Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » systems can not find local DC
systems can not find local DC [message #418940] Wed, 24 March 2010 12:13 Go to next message
Help me  is currently offline Help me
Messages: 27
Registered: August 2009
Junior Member
Help

I have 2 locations... 192.168.1.x and 192.168.254.x
2 servers - server1 192.168.1.1) and server2 (192.168.254.253) which are dcs
They are not on the same network
I connect via VPN to sync AD and if I leave vpn up all works correctly.
server1 is the GC...etc
Server2 is a backup at the remote location

When I click on AD Computers and users the MMC does not figure out that
server1 is not available so I will show server2. I select server2 and all my
AD info is there.

When I try to remote desktop into server2 it tells me the domain controller
cannot be found. I see from the dsdiag that KnowsOfRoleHolders is unable to
find roles if vpn is down. In addition it resports the
Starting test: Advertising
Fatal Error:DsGetDcName (SERVER2) call failed, error 1355
The Locator could not find the server.
......................... SERVER2 failed test Advertising


What do I need to do so that server2 authenticates when not connect to server1
Re: systems can not find local DC [message #419319 is a reply to message #418940] Wed, 24 March 2010 22:48 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Help me" <Helpme@discussions.microsoft.com> wrote in message news:6F6D3274-91CB-4290-A3E0-F9603CFEEA34@microsoft.com...
> Help
>
> I have 2 locations... 192.168.1.x and 192.168.254.x
> 2 servers - server1 192.168.1.1) and server2 (192.168.254.253) which are dcs
> They are not on the same network
> I connect via VPN to sync AD and if I leave vpn up all works correctly.
> server1 is the GC...etc

In a single domain forest, all DCs are recommended to be GCs.

> Server2 is a backup at the remote location

If Server2 is in the same domain as Server1, then it's a "replica" DC, not a "backup" DC, in the sense of the NT4 days. They are both writeable and each will replicate it's AD database to the other DC.

>
> When I click on AD Computers and users the MMC does not figure out that
> server1 is not available so I will show server2. I select server2 and all my
> AD info is there.

Which server are you running ADUC from?

>
> When I try to remote desktop into server2 it tells me the domain controller
> cannot be found. I see from the dsdiag that KnowsOfRoleHolders is unable to
> find roles if vpn is down. In addition it resports the
> Starting test: Advertising
> Fatal Error:DsGetDcName (SERVER2) call failed, error 1355
> The Locator could not find the server.
> ......................... SERVER2 failed test Advertising
>
>
> What do I need to do so that server2 authenticates when not connect to server1
>

Apparently it depends on your ip configuration, whether both DCs are GCs, if the servers are multihomed, if they are both DNS servers, which server holds which FSMO roles, if you have AD Sites properly created for both locations, etc. To better help, please post the following.

1. Unedited ipconfig /all
2. In a CMD prompt, run "netdom query fsmo" and post the result, please.
3. Are both DCs, DNS servers?
4. Any event log errors on either DC? Pleast post the EventID# and Source name.
5. Are AD Sites properly setup for each subnet, and the appropriate DC is in it's correct AD Site?

By rights, anytime you have a VPN between locations with DCs, the VPN must stay up at all times, 24/7, or expect issues.




--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.
Re: systems can not find local DC [message #419770 is a reply to message #419319] Thu, 25 March 2010 13:14 Go to previous messageGo to next message
Help me  is currently offline Help me
Messages: 27
Registered: August 2009
Junior Member
both sites are dc,gc and dns

the dcdiag say server2 advert error returns server when doing a dcgetdc.

Dcdiag

************************************************************ **********************
Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine server2, is a DC.
* Connecting to directory service on server server2.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial required tests

Testing server: camp\SERVER2
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... SERVER2 passed test Connectivity

