+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 18
Windows Server 2008 Thread, Help! Our PDC cannot see our domain, complete network failure. in Technical; Right, following on from my post yesterday, this is our current situation. Our domain is completely non-operational. DC1 - Primary ...
  1. #1
    reggiep's Avatar
    Join Date
    Apr 2008
    Location
    In the vast area of space and time
    Posts
    1,548
    Thank Post
    517
    Thanked 56 Times in 50 Posts
    Rep Power
    29

    Help! Our PDC cannot see our domain, complete network failure.

    Right, following on from my post yesterday, this is our current situation.

    Our domain is completely non-operational.

    DC1 - Primary Domain Controller
    Our primary domain controller cannot see our domain, any attempt to access server MMCs informs us that our domain is not available or the PDC cannot be reached.

    dcpromo tells us that it IS a domain controller and the only option it gives us is to delete the domain, which we obviously don't want to do!

    I've attached the dcdiag output from DC1 - dcdiag-1.txt.

    DC2 - Secondary Domain Controller
    Our secondary domain controller cannot see the domain either. It has been recently demoted and promoted using dcpromo to solve a GPO issue. The problems with DC1 started shortly after that. We believe that was due to replication. The netlogon and sysvol folders we not replicating between the two DCs so, using a Microsoft suggestion, we forced that to happen using a registry edit. The "burflags" key was changed to D4 on the PDC, DC1 and D2 on the secondary DC, DC2.

    We did a system state restore yesterday and completely restored the PDC C: drive from a week old backup this morning, but the Domain is still unavailable.

    Anyone got any ideas? Let us know if you need any more information from us.

    Thanks!
    Attached Files Attached Files

  2. #2

    Join Date
    Dec 2008
    Location
    Nottingham
    Posts
    574
    Thank Post
    38
    Thanked 115 Times in 105 Posts
    Rep Power
    46
    Have you checked DNS settings on the NICs and that you have correct _SRV records in DNS? Is DNS Server running? Are you able to ping your domain from a workstation (ie ping prentonhigh.local)?

    Cheers

    Will

  3. 2 Thanks to Willott:

    ben604 (13th January 2011), reggiep (13th January 2011)

  4. #3
    ben604's Avatar
    Join Date
    Jan 2010
    Posts
    314
    Thank Post
    81
    Thanked 29 Times in 24 Posts
    Rep Power
    22
    we can ping prentonhigh.local, yes. It resolves to Prenton1, our PDC.

    It looks like the problem is the Sysvol folder is not shared. This is tied into file replication, which is where the problem started.

    Is there a way to stop replication between DC1 and DC2 so we can get the sysvol folder shared from just DC1?

  5. #4

    Join Date
    Dec 2008
    Location
    Nottingham
    Posts
    574
    Thank Post
    38
    Thanked 115 Times in 105 Posts
    Rep Power
    46
    Do you have any Windows Event logs relating to FRS and NETLOGON? If so, what do they contain?

    Also, can you do a "netdom query FSMO", this should show all the FSMO role holders that it sees - I wonder if some of the roles got transferred to the second DC, and then as that was failing, it's caused a knock on effect.

    Cheers

    Will

  6. Thanks to Willott from:

    ben604 (13th January 2011)

  7. #5

    Join Date
    Dec 2008
    Location
    Nottingham
    Posts
    574
    Thank Post
    38
    Thanked 115 Times in 105 Posts
    Rep Power
    46
    Also, can you do a netdiag /v and post?

  8. 3 Thanks to Willott:

    ben604 (13th January 2011), reggiep (13th January 2011)

  9. #6

    bossman's Avatar
    Join Date
    Nov 2005
    Location
    England
    Posts
    3,912
    Thank Post
    1,188
    Thanked 1,062 Times in 753 Posts
    Rep Power
    329
    @reggieip:

    Have you seen this: How to rebuild the SYSVOL tree and its content in a domain

    I fear that you may have overdone it with the authorative restore in that the other DCs didn't need to have the burflags set to D4 as collisions will occur and confusion set in.

    Also check this out: http://support.microsoft.com/kb/321045

    You may have tried these so forget it if you have.

    will post more as I come across them.

    Also make sure the servers clocks are all the same (reminder thats all)
    Last edited by bossman; 11th January 2011 at 12:30 PM.

  10. 3 Thanks to bossman:

    ben604 (13th January 2011), reggiep (13th January 2011)

  11. #7

    Join Date
    Dec 2008
    Location
    Nottingham
    Posts
    574
    Thank Post
    38
    Thanked 115 Times in 105 Posts
    Rep Power
    46
    @bossman, that's the link I passed to them on the other thread - from what I understand they've only set D4 on PDC and D2 on the other DCs (however the other DC seemed to have been the one causing issues). I wonder (from the dcdiag) whether one or more of the FSMO roles have gone from the PDC and this is then causing issues with that starting (and sorting its FRS/NETLOGON), as the other DC is not working correctly, so not providing the FSMO roles.

    The advertising bit of the DCDIAG is interesting - could you do a dcdiag /v to see if we can get more info on the advertising bit as that may give some clues.

