I have a domain with 2 windows2003 DC and all clients are WindowsXP
Pro.
When I run NDSSUTIL and requested list domains I got:
Found domain
DC=nameof domain,DC=local
no current server
no current naming context

How can this be?

Both servers are listed in DNS, wins, Active Directory....

Any suggestions?

steve

Show quote Hide quote Learn to use NTDSUTIL ;-)
You first need to connect to a server (don't remember the exact command,
sorry, but it's quite easy to find).


Massimo

the command is connections
then you type connect to server xxx
then you can request the list of domains
choose which domain you want: with the select command
which should tell you the servers under that domain...

At any rate, running some extra checks, repadmin warned that the GC is
not advertising as a global catalog. Which could be creating this
problem. I am not an expert in DNS, but DNS has the GC server
registered as a SOA,NS and host A. Is there an entry of GC that it
should be register as well.and if that is the case, How can I do that
manually?

Thank you for helping,

steve

See?
It was not all that difficult :-)

Do you have the DNS service running on both servers?
Have you set each DC to point to the DNS server, or, if both of them are DNS
(which they should be) to itself as primary DNS and to the other one as
secondary?
Did you define your subnet and site(s) in the Sites and Services console?
Did you define reverse lookup DNS zone(s)?

Do you have any errors in the event viewer of both DCs?


Massimo

I have DNS running only on the GC box, not in the other one... but the
second DC points to the DNS server.

Nope, I have not define the subnet in AD sites and Services.... don't
know how yet

Yes, I did define a reverse lookup DNS

In the NOT GC box I have an error in the event viewer Directory Service
indicating that AD was unable to establish a connection with the Global
catalog

Application Data
Error value: 1355: The specified damain either does not exist or could
not be contacted
Internal ID: 3200cd1

the GC box has an error in the file replication service: Actually, is a
warning:
The nTFRSMember object cn=dental1,cn=domain system volume (sysvol
share),cn=cn=file replication
service, cn=system,dc=masterdental,dc=local has an invalid value for
the attribute ftfrscomputer reference

!!!!  BIG PROBLEM since dental1 was the old name of the no GC box. It
died on me before I could run DCPROMO, so I rebuilt the server and to
gave it a different name: dental3. I deleted all references of dental
one in DNS, WINS, AD usera and computers, and in AD sites and
services... I need to change the replication information to point to
the new name of the server, I just don't know how either....

Can you help?

Thanks

Ok, I did some checking by using Active Directory Users and Computers,
and then click Advanced Features on the View menu, expanded System,
expanded File Replication Service, expanded Domain System Volume
(SYSVOL share), in there I found 3 objects, Dental1 (the old name),
dental2 and dental3.

Do I just delete the old name out of there? or is there something else
to do?

I bet you hadn't used NTDSUTIL's metadata cleanup, did you?


Massimo

You should run the DNS service on both DCs, for redundancy.
If you have only two DCs, you should also make both of them GCs.

How many sites do you have?
If you have only one LAN, like I think you have, it's quite easy :-)

Good. So it seems like you know your IP subnet... just define it in ADS&S
and associate it with the default site (and give the site a name more
meaningful than "default-first-site-name", if you like).

If this error appears every time you rebbot the server, it's normal. If you
have only one DNS server, it's even more normal when you reboot it. If a DC
starts and it can't find a running DNS server (because it's down, or because
it's that same server and the DNS service isn't started yet), it will log an
error (and boot more slowly). Having two DNS servers helps here :-)

Show quoteHide quoteDid you use NTDSUTIL's metadata cleanup to remove the dead DC?


Massimo

We just turned full circle!!!!!!! That is why I was trying to use
NTDSUTIL to remove the old name of AD. I came aware of the problem when
I tried to install Exchange 2003 in the rebuilt server, now called
Dental3, it was setting the server as teh old name, dental1.

if you read my very first post, I stated that metadata cleanup could
not see ANY servers!

but I did found Dental1 in Active Directory Users and Computers,
in  (SYSVOL share), in there I found 3 objects, Dental1 (the old name),
dental2 and dental3.

I am not sure if I should just delete the old name out of there? or is
there something else
to do? That is why I am getting the replication error.... It cannot
replicate to Dental1 since it does not exist, but it should replicate
to Dental3 since it is registered there....
So, How come Dental3 does not know who is the GC (Dental2)

I am going to set my site and subnet, remove Dental1 from the sysvol
share folder and restart both servers to see what I get. Then, I will
try again to run metadata to see if this time does see the servers in
the domain....

Meanwhile, any ideas?

Can you give the sequence of commands you're issuing to NTDSUTIL to do the
metadata cleanup, and the error(s) you're getting?
I think you're missing something there.


Massimo

I got problems!!!

This is new now... When I tried the command connections
Connect to server dental2 I get an error RPC server is unavailavle!

same error if I try to connect to dental3

Also, if i run the command repadmin /showrepl Dental2 on Dental3 it
tells me that dental2 is not advertising the fact that is a global
catalog

Boy, it looks like I am going backwards on this one. I am ready to get
an top of my roof an jump!

Any ideas?

Can you resolve names correctly from both servers? I.E. when you run "ping
dental1" from dental3 (and vice-versa) does it respond?
Are both servers configure to register themselves into DNS (it's in the
network config)?
Can you post an IPCONFIG /ALL from both servers, please?


Massimo

both servers can ping each other by name ok

Are both servers configure to register themselves into DNS?  (not sure,
Could you be more specific? I though the registration was automatic....
maybe?

Windows IP configuration

Ipconfig /all
host name: dental2
primary DNS suffix: masterdental.local
node type: unknown
IP routing Enabled: No
WINS proxy Enable: No
DNS Suffix Search List: masterdental.local

Ethernet adapter local area connection:
connection-specific DNS suffix:
Description:Broadcom Netxtreme Gigabit Ethernet
Physical Address:00-12-3f-79-af-aa
DHCP enabled:No
IP 192.168.1.108
Subnet 255.255.255.0
Default gateway 192.168.1.1
DNS servers 192.168.1.108

Dental3

Windows IP configuration

Ipconfig /all
host name: dental3
primary DNS suffix: masterdental.local
node type: Hybrid
IP routing Enabled: No
WINS proxy Enable: No
DNS Suffix Search List: masterdental.local

Ethernet adapter local area connection:
connection-specific DNS suffix:
Description:Broadcom Netxtreme Gigabit Ethernet
Physical Address:00-12-3f-79-af-1c
DHCP enabled:No
IP 192.168.1.101
Subnet 255.255.255.0
Default gateway 192.168.1.1
DNS servers 192.168.1.108

Good.

It's automatic by default, but maybe it was disabled. Check in the netowork
properties of your LAN connection, in the advanced properties of the TCP/IP
protocol, "DNS" tab; there's a checkbox about registering the connection's
address into DNS, that box should be checked.

The configuration is correct.
Check the DNS registration properties (as above), then try restarting both
servers, and be sure to start dental3 only after dental2 is up and running.
Then try again NTDSUTIL, running it from dental1. If it works, remove any
reference to dental1 following the steps outlined here:
http://www.petri.co.il/delete_failed_dcs_from_ad.htm.

Let me know if this goes ok. If it does, we'll then have to check the FSMO
roles (more on this later).


Massimo

You just missed my last post! please read post number 13 as I read this
one :)

Both servers where manually configured from the begining at the TCP/IP
properties to use a preferred DNS server as 192.168.1.108 which is
Dental2

I was able to run NTDSUTIL correctly on Dental3 and there was no
references of Dental1 in there.... but I cannot run NTDSUTIL in dental2
DsBindW error 0x6ba(The RPC server is unavailable)

I also run a utility called FRSDiag on Dental2 and report error 1126 AD
was unable to establish a connection with the global catalog Additional
data Error value 1355 The specific domain either does not exisst or
could not be contacted Internal ID 3200caf User Action: Make sure a
global Catalog is available in the forest, and is reachable from this
domain controller. You may run nltest to diagnose this problem.

(the silly thing is that GC is on Dental2!!!) Maybe it needs glasses

One more thing which is REALLY odd,

I can run metadata cleanup just fine in Dental3!
it showed me how it found the two servers! (which means that the old
name DEntal1 is not longer roaming around)

but, I cannot run metadata from Dental2 since it fails to connect...
(so I wrongly assumed that that was the case in both cases....) How can
just one server have RPC problems and not the other?

That's *really* odd, because dental2 is the DNS server, so it's the one less
likely to have troubles. Anyway, there are no RPC problems... it's only an
AD issue (unless you have OS level troubles, too, which I hope you don't
have).
Are both server S.P.1?

Anyway, try my suggestions and let me know what happens...


Massimo

Both servers are SP1....

I am going to try to restart the servers now....

Well,

    I got Dental2 back on, tried NTDSUTIL and worked just fine.

It shows only Dental2 and Dental3 as the servers....

How can we now test of the GC is advertising correctly?

Once I got dental3 back I check the event properties and the latest
says:
The file replication Service is no longer preventing the computer
Dental3 from becoming a Domain controller. The system volume has been
successfully initialized and the NETlogon service has been notified
that the system volume is now ready to be shared as SYSVOL

That is great news! I think that the main problems has been resolved! I
do have one more question for you: When I configured the subnet in
Active Directory Sites and Services... What is that doing?

Ok, they're replicating correctly now.
A little restart can do wonderful things ;-)

It's not really important if you only have one site, but if you have more
than one, that's the place where you configure the network topology and the
replication; so, it's best practice to correctly define sites even if
there's only one.

Back again to that console: now go to servername -> NTDS settings, open the
property page and check the "global catalog" check box for both
serversmaking both GCs.

Another good thing to check, since you removed a dead DC: see
http://support.microsoft.com/kb/234790/en-us and find which server(s)
hold(s) the FSMO roles. If any of the roles is assigned to the removed
server, move it to one of the alive ones by using NTDSUTIL again:
http://support.microsoft.com/?id=255504.

After this is done, install DNS on the server which doesn't have it, wait
for DNS records to replicate and configure each server to use itself as
primary DNS and the other one as secondary.

Now things should go a little better :-)


Massimo

Regarding your Exchange problem (I saw your posts in the other newsgroups,
please don't multi-post): Exchange configuration is stored in Active
Directory, so if your Exchange install went bad too, you have to remove
these data from AD.

The best thing you can do is to run Exchange's setup.exe with the /REMOVEORG
switch. This should clean things up.

Some info on the topic:

http://www.msexchange.org/tutorials/Remove-Exchange-server-entire-Exchange-organization.html
http://support.microsoft.com/default.aspx?scid=kb;en-us;273478&Product=exch2003


Massimo

Sorry,

  I did not realized I was multi-posting! I posted my exchange question
on the exchange group and my other problem in here....

Well, here are the results!

I check the logs in Dental2 also and in there there was a message that
now that server was not longer stoped from been a DC and that sysvol
was now available... so it looks that both servers were being stoped to
do what they were supposed to do! Neat.

All FSMO roles are now in Dental2.

I was able to remove Exchange correctly with /removeorg, then I did the
forestprep as noted in the exchange WEBsite, exchange installed fine
but now I do not have any server setup!

In the Exchange System Manager I have now for groups,

Global settings
Recipients
Administrative Groups
Tools

How can I now assign a server? :)

I think I am almost there...

Ok.... I am ready to drop the towel now...

I did a clean uninstall of Exchange with removeorg, I uninstall IIS
services, removed any exchange entries in the registry, remove any
exchange info in the AD users and computers, restarted the server,
reinstalled IIS, Rerun setup /forestprep, Rerun setup /domainprep
and finally reinstalled exchange.

When I finally oppened the exchange system  manager, there is no server
listed!

I am completly out of ideas....

Ok, *that*'s strange.
On which server did you install Exchange? Which components did you choose
during the setup? Did the installation go ok?
It's possible you only installed (by error) only the System Manager and not
the Exchange Server itself?

Massimo

Well kind off.... When I reinstalled IIS I assumed it had installed all
neccessary protocols like SMTP... my mistake, those have to be
installed separetly. So, when I was installing Exchange, without those
protocols loaded, it will just install management.

I guess after working 3 days without a break, at the end you start to
stop paying attention to detail.

Once the protocols where loaded... perfect installation. Then, as I was
at the dental office deploying the equipment, I installed a second NIC
card to each ot the servers as redundancy, boy that cost me time and
grief since DC have problems if you do that. So I was researching all
those errors I was getting in the logs for almost 2 hours. Once I
remove the NIC's out of the DC's all problems where resolved.

I like to take this opportunity to thank you for all the time you spent
helping me. It has been a re learning experience since I used to know
all these things since 96'; the year I became MVP, then MCSE4.0 then in
2001 I became MCSE2000, but I lost my network job a little after 9/11
and had not done it ever since... So I guess I was more rusted that I
thought! plus windows2003 have some big differences from Windows2000
which was the last OS I worked with. Hopefully I will keep in the
field.

I was a great pleasure and I would hope that somehow we keep in touch,

lme

Modify bulk users in AD
Profile question
Group Policies and web proxy settings
How to do maintenance repair in AD
Group Policy item applies the first time I login then no more
Hello Everyone ? On searching Active Directory
cleaning all user created files on logoff
Logon Problem on One Client
Identifying obsolete computer/user accounts in AD
Universal groups and "Member Of" tab.