Doing primary tests

Testing server: camp\SERVER2
Starting test: Replications
* Replications Check
* Replication Latency Check
CN=Schema,CN=Configuration,DC=mydomain,DC=local
Latency information for 12 entries in the vector were ignored.
12 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=mydomain,DC=local
Latency information for 12 entries in the vector were ignored.
12 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
DC=mydomain,DC=local
Latency information for 12 entries in the vector were ignored.
12 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
......................... SERVER2 passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=mydomain,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=mydomain,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=mydomain,DC=local
(Domain,Version 2)
......................... SERVER2 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... SERVER2 passed test NetLogons
Starting test: Advertising
Warning: DsGetDcName returned information for
\\server.mydomain.local, when we were trying to reach SERVER2.
Server is not responding or is not considered suitable.
The DC SERVER2 is advertising itself as a DC and having a DS.
The DC SERVER2 is advertising as an LDAP server
The DC SERVER2 is advertising as having a writeable directory
The DC SERVER2 is advertising as a Key Distribution Center
The DC SERVER2 is advertising as a time server
The DS SERVER2 is advertising as a GC.
......................... SERVER2 failed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=SERVER,CN=Servers,CN=Default-First-Site,CN=Sites ,CN=Configuration,DC=mydomain,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=SERVER,CN=Servers,CN=Default-First-Site,CN=Sites ,CN=Configuration,DC=mydomain,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=SERVER,CN=Servers,CN=Default-First-Site,CN=Sites ,CN=Configuration,DC=mydomain,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=SERVER,CN=Servers,CN=Default-First-Site,CN=Sites ,CN=Configuration,DC=mydomain,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=SERVER,CN=Servers,CN=Default-First-Site,CN=Sites ,CN=Configuration,DC=mydomain,DC=local
......................... SERVER2 passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 12106 to 1073741823
* server.mydomain.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 11606 to 12105
* rIDPreviousAllocationPool is 11606 to 12105
* rIDNextRID: 11606
......................... SERVER2 passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/server2.mydomain.local/mydomain.local
* SPN found :LDAP/server2.mydomain.local
* SPN found :LDAP/SERVER2
* SPN found :LDAP/server2.mydomain.local/mydomain
* SPN found
:LDAP/be1def17-5651-412c-88bb-98eb984dc4be._msdcs.mydomain.l ocal
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/be1def17-5651-412c-88b b-98eb984dc4be/mydomain.local
* SPN found :HOST/server2.mydomain.local/mydomain.local
* SPN found :HOST/server2.mydomain.local
* SPN found :HOST/SERVER2
* SPN found :HOST/server2.mydomain.local/mydomain
* SPN found :GC/server2.mydomain.local/mydomain.local
......................... SERVER2 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SERVER2 passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
SERVER2 is in domain DC=mydomain,DC=local
Checking for CN=SERVER2,OU=Domain Controllers,DC=mydomain,DC=local
in domain DC=mydomain,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=SERVER2,CN=Servers,CN=camp,CN=Sites,CN=Configura tion,DC=mydomain,DC=local in domain CN=Configuration,DC=mydomain,DC=local on 1 servers
Object is up-to-date on all servers.
......................... SERVER2 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
The registry lookup failed to determine the state of the SYSVOL. The

error returned was 0 (The operation completed successfully.). Check

the FRS event log to see if the SYSVOL has successfully been shared.
......................... SERVER2 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the

SYSVOL has been shared. Failing SYSVOL replication problems may
cause

Group Policy problems.
An Warning Event occured. EventID: 0x800034FD
Time Generated: 03/25/2010 08:14:49
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800034C4
Time Generated: 03/25/2010 08:33:06
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800034C4
Time Generated: 03/25/2010 08:46:56
(Event String could not be retrieved)
......................... SERVER2 failed test frsevent
Starting test: kccevent
* The KCC Event log test
An Warning Event occured. EventID: 0x80000709
Time Generated: 03/25/2010 10:04:32
Event String: The partition

DC=ForestDnsZones,DC=mydomain,DC=local should

be hosted at site

CN=camp,CN=Sites,CN=Configuration,DC=mydomain,DC=local,

but has not been instantiated yet. However, the

KCC could not find any hosts from which to

replicate this partition.
An Warning Event occured. EventID: 0x80000709
Time Generated: 03/25/2010 10:04:32
Event String: The partition

DC=DomainDnsZones,DC=mydomain,DC=local should

be hosted at site

CN=camp,CN=Sites,CN=Configuration,DC=mydomain,DC=local,

but has not been instantiated yet. However, the

KCC could not find any hosts from which to

replicate this partition.
......................... SERVER2 failed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... SERVER2 passed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)

CN=SERVER2,OU=Domain Controllers,DC=mydomain,DC=local and backlink

on


CN=SERVER2,CN=Servers,CN=camp,CN=Sites,CN=Configuration,DC=m ydomain,DC=local

are correct.
The system object reference (frsComputerReferenceBL)

CN=SERVER2,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=mydomain,DC=local

and backlink on

CN=SERVER2,OU=Domain Controllers,DC=mydomain,DC=local are correct.
The system object reference (serverReferenceBL)

