|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Windows 2003 Active Directory will not start after power outage.(2) Windows 2003 servers running in 2003 native mode, all xp clients, and several linux clients and servers. I have several group policies for separate OU's I have created through our business along with a few startup scripts. This weekend we had a power outage, and I have a UPS and it reported it and put it into hibernate after a few minutes. This morning I came in and my boss had rebooted both DC's and nobody could authenticate nor access files over the network. I checked them out, rebooted them myself and they both hung on "Starting Active Directory..." for about 5 minutes. I checked the event log on all DC's and workstations, and they all have entries from Userenv saying Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted. All of my mapped drives are saying "Microsoft Windows Network: The local device name is already in use." This connection has not been restored. If I try to connect to a UNC share \\server01 I get a password dialog box and I am unable to Authenticate even using MYDOMAIN\username. select operation target: list roles for connected server Server "\\fileserver.ifm1.com" knows about 5 roles Schema - CN=NTDS Settings,CN=SERVER01,CN=Servers,CN=Default-First-Site-Name,CN=S ites,CN=Configuration,DC=ifm1,DC=com Domain - CN=NTDS Settings,CN=FILESERVER,CN=Servers,CN=Default-First-Site-Name,CN =Sites,CN=Configuration,DC=ifm1,DC=com PDC - CN=NTDS Settings,CN=FILESERVER,CN=Servers,CN=Default-First-Site-Name,CN=Si tes,CN=Configuration,DC=ifm1,DC=com RID - CN=NTDS Settings,CN=FILESERVER,CN=Servers,CN=Default-First-Site-Name,CN=Si tes,CN=Configuration,DC=ifm1,DC=com Infrastructure - CN=NTDS Settings,CN=FILESERVER,CN=Servers,CN=Default-First-Site -Name,CN=Sites,CN=Configuration,DC=ifm1,DC=com __________________________________________________________________________________ Here is the output of netdiag on the PDC which has all 5 roles. C:\Documents and Settings\Administrator.IFM1>netdiag .................................... Computer Name: FILESERVER DNS Host Name: fileserver.ifm1.com System info : Windows 2000 Server (Build 3790) Processor : x86 Family 15 Model 4 Stepping 1, GenuineIntel List of installed hotfixes : KB833407 KB883939 KB890046 KB893756 KB896358 KB896422 KB896424 KB896428 KB896688 KB896727 KB898715 KB899587 KB899588 KB899589 KB899591 KB900725 KB901017 KB901214 KB902400 KB903235 KB904706 KB904942 KB905414 KB905915 KB908519 KB908531 KB910437 KB911280 KB911562 KB911564 KB911567 KB911927 KB912812 KB912919 KB913446 KB914388 KB914389 KB914783 KB916281 KB917159 KB917344 KB917422 KB917537 KB917734 KB917953 KB918439 KB918899 KB920214 KB920670 KB920683 KB920685 KB921398 KB921883 KB922582 KB922616 KB922819 KB923191 KB923414 KB924191 KB924496 KB925486 Q147222 Netcard queries test . . . . . . . : Passed Per interface results: Adapter : Local Area Connection Netcard queries test . . . : Passed Host Name. . . . . . . . . : fileserver IP Address . . . . . . . . : 10.1.1.2 Subnet Mask. . . . . . . . : 255.255.255.0 Default Gateway. . . . . . : 10.1.1.1 Dns Servers. . . . . . . . : 10.1.1.3 63.64.9.11 AutoConfiguration results. . . . . . : Passed Default gateway test . . . : Passed NetBT name test. . . . . . : Passed [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge r Service', <20> 'WINS' names is missing. No remote names have been found. WINS service test. . . . . : Skipped There are no WINS servers configured for this interface. Global results: Domain membership test . . . . . . : Failed [WARNING] Ths system volume has not been completely replicated to the local machine. This machine is not working properly as a DC. NetBT transports test. . . . . . . : Passed List of NetBt transports currently configured: NetBT_Tcpip_{84659B74-E300-4F52-A4DD-B16E30AF396E} 1 NetBt transport currently configured. Autonet address test . . . . . . . : Passed IP loopback ping test. . . . . . . : Passed Default gateway test . . . . . . . : Passed NetBT name test. . . . . . . . . . : Passed [WARNING] You don't have a single interface with the <00> 'WorkStation Servi ce', <03> 'Messenger Service', <20> 'WINS' names defined. Winsock test . . . . . . . . . . . : Passed DNS test . . . . . . . . . . . . . : Passed PASS - All the DNS entries for DC are registered on DNS server '10.1.1.3' and other DCs also have some of the names registered. [WARNING] The DNS entries for this DC are not registered correctly on DNS server '63.64.9.11'. Please wait for 30 minutes for DNS server replication. Redir and Browser test . . . . . . : Passed List of NetBt transports currently bound to the Redir NetBT_Tcpip_{84659B74-E300-4F52-A4DD-B16E30AF396E} The redir is bound to 1 NetBt transport. List of NetBt transports currently bound to the browser NetBT_Tcpip_{84659B74-E300-4F52-A4DD-B16E30AF396E} The browser is bound to 1 NetBt transport. DC discovery test. . . . . . . . . : Failed [FATAL] Cannot find DC in domain 'IFM1'. [ERROR_NO_SUCH_DOMAIN] DC list test . . . . . . . . . . . : Failed 'IFM1': Cannot find DC to get DC list from [test skipped]. Trust relationship test. . . . . . : Skipped Kerberos test. . . . . . . . . . . : Skipped 'IFM1': Cannot find DC to get DC list from [test skipped]. LDAP test. . . . . . . . . . . . . : Failed Cannot find DC to run LDAP tests on. The error occurred was: The specified d omain either does not exist or could not be contacted. [WARNING] Cannot find DC in domain 'IFM1'. [ERROR_NO_SUCH_DOMAIN] Bindings test. . . . . . . . . . . : Passed WAN configuration test . . . . . . : Skipped No active remote access connections. Modem diagnostics test . . . . . . : Passed IP Security test . . . . . . . . . : Skipped Note: run "netsh ipsec dynamic show /?" for more detailed information The command completed successfully __________________________________________________________________________________________ Here is the output showing there is no SYSVOL or NETLOGON shares. C:\Documents and Settings\Administrator.IFM1>net share Share name Resource Remark ------------------------------------------------------------------------------- C$ C:\ Default share ADMIN$ C:\WINDOWS Remote Admin F$ F:\ Default share IPC$ Remote IPC AutoCAD C:\AutoCAD AutoCAD2 C:\AutoCAD2 backups C:\backups BOM C:\BOM GEO12NA C:\GEO12NA GEO13NA C:\GEO13NA Harris InfoSource C:\Program Files\Harris InfoSource home C:\home Caching disabled HOUSING PICTURES C:\HOUSING PICTURES IFM C:\IFM IFMPrograms C:\IFMPrograms mappoint C:\mappoint METALSHOP C:\METALSHOP ofcscan C:\Program Files\Trend Micro\OfficeScan\PCCSRV PDF Customer Drawings C:\PDF Customer Drawings PDF Production Drawings C:\PDF Production Drawings PICTURES C:\PICTURES PROFORMA C:\PROFORMA public F:\public PVDB C:\PVDB QCDocs C:\QCDocs SA2003 C:\SA2003+ SA2004 C:\SA2004 SA2006 C:\SA2006 SellSync C:\Selltis\SellSync websites F:\websites WELD PROCEDURES C:\WELD PROCEDURES ____________________________________________________________________________________________ I have also used the ntdsutil and it let me transfer roles that were already roles. It didnt complain about ADS not being started. I am confused. I cant find anything in the event log that will lead me in the right direction. I even checked all of the ADS DNS entries on the DNS server. Ive searched google all day and havent found anything similar to what im experiencing. Does anyone out there have any suggestions on where to look for a problem, or know any tools to use to be more verbose with ADS not starting? I will give more info if needed. The email started getting lengthy as it is. It has to be something simple. Thanks, "Rodney" Here are the results from dcdiag:
Microsoft Windows [Version 5.2.3790] (C) Copyright 1985-2003 Microsoft Corp. C:\Documents and Settings\Administrator.IFM1>dcdiag Domain Controller Diagnosis Performing initial setup: Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\FILESERVER Starting test: Connectivity ......................... FILESERVER passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\FILESERVER Starting test: Replications ......................... FILESERVER passed test Replications Starting test: NCSecDesc ......................... FILESERVER passed test NCSecDesc Starting test: NetLogons ......................... FILESERVER passed test NetLogons Starting test: Advertising Fatal Error:DsGetDcName (FILESERVER) call failed, error 1355 The Locator could not find the server. ......................... FILESERVER failed test Advertising Starting test: KnowsOfRoleHolders ......................... FILESERVER passed test KnowsOfRoleHolders Starting test: RidManager ......................... FILESERVER passed test RidManager Starting test: MachineAccount ......................... FILESERVER passed test MachineAccount Starting test: Services ......................... FILESERVER passed test Services Starting test: ObjectsReplicated ......................... FILESERVER passed test ObjectsReplicated Starting test: frssysvol ......................... FILESERVER passed test frssysvol Starting test: frsevent There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. ......................... FILESERVER failed test frsevent Starting test: kccevent ......................... FILESERVER passed test kccevent Starting test: systemlog ......................... FILESERVER passed test systemlog Starting test: VerifyReferences ......................... FILESERVER passed test VerifyReferences Running partition tests on : ForestDnsZones Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Running partition tests on : DomainDnsZones Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : ifm1 Starting test: CrossRefValidation ......................... ifm1 passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ifm1 passed test CheckSDRefDom Running enterprise tests on : ifm1.com Starting test: Intersite ......................... ifm1.com passed test Intersite Starting test: FsmoCheck Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355 A Global Catalog Server could not be located - All GC's are down. Warning: DcGetDcName(TIME_SERVER) call failed, error 1355 A Time Server could not be located. The server holding the PDC role is down. Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 135 5 A Good Time Server could not be located. Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355 A KDC could not be located - All the KDCs are down. ......................... ifm1.com failed test FsmoCheck My first thought would be you have DNS issues.
From one of your's dc try running dnslint /ad /s "ip address of your dc" Also run netdom query fsmo Check the Sites and Services and verify one of the servers is a GC. http://support.microsoft.com/default.aspx?scid=kb;en-us;313994 Starting test: FsmoCheck Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355 A Global Catalog Server could not be located - All GC's are down. Warning: DcGetDcName(TIME_SERVER) call failed, error 1355 A Time Server could not be located. The server holding the PDC role is down. Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 135 5 A Good Time Server could not be located. Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355 A KDC could not be located - All the KDCs are down. ......................... ifm1.com failed test FsmoCheck -- Show quoteHide quotePaul Bergson MVP - Directory Services MCT, MCSE, MCSA, Security+, BS CSci 2003, 2000 (Early Achiever), NT http://www.pbbergs.com Please no e-mails, any questions should be posted in the NewsGroup This posting is provided "AS IS" with no warranties, and confers no rights. "Rodney King" <r**@hick.org> wrote in message news:gK6dnc26_NkMl8TYnZ2dnUVZ_tudnZ2d@insightbb.com... > Here are the results from dcdiag: > > Microsoft Windows [Version 5.2.3790] > (C) Copyright 1985-2003 Microsoft Corp. > > C:\Documents and Settings\Administrator.IFM1>dcdiag > > Domain Controller Diagnosis > > Performing initial setup: > Done gathering initial info. > > Doing initial required tests > > Testing server: Default-First-Site-Name\FILESERVER > Starting test: Connectivity > ......................... FILESERVER passed test Connectivity > > Doing primary tests > > Testing server: Default-First-Site-Name\FILESERVER > Starting test: Replications > ......................... FILESERVER passed test Replications > Starting test: NCSecDesc > ......................... FILESERVER passed test NCSecDesc > Starting test: NetLogons > ......................... FILESERVER passed test NetLogons > Starting test: Advertising > Fatal Error:DsGetDcName (FILESERVER) call failed, error 1355 > The Locator could not find the server. > ......................... FILESERVER failed test Advertising > Starting test: KnowsOfRoleHolders > ......................... FILESERVER passed test > KnowsOfRoleHolders > Starting test: RidManager > ......................... FILESERVER passed test RidManager > Starting test: MachineAccount > ......................... FILESERVER passed test MachineAccount > Starting test: Services > ......................... FILESERVER passed test Services > Starting test: ObjectsReplicated > ......................... FILESERVER passed test > ObjectsReplicated > Starting test: frssysvol > ......................... FILESERVER passed test frssysvol > Starting test: frsevent > There are warning or error events within the last 24 hours after > the > SYSVOL has been shared. Failing SYSVOL replication problems may > cause > Group Policy problems. > ......................... FILESERVER failed test frsevent > Starting test: kccevent > ......................... FILESERVER passed test kccevent > Starting test: systemlog > ......................... FILESERVER passed test systemlog > Starting test: VerifyReferences > ......................... FILESERVER passed test VerifyReferences > > Running partition tests on : ForestDnsZones > Starting test: CrossRefValidation > ......................... ForestDnsZones passed test > CrossRefValidation > > Starting test: CheckSDRefDom > ......................... ForestDnsZones passed test > CheckSDRefDom > > Running partition tests on : DomainDnsZones > Starting test: CrossRefValidation > ......................... DomainDnsZones passed test > CrossRefValidation > > Starting test: CheckSDRefDom > ......................... DomainDnsZones passed test > CheckSDRefDom > > Running partition tests on : Schema > Starting test: CrossRefValidation > ......................... Schema passed test CrossRefValidation > Starting test: CheckSDRefDom > ......................... Schema passed test CheckSDRefDom > > Running partition tests on : Configuration > Starting test: CrossRefValidation > ......................... Configuration passed test > CrossRefValidation > Starting test: CheckSDRefDom > ......................... Configuration passed test CheckSDRefDom > > Running partition tests on : ifm1 > Starting test: CrossRefValidation > ......................... ifm1 passed test CrossRefValidation > Starting test: CheckSDRefDom > ......................... ifm1 passed test CheckSDRefDom > > Running enterprise tests on : ifm1.com > Starting test: Intersite > ......................... ifm1.com passed test Intersite > Starting test: FsmoCheck > Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355 > A Global Catalog Server could not be located - All GC's are down. > Warning: DcGetDcName(TIME_SERVER) call failed, error 1355 > A Time Server could not be located. > The server holding the PDC role is down. > Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, > error 135 > 5 > A Good Time Server could not be located. > Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355 > A KDC could not be located - All the KDCs are down. > ......................... ifm1.com failed test FsmoCheck Here is the output from the commands you pointed out.
C:\Documents and Settings\Administrator.IFM1>netdom query fsmo Schema owner fileserver.ifm1.com Domain role owner fileserver.ifm1.com PDC role fileserver.ifm1.com RID pool manager fileserver.ifm1.com Infrastructure owner fileserver.ifm1.com The command completed successfully. Here is the output of dnslint: dnslint /ad /s 10.1.1.2 Root of Active Directory Forest: ifm1.com Active Directory Forest Replication GUIDs Found: DC: SERVER01 GUID: 3f5adc65-d2fb-4ba6-af41-83b3b62e175e DC: FILESERVER GUID: a891f126-e4da-42a4-a254-c841c8a55f09 More stuff, no errors, shows queries are working on both servers..blah blah blah. Both servers have a copy of the global catalog. Thanks for the reply Paul. Last night in the wee hours, I found a KB that was somewhat related to the problems I had and it fixed it (AD started). All I did was set the BurFlags for NtFrs to D4 on the 5 role PDC and D2 on the other PDC. I restarted the NtFrs service on both PDC's and walah. SYSVOL is shared and authentications are working, ldap queries are working...etc. One problem. I seem to have lost all of my group policies. I am going through backups now to see if I have any recent sets. Although, Id rather just start with fresh policies. If I can delete the links to the old ones. I am getting this error in Application (Userenv) in the event log on my workstations. --------------------------------------------------------------------------------------------------------------------------- Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=ifm1,DC=com. The file must be present at the location <\\ifm1.com\sysvol\ifm1.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (The system cannot find the path specified. ). Group Policy processing aborted. ---------------------------------------------------------------------------------------------------------------------------- Here is what I got in the event log after making the registry changes that fixed AD. ---------------------------------------------------------------------------------------------------------------------------- The File Replication Service is no longer preventing the computer FILESERVER from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL. :-) Now I have to figure out where my GPO's went and put them back into--------------------------------------------------------------------------------------------------------------------------- SYSVOL? Would it be easier to just start with new GPO's and remove the old links? Anyone wanna take a shot at guessing where my GPO's went? Paul Bergson [MVP-DS] wrote: Show quoteHide quote > My first thought would be you have DNS issues. > From one of your's dc try running dnslint /ad /s "ip address of > your dc" > > Also run netdom query fsmo > > > > Check the Sites and Services and verify one of the servers is a GC. > http://support.microsoft.com/default.aspx?scid=kb;en-us;313994 > > Starting test: FsmoCheck > Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355 > A Global Catalog Server could not be located - All GC's are down. > Warning: DcGetDcName(TIME_SERVER) call failed, error 1355 > A Time Server could not be located. > The server holding the PDC role is down. > Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, > error 135 > 5 > A Good Time Server could not be located. > Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355 > A KDC could not be located - All the KDCs are down. > ......................... ifm1.com failed test FsmoCheck > > -- > Paul Bergson > MVP - Directory Services > MCT, MCSE, MCSA, Security+, BS CSci > 2003, 2000 (Early Achiever), NT > > http://www.pbbergs.com > > Please no e-mails, any questions should be posted in the NewsGroup > This posting is provided "AS IS" with no warranties, and confers no rights. > > "Rodney King" <r**@hick.org> wrote in message > news:gK6dnc26_NkMl8TYnZ2dnUVZ_tudnZ2d@insightbb.com... > > Here are the results from dcdiag: > > > > Microsoft Windows [Version 5.2.3790] > > (C) Copyright 1985-2003 Microsoft Corp. > > > > C:\Documents and Settings\Administrator.IFM1>dcdiag > > > > Domain Controller Diagnosis > > > > Performing initial setup: > > Done gathering initial info. > > > > Doing initial required tests > > > > Testing server: Default-First-Site-Name\FILESERVER > > Starting test: Connectivity > > ......................... FILESERVER passed test Connectivity > > > > Doing primary tests > > > > Testing server: Default-First-Site-Name\FILESERVER > > Starting test: Replications > > ......................... FILESERVER passed test Replications > > Starting test: NCSecDesc > > ......................... FILESERVER passed test NCSecDesc > > Starting test: NetLogons > > ......................... FILESERVER passed test NetLogons > > Starting test: Advertising > > Fatal Error:DsGetDcName (FILESERVER) call failed, error 1355 > > The Locator could not find the server. > > ......................... FILESERVER failed test Advertising > > Starting test: KnowsOfRoleHolders > > ......................... FILESERVER passed test > > KnowsOfRoleHolders > > Starting test: RidManager > > ......................... FILESERVER passed test RidManager > > Starting test: MachineAccount > > ......................... FILESERVER passed test MachineAccount > > Starting test: Services > > ......................... FILESERVER passed test Services > > Starting test: ObjectsReplicated > > ......................... FILESERVER passed test > > ObjectsReplicated > > Starting test: frssysvol > > ......................... FILESERVER passed test frssysvol > > Starting test: frsevent > > There are warning or error events within the last 24 hours after > > the > > SYSVOL has been shared. Failing SYSVOL replication problems may > > cause > > Group Policy problems. > > ......................... FILESERVER failed test frsevent > > Starting test: kccevent > > ......................... FILESERVER passed test kccevent > > Starting test: systemlog > > ......................... FILESERVER passed test systemlog > > Starting test: VerifyReferences > > ......................... FILESERVER passed test VerifyReferences > > > > Running partition tests on : ForestDnsZones > > Starting test: CrossRefValidation > > ......................... ForestDnsZones passed test > > CrossRefValidation > > > > Starting test: CheckSDRefDom > > ......................... ForestDnsZones passed test > > CheckSDRefDom > > > > Running partition tests on : DomainDnsZones > > Starting test: CrossRefValidation > > ......................... DomainDnsZones passed test > > CrossRefValidation > > > > Starting test: CheckSDRefDom > > ......................... DomainDnsZones passed test > > CheckSDRefDom > > > > Running partition tests on : Schema > > Starting test: CrossRefValidation > > ......................... Schema passed test CrossRefValidation > > Starting test: CheckSDRefDom > > ......................... Schema passed test CheckSDRefDom > > > > Running partition tests on : Configuration > > Starting test: CrossRefValidation > > ......................... Configuration passed test > > CrossRefValidation > > Starting test: CheckSDRefDom > > ......................... Configuration passed test CheckSDRefDom > > > > Running partition tests on : ifm1 > > Starting test: CrossRefValidation > > ......................... ifm1 passed test CrossRefValidation > > Starting test: CheckSDRefDom > > ......................... ifm1 passed test CheckSDRefDom > > > > Running enterprise tests on : ifm1.com > > Starting test: Intersite > > ......................... ifm1.com passed test Intersite > > Starting test: FsmoCheck > > Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355 > > A Global Catalog Server could not be located - All GC's are down. > > Warning: DcGetDcName(TIME_SERVER) call failed, error 1355 > > A Time Server could not be located. > > The server holding the PDC role is down. > > Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, > > error 135 > > 5 > > A Good Time Server could not be located. > > Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355 > > A KDC could not be located - All the KDCs are down. > > ......................... ifm1.com failed test FsmoCheck Sounds like you did a rebuild of sysvol and had the changes replicate out to
the other dc's. Which ever dc you did this on would have had its sysvol data replicated out, so anything that was in this sysvol became the standard for your domain. My guess is you used the article below to do the rebuild. http://support.microsoft.com/default.aspx/kb/315457/ You may have to rebuild again, only get the sysvol reloaded as you want it to appear on the rebuilt sysvol before you do the rebuild (Burflg reset) command. -- Show quoteHide quotePaul Bergson MVP - Directory Services MCT, MCSE, MCSA, Security+, BS CSci 2003, 2000 (Early Achiever), NT http://www.pbbergs.com Please no e-mails, any questions should be posted in the NewsGroup This posting is provided "AS IS" with no warranties, and confers no rights. <rodneyk***@gmail.com> wrote in message news:1163534865.102298.281310@k70g2000cwa.googlegroups.com... > Here is the output from the commands you pointed out. > > C:\Documents and Settings\Administrator.IFM1>netdom query fsmo > Schema owner fileserver.ifm1.com > Domain role owner fileserver.ifm1.com > PDC role fileserver.ifm1.com > RID pool manager fileserver.ifm1.com > Infrastructure owner fileserver.ifm1.com > The command completed successfully. > > Here is the output of dnslint: > dnslint /ad /s 10.1.1.2 > Root of Active Directory Forest: > ifm1.com > Active Directory Forest Replication GUIDs Found: > DC: SERVER01 > GUID: 3f5adc65-d2fb-4ba6-af41-83b3b62e175e > DC: FILESERVER > GUID: a891f126-e4da-42a4-a254-c841c8a55f09 > More stuff, no errors, shows queries are working on both servers..blah > blah blah. > Both servers have a copy of the global catalog. > > Thanks for the reply Paul. Last night in the wee hours, I found a KB > that was somewhat related to the problems I had and it fixed it (AD > started). All I did was set the BurFlags for NtFrs to D4 on the 5 role > PDC and D2 on the other PDC. I restarted the NtFrs service on both > PDC's and walah. SYSVOL is shared and authentications are working, > ldap queries are working...etc. One problem. I seem to have lost all > of my group policies. I am going through backups now to see if I have > any recent sets. Although, Id rather just start with fresh policies. > If I can delete the links to the old ones. > > I am getting this error in Application (Userenv) in the event log on my > workstations. > > --------------------------------------------------------------------------------------------------------------------------- > > Windows cannot access the file gpt.ini for GPO > CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=ifm1,DC=com. > The file must be present at the location > <\\ifm1.com\sysvol\ifm1.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. > (The system cannot find the path specified. ). Group Policy processing > aborted. > > ---------------------------------------------------------------------------------------------------------------------------- > Here is what I got in the event log after making the registry changes > that fixed AD. > ---------------------------------------------------------------------------------------------------------------------------- > The File Replication Service is no longer preventing the computer > FILESERVER from becoming a domain controller. The system volume has > been successfully initialized and the Netlogon service has been > notified that the system volume is now ready to be shared as SYSVOL. > :-) > --------------------------------------------------------------------------------------------------------------------------- > > Now I have to figure out where my GPO's went and put them back into > SYSVOL? Would it be easier to just start with new GPO's and remove the > old links? Anyone wanna take a shot at guessing where my GPO's went? > > > > Paul Bergson [MVP-DS] wrote: >> My first thought would be you have DNS issues. >> From one of your's dc try running dnslint /ad /s "ip address >> of >> your dc" >> >> Also run netdom query >> fsmo >> >> >> >> Check the Sites and Services and verify one of the servers is a GC. >> http://support.microsoft.com/default.aspx?scid=kb;en-us;313994 >> >> Starting test: FsmoCheck >> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error >> 1355 >> A Global Catalog Server could not be located - All GC's are >> down. >> Warning: DcGetDcName(TIME_SERVER) call failed, error 1355 >> A Time Server could not be located. >> The server holding the PDC role is down. >> Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, >> error 135 >> 5 >> A Good Time Server could not be located. >> Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355 >> A KDC could not be located - All the KDCs are down. >> ......................... ifm1.com failed test FsmoCheck >> >> -- >> Paul Bergson >> MVP - Directory Services >> MCT, MCSE, MCSA, Security+, BS CSci >> 2003, 2000 (Early Achiever), NT >> >> http://www.pbbergs.com >> >> Please no e-mails, any questions should be posted in the NewsGroup >> This posting is provided "AS IS" with no warranties, and confers no >> rights. >> >> "Rodney King" <r**@hick.org> wrote in message >> news:gK6dnc26_NkMl8TYnZ2dnUVZ_tudnZ2d@insightbb.com... >> > Here are the results from dcdiag: >> > >> > Microsoft Windows [Version 5.2.3790] >> > (C) Copyright 1985-2003 Microsoft Corp. >> > >> > C:\Documents and Settings\Administrator.IFM1>dcdiag >> > >> > Domain Controller Diagnosis >> > >> > Performing initial setup: >> > Done gathering initial info. >> > >> > Doing initial required tests >> > >> > Testing server: Default-First-Site-Name\FILESERVER >> > Starting test: Connectivity >> > ......................... FILESERVER passed test Connectivity >> > >> > Doing primary tests >> > >> > Testing server: Default-First-Site-Name\FILESERVER >> > Starting test: Replications >> > ......................... FILESERVER passed test Replications >> > Starting test: NCSecDesc >> > ......................... FILESERVER passed test NCSecDesc >> > Starting test: NetLogons >> > ......................... FILESERVER passed test NetLogons >> > Starting test: Advertising >> > Fatal Error:DsGetDcName (FILESERVER) call failed, error 1355 >> > The Locator could not find the server. >> > ......................... FILESERVER failed test Advertising >> > Starting test: KnowsOfRoleHolders >> > ......................... FILESERVER passed test >> > KnowsOfRoleHolders >> > Starting test: RidManager >> > ......................... FILESERVER passed test RidManager >> > Starting test: MachineAccount >> > ......................... FILESERVER passed test >> > MachineAccount >> > Starting test: Services >> > ......................... FILESERVER passed test Services >> > Starting test: ObjectsReplicated >> > ......................... FILESERVER passed test >> > ObjectsReplicated >> > Starting test: frssysvol >> > ......................... FILESERVER passed test frssysvol >> > Starting test: frsevent >> > There are warning or error events within the last 24 hours >> > after >> > the >> > SYSVOL has been shared. Failing SYSVOL replication problems >> > may >> > cause >> > Group Policy problems. >> > ......................... FILESERVER failed test frsevent >> > Starting test: kccevent >> > ......................... FILESERVER passed test kccevent >> > Starting test: systemlog >> > ......................... FILESERVER passed test systemlog >> > Starting test: VerifyReferences >> > ......................... FILESERVER passed test >> > VerifyReferences >> > >> > Running partition tests on : ForestDnsZones >> > Starting test: CrossRefValidation >> > ......................... ForestDnsZones passed test >> > CrossRefValidation >> > >> > Starting test: CheckSDRefDom >> > ......................... ForestDnsZones passed test >> > CheckSDRefDom >> > >> > Running partition tests on : DomainDnsZones >> > Starting test: CrossRefValidation >> > ......................... DomainDnsZones passed test >> > CrossRefValidation >> > >> > Starting test: CheckSDRefDom >> > ......................... DomainDnsZones passed test >> > CheckSDRefDom >> > >> > Running partition tests on : Schema >> > Starting test: CrossRefValidation >> > ......................... Schema passed test >> > CrossRefValidation >> > Starting test: CheckSDRefDom >> > ......................... Schema passed test CheckSDRefDom >> > >> > Running partition tests on : Configuration >> > Starting test: CrossRefValidation >> > ......................... Configuration passed test >> > CrossRefValidation >> > Starting test: CheckSDRefDom >> > ......................... Configuration passed test >> > CheckSDRefDom >> > >> > Running partition tests on : ifm1 >> > Starting test: CrossRefValidation >> > ......................... ifm1 passed test CrossRefValidation >> > Starting test: CheckSDRefDom >> > ......................... ifm1 passed test CheckSDRefDom >> > >> > Running enterprise tests on : ifm1.com >> > Starting test: Intersite >> > ......................... ifm1.com passed test Intersite >> > Starting test: FsmoCheck >> > Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error >> > 1355 >> > A Global Catalog Server could not be located - All GC's are >> > down. >> > Warning: DcGetDcName(TIME_SERVER) call failed, error 1355 >> > A Time Server could not be located. >> > The server holding the PDC role is down. >> > Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, >> > error 135 >> > 5 >> > A Good Time Server could not be located. >> > Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355 >> > A KDC could not be located - All the KDCs are down. >> > ......................... ifm1.com failed test FsmoCheck > I just had almost the identical problem, except that when I booted it would
abort saying I should boot into safe mode, directory services repair. It looked a lot like DNS, (can happen if your dns server address points to your ISP's DNS server instead of to itself) but after restoring the system state I was getting the same messages you are. After days of frustation I manually shared SYSVOL and it let me boot normally, and network connectivity was restored. Caveat: I've not tried it, but have been told that sharing SYSVOL via Windows explorer causes major problems. What I did was share it through Regedit. Navigate to: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters. Double-click the SYSvolReady value and change the data value from 0 to 1. Shutdown and restart the computer. Also, the system state restore would only work with data from before the power outage. Show quoteHide quote "Rodney King" wrote: > I have had this domain going for almost 2 years with minimal problems. > (2) Windows 2003 servers running in 2003 native mode, all xp clients, > and several linux clients and servers. I have several group policies > for separate OU's I have created through our business along with a few > startup scripts. This weekend we had a power outage, and I have a UPS > and it reported it and put it into hibernate after a few minutes. This > morning I came in and my boss had rebooted both DC's and nobody could > authenticate nor access files over the network. I checked them out, > rebooted them myself and they both hung on "Starting Active > Directory..." for about 5 minutes. > > I checked the event log on all DC's and workstations, and they all have > entries from Userenv saying Windows cannot obtain the domain controller > name for your computer network. (The specified domain either does not > exist or could not be contacted. ). Group Policy processing aborted. > > All of my mapped drives are saying "Microsoft Windows Network: The local > device name is already in use." This connection has not been restored. > > If I try to connect to a UNC share \\server01 I get a password dialog > box and I am unable to Authenticate even using MYDOMAIN\username. > > select operation target: list roles for connected server > Server "\\fileserver.ifm1.com" knows about 5 roles > Schema - CN=NTDS > Settings,CN=SERVER01,CN=Servers,CN=Default-First-Site-Name,CN=S > ites,CN=Configuration,DC=ifm1,DC=com > Domain - CN=NTDS > Settings,CN=FILESERVER,CN=Servers,CN=Default-First-Site-Name,CN > =Sites,CN=Configuration,DC=ifm1,DC=com > PDC - CN=NTDS > Settings,CN=FILESERVER,CN=Servers,CN=Default-First-Site-Name,CN=Si > tes,CN=Configuration,DC=ifm1,DC=com > RID - CN=NTDS > Settings,CN=FILESERVER,CN=Servers,CN=Default-First-Site-Name,CN=Si > tes,CN=Configuration,DC=ifm1,DC=com > Infrastructure - CN=NTDS > Settings,CN=FILESERVER,CN=Servers,CN=Default-First-Site > -Name,CN=Sites,CN=Configuration,DC=ifm1,DC=com > __________________________________________________________________________________ > Here is the output of netdiag on the PDC which has all 5 roles. > > C:\Documents and Settings\Administrator.IFM1>netdiag > > .................................... > > Computer Name: FILESERVER > DNS Host Name: fileserver.ifm1.com > System info : Windows 2000 Server (Build 3790) > Processor : x86 Family 15 Model 4 Stepping 1, GenuineIntel > List of installed hotfixes : > KB833407 > KB883939 > KB890046 > KB893756 > KB896358 > KB896422 > KB896424 > KB896428 > KB896688 > KB896727 > KB898715 > KB899587 > KB899588 > KB899589 > KB899591 > KB900725 > KB901017 > KB901214 > KB902400 > KB903235 > KB904706 > KB904942 > KB905414 > KB905915 > KB908519 > KB908531 > KB910437 > KB911280 > KB911562 > KB911564 > KB911567 > KB911927 > KB912812 > KB912919 > KB913446 > KB914388 > KB914389 > KB914783 > KB916281 > KB917159 > KB917344 > KB917422 > KB917537 > KB917734 > KB917953 > KB918439 > KB918899 > KB920214 > KB920670 > KB920683 > KB920685 > KB921398 > KB921883 > KB922582 > KB922616 > KB922819 > KB923191 > KB923414 > KB924191 > KB924496 > KB925486 > Q147222 > > > Netcard queries test . . . . . . . : Passed > > > > Per interface results: > > Adapter : Local Area Connection > > Netcard queries test . . . : Passed > > Host Name. . . . . . . . . : fileserver > IP Address . . . . . . . . : 10.1.1.2 > Subnet Mask. . . . . . . . : 255.255.255.0 > Default Gateway. . . . . . : 10.1.1.1 > Dns Servers. . . . . . . . : 10.1.1.3 > 63.64.9.11 > > > AutoConfiguration results. . . . . . : Passed > > Default gateway test . . . : Passed > > NetBT name test. . . . . . : Passed > [WARNING] At least one of the <00> 'WorkStation Service', <03> > 'Messenge > r Service', <20> 'WINS' names is missing. > No remote names have been found. > > WINS service test. . . . . : Skipped > There are no WINS servers configured for this interface. > > > Global results: > > > Domain membership test . . . . . . : Failed > [WARNING] Ths system volume has not been completely replicated to > the local > machine. This machine is not working properly as a DC. > > > NetBT transports test. . . . . . . : Passed > List of NetBt transports currently configured: > NetBT_Tcpip_{84659B74-E300-4F52-A4DD-B16E30AF396E} > 1 NetBt transport currently configured. > > > Autonet address test . . . . . . . : Passed > > > IP loopback ping test. . . . . . . : Passed > > > Default gateway test . . . . . . . : Passed > > > NetBT name test. . . . . . . . . . : Passed > [WARNING] You don't have a single interface with the <00> > 'WorkStation Servi > ce', <03> 'Messenger Service', <20> 'WINS' names defined. > > > Winsock test . . . . . . . . . . . : Passed > > > DNS test . . . . . . . . . . . . . : Passed > PASS - All the DNS entries for DC are registered on DNS server > '10.1.1.3' and other DCs also have some of the names registered. > [WARNING] The DNS entries for this DC are not registered correctly > on DNS server '63.64.9.11'. Please wait for 30 minutes for DNS server > replication. > > > Redir and Browser test . . . . . . : Passed > List of NetBt transports currently bound to the Redir > NetBT_Tcpip_{84659B74-E300-4F52-A4DD-B16E30AF396E} > The redir is bound to 1 NetBt transport. > > List of NetBt transports currently bound to the browser > NetBT_Tcpip_{84659B74-E300-4F52-A4DD-B16E30AF396E} > The browser is bound to 1 NetBt transport. > > > DC discovery test. . . . . . . . . : Failed > [FATAL] Cannot find DC in domain 'IFM1'. [ERROR_NO_SUCH_DOMAIN] > > > DC list test . . . . . . . . . . . : Failed > 'IFM1': Cannot find DC to get DC list from [test skipped]. > > > Trust relationship test. . . . . . : Skipped > > > Kerberos test. . . . . . . . . . . : Skipped > 'IFM1': Cannot find DC to get DC list from [test skipped]. > > > LDAP test. . . . . . . . . . . . . : Failed > Cannot find DC to run LDAP tests on. The error occurred was: The > specified d > omain either does not exist or could not be contacted. > > [WARNING] Cannot find DC in domain 'IFM1'. [ERROR_NO_SUCH_DOMAIN] > > > Bindings test. . . . . . . . . . . : Passed > > > WAN configuration test . . . . . . : Skipped > No active remote access connections. > > > Modem diagnostics test . . . . . . : Passed > > IP Security test . . . . . . . . . : Skipped > > Note: run "netsh ipsec dynamic show /?" for more detailed information > The command completed successfully > __________________________________________________________________________________________ > > Here is the output showing there is no SYSVOL or NETLOGON shares. > > C:\Documents and Settings\Administrator.IFM1>net share > > Share name Resource Remark > > ------------------------------------------------------------------------------- > C$ C:\ Default share > ADMIN$ C:\WINDOWS Remote Admin > F$ F:\ Default share > IPC$ Remote IPC > AutoCAD C:\AutoCAD > AutoCAD2 C:\AutoCAD2 > backups C:\backups > BOM C:\BOM > GEO12NA C:\GEO12NA > GEO13NA C:\GEO13NA > Harris InfoSource > C:\Program Files\Harris InfoSource > > home C:\home Caching disabled > HOUSING PICTURES > C:\HOUSING PICTURES > IFM C:\IFM > IFMPrograms C:\IFMPrograms > mappoint C:\mappoint > METALSHOP C:\METALSHOP > ofcscan C:\Program Files\Trend Micro\OfficeScan\PCCSRV > > PDF Customer Drawings > C:\PDF Customer Drawings > PDF Production Drawings > C:\PDF Production Drawings > PICTURES C:\PICTURES > PROFORMA C:\PROFORMA > public F:\public > PVDB C:\PVDB > QCDocs C:\QCDocs > SA2003 C:\SA2003+ > SA2004 C:\SA2004 > SA2006 C:\SA2006 > SellSync C:\Selltis\SellSync > websites F:\websites > WELD PROCEDURES > C:\WELD PROCEDURES > ____________________________________________________________________________________________ > > > I have also used the ntdsutil and it let me transfer roles that were > already roles. It didnt complain about ADS not being started. I am > confused. I cant find anything in the event log that will lead me in > the right direction. I even checked all of the ADS DNS entries on the > DNS server. Ive searched google all day and havent found anything > similar to what im experiencing. Does anyone out there have any > suggestions on where to look for a problem, or know any tools to use to > be more verbose with ADS not starting? I will give more info if needed. > The email started getting lengthy as it is. It has to be something > simple. > > Thanks, > "Rodney" > > > 
Other interesting topics
AD/ADAM Create User (VB.Net)
DNS Record Removal GPO - clarification question how to disable USB sticks through AD Folder Redirection in Windows 2003 Server quota on network drive (user's home folder) Active Directory 'Roll Call'/Attendance capabilities ? Question concerning Restricted Groups. Adding a local user account password change via IE Administrative templates |
|||||||||||||||||||||||
