have tried restarting DNS server service and Netlogon service . Nothing helped .
error 1 .
""
C:\Users\Administrator>dcd
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = OFFICEDC
Ldap search capabality attribute search failed on server OFFICEDC, return
value = 81
C:\Users\Administrator>
""
error 2 :
C:\Users\Administrator>rep
Repadmin can't connect to a "home server", because of the following error. Try
specifying a different
home server with /homeserver:[dns name]
Error: An LDAP lookup operation failed with the following error:
LDAP Error 81(0x51): Server Down
Server Win32 Error 0(0x0):
Extended Information:
C:\Users\Administrator>
""
Error 3
""
C:\Users\Administrator>rep
Replication Summary Start Time: 2017-10-31 16:02:54
Repadmin can't connect to a "home server", because of the following error. Try
specifying a different
home server with /homeserver:[dns name]
Error: An LDAP lookup operation failed with the following error:
LDAP Error 81(0x51): Server Down
Server Win32 Error 0(0x0):
Extended Information:
Source DSA largest delta fails/total %% error
Destination DSA largest delta fails/total %% error
C:\Users\Administrator>
""
Active-directory-Users-and-computers.bmp
2.jpg
ExchangeWindows OSWindows Server 2008Active DirectoryDNS
Last Comment
Pber
ASKER
Hi John ,
Time on both the servers are correct . Since my DNS is active directory integrated I'm not able to access DNS Server as well .
Also when I'm on the same server I'm not able to access the sever through network path by using IP address but I can access the server through network path by computer name.
Please find the attachment for your reference.
1.jpg
2.jpg
3.jpg
Time on both the servers are correct . Since my DNS is active directory integrated I'm not able to access DNS Server as well .
Also when I'm on the same server I'm not able to access the sever through network path by using IP address but I can access the server through network path by computer name.
Please find the attachment for your reference.
1.jpg
2.jpg
3.jpg
Hi,
Is the problematic server has exchange role along with DC? do you have any other DC's in the network? if so, are you able to connect the other DC?
Did you changed the IP address of this server? if so, give the earlier one and see if it works?. Is there any JetDatabase error in the directory service event logs?
Do you have working full backup of this server? Look at the DNS, System, Directory server, FRS etc and see if all pointing towards domain services? If there are ntds.dit/dns related error, you may need to perform dcpromo in and out (only if you have another working DC).
Can you reboot the server once again and see if it comes back OK this time (make sure windows firewall profiles are off).
If nothing works, you can restore systemstate from previous working backup (verify when did the issue started). If you don't have backup then i feel sorry for you that you may going to end up with rebuild the server (wish not go to that extent).
Is the problematic server has exchange role along with DC? do you have any other DC's in the network? if so, are you able to connect the other DC?
Did you changed the IP address of this server? if so, give the earlier one and see if it works?. Is there any JetDatabase error in the directory service event logs?
Do you have working full backup of this server? Look at the DNS, System, Directory server, FRS etc and see if all pointing towards domain services? If there are ntds.dit/dns related error, you may need to perform dcpromo in and out (only if you have another working DC).
Can you reboot the server once again and see if it comes back OK this time (make sure windows firewall profiles are off).
If nothing works, you can restore systemstate from previous working backup (verify when did the issue started). If you don't have backup then i feel sorry for you that you may going to end up with rebuild the server (wish not go to that extent).
ASKER
Hi Radhakrishna :-
1. No . its just the primary dc for my exchange 2013 enterprise. Dc's dont not run any exchange roles. Yes I have an additional Domain controller. Additional works just fine and it can talk to my Primary Dc .No exchange users are facing any issue. all are able to use outlook and send emails. Please see the repadmin /showrepl output from additional domain controller :
Ps:- Officedc (Primary Dc)
officedcbkp (ADC)
C:\Users\administrator.abc
Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\OF
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: ab72052c-f4da-493f-b0fb-5f
DSA invocationID: b84cd0d0-e5f4-41cd-8134-61
==== INBOUND NEIGHBORS ==========================
DC=abc,DC=COM
Default-First-Site-Name\OF
DSA object GUID: a917c7d7-f7f5-4513-9028-d9
Last attempt @ 2017-10-31 17:45:02 was successful.
CN=Configuration,DC=abc,DC
Default-First-Site-Name\OF
DSA object GUID: a917c7d7-f7f5-4513-9028-d9
Last attempt @ 2017-10-31 16:46:50 was successful.
CN=Schema,CN=Configuration
Default-First-Site-Name\OF
DSA object GUID: a917c7d7-f7f5-4513-9028-d9
Last attempt @ 2017-10-31 16:46:51 was successful.
DC=DomainDnsZones,DC=abc,D
Default-First-Site-Name\OF
DSA object GUID: a917c7d7-f7f5-4513-9028-d9
Last attempt @ 2017-10-31 16:46:51 was successful.
DC=ForestDnsZones,DC=abc,D
Default-First-Site-Name\OF
DSA object GUID: a917c7d7-f7f5-4513-9028-d9
Last attempt @ 2017-10-31 16:46:51 was successful.
""
2. No, I haven't changed anything on the server . I haven't come across any JetDatabase error.
3.I have bare metal backup which was taken on 12th October . Is this backup fine to restore(nonauthoritative restore ) ? this will be my last resort.
1. No . its just the primary dc for my exchange 2013 enterprise. Dc's dont not run any exchange roles. Yes I have an additional Domain controller. Additional works just fine and it can talk to my Primary Dc .No exchange users are facing any issue. all are able to use outlook and send emails. Please see the repadmin /showrepl output from additional domain controller :
Ps:- Officedc (Primary Dc)
officedcbkp (ADC)
C:\Users\administrator.abc
Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\OF
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: ab72052c-f4da-493f-b0fb-5f
DSA invocationID: b84cd0d0-e5f4-41cd-8134-61
==== INBOUND NEIGHBORS ==========================
DC=abc,DC=COM
Default-First-Site-Name\OF
DSA object GUID: a917c7d7-f7f5-4513-9028-d9
Last attempt @ 2017-10-31 17:45:02 was successful.
CN=Configuration,DC=abc,DC
Default-First-Site-Name\OF
DSA object GUID: a917c7d7-f7f5-4513-9028-d9
Last attempt @ 2017-10-31 16:46:50 was successful.
CN=Schema,CN=Configuration
Default-First-Site-Name\OF
DSA object GUID: a917c7d7-f7f5-4513-9028-d9
Last attempt @ 2017-10-31 16:46:51 was successful.
DC=DomainDnsZones,DC=abc,D
Default-First-Site-Name\OF
DSA object GUID: a917c7d7-f7f5-4513-9028-d9
Last attempt @ 2017-10-31 16:46:51 was successful.
DC=ForestDnsZones,DC=abc,D
Default-First-Site-Name\OF
DSA object GUID: a917c7d7-f7f5-4513-9028-d9
Last attempt @ 2017-10-31 16:46:51 was successful.
""
2. No, I haven't changed anything on the server . I haven't come across any JetDatabase error.
3.I have bare metal backup which was taken on 12th October . Is this backup fine to restore(nonauthoritative restore ) ? this will be my last resort.
Hi,
Since you have additional DC then no need to worry much. Which server holding the fsmo roles?
start>>run>>cmd>>netdom query fsmo
Before going further with dcpromo or restore, have a look at the article and see the DNS are set correctly onto the server? https://www.dell.com/support/article/us/en/04/sln266126/windows-server---naming-information-cannot-be-located--error-in-active-directory-consoles?lang=en
I have bare metal backup which was taken on 12th October . Is this backup fine to restore(nonauthoritative restore ) ?
Make sure that you don't have the related errors on this date or prior to this. Yes, Non authoritative restore would be fine.
Since you have additional DC then no need to worry much. Which server holding the fsmo roles?
start>>run>>cmd>>netdom query fsmo
Before going further with dcpromo or restore, have a look at the article and see the DNS are set correctly onto the server? https://www.dell.com/support/article/us/en/04/sln266126/windows-server---naming-information-cannot-be-located--error-in-active-directory-consoles?lang=en
I have bare metal backup which was taken on 12th October . Is this backup fine to restore(nonauthoritative restore ) ?
Make sure that you don't have the related errors on this date or prior to this. Yes, Non authoritative restore would be fine.
Also see this and make sure the TCP/IP filtering has set correctly on the n/w adapter.
https://support.microsoft.com/en-in/help/323542/you-cannot-start-the-active-directory-users-and-computers-tool-because
https://support.microsoft.com/en-in/help/323542/you-cannot-start-the-active-directory-users-and-computers-tool-because
Check services to make sure DNS server did not crash/stop.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Restarting netlogon is useful because it often fixes problems with DNS records.
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I have recommended this question be closed as follows:
Accept: Sharaf K (https:#a42350540)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
Pber
Experts-Exchange Cleanup Volunteer
I have recommended this question be closed as follows:
Accept: Sharaf K (https:#a42350540)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
Pber
Experts-Exchange Cleanup Volunteer
If an A records is missing or incorrect, you could have these kind of problems.
Also check the clock on both DC's and ensure they are synced within a second or two.