CN=SERVER2,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=mydomain,DC=local

and backlink on

CN=NTDS
Settings,CN=SERVER2,CN=Servers,CN=camp,CN=Sites,CN=Configura tion,DC=mydomain,DC=local

are correct.
......................... SERVER2 passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : mydomain
Starting test: CrossRefValidation
......................... mydomain passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... mydomain passed test CheckSDRefDom

Running enterprise tests on : mydomain.local
Starting test: Intersite
Skipping site Default-First-Site, this site is outside the scope

provided by the command line arguments provided.
Skipping site camp, this site is outside the scope provided by the

command line arguments provided.
......................... mydomain.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\server.mydomain.local
Locator Flags: 0xe00001fd
PDC Name: \\server.mydomain.local
Locator Flags: 0xe00001fd
Time Server Name: \\server.mydomain.local
Locator Flags: 0xe00001fd
Preferred Time Server Name: \\server.mydomain.local
Locator Flags: 0xe00001fd
KDC Name: \\server.mydomain.local
Locator Flags: 0xe00001fd
......................... mydomain.local passed test FsmoCheck
Re: systems can not find local DC [message #420676 is a reply to message #419770] Fri, 26 March 2010 21:07 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Help me" <Helpme@discussions.microsoft.com> wrote in message news:017C84DF-799B-44E0-A6AC-3F9F7279AE68@microsoft.com...

Thank you for posting the dcdiag. What alerts me that this is more than likely a DNS resolution issue is the following error:

" Warning: DsGetDcName returned information for
\\server.mydomain.local, when we were trying to reach SERVER2"

Do you have any responses to my questions? Event log errors, ipconfig, and Site configuration are important to better help.

This was part of the reason I asked for an ipconfig /all. Otherwise, if you are not able to post it, the following can cause resolution and replication issues.

1. Using an external or some other DNS server than the internal DC/DNS servers.
- Make sure all DCs, member servers and workstations are only using the internal DNS servers in their IP properties. If they are using the ISP's DNS server, the router/gateway IP address as a DNS server, or any other DNS server that does not host your mydomain.local zone, expect problems.

2. Multihomed DCs. This is a DC with more than one NIC active not teamed, more than one IP on one NIC, and/or RRAS is installed.

3. Firewall blocks. Trying to open specific ports for domain communications is difficult. The recommendation is to allow all inbound-outbound. If you are not sure if any ports are being blocked, you can use PortQuery, a free download from Microsoft, to test AD ports and communications.

4. Using ADSL. ADSL lines using PPPoE, use an MTU 1492 rather than the normal 1500. This causes LDAP communication issues.

I hope that helps.

Ace






> both sites are dc,gc and dns
>
> the dcdiag say server2 advert error returns server when doing a dcgetdc.
>
> Dcdiag
>
> ************************************************************ **********************
> Domain Controller Diagnosis
>
> Performing initial setup:
> * Verifying that the local machine server2, is a DC.
> * Connecting to directory service on server server2.
> * Collecting site info.
> * Identifying all servers.
> * Identifying all NC cross-refs.
> * Found 2 DC(s). Testing 1 of them.
> Done gathering initial info.
>
> Doing initial required tests
>
> Testing server: camp\SERVER2
> Starting test: Connectivity
> * Active Directory LDAP Services Check
> * Active Directory RPC Services Check
> ......................... SERVER2 passed test Connectivity
>
> Doing primary tests
>
> Testing server: camp\SERVER2
> Starting test: Replications
> * Replications Check
> * Replication Latency Check
> CN=Schema,CN=Configuration,DC=mydomain,DC=local
> Latency information for 12 entries in the vector were ignored.
> 12 were retired Invocations. 0 were either: read-only
> replicas and are not verifiably latent, or dc's no longer replicating this
> nc. 0 had no latency information (Win2K DC).
> CN=Configuration,DC=mydomain,DC=local
> Latency information for 12 entries in the vector were ignored.
> 12 were retired Invocations. 0 were either: read-only
> replicas and are not verifiably latent, or dc's no longer replicating this
> nc. 0 had no latency information (Win2K DC).
> DC=mydomain,DC=local
> Latency information for 12 entries in the vector were ignored.
> 12 were retired Invocations. 0 were either: read-only
> replicas and are not verifiably latent, or dc's no longer replicating this
> nc. 0 had no latency information (Win2K DC).
> ......................... SERVER2 passed test Replications
> Test omitted by user request: Topology
> Test omitted by user request: CutoffServers
> Starting test: NCSecDesc
> * Security Permissions Check for
> CN=Schema,CN=Configuration,DC=mydomain,DC=local
> (Schema,Version 2)
> * Security Permissions Check for
> CN=Configuration,DC=mydomain,DC=local
> (Configuration,Version 2)
> * Security Permissions Check for
> DC=mydomain,DC=local
> (Domain,Version 2)
> ......................... SERVER2 passed test NCSecDesc
> Starting test: NetLogons
> * Network Logons Privileges Check
> ......................... SERVER2 passed test NetLogons
> Starting test: Advertising
> Warning: DsGetDcName returned information for
> \\server.mydomain.local, when we were trying to reach SERVER2.
> Server is not responding or is not considered suitable.
> The DC SERVER2 is advertising itself as a DC and having a DS.
> The DC SERVER2 is advertising as an LDAP server
> The DC SERVER2 is advertising as having a writeable directory
> The DC SERVER2 is advertising as a Key Distribution Center
> The DC SERVER2 is advertising as a time server
> The DS SERVER2 is advertising as a GC.
> ......................... SERVER2 failed test Advertising
> Starting test: KnowsOfRoleHolders
> Role Schema Owner = CN=NTDS
> Settings,CN=SERVER,CN=Servers,CN=Default-First-Site,CN=Sites ,CN=Configuration,DC=mydomain,DC=local
> Role Domain Owner = CN=NTDS
> Settings,CN=SERVER,CN=Servers,CN=Default-First-Site,CN=Sites ,CN=Configuration,DC=mydomain,DC=local
> Role PDC Owner = CN=NTDS
> Settings,CN=SERVER,CN=Servers,CN=Default-First-Site,CN=Sites ,CN=Configuration,DC=mydomain,DC=local
> Role Rid Owner = CN=NTDS
> Settings,CN=SERVER,CN=Servers,CN=Default-First-Site,CN=Sites ,CN=Configuration,DC=mydomain,DC=local
> Role Infrastructure Update Owner = CN=NTDS
> Settings,CN=SERVER,CN=Servers,CN=Default-First-Site,CN=Sites ,CN=Configuration,DC=mydomain,DC=local
> ......................... SERVER2 passed test KnowsOfRoleHolders
> Starting test: RidManager
> * Available RID Pool for the Domain is 12106 to 1073741823
> * server.mydomain.local is the RID Master
> * DsBind with RID Master was successful
> * rIDAllocationPool is 11606 to 12105
> * rIDPreviousAllocationPool is 11606 to 12105
> * rIDNextRID: 11606
> ......................... SERVER2 passed test RidManager
> Starting test: MachineAccount
> * SPN found :LDAP/server2.mydomain.local/mydomain.local
> * SPN found :LDAP/server2.mydomain.local
> * SPN found :LDAP/SERVER2
> * SPN found :LDAP/server2.mydomain.local/mydomain
> * SPN found
> :LDAP/be1def17-5651-412c-88bb-98eb984dc4be._msdcs.mydomain.l ocal
> * SPN found
> :E3514235-4B06-11D1-AB04-00C04FC2DCD2/be1def17-5651-412c-88b b-98eb984dc4be/mydomain.local
> * SPN found :HOST/server2.mydomain.local/mydomain.local
> * SPN found :HOST/server2.mydomain.local
> * SPN found :HOST/SERVER2
> * SPN found :HOST/server2.mydomain.local/mydomain
> * SPN found :GC/server2.mydomain.local/mydomain.local
> ......................... SERVER2 passed test MachineAccount
> Starting test: Services
> * Checking Service: Dnscache
> * Checking Service: NtFrs
> * Checking Service: IsmServ
> * Checking Service: kdc
> * Checking Service: SamSs
> * Checking Service: LanmanServer
> * Checking Service: LanmanWorkstation
> * Checking Service: RpcSs
> * Checking Service: w32time
> * Checking Service: NETLOGON
> ......................... SERVER2 passed test Services
> Test omitted by user request: OutboundSecureChannels
> Starting test: ObjectsReplicated
> SERVER2 is in domain DC=mydomain,DC=local
> Checking for CN=SERVER2,OU=Domain Controllers,DC=mydomain,DC=local
> in domain DC=mydomain,DC=local on 1 servers
> Object is up-to-date on all servers.
> Checking for CN=NTDS
> Settings,CN=SERVER2,CN=Servers,CN=camp,CN=Sites,CN=Configura tion,DC=mydomain,DC=local in domain CN=Configuration,DC=mydomain,DC=local on 1 servers
> Object is up-to-date on all servers.
> ......................... SERVER2 passed test ObjectsReplicated
> Starting test: frssysvol
> * The File Replication Service SYSVOL ready test
> The registry lookup failed to determine the state of the SYSVOL. The
>
> error returned was 0 (The operation completed successfully.). Check
>
> the FRS event log to see if the SYSVOL has successfully been shared.
> ......................... SERVER2 passed test frssysvol
> Starting test: frsevent
> * The File Replication Service Event log test
> There are warning or error events within the last 24 hours after the
>
> SYSVOL has been shared. Failing SYSVOL replication problems may
> cause
>
> Group Policy problems.
> An Warning Event occured. EventID: 0x800034FD
> Time Generated: 03/25/2010 08:14:49
> (Event String could not be retrieved)
> An Warning Event occured. EventID: 0x800034C4
> Time Generated: 03/25/2010 08:33:06
> (Event String could not be retrieved)
> An Warning Event occured. EventID: 0x800034C4
> Time Generated: 03/25/2010 08:46:56
> (Event String could not be retrieved)
> ......................... SERVER2 failed test frsevent
> Starting test: kccevent
> * The KCC Event log test
> An Warning Event occured. EventID: 0x80000709
> Time Generated: 03/25/2010 10:04:32
> Event String: The partition
>
> DC=ForestDnsZones,DC=mydomain,DC=local should
>
> be hosted at site
>
> CN=camp,CN=Sites,CN=Configuration,DC=mydomain,DC=local,
>
> but has not been instantiated yet. However, the
>
> KCC could not find any hosts from which to
>
> replicate this partition.
> An Warning Event occured. EventID: 0x80000709
> Time Generated: 03/25/2010 10:04:32
> Event String: The partition
>
> DC=DomainDnsZones,DC=mydomain,DC=local should
>
> be hosted at site
>
> CN=camp,CN=Sites,CN=Configuration,DC=mydomain,DC=local,
>
> but has not been instantiated yet. However, the
>
> KCC could not find any hosts from which to
>
> replicate this partition.
> ......................... SERVER2 failed test kccevent
> Starting test: systemlog
> * The System Event log test
> Found no errors in System Event log in the last 60 minutes.
> ......................... SERVER2 passed test systemlog
> Test omitted by user request: VerifyReplicas
> Starting test: VerifyReferences
> The system object reference (serverReference)
>
> CN=SERVER2,OU=Domain Controllers,DC=mydomain,DC=local and backlink
>
> on
>
>
> CN=SERVER2,CN=Servers,CN=camp,CN=Sites,CN=Configuration,DC=m ydomain,DC=local
>
> are correct.
> The system object reference (frsComputerReferenceBL)
>
> CN=SERVER2,CN=Domain System Volume (SYSVOL share),CN=File
> Replication Service,CN=System,DC=mydomain,DC=local
>
> and backlink on
>
> CN=SERVER2,OU=Domain Controllers,DC=mydomain,DC=local are correct.
> The system object reference (serverReferenceBL)
>
> CN=SERVER2,CN=Domain System Volume (SYSVOL share),CN=File
> Replication Service,CN=System,DC=mydomain,DC=local
>
> and backlink on
>
> CN=NTDS
> Settings,CN=SERVER2,CN=Servers,CN=camp,CN=Sites,CN=Configura tion,DC=mydomain,DC=local
>
> are correct.
> ......................... SERVER2 passed test VerifyReferences
> Test omitted by user request: VerifyEnterpriseReferences
>
> Running partition tests on : Schema
> Starting test: CrossRefValidation
> ......................... Schema passed test CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... Schema passed test CheckSDRefDom
>
> Running partition tests on : Configuration
> Starting test: CrossRefValidation
> ......................... Configuration passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... Configuration passed test CheckSDRefDom
>
> Running partition tests on : mydomain
> Starting test: CrossRefValidation
> ......................... mydomain passed test CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... mydomain passed test CheckSDRefDom
>
> Running enterprise tests on : mydomain.local
> Starting test: Intersite
> Skipping site Default-First-Site, this site is outside the scope
>
> provided by the command line arguments provided.
> Skipping site camp, this site is outside the scope provided by the
>
> command line arguments provided.
> ......................... mydomain.local passed test Intersite
> Starting test: FsmoCheck
> GC Name: \\server.mydomain.local
> Locator Flags: 0xe00001fd
> PDC Name: \\server.mydomain.local
> Locator Flags: 0xe00001fd
> Time Server Name: \\server.mydomain.local
> Locator Flags: 0xe00001fd
> Preferred Time Server Name: \\server.mydomain.local
> Locator Flags: 0xe00001fd
> KDC Name: \\server.mydomain.local
> Locator Flags: 0xe00001fd
> ......................... mydomain.local passed test FsmoCheck
>
>
RE: systems can not find local DC [message #467039 is a reply to message #418940] Tue, 15 June 2010 07:06 Go to previous messageGo to next message
Leke Ajisafe  is currently offline Leke Ajisafe
Messages: 1
Registered: June 2010
Junior Member
I have same problem of not being able to find the local DC, but mine is a
small network with only one DC (gcomldc with IP address 172.16.0.x) & ADC
(chatserver 172.16.0.x) but no VPN setup. my dcdiag says it cannot find GC
and that the server holding the PDC role is down. Consequently, Group Policy
could not be processed and resources on the network could be assigned. Also,
my MS Exchange Server's three most important services (MS Exchange
Information Store, MS Exchange MTA Stack, MS Exchange System Attendant) could
not start up. posted below is my dcdiag test result

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>cd\

C:\>dcdiag

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\GCOMLDC
Starting test: Connectivity
......................... GCOMLDC passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\GCOMLDC
Starting test: Replications
[Replications Check,GCOMLDC] A recent replication attempt failed:
From GCOMLFPS to GCOMLDC
Naming Context: DC=grandcereals,DC=com
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup
failu
re.
The failure occurred at 2010-06-15 13:46:34.
The last success occurred at 2007-06-21 16:40:50.
24725 failures have occurred since the last success.
The guid-based DNS name
846b65ba-6ccb-4c67-b280-c61be09f4ccc._msdcs.
grandcereals.com
is not registered on one or more DNS servers.
[GCOMLFPS] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
REPLICATION-RECEIVED LATENCY WARNING
GCOMLDC: Current time is 2010-06-15 13:47:16.
CN=Schema,CN=Configuration,DC=grandcereals,DC=com
Last replication recieved from GCOMLFPS at 2006-01-08 16:55:48.
WARNING: This latency is over the Tombstone Lifetime of 60
days!

CN=Configuration,DC=grandcereals,DC=com
Last replication recieved from GCOMLFPS at 2006-01-08 16:55:48.
WARNING: This latency is over the Tombstone Lifetime of 60
days!

DC=grandcereals,DC=com
Last replication recieved from GCOMLFPS at 2007-06-21 16:40:49.
WARNING: This latency is over the Tombstone Lifetime of 60
days!

......................... GCOMLDC passed test Replications
Starting test: NCSecDesc
......................... GCOMLDC passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\GCOMLDC\netlogon)
[GCOMLDC] An net use or LsaPolicy operation failed with error 1203,
No
network provider accepted the given network path..
......................... GCOMLDC failed test NetLogons
Starting test: Advertising
Fatal Error:DsGetDcName (GCOMLDC) call failed, error 1355
The Locator could not find the server.
......................... GCOMLDC failed test Advertising
Starting test: KnowsOfRoleHolders
......................... GCOMLDC passed test KnowsOfRoleHolders
Starting test: RidManager
......................... GCOMLDC passed test RidManager
Starting test: MachineAccount
......................... GCOMLDC passed test MachineAccount
Starting test: Services
......................... GCOMLDC passed test Services
Starting test: ObjectsReplicated
......................... GCOMLDC passed test ObjectsReplicated
Starting test: frssysvol
......................... GCOMLDC passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may
cause
Group Policy problems.
......................... GCOMLDC failed test frsevent
Starting test: kccevent
......................... GCOMLDC passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000423
Time Generated: 06/15/2010 12:49:24
Event String: The DHCP service failed to see a directory server
......................... GCOMLDC failed test systemlog
Starting test: VerifyReferences
......................... GCOMLDC passed test VerifyReferences

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation

Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation

Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : grandcereals
Starting test: CrossRefValidation
......................... grandcereals passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... grandcereals passed test CheckSDRefDom

Running enterprise tests on : grandcereals.com
Starting test: Intersite
......................... grandcereals.com passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
135
5
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... grandcereals.com failed test FsmoCheck

I earlier demoted the ADC gcomlfps in 2007 and replaced it with the other
ADC chatserver mentioned earlier in the domain

Please advise me...

Leke


"Help me" wrote:

> Help
>
> I have 2 locations... 192.168.1.x and 192.168.254.x
> 2 servers - server1 192.168.1.1) and server2 (192.168.254.253) which are dcs
> They are not on the same network
> I connect via VPN to sync AD and if I leave vpn up all works correctly.
> server1 is the GC...etc
> Server2 is a backup at the remote location
>
> When I click on AD Computers and users the MMC does not figure out that
> server1 is not available so I will show server2. I select server2 and all my
> AD info is there.
>
> When I try to remote desktop into server2 it tells me the domain controller
> cannot be found. I see from the dsdiag that KnowsOfRoleHolders is unable to
> find roles if vpn is down. In addition it resports the
> Starting test: Advertising
> Fatal Error:DsGetDcName (SERVER2) call failed, error 1355
> The Locator could not find the server.
> ......................... SERVER2 failed test Advertising
>
>
> What do I need to do so that server2 authenticates when not connect to server1
>
RE: systems can not find local DC [message #467043 is a reply to message #467039] Tue, 15 June 2010 07:18 Go to previous message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello Leke,

AS you can see in the output GCOMLDC isn't able to replicate with GCOMLFPS:

[Replications Check,GCOMLDC] A recent replication attempt failed:
From GCOMLFPS to GCOMLDC
The failure occurred at 2010-06-15 13:46:34.
The last success occurred at 2007-06-21 16:40:50.

So how many DCs are avaiable now and in total and please post the names so
we can get an overview.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> I have same problem of not being able to find the local DC, but mine
> is a small network with only one DC (gcomldc with IP address
> 172.16.0.x) & ADC (chatserver 172.16.0.x) but no VPN setup. my dcdiag
> says it cannot find GC and that the server holding the PDC role is
> down. Consequently, Group Policy could not be processed and resources
> on the network could be assigned. Also, my MS Exchange Server's three
> most important services (MS Exchange Information Store, MS Exchange
> MTA Stack, MS Exchange System Attendant) could not start up. posted
> below is my dcdiag test result
>
> Microsoft Windows [Version 5.2.3790]
> (C) Copyright 1985-2003 Microsoft Corp.
> C:\Documents and Settings\Administrator>cd\
>
> C:\>dcdiag
>
> Domain Controller Diagnosis
>
> Performing initial setup:
> Done gathering initial info.
> Doing initial required tests
>
> Testing server: Default-First-Site-Name\GCOMLDC
> Starting test: Connectivity
> ......................... GCOMLDC passed test Connectivity
> Doing primary tests
>
> Testing server: Default-First-Site-Name\GCOMLDC
> Starting test: Replications
> [Replications Check,GCOMLDC] A recent replication attempt
> failed:
> From GCOMLFPS to GCOMLDC
> Naming Context: DC=grandcereals,DC=com
> The replication generated an error (8524):
> The DSA operation is unable to proceed because of a DNS
> lookup
> failu
> re.
> The failure occurred at 2010-06-15 13:46:34.
> The last success occurred at 2007-06-21 16:40:50.
> 24725 failures have occurred since the last success.
> The guid-based DNS name
> 846b65ba-6ccb-4c67-b280-c61be09f4ccc._msdcs.
> grandcereals.com
> is not registered on one or more DNS servers.
> [GCOMLFPS] DsBindWithSpnEx() failed with error 1722,
> The RPC server is unavailable..
> REPLICATION-RECEIVED LATENCY WARNING
> GCOMLDC: Current time is 2010-06-15 13:47:16.
> CN=Schema,CN=Configuration,DC=grandcereals,DC=com
> Last replication recieved from GCOMLFPS at 2006-01-08
> 16:55:48.
> WARNING: This latency is over the Tombstone Lifetime
> of 60
> days!
> CN=Configuration,DC=grandcereals,DC=com
> Last replication recieved from GCOMLFPS at 2006-01-08
> 16:55:48.
> WARNING: This latency is over the Tombstone Lifetime
> of 60
> days!
> DC=grandcereals,DC=com
> Last replication recieved from GCOMLFPS at 2007-06-21
> 16:40:49.
> WARNING: This latency is over the Tombstone Lifetime
> of 60
> days!
> ......................... GCOMLDC passed test Replications
> Starting test: NCSecDesc
> ......................... GCOMLDC passed test NCSecDesc
> Starting test: NetLogons
> Unable to connect to the NETLOGON share! (\\GCOMLDC\netlogon)
> [GCOMLDC] An net use or LsaPolicy operation failed with error
> 1203,
> No
> network provider accepted the given network path..
> ......................... GCOMLDC failed test NetLogons
> Starting test: Advertising
> Fatal Error:DsGetDcName (GCOMLDC) call failed, error 1355
> The Locator could not find the server.
> ......................... GCOMLDC failed test Advertising
> Starting test: KnowsOfRoleHolders
> ......................... GCOMLDC passed test
> KnowsOfRoleHolders
> Starting test: RidManager
> ......................... GCOMLDC passed test RidManager
> Starting test: MachineAccount
> ......................... GCOMLDC passed test MachineAccount
> Starting test: Services
> ......................... GCOMLDC passed test Services
> Starting test: ObjectsReplicated
> ......................... GCOMLDC passed test
> ObjectsReplicated
> Starting test: frssysvol
> ......................... GCOMLDC passed test frssysvol
> Starting test: frsevent
> There are warning or error events within the last 24 hours
> after the
> SYSVOL has been shared. Failing SYSVOL replication problems
> may
> cause
> Group Policy problems.
> ......................... GCOMLDC failed test frsevent
> Starting test: kccevent
> ......................... GCOMLDC passed test kccevent
> Starting test: systemlog
> An Error Event occured. EventID: 0x00000423
> Time Generated: 06/15/2010 12:49:24
> Event String: The DHCP service failed to see a directory
> server
> ......................... GCOMLDC failed test systemlog
> Starting test: VerifyReferences
> ......................... GCOMLDC passed test
> VerifyReferences
> Running partition tests on : ForestDnsZones
> Starting test: CrossRefValidation
> ......................... ForestDnsZones passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... ForestDnsZones passed test
> CheckSDRefDom
> Running partition tests on : DomainDnsZones
> Starting test: CrossRefValidation
> ......................... DomainDnsZones passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... DomainDnsZones passed test
> CheckSDRefDom
> Running partition tests on : Schema
> Starting test: CrossRefValidation
> ......................... Schema passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... Schema passed test CheckSDRefDom
> Running partition tests on : Configuration
> Starting test: CrossRefValidation
> ......................... Configuration passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... Configuration passed test
> CheckSDRefDom
> Running partition tests on : grandcereals
> Starting test: CrossRefValidation
> ......................... grandcereals passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... grandcereals passed test
> CheckSDRefDom
> Running enterprise tests on : grandcereals.com
> Starting test: Intersite
> ......................... grandcereals.com passed test
> Intersite
> Starting test: FsmoCheck
> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error
> 1355
> A Global Catalog Server could not be located - All GC's are
> down.
> Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
> A Time Server could not be located.
> The server holding the PDC role is down.
> Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed,
> error
> 135
> 5
> A Good Time Server could not be located.
> Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
> A KDC could not be located - All the KDCs are down.
> ......................... grandcereals.com failed test
> FsmoCheck
> I earlier demoted the ADC gcomlfps in 2007 and replaced it with the
> other ADC chatserver mentioned earlier in the domain
>
> Please advise me...
>
> Leke
>
> "Help me" wrote:
>
>> Help
>>
>> I have 2 locations... 192.168.1.x and 192.168.254.x
>> 2 servers - server1 192.168.1.1) and server2 (192.168.254.253) which
>> are dcs
>> They are not on the same network
>> I connect via VPN to sync AD and if I leave vpn up all works
>> correctly.
>> server1 is the GC...etc
>> Server2 is a backup at the remote location
>> When I click on AD Computers and users the MMC does not figure out
>> that server1 is not available so I will show server2. I select
>> server2 and all my AD info is there.
>>
>> When I try to remote desktop into server2 it tells me the domain
>> controller
>> cannot be found. I see from the dsdiag that KnowsOfRoleHolders is
>> unable to
>> find roles if vpn is down. In addition it resports the
>> Starting test: Advertising
>> Fatal Error:DsGetDcName (SERVER2) call failed, error 1355
>> The Locator could not find the server.
>> ......................... SERVER2 failed test Advertising
>> What do I need to do so that server2 authenticates when not connect
>> to server1
>>
Previous Topic:Synchronization OU between sites
Next Topic:Disable changing proxy settings
Goto Forum:
  


Current Time: Tue Jan 16 10:35:28 MST 2018

Total time taken to generate the page: 0.37648 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software