Only have one DC and it can no longer be found in my domain, what gives?
Hello,
This is my first post so if I have left out anything or am in the wrong section please guide me to the correct section/information.
Brief History of what happened:
Have a Server (2008 r2) that is a DC, DNS, exchange. Had 1 hard drive with 6 partitions (done by the previous admin). Everything was working fine but the C:drive was filling up so decided to combine the C: drive and the D: drive. Deleted the D: drive and
successfully combined the C: and D:. Now the C: drive has about 14GB of free space. After messing around a bit decided to reboot the machine and the DC never booted back up. It would get all the way to a black screen with a mouse and then reboot. I found out
that the D: drive had the windows\NTDS\ntds.dit, edb.chk, and temp.edb Files. I next booted the pc into the Directory Service Restore mode. In this mode I was able to recreate the 6 partitions and tried a restore of individual files. This did not work. Then
tried to restore the entire D volume and this did not work. I last tried to System State. And this did the trick. After it was finished the server could now boot up and I could log in with a Domain account, Computers could browse the Internet with the DNS
server. I could also send and receive email.
My Issue:
I have a very small network only about 6 machines. I have one machine that is the DC, Exchange, DNS and holds all the FSMO roles (Windows Server 2008 r2). Currently on the machine I cannot open Active Directory Users and Computers, sites and services, Exchange
Management console. I Can However, Send and receive email, authenticate users when logging on.
Active Directory Users and Computers gives the following error when trying to open - "Naming information cannot be located for the following reason: The server is not operational" Once I click ok the snap in appears with a red x. If I right click and select
"Change Domain Controller" any writable domain controller is greyed out and This Domain Controller or AD LDS instance is the only selected option with nothing in the box below to select.
If I right click and select "change domain" and then click browse I can see my domain. When I select it and click ok sometimes it comes up and other times I get "The domain could not be found because the server is not operational."
When clicking on Sites and Services I receive - "Naming information cannot be located for the following reason: The server is not operational"
When I click on ADSI Edit - I see all my correct information. All my OU's and CN's are there.
When I open the Exchange Management Console I get the following error -get-ExchangeServer Error, An Active Directory error 0x8007203A occurred while searching for domain controllers in domain (My domain name). The server is not operational.
I get the same exact message for "get-UMServer"
I ran DCDIAG /test:dns and everything returned back as passing
I ran DCDIAG and here are the results:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = WBCSERV2008R2
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\WBCSERV2008R2
Starting test: Connectivity
......................... WBCSERV2008R2 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\WBCSERV2008R2
Starting test: Advertising
Fatal Error:DsGetDcName (WBCSERV2008R2) call failed, error 1355
The Locator could not find the server.
......................... WBCSERV2008R2 failed test Advertising
Starting test: FrsEvent
......................... WBCSERV2008R2 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... WBCSERV2008R2 failed test DFSREvent
Starting test: SysVolCheck
......................... WBCSERV2008R2 passed test SysVolCheck
Starting test: KccEvent
......................... WBCSERV2008R2 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... WBCSERV2008R2 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... WBCSERV2008R2 passed test MachineAccount
Starting test: NCSecDesc
......................... WBCSERV2008R2 passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\WBCSERV2008R2\netlogon)
[WBCSERV2008R2] An net use or LsaPolicy operation failed with error
67, The network name cannot be found..
......................... WBCSERV2008R2 failed test NetLogons
Starting test: ObjectsReplicated
......................... WBCSERV2008R2 passed test ObjectsReplicated
Starting test: Replications
......................... WBCSERV2008R2 passed test Replications
Starting test: RidManager
......................... WBCSERV2008R2 passed test RidManager
Starting test: Services
......................... WBCSERV2008R2 passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x00000406
Time Generated: 08/29/2012 14:05:18
Event String:
The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this
operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
An error event occurred. EventID: 0xC00038D6
Time Generated: 08/29/2012 14:08:59
Event String:
The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.
An error event occurred. EventID: 0x0000041E
Time Generated: 08/29/2012 14:10:18
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 08/29/2012 14:15:18
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
A warning event occurred. EventID: 0x000003F6
Time Generated: 08/29/2012 14:19:35
Event String:
Name resolution for the name www.elgms.com timed out after none of the configured DNS servers responded.
An error event occurred. EventID: 0x00000406
Time Generated: 08/29/2012 14:20:19
Event String:
The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this
operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
An error event occurred. EventID: 0x00000406
Time Generated: 08/29/2012 14:25:21
Event String:
The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this
operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
An error event occurred. EventID: 0x00000406
Time Generated: 08/29/2012 14:29:07
Event String:
The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this
operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
An error event occurred. EventID: 0x00000406
Time Generated: 08/29/2012 14:30:22
Event String:
The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this
operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
An error event occurred. EventID: 0xC0001B61
Time Generated: 08/29/2012 14:31:46
Event String:
A timeout was reached (30000 milliseconds) while waiting for the File Replication service to connect.
An error event occurred. EventID: 0x00000406
Time Generated: 08/29/2012 14:35:24
Event String:
The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this
operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
An error event occurred. EventID: 0x00000406
Time Generated: 08/29/2012 14:40:26
Event String:
The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this
operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
An error event occurred. EventID: 0x00000406
Time Generated: 08/29/2012 14:45:28
Event String:
The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this
operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
An error event occurred. EventID: 0x00000406
Time Generated: 08/29/2012 14:50:29
Event String:
The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this
operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
An error event occurred. EventID: 0x00000406
Time Generated: 08/29/2012 14:55:31
Event String:
The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this
operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
An error event occurred. EventID: 0x00000406
Time Generated: 08/29/2012 15:00:32
Event String:
The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this
operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
......................... WBCSERV2008R2 failed test SystemLog
Starting test: VerifyReferences
......................... WBCSERV2008R2 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : WESTWAY-ONLINE
Starting test: CheckSDRefDom
......................... WESTWAY-ONLINE passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... WESTWAY-ONLINE passed test
CrossRefValidation
Running enterprise tests on : WESTWAY-ONLINE.COM
Starting test: LocatorCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
1355
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... WESTWAY-ONLINE.COM failed test LocatorCheck
Starting test: Intersite
......................... WESTWAY-ONLINE.COM passed test Intersite
Sorry for the long post but wanted to try and include as much information as possible.
August 29th, 2012 4:34pm
Hi,
Try the following: http://support.microsoft.com/default.aspx?scid=kb;EN-US;961775
Martin
If you find my information useful, please rate it. :-)
Free Windows Admin Tool Kit Click here and download it now
August 29th, 2012 9:18pm
Hi,
Try the following: http://support.microsoft.com/default.aspx?scid=kb;EN-US;961775
Martin
If you find my information useful, please rate it. :-)
August 29th, 2012 9:25pm
No this did not fix anything. When I clicked on the hotfix the only fix available was for Windows Vista 64 bit and I am running Windows Server 2008 R2
Free Windows Admin Tool Kit Click here and download it now
August 30th, 2012 8:35am
Does anyone else have any troubleshooting steps for me to take? Really would like to have the domain back to normal working order and be able to open Active Directory and Microsoft Exchange Management Console
August 31st, 2012 1:51pm
Hi,
Can you check if your DNS Server service is running?
Also, open up Services.msc, and click on Startup Type, to filter the services. Make sure that all services set as Automatic are running.
If the above doesn't solve the problem, what is the DNS pointing to from this problematic server? Is this problematic server pointing to itself (since it is the AD/DNS itself)?Jabez Gan [MVP] - http://www.msblog.org Contributing Author for: (Sybex) MCTS: Windows Server 2008 Applications Infrastructure Configuration Study Guide: Exam 70-643
Free Windows Admin Tool Kit Click here and download it now
September 1st, 2012 7:56am
Hi,
I would like to confirm what is the current situation? If there is anything that I can do for you, please do not hesitate to let me know, and I will be happy to help.
Regards,
Arthur Li
TechNet Subscriber Support
If you are
TechNet Subscription
user and have any feedback on our support quality, please send your feedback
here.Arthur Li
TechNet Community Support
September 3rd, 2012 2:21am
Hello Arthur_Li,
The current situation is as stated above. I only have one server for my Domain it is windows server 2008 R2. It is the DC, DNS, Exchange server. All users can authenticate when trying to log in to windows, I can ping machnies by machine name and by IP address,
We can all also send and recieve email.
However, I cannot open up Active Directory or exchange management I get errors saying can't find any DC's in the domain or the server is not operational when i know it is because i am logged in on the server. I ran DCDIAG and posted the results above. Any
information you can provide to help is appreciated.
Free Windows Admin Tool Kit Click here and download it now
September 4th, 2012 9:42am
WBCONLINE,
Please post this question in Directory Services forum. You may get some quick help.
Please refer this discussion and assert that new post is repost in DS forum and later on Moderators might merge the threads.
http://social.technet.microsoft.com/Forums/en-US/winserverDS/threadsThanks !
September 4th, 2012 9:56am
Hello,
Yes the DNS Server service is running.
Services.msc Here are the following services that are set to automatic but are not running.
COM+ System application
File Replication
Microsoft Exchange System Attendant
SQL Server VSS writer
Google Update Service
Microsoft .Net framework
Software Protection
The file replication service would not start at all. The other services either started or started and then stopped immediately according to the error message.
Still have the same problem on the machine.
Not sure what you mean by what is DNS pointing to but here is my DNS records, and I can ping and resolve everything by name or IP
Name Type Data
_msdcs
_sites
_tcp
_udp
domaindnszones --> (same as parent folder) Host (A) 192.168.1.200
Static
forestdnszones --> (same as parent folder) Host (A) 192.168.1.200
Static
(same as parent folder) Start of Authority (SOA) [149], wbcserv2008r2.westway-online.com.,
hostmaster.
(same as parent folder) Name Server (NS)
wbcserv2008r2.westway-online.com.
(same as parent folder) Host (A) 192.168.1.200
(same as parent folder) Mail Exchanger (MX) [10]
wbcserv2008r2.westway-online.com.
cyndiews Host (A)
192.168.1.201
Schedule Alias (CNAME)
westwaylinux.westway-online.com.
smtp Host (A) 192.168.1.200
suite101-1 Host (A)
192.168.1.69
tracer-desktop Host (A)
192.168.1.249
wbcserv2008r2 Host (A)
192.168.1.200
westwaylinux Host (A)
192.168.1.158
wwreception Host (A)
192.168.1.103
Free Windows Admin Tool Kit Click here and download it now
September 4th, 2012 10:02am
Hi,
It definitely sounds as though it's a DNS issue. Also, don't work with ping when troubleshooting DNS. Stick to using nslookup instead, as ping can fall back to resolving names through broadcast if NetBIOS is left enabled, and that's
not going to help you.
Run an ipconfig /all and make sure your primary DNS server entry is pointing to 192.168.1.200 and not something else like 127.0.0.1.
Try running the following three commands while logged on to your domain controller:
nslookup -type=SRV _ldap._tcp.westway-online.comnslookup -type=SRV _gc._tcp.westway-online.comnslookup 192.168.1.200
They should all come back with valid results.
Let us know how you go once you've check that out.
Cheers,
Lain
September 4th, 2012 10:24am
ok here are the results of ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : WBCSERV2008R2
Primary Dns Suffix . . . . . . . : WESTWAY-ONLINE.COM
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : WESTWAY-ONLINE.COM
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
Physical Address. . . . . . . . . : 00-22-19-1A-5C-47
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::fc3d:66c9:1055:5338%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.200(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234889753
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-05-2D-91-00-22-19-1A-5C-47
DNS Servers . . . . . . . . . . . : 192.168.1.200
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{8B480A8A-D01A-43C0-85A6-C0980BA8FECF}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
The nslookup parts i think i typed them correctly, here are the results:
nslookup -type=SRV _ldap.tcp.westway-online.com
Server: wbcserv2008r2.westway-online.com
Address: 192.168.1.200
_ldap._tcp.westway-online.com SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = wbcserv2008r2.westway-online.com
wbcserv2008r2.westway-online.com internet address = 192.168.1.200
nslookup -type=SRV _gc._tcp.westway-online.com
Server: wbcserv2008r2.westway-online.com
Address: 192.168.1.200
_gc._tcp.westway-online.com SRV service location:
priority = 0
weight = 100
port = 3268
svr hostname = wbcserv2008r2.westway-online.com
wbcserv2008r2.westway-online.com internet address = 192.168.1.200
nslookup 192.168.1.200
Server: wbcserv2008r2.westway-online.com
Address: 192.168.1.200
Name: wbcserv2008r2.westway-online.com
Address: 192.168.1.200
Free Windows Admin Tool Kit Click here and download it now
September 4th, 2012 10:52am
They all respond, which is good. The next two records require a few steps to obtain their values before you can run the nslookup commands:
AD domain GUID:
Open up Powershell on the server (or a Windows client with the RSAT tools installed) and run the following two commands:Import-Module ActiveDirectoryGet-ADObject -Identity "dc=westway-online,dc=com" -Properties objectGUID | select objectGUID
Copy and paste that GUID into a nslookup command so it looks like the following:
nslookup -type=SRV _ldap_.tcp.<objectGUID>.domains._msdcs.westway-online.com
I'm not expecting this to fail, as that usually only happens when a domain rename that's gone pear-shaped has taken place. Still, it doesn't hurt to check.