    Cheers

    Will

  12. Thanks to Willott from:

    ben604 (13th January 2011)

  13. #8

    bossman's Avatar
    Join Date
    Nov 2005
    Location
    England
    Posts
    3,912
    Thank Post
    1,188
    Thanked 1,062 Times in 753 Posts
    Rep Power
    329
    @Willott:

    Apologies old age (Have'nt got me reading glasses on) hehe!

    I think your right in that the FSMO roles have not been transfered to the PDC and therefore the DNS is not functioning correctly, so the advertising of the PDC is as uknown? as the text states.
    Last edited by bossman; 11th January 2011 at 01:04 PM.

  14. #9

    Join Date
    Dec 2008
    Location
    Nottingham
    Posts
    574
    Thank Post
    38
    Thanked 115 Times in 105 Posts
    Rep Power
    46
    @bossman - don't worry... even at a "young" age I struggle sometimes!

  15. #10

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,625
    Thank Post
    49
    Thanked 460 Times in 336 Posts
    Rep Power
    140
    Demotion and Promotion without proper replication is always a recipe for AD issues.

    95% of AD failures all trace back to DNS issues and which DC's are holding what FSMO roles?

    If you can get the good DC to take over everything through seizure of roles and tidy up DNS and AD through NTDSUTIL and get things talking properly again replication and journal_wrap errors should be simple enough to sort out after.

  16. 3 Thanks to m25man:

    ben604 (13th January 2011), reggiep (13th January 2011), Willott (11th January 2011)

  17. #11

    Join Date
    Dec 2009
    Posts
    270
    Thank Post
    6
    Thanked 33 Times in 31 Posts
    Rep Power
    15
    Sorry if I overlooked this but was just scanning, I'm assuming the netlogon share on the failed PDC is currently running? and without error?

    Does it let you stop and restart this service? Do you have this running as local service?

    Most of the errors you see are just a by product of the Failed Advertising, and that is normally directly related to netlogon

  18. Thanks to Firefox from:

    reggiep (13th January 2011)

  19. #12
    ben604's Avatar
    Join Date
    Jan 2010
    Posts
    314
    Thank Post
    81
    Thanked 29 Times in 24 Posts
    Rep Power
    22
    Hello! I work alongside Reg here, sorry for the late reply, some gents from a school down the road came to take a look in the flesh.

    I've tried "netdom query FSMO" and it reports that the domain is not available.
    netdiag /v - windows doesn't recognise the command.

    I've attached dcdiag /v

    @ Firefox - Netlogon and sysvol are both not shared or available.
    Attached Files Attached Files

  20. #13

    Join Date
    Dec 2008
    Location
    Nottingham
    Posts
    574
    Thank Post
    38
    Thanked 115 Times in 105 Posts
    Rep Power
    46
    "The host fa635c02-25bf-48ee-bf3a-c6fd6b848613._msdcs.PRENTONHIGH.local could not be resolved to an IP address"

    Looks like there are some DNS records out of whack - if the above record doesn't exist I would think you need to create it, I would think it needs to be a CNAME to either your PDC or secondary DC, suggest you look at what DNS records you currently have. Fixing Replication DNS Lookup Problems (Event IDs 1925, 2087, 2088): Active Directory has some details of what should exist

    Have you had chance to do ipconfig /all and check which DNS server you're pointing to?
    Last edited by Willott; 11th January 2011 at 04:47 PM. Reason: dns

  21. Thanks to Willott from:

    ben604 (13th January 2011)

  22. #14

    Join Date
    Dec 2009
    Posts
    270
    Thank Post
    6
    Thanked 33 Times in 31 Posts
    Rep Power
    15
    Quote Originally Posted by ben604 View Post
    Hello! I work alongside Reg here, sorry for the late reply, some gents from a school down the road came to take a look in the flesh.

    I've tried "netdom query FSMO" and it reports that the domain is not available.
    netdiag /v - windows doesn't recognise the command.

    I've attached dcdiag /v

    @ Firefox - Netlogon and sysvol are both not shared or available.
    Sorry I meant the actual Netlogon service not the share. Is the service running? can you stop and restart it? and what account is it running with?

  23. #15
    ben604's Avatar
    Join Date
    Jan 2010
    Posts
    314
    Thank Post
    81
    Thanked 29 Times in 24 Posts
    Rep Power
    22
    Right, we've had our local authority in to lend a hand and they've done some good work so far, we think... We can now authenticate against the Domain, which is a start. We're still having trouble with replication though. I've attached the dcdiag info for both DCs. If any of you kind gentlemen could take a look, we'd be eternally grateful!
    Attached Files Attached Files

  24. Thanks to ben604 from:

    reggiep (13th January 2011)

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Complete mess of a network
    By squeeky in forum Wireless Networks
    Replies: 17
    Last Post: 1st November 2010, 12:26 PM
  2. Complete Network Rebuild
    By kerrymoralee9280 in forum Network and Classroom Management
    Replies: 14
    Last Post: 25th November 2009, 06:41 PM
  3. Disk Failure on Child domain
    By colio66 in forum Windows Server 2000/2003
    Replies: 2
    Last Post: 25th March 2009, 01:08 PM
  4. Complete change of school network?
    By reggiep in forum Blue Skies
    Replies: 14
    Last Post: 30th June 2008, 11:36 AM
  5. Complete loss of all network!!!
    By badboyvtec in forum Wireless Networks
    Replies: 15
    Last Post: 20th February 2008, 01:02 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •