Cannot connect to Active Directory on server 2016

Have been setting up a new server running windows 2016 server. So far all that has been added apart from the default install is Active directory and DNS. I was originally receiving event id's 404, 407 and 408 on the DNS but that appears to be resolved. Still cannot contact the DC from an external machine and the active directory is reporting  event id 1202 for both DFR and ADWS. I have attached copies of the results from ipconfig /all, dcdiag and netstat. All but one of the network cards have been disabled as has IPV6 on the DC. Any help resolving this issue would be much appreciated as I'm running out of hair to pull out. :)
ipconfig.txt
dcdiag.txt
netstat.txt
John WetherallAsked:
Who is Participating?
 
MaheshConnect With a Mentor ArchitectCommented:
it seems that DFSR is failing though your sysvol and netlogon shares are shared

can you post output of "Net Share" command here
It should show both shares
If you have simply uncheck IPv6 checkbox from TCP/IP stack, that is fine, do not disable it from registry
did you get any latest DFSR replication stopped events in DFSR event logs ?

What you can do, you can rebuild DFS-R sysvol
Follow steps in below article and restore DFSR sysvol authoritatively...I believe this is the only server you have as DC, correct me if wrong?
https://www.experts-exchange.com/articles/17360/Active-Directory-DFSR-Sysvol-Authoritative-and-Non-Authoritative-Restore-Sequence.html

Then check how client works
1
 
arnoldCommented:
Your system does not seem to have sysvol
Net share
Sysvol/netlogon.

When you are saying you are unable to connect remotely, are you attempting to join the external to this DC?
Double check network center, in which zone dies the LAN connection show up, public is most restrictive meaning firewall rules prevent any external access.
The classification shoukd be in a private/work

I think IPv6 shoukd be enabled.
Port 445 deals with share access. It is not bound in your example.
0
 
John WetherallAuthor Commented:
Actually have the firewall off. I can access the sysvol folder from the pc I am trying to connect to the DC. The current set up is on a test bench, so it's only one pc, the server and a switch. I disabled IPv6 as it is listed as one of the possible solutions to this issue on TechNet. I can resolve the Domain on the DC, but not from an external PC.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
timgreen7077Exchange EngineerCommented:
The PC that you are trying to connect to the domain, is it on the same network as the domain, and is the PC pointing to domain server DNS. What ever the IP address of the DNS server is, make sure the PC is pointing to it for DNS, whether you have to manually enter the DNS servers on the PC or let DHCP provide it. If you can't connect it might be because the PC isnt point to the correct DNS server.
0
 
arnoldCommented:
Post the ipconfig and netstat from the system.
DHCP is not running on the server so as timgreen pointed the workstations may get a different name server record which has no info on your ad and thus can not be located.
0
 
John WetherallAuthor Commented:
The pc is statically set to
ip 192.168.0.2
sn 255.255.255.0
gw 192.168.0.250 (one on site)
DNS 192.168.0.99

Server
ip 192.168.0.99
sn 255.255.255.0
gw 192.168.0.250
dns 192.168.0.99
0
 
timgreen7077Exchange EngineerCommented:
Looks good. Are you getting any errors when you attempt to connect.
0
 
arnoldCommented:
Run the following

nslookup -q=SRV _tcp._ldap.dc._msdcs.247road.locali

nslookup -q=SRV _ldap._tcp.dc._msdcs.247road.local

Keeping mixing up,
0
 
John WetherallAuthor Commented:
Actually did have DCHP running on site, didn't re-install it after the last re-install of the server to simplify fault finding. Also have tested the pc connecting to my server here to rule out issues with the p.c.. After taking the new server out to the client and it not working with any of their PC's, brought it back to a more controlled environment.
0
 
arnoldCommented:
Run and post netstat -na
Checking which ports are open/listening.

IPv6
0
 
John WetherallAuthor Commented:
C:\Users\Administrator>nslookup -q=SRV _ldap._tcp.dc._msdcs.247road.local
Server:  UnKnown
Address:  192.168.0.99

_ldap._tcp.dc._msdcs.247road.local      SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = 247SERVER1.247ROAD.local
247SERVER1.247ROAD.local
0
 
John WetherallAuthor Commented:
Sorry, previous from the server, workstation just reports unknown domain.
0
 
arnoldCommented:
Here is my check list,
1) IP segment on site, netmask
2) DHCP server if any
3) existing DC?

I prefer running the DHCP on the server whose scope options for DNS only pushes the DC's ip.

No forwarders, unless there is a specific domain, VPN, etc. where requests from your internal need to be forwarded to.


Look at the ipconfig of the workstation that is being joined.
0
 
arnoldCommented:
Nslookup 247SERVER1.247ROAD.local

I suspect that while the firewall is off, port 389 is being blocked.

I.e. Try to connect using telnet to 192.168.0.99 389

Windows firewall, while the firewall might be off if the port is not it could fail to connect.

Use advanced firewall settings to allow LDAP 389 access on the server.
0
 
arnoldCommented:
Even when Windows firewall is disabled, the advanced firewall rules still apply/interfere.
0
 
John WetherallAuthor Commented:
C:\Users\Administrator>netstat -na

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:88             0.0.0.0:0              LISTENING
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:389            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:464            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:593            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:636            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:3268           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:3269           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:5985           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:9389           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:47001          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49664          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49665          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49666          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49667          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49669          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49670          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49673          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49678          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49697          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49730          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49810          0.0.0.0:0              LISTENING
  TCP    127.0.0.1:53           0.0.0.0:0              LISTENING
  TCP    127.0.0.1:389          127.0.0.1:49675        ESTABLISHED
  TCP    127.0.0.1:389          127.0.0.1:49677        ESTABLISHED
  TCP    127.0.0.1:389          127.0.0.1:49692        ESTABLISHED
  TCP    127.0.0.1:49675        127.0.0.1:389          ESTABLISHED
  TCP    127.0.0.1:49677        127.0.0.1:389          ESTABLISHED
  TCP    127.0.0.1:49692        127.0.0.1:389          ESTABLISHED
  TCP    192.168.0.99:53        0.0.0.0:0              LISTENING
  TCP    192.168.0.99:139       0.0.0.0:0              LISTENING
  TCP    192.168.0.99:389       192.168.0.99:49696     ESTABLISHED
  TCP    192.168.0.99:389       192.168.0.99:49723     ESTABLISHED
  TCP    192.168.0.99:389       192.168.0.99:49727     ESTABLISHED
  TCP    192.168.0.99:49696     192.168.0.99:389       ESTABLISHED
  TCP    192.168.0.99:49723     192.168.0.99:389       ESTABLISHED
  TCP    192.168.0.99:49727     192.168.0.99:389       ESTABLISHED
  TCP    [::]:88                [::]:0                 LISTENING
  TCP    [::]:135               [::]:0                 LISTENING
  TCP    [::]:445               [::]:0                 LISTENING
  TCP    [::]:464               [::]:0                 LISTENING
  TCP    [::]:593               [::]:0                 LISTENING
  TCP    [::]:5985              [::]:0                 LISTENING
  TCP    [::]:9389              [::]:0                 LISTENING
  TCP    [::]:47001             [::]:0                 LISTENING
  TCP    [::]:49664             [::]:0                 LISTENING
  TCP    [::]:49665             [::]:0                 LISTENING
  TCP    [::]:49666             [::]:0                 LISTENING
  TCP    [::]:49667             [::]:0                 LISTENING
  TCP    [::]:49669             [::]:0                 LISTENING
  TCP    [::]:49670             [::]:0                 LISTENING
  TCP    [::]:49673             [::]:0                 LISTENING
  TCP    [::]:49678             [::]:0                 LISTENING
  TCP    [::]:49697             [::]:0                 LISTENING
  TCP    [::]:49730             [::]:0                 LISTENING
  TCP    [::]:49810             [::]:0                 LISTENING
  TCP    [::1]:53               [::]:0                 LISTENING
  TCP    [::1]:49667            [::1]:49700            ESTABLISHED
  TCP    [::1]:49667            [::1]:49725            ESTABLISHED
  TCP    [::1]:49667            [::1]:49774            ESTABLISHED
  TCP    [::1]:49700            [::1]:49667            ESTABLISHED
  TCP    [::1]:49725            [::1]:49667            ESTABLISHED
  TCP    [::1]:49774            [::1]:49667            ESTABLISHED
  UDP    0.0.0.0:123            *:*
0
 
John WetherallAuthor Commented:
Actually checked the settings for the firewall and that is set to allow 389 before I disabled as a last resort. but will try telnet in a sec as well. Have been at this for 2 days and have gone thru everything I could find on TechNet or via web searches. Have re-installed the server 4 times to make sure I start clean with each major fault finding effort.
0
 
arnoldCommented:
Well your issue right now is that your workstation lacks access to the port 53 udp/TCP name server to resolve the domain.

389 is used after the DC is located by he command you posted for the lookup on the server.

You should disable the Windows firewall but go through the advanced firewall settings to allow inbound
Name server, port 53 access, limit the scope to private and work/domain leave it blocked on public. Zone.


Add zone 192.168.0 zone to your DNS server and then add pointer record
99 IN PTR 247server.247road.local.

This way instead of getting unknown, your lookups will reflect the name of the server hosting DNS.
0
 
John WetherallAuthor Commented:
Had already checked port 53 in the firewall. please see attached picture
port.JPG
0
 
arnoldCommented:
from the workstation you need to receive answers to
nslookup 247server.247road.local 192.168.0.99
nslookup -q=SRV _ldap._tcp.dc._msdcs.247road.local 192.168.0.99

until these provide responses identical to the data you get on the server, you will not advance.

In what zone does the server say it is in the network and internet settings for the local connection, does it show internet access? limited access.  You might want to disable the MS connection check
GPO computer configuration, administrative templates,system, internet connection management, internet communication settings
enable turn off windows network connectivity status indicator active test.

does the server have any additional software installed i.e. anti-virus/internet security that may interfer/block access to port 53, 389, 445?

double check that the
0
 
John WetherallAuthor Commented:
No other software. Fresh install of server and only added features are Domain services and dns. Have actually tried 3 different network cards 2x Intel and one realtek chipsets in case the driver was causing problems. no internet access as I have the system isolated but I can browse from each one to the other. The local connections is showing connected to domain 247ROAD.local. Will check the policies and get back to you on that one.
0
 
John WetherallAuthor Commented:
response to

nslookup 247server.247road.local 192.168.0.99
nslookup -q=SRV _ldap._tcp.dc._msdcs.247road.local 192.168.0.99

from the workstation attached
nslook.JPG
0
 
MaheshArchitectCommented:
The dcdiag output is not complete

please run dcdiag /v and dcdiag /q and post output of both commands

It is dcdiag only who can tell us now what is wrong with DC, I don't see any issue with client machine
0
 
John WetherallAuthor Commented:
Here are the results

C:\Users\Administrator>dcdiag /q
         There are warning or error events within the last 24 hours after the SYSVOL has been shared.  Failing SYSVOL
         replication problems may cause Group Policy problems.
         ......................... 247SERVER1 failed test DFSREvent

C:\Users\Administrator>dcdiag /v

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   * Verifying that the local machine 247SERVER1, is a Directory Server.
   Home Server = 247SERVER1
   * Connecting to directory service on server 247SERVER1.
   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=247ROAD,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=247ROAD,DC=local
   Getting ISTG and options for the site
   * Identifying all servers.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=247ROAD,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=247SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=247ROAD,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.
   * Found 1 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\247SERVER1
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         Determining IP4 connectivity
         * Active Directory RPC Services Check
         ......................... 247SERVER1 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\247SERVER1
      Starting test: Advertising
         The DC 247SERVER1 is advertising itself as a DC and having a DS.
         The DC 247SERVER1 is advertising as an LDAP server
         The DC 247SERVER1 is advertising as having a writeable directory
         The DC 247SERVER1 is advertising as a Key Distribution Center
         The DC 247SERVER1 is advertising as a time server
         The DS 247SERVER1 is advertising as a GC.
         ......................... 247SERVER1 passed test Advertising
      Test omitted by user request: CheckSecurityError
      Test omitted by user request: CutoffServers
      Starting test: FrsEvent
         * The File Replication Service Event log test
         Skip the test because the server is running DFSR.
         ......................... 247SERVER1 passed test FrsEvent
      Starting test: DFSREvent
         The DFS Replication Event Log.
         There are warning or error events within the last 24 hours after the SYSVOL has been shared.  Failing SYSVOL
         replication problems may cause Group Policy problems.
         An error event occurred.  EventID: 0xC00004B2
            Time Generated: 03/08/2018   03:52:25
            Event String:
            The DFS Replication service failed to contact domain controller  to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.

            Additional Information:
            Error: 160 (One or more arguments are not correct.)
         An error event occurred.  EventID: 0xC00004B2
            Time Generated: 03/08/2018   04:20:17
            Event String:
            The DFS Replication service failed to contact domain controller  to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.

            Additional Information:
            Error: 160 (One or more arguments are not correct.)
         An error event occurred.  EventID: 0xC00004B2
            Time Generated: 03/08/2018   04:51:19
            Event String:
            The DFS Replication service failed to contact domain controller  to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.

            Additional Information:
            Error: 160 (One or more arguments are not correct.)
         An error event occurred.  EventID: 0xC00004B2
            Time Generated: 03/08/2018   04:56:48
            Event String:
            The DFS Replication service failed to contact domain controller  to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.

            Additional Information:
            Error: 160 (One or more arguments are not correct.)
         An error event occurred.  EventID: 0xC00004B2
            Time Generated: 03/08/2018   05:05:53
            Event String:
            The DFS Replication service failed to contact domain controller  to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.

            Additional Information:
            Error: 160 (One or more arguments are not correct.)
         An error event occurred.  EventID: 0xC00004B2
            Time Generated: 03/08/2018   06:01:09
            Event String:
            The DFS Replication service failed to contact domain controller  to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.

            Additional Information:
            Error: 160 (One or more arguments are not correct.)
         An error event occurred.  EventID: 0xC00004B2
            Time Generated: 03/08/2018   06:28:18
            Event String:
            The DFS Replication service failed to contact domain controller  to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.

            Additional Information:
            Error: 160 (One or more arguments are not correct.)
         An error event occurred.  EventID: 0xC00004B2
            Time Generated: 03/08/2018   06:46:32
            Event String:
            The DFS Replication service failed to contact domain controller  to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.

            Additional Information:
            Error: 160 (One or more arguments are not correct.)
         An error event occurred.  EventID: 0xC00004B2
            Time Generated: 03/08/2018   07:20:49
            Event String:
            The DFS Replication service failed to contact domain controller  to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.

            Additional Information:
            Error: 160 (One or more arguments are not correct.)
         An error event occurred.  EventID: 0xC00004B2
            Time Generated: 03/08/2018   07:32:47
            Event String:
            The DFS Replication service failed to contact domain controller  to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.

            Additional Information:
            Error: 160 (One or more arguments are not correct.)
         An error event occurred.  EventID: 0xC00004B2
            Time Generated: 03/08/2018   08:24:30
            Event String:
            The DFS Replication service failed to contact domain controller  to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.

            Additional Information:
            Error: 160 (One or more arguments are not correct.)
         An error event occurred.  EventID: 0xC00004B2
            Time Generated: 03/08/2018   09:57:02
            Event String:
            The DFS Replication service failed to contact domain controller  to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.

            Additional Information:
            Error: 160 (One or more arguments are not correct.)
         An error event occurred.  EventID: 0xC00004B2
            Time Generated: 03/08/2018   10:04:00
            Event String:
            The DFS Replication service failed to contact domain controller  to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.

            Additional Information:
            Error: 160 (One or more arguments are not correct.)
         An error event occurred.  EventID: 0xC00004B2
            Time Generated: 03/08/2018   10:44:03
            Event String:
            The DFS Replication service failed to contact domain controller  to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.

            Additional Information:
            Error: 160 (One or more arguments are not correct.)
         An error event occurred.  EventID: 0xC00004B2
            Time Generated: 03/08/2018   11:09:03
            Event String:
            The DFS Replication service failed to contact domain controller  to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.

            Additional Information:
            Error: 160 (One or more arguments are not correct.)
         ......................... 247SERVER1 failed test DFSREvent
      Starting test: SysVolCheck
         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... 247SERVER1 passed test SysVolCheck
      Starting test: KccEvent
         * The KCC Event log test
         Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
         ......................... 247SERVER1 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=247SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=247ROAD,DC=local
         Role Domain Owner = CN=NTDS Settings,CN=247SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=247ROAD,DC=local
         Role PDC Owner = CN=NTDS Settings,CN=247SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=247ROAD,DC=local
         Role Rid Owner = CN=NTDS Settings,CN=247SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=247ROAD,DC=local
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=247SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=247ROAD,DC=local
         ......................... 247SERVER1 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         Checking machine account for DC 247SERVER1 on DC 247SERVER1.
         * SPN found :LDAP/247SERVER1.247ROAD.local/247ROAD.local
         * SPN found :LDAP/247SERVER1.247ROAD.local
         * SPN found :LDAP/247SERVER1
         * SPN found :LDAP/247SERVER1.247ROAD.local/247ROAD
         * SPN found :LDAP/f6496178-a9c8-49c2-a0b9-491b7dbb777a._msdcs.247ROAD.local
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/f6496178-a9c8-49c2-a0b9-491b7dbb777a/247ROAD.local
         * SPN found :HOST/247SERVER1.247ROAD.local/247ROAD.local
         * SPN found :HOST/247SERVER1.247ROAD.local
         * SPN found :HOST/247SERVER1
         * SPN found :HOST/247SERVER1.247ROAD.local/247ROAD
         * SPN found :GC/247SERVER1.247ROAD.local/247ROAD.local
         ......................... 247SERVER1 passed test MachineAccount
      Starting test: NCSecDesc
         * Security Permissions check for all NC's on DC 247SERVER1.
         * Security Permissions Check for
           DC=ForestDnsZones,DC=247ROAD,DC=local
            (NDNC,Version 3)
         * Security Permissions Check for
           DC=DomainDnsZones,DC=247ROAD,DC=local
            (NDNC,Version 3)
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=247ROAD,DC=local
            (Schema,Version 3)
         * Security Permissions Check for
           CN=Configuration,DC=247ROAD,DC=local
            (Configuration,Version 3)
         * Security Permissions Check for
           DC=247ROAD,DC=local
            (Domain,Version 3)
         ......................... 247SERVER1 passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         Verified share \\247SERVER1\netlogon
         Verified share \\247SERVER1\sysvol
         ......................... 247SERVER1 passed test NetLogons
      Starting test: ObjectsReplicated
         247SERVER1 is in domain DC=247ROAD,DC=local
         Checking for CN=247SERVER1,OU=Domain Controllers,DC=247ROAD,DC=local in domain DC=247ROAD,DC=local on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=247SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=247ROAD,DC=local in domain CN=Configuration,DC=247ROAD,DC=local on 1 servers
            Object is up-to-date on all servers.
         ......................... 247SERVER1 passed test ObjectsReplicated
      Test omitted by user request: OutboundSecureChannels
      Starting test: Replications
         * Replications Check
         * Replication Latency Check
         ......................... 247SERVER1 passed test Replications
      Starting test: RidManager
         * Available RID Pool for the Domain is 1600 to 1073741823
         * 247SERVER1.247ROAD.local is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 1100 to 1599
         * rIDPreviousAllocationPool is 1100 to 1599
         * rIDNextRID: 1102
         ......................... 247SERVER1 passed test RidManager
      Starting test: Services
         * Checking Service: EventSystem
         * Checking Service: RpcSs
         * Checking Service: NTDS
         * Checking Service: DnsCache
         * Checking Service: DFSR
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... 247SERVER1 passed test Services
      Starting test: SystemLog
         * The System Event log test
         Found no errors in "System" Event log in the last 60 minutes.
         ......................... 247SERVER1 passed test SystemLog
      Test omitted by user request: Topology
      Test omitted by user request: VerifyEnterpriseReferences
      Starting test: VerifyReferences
         The system object reference (serverReference) CN=247SERVER1,OU=Domain Controllers,DC=247ROAD,DC=local and
         backlink on CN=247SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=247ROAD,DC=local
         are correct.
         The system object reference (serverReferenceBL)
         CN=247SERVER1,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=247ROAD,DC=local and
         backlink on
         CN=NTDS Settings,CN=247SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=247ROAD,DC=local
         are correct.
         The system object reference (msDFSR-ComputerReferenceBL)
         CN=247SERVER1,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=247ROAD,DC=local and
         backlink on CN=247SERVER1,OU=Domain Controllers,DC=247ROAD,DC=local are correct.
         ......................... 247SERVER1 passed test VerifyReferences
      Test omitted by user request: VerifyReplicas

      Test omitted by user request: DNS
      Test omitted by user request: DNS

   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : 247ROAD
      Starting test: CheckSDRefDom
         ......................... 247ROAD passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... 247ROAD passed test CrossRefValidation

   Running enterprise tests on : 247ROAD.local
      Test omitted by user request: DNS
      Test omitted by user request: DNS
      Starting test: LocatorCheck
         GC Name: \\247SERVER1.247ROAD.local
         Locator Flags: 0xe001f3fd
         PDC Name: \\247SERVER1.247ROAD.local
         Locator Flags: 0xe001f3fd
         Time Server Name: \\247SERVER1.247ROAD.local
         Locator Flags: 0xe001f3fd
         Preferred Time Server Name: \\247SERVER1.247ROAD.local
         Locator Flags: 0xe001f3fd
         KDC Name: \\247SERVER1.247ROAD.local
         Locator Flags: 0xe001f3fd
         ......................... 247ROAD.local passed test LocatorCheck
      Starting test: Intersite
         Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments
         provided.
         ......................... 247ROAD.local passed test Intersite

C:\Users\Administrator>
0
 
John WetherallAuthor Commented:
At the moment yes, it is intended to be the first DC. and yes, just unticked the box for IPv6.

C:\Users\Administrator>net share

Share name   Resource                        Remark

-------------------------------------------------------------------------------
C$           C:\                             Default share
IPC$                                         Remote IPC
ADMIN$       C:\Windows                      Remote Admin
NETLOGON     C:\Windows\SYSVOL\sysvol\247ROAD.local\SCRIPTS
                                             Logon server share
SYSVOL       C:\Windows\SYSVOL\sysvol        Logon server share
The command completed successfully.


C:\Users\Administrator>

will go and try the rebuild
0
 
MaheshArchitectCommented:
That's perfectly fine

Note that you need to follow article steps under "Authoritative Restore"
0
 
John WetherallAuthor Commented:
Just realised that since I hadn't installed the DFSR Role, the tools are not there, just sorting it out.
0
 
MaheshArchitectCommented:
no need to install DFSR role, its DC, by default DFS-R service will be there, its by design
0
 
John WetherallAuthor Commented:
Yes but the tools aren't, needed DFSRDIAG installed. just completed it and every thing came up as completed no errors. Still no joy.
0
 
MaheshArchitectCommented:
have you completed dfsr authoritative restore?

can you check event logs on DC  - DFSR events
0
 
John WetherallAuthor Commented:
last event id is 1202 - failed to contact domain controller
0
 
MaheshArchitectCommented:
did you see any dfsr restore related events?

After that can you restart dfsr service and let me know what events are generated?
it can be successful and failed both?
0
 
John WetherallAuthor Commented:
Log Name:      DFS Replication
Source:        DFSR
Date:          8/03/2018 9:28:56 PM
Event ID:      4602
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      247SERVER1.247ROAD.local
Description:
The DFS Replication service successfully initialized the SYSVOL replicated folder at local path C:\Windows\SYSVOL\domain. This member is the designated primary member for this replicated folder. No user action is required. To check for the presence of the SYSVOL share, open a command prompt window and then type "net share".
 
Additional Information:
Replicated Folder Name: SYSVOL Share
Replicated Folder ID: 792B0847-1C0D-41C0-B46E-B606FFEDA593
Replication Group Name: Domain System Volume
Replication Group ID: 40CA34E9-D774-44CF-9023-9A85826019AB
Member ID: 90BABC6C-23C8-40F7-89DA-C482DBBF5151
Read-Only: 0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="DFSR" />
    <EventID Qualifiers="16384">4602</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2018-03-08T10:28:56.453089300Z" />
    <EventRecordID>205</EventRecordID>
    <Channel>DFS Replication</Channel>
    <Computer>247SERVER1.247ROAD.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>792B0847-1C0D-41C0-B46E-B606FFEDA593</Data>
    <Data>C:\Windows\SYSVOL\domain</Data>
    <Data>SYSVOL Share</Data>
    <Data>Domain System Volume</Data>
    <Data>40CA34E9-D774-44CF-9023-9A85826019AB</Data>
    <Data>90BABC6C-23C8-40F7-89DA-C482DBBF5151</Data>
    <Data>
    </Data>
    <Data>0</Data>
  </EventData>
</Event>

Log Name:      DFS Replication
Source:        DFSR
Date:          8/03/2018 9:26:58 PM
Event ID:      1210
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      247SERVER1.247ROAD.local
Description:
The DFS Replication service successfully set up an RPC listener for incoming replication requests.
 
Additional Information:
Port: 0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="DFSR" />
    <EventID Qualifiers="16384">1210</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2018-03-08T10:26:58.864698100Z" />
    <EventRecordID>204</EventRecordID>
    <Channel>DFS Replication</Channel>
    <Computer>247SERVER1.247ROAD.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>0</Data>
  </EventData>
</Event>

Log Name:      DFS Replication
Source:        DFSR
Date:          8/03/2018 9:26:58 PM
Event ID:      2010
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      247SERVER1.247ROAD.local
Description:
The DFS Replication service has detected that all replicated folders on volume C: have been disabled or deleted.
 
Additional Information:
Volume: 9A068A0B-0000-0000-0000-501F00000000
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="DFSR" />
    <EventID Qualifiers="16384">2010</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2018-03-08T10:26:58.864698100Z" />
    <EventRecordID>203</EventRecordID>
    <Channel>DFS Replication</Channel>
    <Computer>247SERVER1.247ROAD.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>9A068A0B-0000-0000-0000-501F00000000</Data>
    <Data>C:</Data>
  </EventData>
</Event>

Log Name:      DFS Replication
Source:        DFSR
Date:          8/03/2018 9:26:58 PM
Event ID:      4114
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      247SERVER1.247ROAD.local
Description:
The replicated folder at local path C:\Windows\SYSVOL\domain has been disabled. The replicated folder will not participate in replication until it is enabled. All data in the replicated folder will be treated as pre-existing data when this replicated folder is enabled.
 
Additional Information:
Replicated Folder Name: SYSVOL Share
Replicated Folder ID: 792B0847-1C0D-41C0-B46E-B606FFEDA593
Replication Group Name: Domain System Volume
Replication Group ID: 40CA34E9-D774-44CF-9023-9A85826019AB
Member ID: 90BABC6C-23C8-40F7-89DA-C482DBBF5151
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="DFSR" />
    <EventID Qualifiers="16384">4114</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2018-03-08T10:26:58.724022000Z" />
    <EventRecordID>202</EventRecordID>
    <Channel>DFS Replication</Channel>
    <Computer>247SERVER1.247ROAD.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>792B0847-1C0D-41C0-B46E-B606FFEDA593</Data>
    <Data>C:\Windows\SYSVOL\domain</Data>
    <Data>SYSVOL Share</Data>
    <Data>Domain System Volume</Data>
    <Data>40CA34E9-D774-44CF-9023-9A85826019AB</Data>
    <Data>90BABC6C-23C8-40F7-89DA-C482DBBF5151</Data>
  </EventData>
</Event>

Log Name:      DFS Replication
Source:        DFSR
Date:          8/03/2018 9:26:58 PM
Event ID:      1206
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      247SERVER1.247ROAD.local
Description:
The DFS Replication service successfully contacted domain controller 247SERVER1.247ROAD.local to access configuration information.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="DFSR" />
    <EventID Qualifiers="16384">1206</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2018-03-08T10:26:58.708417600Z" />
    <EventRecordID>201</EventRecordID>
    <Channel>DFS Replication</Channel>
    <Computer>247SERVER1.247ROAD.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>247SERVER1.247ROAD.local</Data>
  </EventData>
</Event>

Log Name:      DFS Replication
Source:        DFSR
Date:          8/03/2018 9:26:57 PM
Event ID:      6102
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      247SERVER1.247ROAD.local
Description:
The DFS Replication service has successfully registered the WMI provider.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="DFSR" />
    <EventID Qualifiers="16384">6102</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2018-03-08T10:26:57.473807600Z" />
    <EventRecordID>200</EventRecordID>
    <Channel>DFS Replication</Channel>
    <Computer>247SERVER1.247ROAD.local</Computer>
    <Security />
  </System>
  <EventData>
  </EventData>
</Event>

Log Name:      DFS Replication
Source:        DFSR
Date:          8/03/2018 9:26:54 PM
Event ID:      1314
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      247SERVER1.247ROAD.local
Description:
The DFS Replication service successfully configured the debug log files.
 
Additional Information:
Debug Log File Path: C:\Windows\debug
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="DFSR" />
    <EventID Qualifiers="16384">1314</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2018-03-08T10:26:54.270857500Z" />
    <EventRecordID>199</EventRecordID>
    <Channel>DFS Replication</Channel>
    <Computer>247SERVER1.247ROAD.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>C:\Windows\debug</Data>
  </EventData>
</Event>

Log Name:      DFS Replication
Source:        DFSR
Date:          8/03/2018 9:26:54 PM
Event ID:      1004
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      247SERVER1.247ROAD.local
Description:
The DFS Replication service has started.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="DFSR" />
    <EventID Qualifiers="16384">1004</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2018-03-08T10:26:54.239671200Z" />
    <EventRecordID>198</EventRecordID>
    <Channel>DFS Replication</Channel>
    <Computer>247SERVER1.247ROAD.local</Computer>
    <Security />
  </System>
  <EventData>
  </EventData>
</Event>

Log Name:      DFS Replication
Source:        DFSR
Date:          8/03/2018 9:26:54 PM
Event ID:      1002
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      247SERVER1.247ROAD.local
Description:
The DFS Replication service is starting.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="DFSR" />
    <EventID Qualifiers="16384">1002</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2018-03-08T10:26:54.239671200Z" />
    <EventRecordID>197</EventRecordID>
    <Channel>DFS Replication</Channel>
    <Computer>247SERVER1.247ROAD.local</Computer>
    <Security />
  </System>
  <EventData>
  </EventData>
</Event>

Log Name:      DFS Replication
Source:        DFSR
Date:          8/03/2018 9:26:11 PM
Event ID:      1008
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      247SERVER1.247ROAD.local
Description:
The DFS Replication service has stopped.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="DFSR" />
    <EventID Qualifiers="16384">1008</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2018-03-08T10:26:11.894693100Z" />
    <EventRecordID>196</EventRecordID>
    <Channel>DFS Replication</Channel>
    <Computer>247SERVER1.247ROAD.local</Computer>
    <Security />
  </System>
  <EventData>
  </EventData>
</Event>

Log Name:      DFS Replication
Source:        DFSR
Date:          8/03/2018 9:26:11 PM
Event ID:      1006
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      247SERVER1.247ROAD.local
Description:
The DFS Replication service is stopping.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="DFSR" />
    <EventID Qualifiers="16384">1006</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2018-03-08T10:26:11.503983000Z" />
    <EventRecordID>195</EventRecordID>
    <Channel>DFS Replication</Channel>
    <Computer>247SERVER1.247ROAD.local</Computer>
    <Security />
  </System>
  <EventData>
  </EventData>
</Event>

Log Name:      DFS Replication
Source:        DFSR
Date:          8/03/2018 9:25:23 PM
Event ID:      2010
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      247SERVER1.247ROAD.local
Description:
The DFS Replication service has detected that all replicated folders on volume C: have been disabled or deleted.
 
Additional Information:
Volume: 9A068A0B-0000-0000-0000-501F00000000
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="DFSR" />
    <EventID Qualifiers="16384">2010</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2018-03-08T10:25:23.576075100Z" />
    <EventRecordID>194</EventRecordID>
    <Channel>DFS Replication</Channel>
    <Computer>247SERVER1.247ROAD.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>9A068A0B-0000-0000-0000-501F00000000</Data>
    <Data>C:</Data>
  </EventData>
</Event>

Log Name:      DFS Replication
Source:        DFSR
Date:          8/03/2018 9:25:23 PM
Event ID:      4114
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      247SERVER1.247ROAD.local
Description:
The replicated folder at local path C:\Windows\SYSVOL\domain has been disabled. The replicated folder will not participate in replication until it is enabled. All data in the replicated folder will be treated as pre-existing data when this replicated folder is enabled.
 
Additional Information:
Replicated Folder Name: SYSVOL Share
Replicated Folder ID: 792B0847-1C0D-41C0-B46E-B606FFEDA593
Replication Group Name: Domain System Volume
Replication Group ID: 40CA34E9-D774-44CF-9023-9A85826019AB
Member ID: 90BABC6C-23C8-40F7-89DA-C482DBBF5151
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="DFSR" />
    <EventID Qualifiers="16384">4114</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2018-03-08T10:25:23.451063800Z" />
    <EventRecordID>193</EventRecordID>
    <Channel>DFS Replication</Channel>
    <Computer>247SERVER1.247ROAD.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>792B0847-1C0D-41C0-B46E-B606FFEDA593</Data>
    <Data>C:\Windows\SYSVOL\domain</Data>
    <Data>SYSVOL Share</Data>
    <Data>Domain System Volume</Data>
    <Data>40CA34E9-D774-44CF-9023-9A85826019AB</Data>
    <Data>90BABC6C-23C8-40F7-89DA-C482DBBF5151</Data>
  </EventData>
</Event>

Log Name:      DFS Replication
Source:        DFSR
Date:          8/03/2018 9:11:22 PM
Event ID:      1210
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      247SERVER1.247ROAD.local
Description:
The DFS Replication service successfully set up an RPC listener for incoming replication requests.
 
Additional Information:
Port: 0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="DFSR" />
    <EventID Qualifiers="16384">1210</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2018-03-08T10:11:22.090311000Z" />
    <EventRecordID>192</EventRecordID>
    <Channel>DFS Replication</Channel>
    <Computer>247SERVER1.247ROAD.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>0</Data>
  </EventData>
</Event>

Log Name:      DFS Replication
Source:        DFSR
Date:          8/03/2018 9:11:21 PM
Event ID:      1206
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      247SERVER1.247ROAD.local
Description:
The DFS Replication service successfully contacted domain controller 247SERVER1.247ROAD.local to access configuration information.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="DFSR" />
    <EventID Qualifiers="16384">1206</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2018-03-08T10:11:21.934048800Z" />
    <EventRecordID>191</EventRecordID>
    <Channel>DFS Replication</Channel>
    <Computer>247SERVER1.247ROAD.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>247SERVER1.247ROAD.local</Data>
  </EventData>
</Event>
0
 
MaheshArchitectCommented:
I can see event ID 1206 which means problem is resolved now.

Are you still facing problem joining machine to domain?
0
 
John WetherallAuthor Commented:
Yes, still the same issue. Though after 3 days of fault finding, this server has the cleanest event logs I've ever seen. Thanks for you help so far. This is a really strange one.
0
 
MaheshArchitectCommented:
what error you are getting on machine when you tried to join it to domain?

what is the OS version of client, is it home edition ?
0
 
John WetherallAuthor Commented:
No all the machines I have tried have either been 10 or 7 pro. The current machine is windows 7 Pro.
join.JPG
0
 
MaheshArchitectCommented:
how the NIC configured on client?
advanced dns properties should be configured to append primary dns suffix and not search list

DNS Config
run below command on DC from elevated powershell and restart it and then check
Set-SmbServerConfiguration -EnableSMB2Protocol $true

Open in new window

0
 
John WetherallAuthor Commented:
Yes the work station is set as above under dns. Reboot both the Server and Workstation after completing the instruction above. Still getting the same error.
0
 
John WetherallAuthor Commented:
and after the reboot the 1202 errors have returned.
0
 
MaheshArchitectCommented:
not sure if below command will work but you can give a try from elevated command  prompt:

netdom resetpwd /Server:DCName /UserD:administrator /PasswordD:*

Open in new window


If above command worked successfully, then reboot the DC once and check if it works
0
 
John WetherallAuthor Commented:
Had no affect. Still got the 1202's after the reboot and no connect. the command did complete successfully.
0
 
arnoldCommented:
Use the network wizard to join the workstation to the domain.
The simple change always had done wiered behavior.

In the join.jog instead of simply changing from workstation to do ain, click the button midway and to the right.

And you should be fine.
0
 
John WetherallAuthor Commented:
The wizard gives the same error.
0
 
arnoldCommented:
Did you disable uac? The join task is an elevated, do you get prompted for admin during your join attempt?
0
 
John WetherallAuthor Commented:
Yes, uac is disabled on the workstation.
0
 
arnoldCommented:
That is your problem. The Join has to be elevated, when uac is disabled, if you are not running as administrator, not merely using an account that is a member of administrators.

Disable uac if you must, after the joining to the domain.
0
 
John WetherallAuthor Commented:
Activating uac had no effect and plugging into my network it has no problem locating the svr record from my server.
0
 
arnoldCommented:
Do you get prompted to elevate rights when running the advanced system settings? Do you raise the rights such that it runs in admin mode?
Do these systems use local or Microsoft login accounts?.
0
 
John WetherallAuthor Commented:
all the machines I have tried have used local accounts. the current machine is using windows 7 pro and no prompt as I do everything as administrator. Fairly sure this isn't a workstation issue as I have tried it with 4 separate workstations at 2 locations with both windows 7pro and windows 10 pro. I have also tested the  windows 7 pro on my own DC and it has no issues
0
 
arnoldCommented:
Using the system as administrator, does not mean you operating in elevated mode.

Try the following, start+R open cmd.exe (first window)
Now, in the start search, search for cmd.exe, right click on command and run as administrators. (Second window)
Try to add a feature in the first window
dism /online /enable-feature:SNMP
See whether you get a message that you have to run it in elevated.
Try running netstat -anb and see what you get.
0
 
John WetherallAuthor Commented:
On which machine would you like me to run these?
0
 
arnoldCommented:
On the workstation that points to 192.16.0.99 as the name server and where you are running into ad join issues.

Based on your prior response, the 247server1 resolves to 192.168.0.99, and the SRV record lookup returns the data.
Only possible issue us a restriction when the process dealing with promoting for credentials, info to join domain.

If you have the option, build a workstation from scratch, use local user account, and Ho through the domain joining process on a prestine system.
And see if you get the same error, or it joins means sonething on these workstations is the issue.

Check on the services on the 2016 to make sure you do not have NLA service enabled. Service bars access to clients that do not have a marker that they are "safe" I.e. Have anti-virus, infection counter measures.
0
 
John WetherallAuthor Commented:
ok, have checked nla on the server. it's off. have connected a freshly built machine I had boxed waiting for a client to pick up, windows 10 pro. same result.

Had already run the commands you requested on the test workstation both worked ok, no request to raise function level and nothing blocking the required ports.
0
 
arnoldCommented:
I will go back to your server's Windows firewall as being the culprit. There are different RPC and other components.
In what zone in network and internet settings does the server say it is in, private, domain?
Get an dm stall wireshark or Microsoft network monitor tool on a workstation and on the server.
Point being compare the traffic generated on the workstation with destination to the server and on the server what it receives from the workstation.
0
 
John WetherallConnect With a Mentor Author Commented:
Thanks for you help Arnold. have resolved the issue. on top of the Issues I was having with the server turns out the here was switch was faulty. So even though I had resolved the initial problem with the server earlier, it was still throwing errors. changed the switch and now connecting fine.
1
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.