Windows domain not functioning right after update of VMWare infrastructure
I have the following issue; I updated a machine running three servers (PDC, BDC and RDS) from VMWare 5.5 tot 6.5. Update went okay; updated VMWare tools. Network uses VMXnet 3, so VMware tools updated the driver. After booting I needed to configure the network cards again (the Ip adres was gone, as was DNS settings, gateway etc.). Rebooted and everything seems fine. But clients since then have had issues where connecting to a share (shared through Group Policy) works, but after some time the system returns an error that the share is inaccecable because of failed authentication. I also use roaming profile settings; so the whole client gives error (desktop, setting etc. all become inavailable). When login in the shares are always correctly made. One exception being; i map the home directory through AD settings (user > profile) directly. This mapping doesn't work, without any clear error.
I checked a lot of things; a lot of error seemed to relate to group policy; so I reset the complete set; made several authorative restores; disconnected client from the domain, deleted local policy and added to domain again. Nothing helps structurally. So I'm hoping somebody can help point to the one thing I'm missing in this case.
I checked a lot of things; a lot of error seemed to relate to group policy; so I reset the complete set; made several authorative restores; disconnected client from the domain, deleted local policy and added to domain again. Nothing helps structurally. So I'm hoping somebody can help point to the one thing I'm missing in this case.
Restore your servers before you made any changes....I'm guessing now that AD replication is not working...
no immediate requirement to update VMware Tools.
You didn't update Virtual Machine Hardware did you ?
it would appear all your issues have arose, since network interfaces have been reset...
no immediate requirement to update VMware Tools.
You didn't update Virtual Machine Hardware did you ?
it would appear all your issues have arose, since network interfaces have been reset...
on each servers restart netlogon service and dns server service and then check if it workings
are clients able to logon locally in domain?
are clients able to logon locally in domain?
ASKER
In trying to figure out the issue I have restarted the servers so much that restarting the services aren't the issue. Users can logon locally and it usually starts out working fine; some group policy settings aren't applied but shares and roaming does work. After being logged in for some time (can be anywhere between 2 minutes and several hours) the client starts showing messages that the path to \\fileserver\share can't be accessed. The fileserver is also the backup domain controller.
When updateing VMWare I did upgrade the virtual machine to the latest version. As part of my search for a sollution I removed all network adaptors and installed them from scratch.
Attached the log files ..
dcdiag.log
dcdiag_dns.log
When updateing VMWare I did upgrade the virtual machine to the latest version. As part of my search for a sollution I removed all network adaptors and installed them from scratch.
Attached the log files ..
dcdiag.log
dcdiag_dns.log
Yes, I suspected that was the issue - again not necessary, unless you needed the new features provided by virtual machine hardware.
ASKER
I do have backups of the virtual machines; but the issues has been running for some days; so I would like to solve the issue going forward and not relying on backups. What is the best way to get this working as it should again? Most of the things I've done based on fixing the file replication, AD and such don't provide a stable sollution.
I see a couple of warnings regarding SYSVOL in the event log. I don't know Dutch but I assume from your previous comment that you were able to fix the FRS replication, so no more problems here?
What I don't like
What I don't like
Role Schema Owner = CN=NTDS Settings,CN=DSLEX2,CN=Servers,CN=Rotterdam,CN=Sites,CN=Configuration,DC=dsl,DC=local
Role Domain Owner = CN=NTDS Settings\0ADEL:c7d7666c-bb78-4c46-84f2-b0be02fa56e0,CN=DSLEX2,CN=Servers,CN=Rotterdam,CN=Sites,CN=Configuration,DC=dsl,DC=local
Warning:
CN=NTDS Settings\0ADEL:c7d7666c-bb78-4c46-84f2-b0be02fa56e0,CN=DSLEX2,CN=Servers,CN=Rotterdam,CN=Sites,CN=Configuration,DC=dsl,DC=local
is the Domain Owner, but is deleted.ASKER
Yes.. those errors are related to me doing an authorative restore..
From the error message it seems there is a domain owner that is missing. But the PDC has been PDC for a good few years now. The basis structure of the network hasn't changed in about 4 years.
From the error message it seems there is a domain owner that is missing. But the PDC has been PDC for a good few years now. The basis structure of the network hasn't changed in about 4 years.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
For the partition (DC=ForestDnsZones,DC=dsl,DC=local) we
encountered the following error retrieving the cross-ref's
(CN=deaecf6f-110c-42cb-b590-09746c9b4a68,CN=Partitions,CN=Configuration,DC=dsl,DC=local)
information:
LDAP Error 0x60 (96).
......................... ForestDnsZones failed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition (DC=ForestDnsZones,DC=dsl,DC=local) we
encountered the following error retrieving the cross-ref's
(CN=deaecf6f-110c-42cb-b590-09746c9b4a68,CN=Partitions,CN=Configuration,DC=dsl,DC=local)
information:
LDAP Error 0x60 (96).
......................... ForestDnsZones failed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
For the partition (DC=DomainDnsZones,DC=dsl,DC=local) we
encountered the following error retrieving the cross-ref's
(CN=e133f20a-bbbf-4ac9-8e1e-bcad4d4a1520,CN=Partitions,CN=Configuration,DC=dsl,DC=local)
information:
LDAP Error 0x60 (96).
......................... DomainDnsZones failed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition (DC=DomainDnsZones,DC=dsl,DC=local) we
encountered the following error retrieving the cross-ref's
(CN=e133f20a-bbbf-4ac9-8e1e-bcad4d4a1520,CN=Partitions,CN=Configuration,DC=dsl,DC=local)
information:
LDAP Error 0x60 (96).
......................... DomainDnsZones failed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition (CN=Schema,CN=Configuration,DC=dsl,DC=local) we
encountered the following error retrieving the cross-ref's
(CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=dsl,DC=local)
information:
LDAP Error 0x60 (96).
......................... Schema failed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition (CN=Configuration,DC=dsl,DC=local) we encountered
the following error retrieving the cross-ref's
(CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=dsl,DC=local)
information:
LDAP Error 0x60 (96).
......................... Configuration failed test CrossRefValidation
Running partition tests on : dsl
Starting test: CheckSDRefDom
......................... dsl passed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition (DC=dsl,DC=local) we encountered the following
error retrieving the cross-ref's
(CN=DSL,CN=Partitions,CN=Configuration,DC=dsl,DC=local)
information:
LDAP Error 0x60 (96).
......................... dsl failed test CrossRefValidation
LDAP Error 0x60 (96): LDAP_CLIENT_LOOP: Indicates the LDAP client detected a loop, for example, when following referrals.
No idea what happened to your partitions...
You should consider to follow Andrew Hancock's advice and restore the AD to a previous and working state. I understand your problems especially on the file server, but I'm not sure if this is fixable.
Found how to recreate the default partitions so you could remove and recreate them ... but you mileage may vary... never had to do this. This will clear all your DNS information!
http://www.dell.com/suppor
Found how to recreate the default partitions so you could remove and recreate them ... but you mileage may vary... never had to do this. This will clear all your DNS information!
http://www.dell.com/suppor
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the feedback! I really appreciate it. So far I did manage to solve the FSMO issue, but that did not solve the errors clients have been getting. I'll now try the suggestion of making the DSLEX2 server the only DC and see what that helps. The server also runs Exchange (hence the EX) but that should not be an issue as far as I can tell. I'll post an update when that is done..
The server also runs Exchange (hence the EX) but that should not be an issue as far as I can tell.
not recommended for other readers!
ASKER
Thank you all for the feedback.. I've managed to get things working again. I started with the tip for sizing down to one DC. There I resolved al AD issues that still remained. This did not solve the initial issue. I did get me to notice that one share, used by a few users, located on a NAS drive did keep it's link. So i simply installed a new Windows 2012 server, attached the virtual disk with all the datashares from the server with the errors. I named the server the same as the old one, same IP adres. Rebooted everything and now no more issues. If this situatie is stable, with a new clean PDC in place I'll rejoin the newly installed fileserver as BDC. Thanks again for all the help!
Open an administrative prompt on one DC and run
Open in new window
and attach both log files here