Announcement

Collapse
No announcement yet.

Computers Cannot Connect To My Domain Server Anymore

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Computers Cannot Connect To My Domain Server Anymore

    i have several servers and computers connected to my DC for several years now, all of a sudden i'm getting this error pictured. All of the servers and computers that are part of the DC are running as usual, no problems, but new computers won't connect.

    I have the computers in question dns set to the DC's ipaddress, When i select OK, box pops up for administrator username and password, and about 15 seconds later i get the error. If I do a nslookup on the computers to be joined, it resolves using the DC i'm trying to connect to.....any ideas.

    Thanks
    Last edited by Kobe 310; 2nd April 2018, 16:57.

  • #2
    What operating systems (DC and cmoputers)?
    Anything changed recently - patches?

    Note there was a bug in the March big update for Win7 / 2008R2 which lost static IP addresses - this is worth checking

    Also have you tried disabling firewalls to see if that fixes it?
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      2016 DC, windows 7.
      Yes

      I'll look into it, tks
      the only thing i can think of is about 7 months ago i tried to join another DC, but i'm pretty sure i was able to join to the DC after that.

      Have you ever heard of this happening before

      Comment


      • #4
        i'm thinking about just building another one. What's the best way to export the active directory ou's and group policies?

        Comment


        • #5
          Have you tried adding the DNS suffix of the Domain Name into the yellow highlighted area as shown in the attached image? This is done on the machine you are adding to the AD.

          Click image for larger version  Name:	DNS-suffix-of-domain.png Views:	1 Size:	81.3 KB ID:	516662

          Any errors in the Event Viewer?
          Have you run DCdiag and the other one that I have forgotten. Ah yes, THANK YOU . NetDiag . If run with the /fix ( dcdiag /fix ) switch, magic things can happen but do your research first.

          how to export the active directory group policies

          how to export active directory ou structure

          how to export users from active directory


          Make sure your DCs are talking to each other. I have had it in the past where all seem sweet but they weren't communicating and machines wouldn't join or new Users wouldn't replicate to the other DC.

          Your lack of information about your setup is, well, non existent. You had to be asked what the Server O/S was. Then you make mention that there was a DC added but again zero info. Now was it a DC being added or was it being Promoted into AD? What O/S? If you create a User account in one does it appear in the other? If you create an account in the other, does it appear in initial one?

          You have made 340 posts and all you type is FOUR lines and post a photo.
          Last edited by biggles77; 3rd April 2018, 16:52.
          1 1 was a racehorse.
          2 2 was 1 2.
          1 1 1 1 race 1 day,
          2 2 1 1 2

          Comment


          • #6
            what i said was exact, there is nothing about the setup, DC AD. Just if you spun up a new server, add DC AD roles, restart server, add computer to domain...........



            As far as the DC i was talking about, i don't really remember, i just set up AD DC, and .....i forget what i tried to do, i know that it showed up on my original DC, and then users weren't able to log on any more, so i had to (And i'm busting my ass trying to remember this, that's why i didn't want to get into all of this, ) run some command that i found on google, don't remember.. and turned off DC i just tried to add, restarted primary and everybody was able to log into the Terminal Servers again

            I added dns suffix as you suggested, and it didn't work.

            I compared the new DC to my existing one, and from where i've looked...Domain properties, ipv4, it's all the same.

            Not sure how else to say this, but....i always google for answers and then ask questions if I can't find the answer that i understand.......i assumed someone might know of a easy way to do it, ..... I google for hours and days before i post here, i don't just post. this is a last resort for me



            i always appreciate your help!!!


















            Last edited by Kobe 310; 4th April 2018, 06:56.

            Comment


            • #7
              I might have found something and i'm wondering if this is the problem?

              i ran on the computer trying to join the domain

              > set type=srv
              > _ldap._tcp.dc._msdcs.domain.org

              and this is what i came up with

              > set type=srv
              > _ldap._tcp.dc._msdcs.domain.org
              Server: domain.org
              Address: 10.1.10.70

              _ldap._tcp.dc._msdcs.domain.org SRV service location:
              priority = 0
              weight = 100
              port = 389
              svr hostname = domain.org
              _ldap._tcp.dc._msdcs.domain.org SRV service location:
              priority = 0
              weight = 100
              port = 389
              svr hostname = domain2.org
              domain.org internet address = 10.1.10.70



              the last svr hostname is the one i tried to add and below has the existing ones ipaddress.

              I'm guessing i need to remove it, it almost seems that it's using the existing ip address or i'm reading that wrong??


              So i found the entry of the domain2.org deleted it, flushed dns on the computer , reran it again and the same thing shows up.
              Last edited by Kobe 310; 9th April 2018, 19:50.

              Comment


              • #8
                Have you tried DCDiag /Test:DNS
                A recent poll suggests that 6 out of 7 dwarfs are not happy

                Comment


                • #9
                  Thanks Blood!!!, Here's the results, ALOT of fails!!!!


                  Too many characters so i uploaded it on notepad


                  At the top of the dns is 2 (i don't know what you call it...Forests??) My other dc that i spun up for comparison reasons only has 1 i don't know where the top one came from. Its just the hostname, and the 2nd is the hostname.dominname


                  wvdc...and in the folder is forward lookup, reverse etc...but there are no entries.
                  wvdc.domainname.org with the same but has all of the servers and pc's address in it

                  yesterday i tuned the network off on my primary dc vm, and turned on my backup, deleted the first entry wvdc, to see if it made a diffrence and i still couldn't join.
                  so i turned that off and connected the primary back.

                  thanks again for your input!!!

                  Code:
                  C:\Users\administrator.domainname>DCDiag /Test:DNS
                  
                  Directory Server Diagnosis
                  
                  Performing initial setup:
                     Trying to find home server...
                     Home Server = WVDC2
                     * Identified AD Forest.
                     Done gathering initial info.
                  
                  Doing initial required tests
                  
                     Testing server: Default-First-Site-Name\WVDC2
                        Starting test: Connectivity
                           The host 22d6e541-0da1-4317-8834-68ff585f0632._msdcs.domainname.org could not be resolved to an IP address.
                           Check the DNS server, DHCP, server name, etc.
                           Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
                           ......................... WVDC2 failed test Connectivity
                  
                  Doing primary tests
                  
                     Testing server: Default-First-Site-Name\WVDC2
                  
                        Starting test: DNS
                  
                           DNS Tests are running and not hung. Please wait a few minutes...
                           ......................... WVDC2 passed test DNS
                  
                     Running partition tests on : ForestDnsZones
                  
                     Running partition tests on : DomainDnsZones
                  
                     Running partition tests on : Schema
                  
                     Running partition tests on : Configuration
                  
                     Running partition tests on : domainname
                  
                     Running enterprise tests on : domainname.org
                        Starting test: DNS
                           Test results for domain controllers:
                  
                              DC: WVDC2
                              Domain: domainname.org
                  
                  
                                 TEST: Basic (Basc)
                                    Error: No LDAP connectivity
                                    No host records (A or AAAA) were found for this DC
                  
                                 TEST: Delegations (Del)
                                    Error: DNS server: win-qb7j2ia4bck.domainname.org. IP:<Unavailable> [Missing glue A record]
                                    Error: DNS server: wvdc2. IP:<Unavailable> [Missing glue A record]
                  
                                 TEST: Dynamic update (Dyn)
                                    Warning: Failed to add the test record dcdiag-test-record in zone domainname.org
                  
                                 TEST: Records registration (RReg)
                                    Network Adapter [00000001] Intel(R) 82574L Gigabit Network Connection:
                                       Warning:
                                       Missing CNAME record at DNS server 10.1.10.70:
                                       22d6e541-0da1-4317-8834-68ff585f0632._msdcs.domainname.org
                  
                                       Warning:
                                       Missing SRV record at DNS server 10.1.10.70:
                                       _ldap._tcp.domainname.org
                  
                                       Warning:
                                       Missing SRV record at DNS server 10.1.10.70:
                                       _ldap._tcp.1eed59ca-d5b8-4603-a28e-15afb80ffd11.domains._msdcs.domainname.org
                  
                                       Warning:
                                       Missing SRV record at DNS server 10.1.10.70:
                                       _kerberos._tcp.dc._msdcs.domainname.org
                  
                                       Warning:
                                       Missing SRV record at DNS server 10.1.10.70:
                                       _ldap._tcp.dc._msdcs.domainname.org
                  
                                       Warning:
                                       Missing SRV record at DNS server 10.1.10.70:
                                       _kerberos._tcp.domainname.org
                  
                                       Warning:
                                       Missing SRV record at DNS server 10.1.10.70:
                                       _kerberos._udp.domainname.org
                  
                                       Warning:
                                       Missing SRV record at DNS server 10.1.10.70:
                                       _kpasswd._tcp.domainname.org
                  
                                       Warning:
                                       Missing SRV record at DNS server 10.1.10.70:
                                       _ldap._tcp.Default-First-Site-Name._sites.domainname.org
                  
                                       Warning:
                                       Missing SRV record at DNS server 10.1.10.70:
                                       _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.domainname.org
                  
                                       Warning:
                                       Missing SRV record at DNS server 10.1.10.70:
                                       _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.domainname.org
                  
                                       Warning:
                                       Missing SRV record at DNS server 10.1.10.70:
                                       _kerberos._tcp.Default-First-Site-Name._sites.domainname.org
                  
                                       Warning:
                                       Missing SRV record at DNS server 10.1.10.70:
                                       _ldap._tcp.gc._msdcs.domainname.org
                  
                                       Warning:
                                       Missing SRV record at DNS server 10.1.10.70:
                                       _gc._tcp.Default-First-Site-Name._sites.domainname.org
                  
                                       Warning:
                                       Missing SRV record at DNS server 10.1.10.70:
                                       _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.domainname.org
                  
                                       Warning:
                                       Missing SRV record at DNS server 10.1.10.70:
                                       _ldap._tcp.pdc._msdcs.domainname.org
                  
                                       Warning:
                                       Missing CNAME record at DNS server 10.1.10.70:
                                       22d6e541-0da1-4317-8834-68ff585f0632._msdcs.domainname.org
                  
                                       Warning:
                                       Missing SRV record at DNS server 10.1.10.70:
                                       _ldap._tcp.domainname.org
                  
                                       Warning:
                                       Missing SRV record at DNS server 10.1.10.70:
                                       _ldap._tcp.1eed59ca-d5b8-4603-a28e-15afb80ffd11.domains._msdcs.domainname.org
                  
                                       Warning:
                                       Missing SRV record at DNS server 10.1.10.70:
                                       _kerberos._tcp.dc._msdcs.domainname.org
                  
                                       Warning:
                                       Missing SRV record at DNS server 10.1.10.70:
                                       _ldap._tcp.dc._msdcs.domainname.org
                  
                                       Warning:
                                       Missing SRV record at DNS server 10.1.10.70:
                                       _kerberos._tcp.domainname.org
                  
                                       Warning:
                                       Missing SRV record at DNS server 10.1.10.70:
                                       _kerberos._udp.domainname.org
                  
                                       Warning:
                                       Missing SRV record at DNS server 10.1.10.70:
                                       _kpasswd._tcp.domainname.org
                  
                                       Warning:
                                       Missing SRV record at DNS server 10.1.10.70:
                                       _ldap._tcp.Default-First-Site-Name._sites.domainname.org
                  
                                       Warning:
                                       Missing SRV record at DNS server 10.1.10.70:
                                       _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.domainname.org
                  
                                       Warning:
                                       Missing SRV record at DNS server 10.1.10.70:
                                       _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.domainname.org
                  
                                       Warning:
                                       Missing SRV record at DNS server 10.1.10.70:
                                       _kerberos._tcp.Default-First-Site-Name._sites.domainname.org
                  
                                       Warning:
                                       Missing SRV record at DNS server 10.1.10.70:
                                       _ldap._tcp.gc._msdcs.domainname.org
                  
                                       Warning:
                                       Missing SRV record at DNS server 10.1.10.70:
                                       _gc._tcp.Default-First-Site-Name._sites.domainname.org
                  
                                       Warning:
                                       Missing SRV record at DNS server 10.1.10.70:
                                       _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.domainname.org
                  
                                       Warning:
                                       Missing SRV record at DNS server 10.1.10.70:
                                       _ldap._tcp.pdc._msdcs.domainname.org
                  
                                 Error: Record registrations cannot be found for all the network adapters
                  
                           Summary of test results for DNS servers used by the above domain controllers:
                  
                              DNS server: 128.8.10.90 (d.root-servers.net.)
                                 1 test failure on this DNS server
                                 PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
                              DNS server: 2001:500:12::d0d (g.root-servers.net.)
                                 1 test failure on this DNS server
                                 PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:12::d0d
                              DNS server: 2001:500:1::53 (h.root-servers.net.)
                                 1 test failure on this DNS server
                                 PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::53
                              DNS server: 2001:500:200::b (b.root-servers.net.)
                                 1 test failure on this DNS server
                  
                  
                           Summary of DNS test results:
                  
                                                              Auth Basc Forw Del  Dyn  RReg Ext
                              _________________________________________________________________
                              Domain: domainname.org
                                 WVDC2                        PASS FAIL PASS FAIL WARN FAIL n/a
                  
                  ......................... domainname.org failed test DNS
                  [Edit by Biggles77] Turn IPv6 off it not using it and it will halve the amount that needs to be looked at. I added this to your post because not everyone is prepared to open attached but you are a long time poster and I trust you. I have removed some of the IPv6 failures due to post size limit of 10,000 characters. It doesn't affect the outcome of the info because it all failed.
                  Attached Files
                  Last edited by biggles77; 6th April 2018, 17:50.

                  Comment


                  • #10
                    I don't have time to go through this, but if I did, I would use this page to lookup the errors
                    Let us know how you get on.
                    A recent poll suggests that 6 out of 7 dwarfs are not happy

                    Comment


                    • #11
                      Awesome, thanks Blood!!!!

                      Comment


                      • #12
                        Looks like DNS is fucked. You can remove it and reinstall it. You can try the DCDIAG /fix I suggested above or before that, do a screen shot of the DNS with all the screens expanded. Make sure you have a backup BEFORE you try anything. Is there a secondary DC on this network? Where did the Terminal Servers come from? They were not mentioned until post #6. If there is a secondary DC, check the FSMO Roles. Make sure it has GC enabled.

                        I know I keep suggesting the dcdiag /fix option but this is because I had a DNS problem on a single DC Domain and although DNS would resolve to external site from the web browser, the whole structure. Guess it was DNS Hints that allowed this. However uninstalling, rebooting and reinstalling DNS left me with the same empty DNS structure. DCdiag /fix repaired the whole bloody thing. Now I am not saying it will be the magic bullet for you but it is worth keeping in the back of your mind. If you have Terminal Servers on this network then there really should be a Secondary DC.

                        How long ago did you try and add the other DC?
                        Did you just turn it off or did your Promo it down?
                        If the operating system was different to the main DC, did you ForestPrep and DomainPrep before trying to add the second DC?
                        Did you make a Backup before attempting to add the second DC? (Yes I know, too late now but this is for the future for the next time you try it.)

                        Get a spare PC and try installing that onto the Domain and make it a DC. DO not try and join it before promoting it. Make the name something non standard so it won't matter if it stuffs up or for when you remove it later. What Operating System will you be using for the "new" DC? What bloody operating system is the present DC running?

                        What errors did the Event Logs through up?
                        The more details you provide the better the help you can receive especially from people who know shit loads more than me.

                        Again for the future, if you have results that exceed the post limit, split the results and make a post Part 1 and Part 2.
                        Last edited by biggles77; 6th April 2018, 17:53.
                        1 1 was a racehorse.
                        2 2 was 1 2.
                        1 1 1 1 race 1 day,
                        2 2 1 1 2

                        Comment


                        • #13
                          Have you tried manually creating the SRV record? We had an issue years ago where we had to set up a new active directory domain because the old one simply died but were unable to join clients. Even got a consultant in to check it out. The SRV record for the domain was missing (consultant missed that!). I manually created it and everything sprang back into life - clients were able to join the domain.
                          A recent poll suggests that 6 out of 7 dwarfs are not happy

                          Comment


                          • #14
                            Thanks biggles77 for your responce!!!!!! I have some info meant for you too on Bloods post.

                            Biggles77 thanks for the advice about the attachment, kind of had the same feeling about not everybody prepared to open attachment, didn't cross my mind about the IPv6, but it was turned off. Thanks for the trust

                            I've learned a lot since the last post, doing some comparisons to the new test dns server which i have on a separate vm network, and was able to join a computer too. I clearly missed alot of entries on my primary DC, so there are going to be some things that i didn't mention.....Learning The Hard Way.

                            Biggles77:


                            - Get a spare PC and try installing that onto the Domain and make it a DC....I wish i could, that's how i upgraded my 2008R2 DC server to 2016 (2016 running fine for 6 months, didn't error untill i tried to add another. That's how i found out i had a problem, i spun another server up to install Instant Messaging, and i couldn't join the server to the domain.

                            - I've ran DCDiag/fix several times....netlogonstop... DCDiag/fix...netlogonstart, also suggested on other forums's

                            - If you have Terminal Servers on this network then there really should be a Secondary DC.....Thanks, didn't know i was supposed to.

                            - Is there a secondary DC on this network?...... No

                            - Where did the Terminal Servers come from? They were not mentioned until post #6.......On my first post i wrote "i have several servers and computers connected to my DC for several years now" I should have stated TS's.

                            - How long ago did you try and add the other DC? ......I saw an entry that showed the 2nd DC entry January of this year.

                            - Did you just turn it off or did your Promo it down?......To be quite honest, i don't remember, followed some steps i found on google.( i do know that whatever i did, clients were unable to log onto the TS that was joined to the DC.

                            - If the operating system was different to the main DC, did you ForestPrep and DomainPrep before trying to add the second DC? ....They were both Server 2016

                            - Did you make a Backup before attempting to add the second DC? (Yes I know, too late now but this is for the future for the next time you try it.).....I use Veeam, so i have a backup and a DR Backup, but my Dumbass didn't turn off the replication backups for both, so they're now all identical.



                            - What errors did the Event Logs through up?......i didn't write down errors because there have always been a lot of errors, even when DC working fine(Working Fine To My Knowledge, which clearly isn't alot)

                            - The more details you provide the better the help you can receive especially from people who know shit loads more than me.....Agreed!!, Details SLOWLEY started coming back to me after Ossain asked me about anything changing recently.....I had forgotten all about it.

                            - Again for the future, if you have results that exceed the post limit, split the results and make a post Part 1 and Part 2. I will, Thanks!!!
                            Last edited by Kobe 310; 9th April 2018, 20:58.

                            Comment


                            • #15
                              Thanks for your response Blood!!


                              As i mentioned comparing the 2 DC's in Biggles77 post, i noticed that there are 2 things that stand out.

                              1) an entry within domain.org folder named _msdcs. It's first on top and then _sites folder, _tcp folder,_udp folder, domainidnszones folder, forrestdnszones folder, and an org folder
                              - when select it, it shows it as a (NameServer)NS entry. In the properties, it shows the FQDN as what looks like a default given computer host name then the domain name........it shows win-qb7j2u59fe.domain.org
                              - can't ping hostname or FQDM,

                              2) On my newly created DC, i don't have a org folder that i mentioned in 1)
                              - in the ORG folder is a sub folder of my domain.org and has an A-Record of 1 of my servers????? Dont't know how that got there.

                              Also

                              In the _msdcs.domainname.org folder in the Forward Lookup Zone, everything looks to be identical except for 2 places.

                              1) Not the _msdcs.domainname.org>GC>_sites>default-first-name>tcp.......but the _msdcs.domainname.org>GC>_tcp folder, there is Only 1 record and its a _ldap SRV record of the DC i tried to join, not the primary.
                              - in the properties of this record, it's a _ldap service and a _tcp protocol record, but in the properties, it says the domain for the record is gc._msdcs.domainname.org, and the "Host Offering This Service" is WVDC2-Wint.domainname.org. Which was the name of the 2nd DC i created. Not the one i'm using

                              2) The _msdcs.domainname.org>GC>PDC>_tcp folder has the same entry, except it uses a pdc instead of gc before the domain name entry.

                              So to aswer your question, if i tried to add, i did there, but when i try to add in the _msdcs.domainname.org>GC>_tcp folder, it lists the domain as _msdcs.domainname.org>GC>_tcp folder. it creates the domain as _tcp.gc._msdcs.domainname.org, as opposed to gc._msdcs.domainname.org, and it makes the port 389. The same happens with the msdcs.domainname.org>GC>PDC.


                              Also, reading the error's, i'm not sure if i'm understanding the location right....
                              EX.
                              Warning: Missing SRV record at DNS server 10.1.10.70: _gc._tcp.Default-First-Site-Name._sites.domainname.org Would that be in _msdcs.domainname.org>GC>_sites>default-first-name>tcp ?
                              Warning: Missing SRV record at DNS server 10.1.10.70: _ldap._tcp.gc._msdcs.domainname.org Not Sure?

                              I also tried to change the port to 3268, which is the entry port for the wrong entry, but is the same port used on the newly created server.


                              I'm wondering if i change the "Host Offering This Service" to the active DC, if it would change anything...


                              what i'll try, is turning off the networking on my running DC, turn the backup on, make the change, and see if that works.

                              Last edited by Kobe 310; 9th April 2018, 20:52.

                              Comment

                              Working...
                              X