Domain Controller fails to start after installation of latest security updates

Hello.

I run a single PDC in a Windows 2003 server. No other DCs are in my network.

After the latest installation of security patches via automatic update (KB3067505, KB3068457 and a few more), the domain controller fails to start.

When the system restarted not all services were initialized and I had to start them up manually. All started with no errors except "Intersite messaging". Even now, that all services are running the domain controller is not responding.

Error 1053 "cannot determine user computer name" is repeatedly reported in event viewer. I checked network connectivity but everything seems ok. All diagnostic tests I run (dcdiag, netdiag, netdom, nltest) report the same problem ("no such dc" or "cannot find domain"). DNS server also reports error 4013 with status code DNS_ERROR_DS_UNAVAILABLE.

Any ideas how I can solve this? Is is a good idea to roll back the updates?

Thank you in advance.

July 20th, 2015 12:20pm

Does NETDIAG mention anything about DNS registration failing?

I have seen instances where the domain controller was not able to register SRV records after patching and reboot.

I would stop and (re)start the netlogon service.

This was with two domain controllers. I'm not sure if this is the problem in your case but re-registering the SRV records is a harmless operation.

Free Windows Admin Tool Kit Click here and download it now
July 20th, 2015 1:22pm

If this issue happened right after applying patches, the obvious next steps are to remove the patches and see if this corrects the issue. If it does, install the patches one at a time until you fingure out what patch is causing the issue. Hvae you installed the same patches on other domain controllers without any issues?

Will.

July 20th, 2015 1:47pm

David, DNS was behaving like it was down, although the service was running. So I couldn't try your suggestion. I think it was a DS problem.

Finally, after a couple of reboots, the system came up normally, and everything worked. Still haven't figured out what was wrong.

Thank you both for your answers.
Free Windows Admin Tool Kit Click here and download it now
July 21st, 2015 10:20am

Hi, Konstaki

I agree with David and Will, you could try to restart the netlogon service if it helps, and then check whether the DC works correctly after uninstall the update.

If it doesnt work well which means the issue is not caused by update, you could try the following methods

In the command prompt, you could try to type gpupdate, and then check Event Viewer to see if the 1053 event is logged again.

Verify that you can access the Active Directory Users and Computers.

Check the DNS zone if all record have been registered such as SRV , A record and so on.

Besides, you could troubleshoot DNS by referring to this article.

https://support.microsoft.com/en-us/kb/2001093

Hope this can be helpful to you.

Best regards

July 21st, 2015 10:26pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics