Announcement

Collapse
No announcement yet.

AD Advice needed please

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AD Advice needed please

    Hello,

    I am having issues with our Active Directory at one of our sites. Itís a bit of a long story but with your expert knowledge I am hoping you all could help me try and solve my issues before they turn out to be a major issue.

    My setup.

    We have 3 x DC that are running windows 2000 advance server all running the latest service packs etc. The problem that I have is when I check the FSMO roles it just displayís ERROR. I know this isnít good and I want to get to the bottom of it before the servers die and we have no AD! As far as I know DNS is working ok, but I have read that 90% of AD issues are down to DNS. I have looked at various tools to check things and replication is ok to each server and I have two global catloge servers but if server2 goes offline the others wonít process logons.

    Here is the DCDIAG report from server1

    DC Diagnosis

    Performing initial setup:
    Done gathering initial info.

    Doing initial non skippeable tests

    Testing server: Default-First-Site-Name\ENDSCS1
    Starting test: Connectivity
    ......................... ENDSCS1 passed test Connectivity

    Doing primary tests

    Testing server: Default-First-Site-Name\ENDSCS1
    Starting test: Replications
    ......................... ENDSCS1 passed test Replications
    Starting test: NCSecDesc
    ......................... ENDSCS1 passed test NCSecDesc
    Starting test: NetLogons
    ......................... ENDSCS1 passed test NetLogons
    Starting test: Advertising
    Warning: DsGetDcName returned information for \\endscs2.endsnet
    when we were trying to reach ENDSCS1.
    Server is not responding or is not considered suitable.
    ......................... ENDSCS1 failed test Advertising
    Starting test: KnowsOfRoleHolders
    Warning: CN="NTDS Settings
    DEL:cd53d892-b33e-4b2f-9934-a46359430699",CN="ENDSCS1
    DEL:5609fab6-8f1c-4de3-b588-669ba20fb267",CN=Servers,CN=Default-First-Si
    CN=Sites,CN=Configuration,DC=endsnet,DC=local is the Schema Owner, but i
    d.
    Warning: CN="NTDS Settings
    DEL:cd53d892-b33e-4b2f-9934-a46359430699",CN="ENDSCS1
    DEL:5609fab6-8f1c-4de3-b588-669ba20fb267",CN=Servers,CN=Default-First-Si
    CN=Sites,CN=Configuration,DC=endsnet,DC=local is the Domain Owner, but i
    d.
    Warning: CN="NTDS Settings
    DEL:cd53d892-b33e-4b2f-9934-a46359430699",CN="ENDSCS1
    DEL:5609fab6-8f1c-4de3-b588-669ba20fb267",CN=Servers,CN=Default-First-Si
    CN=Sites,CN=Configuration,DC=endsnet,DC=local is the PDC Owner, but is d
    Warning: CN="NTDS Settings
    DEL:cd53d892-b33e-4b2f-9934-a46359430699",CN="ENDSCS1
    DEL:5609fab6-8f1c-4de3-b588-669ba20fb267",CN=Servers,CN=Default-First-Si
    CN=Sites,CN=Configuration,DC=endsnet,DC=local is the Rid Owner, but is d
    Warning: CN="NTDS Settings
    DEL:cd53d892-b33e-4b2f-9934-a46359430699",CN="ENDSCS1
    DEL:5609fab6-8f1c-4de3-b588-669ba20fb267",CN=Servers,CN=Default-First-Si
    CN=Sites,CN=Configuration,DC=endsnet,DC=local is the Infrastructure Upda
    , but is deleted.
    ......................... ENDSCS1 failed test KnowsOfRoleHolder
    Starting test: RidManager
    Warning: FSMO Role Owner is deleted.
    ldap_search_sW of CN=ENDSCS1\
    DEL:5609fab6-8f1c-4de3-b588-669ba20fb267,CN=Servers,CN=Default-First-Sit
    N=Sites,CN=Configuration,DC=endsnet,DC=local for hostname failed with 2:
    tem cannot find the file specified.
    ......................... ENDSCS1 failed test RidManager
    Starting test: MachineAccount
    ......................... ENDSCS1 passed test MachineAccount
    Starting test: Services
    SMTPSVC Service is stopped on [ENDSCS1]
    ......................... ENDSCS1 failed test Services
    Starting test: ObjectsReplicated
    ......................... ENDSCS1 passed test ObjectsReplicated
    Starting test: frssysvol
    Error: No record of File Replication System, SYSVOL started.
    The Active Directory may be prevented from starting.
    There are errors after the SYSVOL has been shared.
    The SYSVOL can prevent the AD from starting.
    ......................... ENDSCS1 passed test frssysvol
    Starting test: kccevent
    An Warning Event occured. EventID: 0x800004F1
    Time Generated: 06/27/2006 17:34:21
    (Event String could not be retrieved)
    An Warning Event occured. EventID: 0x800004F1
    Time Generated: 06/27/2006 17:34:21
    (Event String could not be retrieved)
    An Warning Event occured. EventID: 0x800004F1
    Time Generated: 06/27/2006 17:34:21
    (Event String could not be retrieved)
    An Warning Event occured. EventID: 0x80000679
    Time Generated: 06/27/2006 17:34:59
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005BA
    Time Generated: 06/27/2006 17:34:59
    (Event String could not be retrieved)
    An Warning Event occured. EventID: 0x80000581
    Time Generated: 06/27/2006 17:34:59
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC000055D
    Time Generated: 06/27/2006 17:34:59
    (Event String could not be retrieved)
    ......................... ENDSCS1 failed test kccevent
    Starting test: systemlog
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 16:39:52
    Event String: The account-identifier allocator failed to
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 16:41:52
    Event String: The account-identifier allocator failed to
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 16:43:52
    Event String: The account-identifier allocator failed to
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 16:45:52
    Event String: The account-identifier allocator failed to
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 16:47:52
    Event String: The account-identifier allocator failed to
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 16:49:52
    Event String: The account-identifier allocator failed to
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 16:51:52
    Event String: The account-identifier allocator failed to
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 16:53:52
    Event String: The account-identifier allocator failed to
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 16:55:52
    Event String: The account-identifier allocator failed to
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 16:57:52
    Event String: The account-identifier allocator failed to
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 16:59:52
    Event String: The account-identifier allocator failed to
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 17:01:52
    Event String: The account-identifier allocator failed to
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 17:03:52
    Event String: The account-identifier allocator failed to
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 17:05:52
    Event String: The account-identifier allocator failed to
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 17:07:52
    Event String: The account-identifier allocator failed to
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 17:09:52
    Event String: The account-identifier allocator failed to
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 17:11:52
    Event String: The account-identifier allocator failed to
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 17:13:52
    Event String: The account-identifier allocator failed to
    Time Generated: 06/27/2006 17:37:52
    Event String: The account-identifier allocator failed to
    ......................... ENDSCS1 failed test systemlog

    Running enterprise tests on : endsnet.local
    Starting test: Intersite
    ......................... endsnet.local passed test Intersite
    Starting test: FsmoCheck
    Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 135
    A Global Catalog Server could not be located - All GC's are dow
    Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
    A Primary Domain Controller could not be located.
    The server holding the PDC role is down.
    ......................... endsnet.local failed test FsmoCheck

    I think the issues are down to old servers that have had ad just being removed etc but not being removed correctly. I have been dumped this little issue which I think is going to be a nightmare!

    All I am looking for is the best way to either fix restore or rebuild?

    Your help is very much appreciated
    Kind Regards,
    Simon

  • #2
    Re: AD Advice needed please

    Perhaps one of the old servers that you removed held all of the FSMO roles. The first DC in a new forest holds all of the FSMO roles.

    If this is the case then you may need to seize the FSMO roles onto one of the existing DC's

    http://www.petri.com/seizing_fsmo_roles.htm

    Hope this helps

    Michael
    Michael Armstrong
    www.m80arm.co.uk
    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: AD Advice needed please

      Originally posted by m80arm
      Perhaps one of the old servers that you removed held all of the FSMO roles. The first DC in a new forest holds all of the FSMO roles.

      If this is the case then you may need to seize the FSMO roles onto one of the existing DC's

      http://www.petri.com/seizing_fsmo_roles.htm

      Hope this helps

      Michael
      Thanks for your reply, What happens if I do this?

      The one server that is running processing logons needs to be rebuilt but called the same server name etc as its a main till server.

      I have read about sezing the roles etc but I wanted to know what major impact it would have if I done this?

      Thanks again!
      Kind Regards,
      Simon

      Comment


      • #4
        Re: AD Advice needed please

        Is it possible to bring the server back online?
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: AD Advice needed please

          Excellent, Seeing as the server is up and running at the moment is there a way of trying to fix the current issues and removing ad to another DC?

          Just trying to find the best route for this really, and work out whats the worst case senario.

          Thanks
          Kind Regards,
          Simon

          Comment


          • #6
            Re: AD Advice needed please

            move you're fsmo roles then.

            http://www.petri.com/transferring_fsmo_roles.htm

            After that, run a Dcpromo to demote the server.
            Make a complete plan, an post it back if you still have any questions.
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment


            • #7
              Re: AD Advice needed please

              Originally posted by Dumber

              Thanks, can user logons be processed still while I do this?

              Thanks
              Kind Regards,
              Simon

              Comment


              • #8
                Re: AD Advice needed please

                AFAIK: Yes.
                Marcel
                Technical Consultant
                Netherlands
                http://www.phetios.com
                http://blog.nessus.nl

                MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                "No matter how secure, there is always the human factor."

                "Enjoy life today, tomorrow may never come."
                "If you're going through hell, keep going. ~Winston Churchill"

                Comment

                Working...
                X