The second record is the NTDS GUID for the domain controller:
Open up Sites and Services (dssite.msc)Expand down the tree from Sites > Default-First-Site-Name > Servers > wbcserv208r2 > NTDS SettingsRight-click on the NTDS Settings node and copy and paste the "DNS Alias" value into a nslookup command as shown in the below example
nslookup -type=SRV CF29327A-3763-449B-9F8C-BCFB7DAE1D0D._msdcs.westway-online.com
If both of these come back fine, then all I can suggest is restarting the NETLOGON service on the domain controller and checking the Event Viewer - in particular the System and Directory Service nodes, for errors.
I'm off for the night, but hopefully someone else can keep going with you. I'll check back in the morning.
Cheers,
Lain
September 4th, 2012 11:18am
Thanks for your assistance... Attached is the results so far.
I ran Import-Module ActiveDirectory and i suppose everything went fine as it just went to the next line.
I then entered your next command and here is the result:
PS C:\> Get-ADObject -Identity "dc=westway-online,dc=com" -Properties objectGUID | select objectGUID
Get-ADObject : Unable to find a default server with Active Directory Web Services running.
At line:1 char:13
+ Get-ADObject <<<< -Identity "dc=westway-online,dc=com" -Properties objectGUID | select objectGUID
+ CategoryInfo : ResourceUnavailable: (dc=westway-online,dc=com:ADObject) [Get-ADObject], ADServerDownExc
eption
+ FullyQualifiedErrorId : Unable to find a default server with Active Directory Web Services running.,Microsoft.Ac
tiveDirectory.Management.Commands.GetADObject
Free Windows Admin Tool Kit Click here and download it now
September 4th, 2012 11:37am
I guess that's not a surprising result.
My next step would be to hit these event logs on the domain controller and look at the errors and warnings:
Windows Logs\SystemApplications and Services Logs\DFS ReplicationApplications and Services Logs\Directory ServiceApplications and Services Logs\DNS Server
Of these, the Directory Service will be the most important and probably have the most information. The DNS Server may also be up there.
The DFS Replication will likely contain errors, but most of these will actually be a byproduct of the real issue rather than the cause. Nevertheless, sometimes you'll find errors there that help find the original problem, such
as the inability to resolve the NTDS GUID DNS alias, etc.
Going off on a tangent based on what you listed above, I can't remember if the Software Protection Service runs when you use a MAK key for activation (I don't think it does), but running the following command from a command prompt
will tell you if the server's still activated or not:
cscript %systemroot%\system32\slmgr.vbs /dli
Just look for the "License Status" line.
Cheers,
Lain
September 4th, 2012 7:32pm
Thank you for your help... Just wanted to let you know they helped resolve my issue in Directory Services:
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/9971b382-97f3-46d2-bee9-1bf590ef1bca
This can now be closed.
Free Windows Admin Tool Kit Click here and download it now
September 5th, 2012 10:38am
Thank you for your help... Just wanted to let you know they helped resolve my issue in Directory Services:
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/9971b382-97f3-46d2-bee9-1bf590ef1bca
This can now be closed.
September 5th, 2012 10:40am