Troy Culpepper
asked on
Domain is not available, multiple DNS AD problems
Good evening, first time here so go easy on me! We recently had a one of two DC's go down (not holding FSMO roles). Got another one up and all worked fine for a few days. When I went in to remove metadata, things started falling apart. To the point that now, I have multiple DNS/AD issues. The domain is unavailable and force replication via NTDS fails though gpresult /r shows that it has replicated group policy, I can see DNS replicating and LDAP appears to be working. However, in short, my network is down hard. When I run dcdiag /test:dns I get:
DC01
DC03 (other server)
I have been through IP CONFIGS over and over with partner DNS server is primary on both and 127.0.0.1 as secondary
SRV records are in the _msdcs zone and the GUID records are where they should be but it still throws the error about the GUID
AD DS BPA shows multiple "AD SD BPA should be able to collect data about the dns record ..." on server #1 but no DNS errors
the other server has no dns problems under BPA but is throwing error 4015
I know you are going to ask for more info but that's all I can think to put in right now. Thanks in advance!
DC01
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = MAETSDC01
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\MAETSDC01
Starting test: Connectivity
The host c18ae1d9-1b05-46ee-b2f8-2e13ee647ac3._msdcs.maets.net could
not be resolved to an IP address. Check the DNS server, DHCP, server
name, etc.
Got error while checking LDAP and RPC connectivity. Please check your
firewall settings.
......................... MAETSDC01 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\MAETSDC01
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... MAETSDC01 passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : maets
Running enterprise tests on : maets.net
Starting test: DNS
Test results for domain controllers:
DC: MAETSDC01.maets.net
Domain: maets.net
TEST: Basic (Basc)
Error: No LDAP connectivity
No host records (A or AAAA) were found for this DC
TEST: Records registration (RReg)
Error: Record registrations cannot be found for all the network
adapters
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: maets.net
MAETSDC01 PASS FAIL PASS PASS PASS FAIL n/a
......................... maets.net failed test DNS
DC03 (other server)
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DC03
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC03
Starting test: Connectivity
The host cac57277-1d29-4c31-83ee-7361815461c9._msdcs.maets.net could
not be resolved to an IP address. Check the DNS server, DHCP, server
name, etc.
Got error while checking LDAP and RPC connectivity. Please check your
firewall settings.
......................... DC03 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC03
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... 03 passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : maets
Running enterprise tests on : maets.net
Starting test: DNS
Test results for domain controllers:
DC: MAETSDC03.maets.net
Domain: maets.net
TEST: Basic (Basc)
Error: No LDAP connectivity
No host records (A or AAAA) were found for this DC
TEST: Records registration (RReg)
Error: Record registrations cannot be found for all the network
adapters
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: maets.net
MAETSDC03 PASS FAIL PASS PASS PASS FAIL n/a
......................... maets.net failed test DNS
I have been through IP CONFIGS over and over with partner DNS server is primary on both and 127.0.0.1 as secondary
SRV records are in the _msdcs zone and the GUID records are where they should be but it still throws the error about the GUID
AD DS BPA shows multiple "AD SD BPA should be able to collect data about the dns record ..." on server #1 but no DNS errors
the other server has no dns problems under BPA but is throwing error 4015
I know you are going to ask for more info but that's all I can think to put in right now. Thanks in advance!
Do you have the system state backup when everything was running good , if yes then you may again take fresh system state backup of the DC and restore the earlier one on DC.
ASKER
No, we have no good backups.
On both servers, if antivirus is running stop and disable its services
point both servers to their own IP as primary dns and other Dc as secondary IP and restart netlogon service followed by dns server service
Then check if how AD replication is going on by running repadmin /syncall on both DCs from elevated cmd
If still fails:
post output of below commands from PDC from elevated cmd here
repadmin /showrepl
dcdiag /v
point both servers to their own IP as primary dns and other Dc as secondary IP and restart netlogon service followed by dns server service
Then check if how AD replication is going on by running repadmin /syncall on both DCs from elevated cmd
If still fails:
post output of below commands from PDC from elevated cmd here
repadmin /showrepl
dcdiag /v
You may explore different options of ntdsutil to fix the stuff one by one... https://www.serverbrain.org/active-directory-planning-008/using-ntdsutil-for-active-directory-database-troubleshooting-and-repair.html
also what about AD services, are they running or they got paused?
ASKER
Mahesh, all services set to automatic are running. The suggested fix failed, here are print outs.
Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\MA ETSDC01
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: c18ae1d9-1b05-46ee-b2f8-2e 13ee647ac3
DSA invocationID: 52a0facc-3cd4-4d1d-a913-bd 5eb37135e7
==== INBOUND NEIGHBORS ========================== ========== ==
DC=maets,DC=net
Default-First-Site-Name\MA ETSDC03 via RPC
DSA object GUID: cac57277-1d29-4c31-83ee-73 61815461c9
Last attempt @ 2019-02-19 06:40:18 was successful.
CN=Configuration,DC=maets, DC=net
Default-First-Site-Name\MA ETSDC03 via RPC
DSA object GUID: cac57277-1d29-4c31-83ee-73 61815461c9
Last attempt @ 2019-02-19 05:56:29 was successful.
CN=Schema,CN=Configuration ,DC=maets, DC=net
Default-First-Site-Name\MA ETSDC03 via RPC
DSA object GUID: cac57277-1d29-4c31-83ee-73 61815461c9
Last attempt @ 2019-02-19 05:56:29 was successful.
DC=DomainDnsZones,DC=maets ,DC=net
Default-First-Site-Name\MA ETSDC03 via RPC
DSA object GUID: cac57277-1d29-4c31-83ee-73 61815461c9
Last attempt @ 2019-02-19 06:40:13 was successful.
DC=ForestDnsZones,DC=maets ,DC=net
Default-First-Site-Name\MA ETSDC03 via RPC
DSA object GUID: cac57277-1d29-4c31-83ee-73 61815461c9
Last attempt @ 2019-02-19 05:56:29 was successful.
__________________________ __________ __________ __________ __________
irectory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine MAETSDC01, is a Directory Server.
Home Server = MAETSDC01
* Connecting to directory service on server MAETSDC01.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld, CN=Sites,C N=Configur ation,DC=m aets,DC=ne t,LDAP_SCO PE_SUBTREE ,(objectCa tegory=ntD SSiteSetti ngs),..... ..
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First- Site-Name, CN=Sites,C N=Configur ation,DC=m aets,DC=ne t
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld, CN=Sites,C N=Configur ation,DC=m aets,DC=ne t,LDAP_SCO PE_SUBTREE ,(objectCl ass=ntDSDs a),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=MAETSDC01,CN=S ervers,CN= Default-Fi rst-Site-N ame,CN=Sit es,CN=Conf iguration, DC=maets,D C=net
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=DCREMOTE,CN=Se rvers,CN=D efault-Fir st-Site-Na me,CN=Site s,CN=Confi guration,D C=maets,DC =net
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
Server is an RODC
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=MAETSDC03,CN=S ervers,CN= Default-Fi rst-Site-N ame,CN=Sit es,CN=Conf iguration, DC=maets,D C=net
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\MA ETSDC01
Starting test: Connectivity
* Active Directory LDAP Services Check
The host c18ae1d9-1b05-46ee-b2f8-2e 13ee647ac3 ._msdcs.ma ets.net could
not be resolved to an IP address. Check the DNS server, DHCP, server
name, etc.
Got error while checking LDAP and RPC connectivity. Please check your
firewall settings.
......................... MAETSDC01 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\MA ETSDC01
Skipping all tests, because server MAETSDC01 is not responding to
directory service requests.
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : maets
Starting test: CheckSDRefDom
......................... maets passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... maets passed test CrossRefValidation
Running enterprise tests on : maets.net
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\MAETSDC01.maets.net
Locator Flags: 0xe000f3fd
PDC Name: \\MAETSDC01.maets.net
Locator Flags: 0xe000f3fd
Time Server Name: \\MAETSDC01.maets.net
Locator Flags: 0xe000f3fd
Preferred Time Server Name: \\MAETSDC01.maets.net
Locator Flags: 0xe000f3fd
KDC Name: \\MAETSDC01.maets.net
Locator Flags: 0xe000f3fd
......................... maets.net passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... maets.net passed test Intersite
To me, it looks like the structure is still there, AD is just not working with DNS like it should
Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\MA
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: c18ae1d9-1b05-46ee-b2f8-2e
DSA invocationID: 52a0facc-3cd4-4d1d-a913-bd
==== INBOUND NEIGHBORS ==========================
DC=maets,DC=net
Default-First-Site-Name\MA
DSA object GUID: cac57277-1d29-4c31-83ee-73
Last attempt @ 2019-02-19 06:40:18 was successful.
CN=Configuration,DC=maets,
Default-First-Site-Name\MA
DSA object GUID: cac57277-1d29-4c31-83ee-73
Last attempt @ 2019-02-19 05:56:29 was successful.
CN=Schema,CN=Configuration
Default-First-Site-Name\MA
DSA object GUID: cac57277-1d29-4c31-83ee-73
Last attempt @ 2019-02-19 05:56:29 was successful.
DC=DomainDnsZones,DC=maets
Default-First-Site-Name\MA
DSA object GUID: cac57277-1d29-4c31-83ee-73
Last attempt @ 2019-02-19 06:40:13 was successful.
DC=ForestDnsZones,DC=maets
Default-First-Site-Name\MA
DSA object GUID: cac57277-1d29-4c31-83ee-73
Last attempt @ 2019-02-19 05:56:29 was successful.
__________________________
irectory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine MAETSDC01, is a Directory Server.
Home Server = MAETSDC01
* Connecting to directory service on server MAETSDC01.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=MAETSDC01,CN=S
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=DCREMOTE,CN=Se
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
Server is an RODC
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=MAETSDC03,CN=S
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\MA
Starting test: Connectivity
* Active Directory LDAP Services Check
The host c18ae1d9-1b05-46ee-b2f8-2e
not be resolved to an IP address. Check the DNS server, DHCP, server
name, etc.
Got error while checking LDAP and RPC connectivity. Please check your
firewall settings.
......................... MAETSDC01 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\MA
Skipping all tests, because server MAETSDC01 is not responding to
directory service requests.
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : maets
Starting test: CheckSDRefDom
......................... maets passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... maets passed test CrossRefValidation
Running enterprise tests on : maets.net
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\MAETSDC01.maets.net
Locator Flags: 0xe000f3fd
PDC Name: \\MAETSDC01.maets.net
Locator Flags: 0xe000f3fd
Time Server Name: \\MAETSDC01.maets.net
Locator Flags: 0xe000f3fd
Preferred Time Server Name: \\MAETSDC01.maets.net
Locator Flags: 0xe000f3fd
KDC Name: \\MAETSDC01.maets.net
Locator Flags: 0xe000f3fd
......................... maets.net passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... maets.net passed test Intersite
To me, it looks like the structure is still there, AD is just not working with DNS like it should
From a quick look, DNS records for MAETSDC03.maets.net is missing.
Could you please post the result of repadmin /replsummary ?
Cheers !
Shaba
Could you please post the result of repadmin /replsummary ?
Cheers !
Shaba
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.