Announcement

Collapse
No announcement yet.

Active directory won't open.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Active directory won't open.

    Hello all.

    I'm looking for a solution to my DC.
    I have 4 dc. 2 dc's are 2003 and 2 more are 2008 r2.
    I need to take down the old 2 dc's.
    Before i'm doing it i encountering a problems only with one of the new dc's(dc1).
    I must say, When i restart the server, Everything is fine just for a few hours.
    I don't know what to do.

    Thanks in advance.

    Click image for larger version

Name:	dc.jpg
Views:	1
Size:	257.0 KB
ID:	469540

  • #2
    Re: Active directory won't open.

    Check the event logs on all your servers.

    Did you do an ADPREP before you installed your 2008 Servers???

    Comment


    • #3
      Re: Active directory won't open.

      Most likely caused by the way DNS is Configured.
      Make sure all DCs are configured to use the same DNS as primary.
      Is there any need to have 4 dns servers as you have there?
      Caesar's cipher - 3

      ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

      SFX JNRS FC U6 MNGR

      Comment


      • #4
        Re: Active directory won't open.

        Originally posted by wullieb1 View Post
        Check the event logs on all your servers.

        Did you do an ADPREP before you installed your 2008 Servers???
        Hi. Thanks for your reply.
        I'm new at the site. My predecessor Left and i don't have all the information.
        I'm trying to collect all mistakes and resolved them.

        Comment


        • #5
          Re: Active directory won't open.

          Hi. Thanks for reply.
          As I saw, each server configured (from tcp/ip settings)as primary(pointing to itself).
          The problem is only with one of the new DCs

          Comment


          • #6
            Re: Active directory won't open.

            Originally posted by ori006 View Post
            Hi. Thanks for reply.
            As I saw, each server configured (from tcp/ip settings)as primary(pointing to itself).
            The problem is only with one of the new DCs
            Then it looks the DNS zone is not being replicated to all DCs.
            To avoid that either make sure DNS is AD integrated and the AD replication is working ok or my recommendation would be to point to One healthy DNS server.
            Caesar's cipher - 3

            ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

            SFX JNRS FC U6 MNGR

            Comment


            • #7
              Re: Active directory won't open.

              Originally posted by L4ndy View Post
              Then it looks the DNS zone is not being replicated to all DCs.
              To avoid that either make sure DNS is AD integrated and the AD replication is working ok or my recommendation would be to point to One healthy DNS server.
              Hi L4ndy.
              Thanks for reply.
              DNS is AD integrated. Replication doesn't work.
              Can you tell me if the following picture tells something that goes wrong?
              Thanks in advanced.


              Click image for larger version

Name:	Sites.jpg
Views:	2
Size:	209.6 KB
ID:	466461

              Comment


              • #8
                Re: Active directory won't open.

                What does DCDIAG tell you???

                Comment


                • #9
                  Re: Active directory won't open.

                  Originally posted by wullieb1 View Post
                  What does DCDIAG tell you???
                  Hi Wullieb1. Thanks for reply.
                  This is what i get.

                  From faulty DC:
                  Z:\>dcdiag
                  Directory Server Diagnosis
                  Performing initial setup:
                  Trying to find home server...
                  Home Server = DC01
                  [DC01] LDAP connection failed with error 0,
                  The operation completed successfully..
                  [DC01] Unrecoverable LDAP Error 89:
                  From DC02(Dcdiag /v To show all servers):
                  Testing server: Default-First-Site-Name\DC01
                  Starting test: Connectivity
                  ......................... DC01 passed test Connectivity
                  *******************************************
                  Testing server: Default-First-Site-Name\DC01
                  Starting test: Advertising
                  ......................... DC01 passed test Advertising
                  Starting test: FrsEvent
                  There are warning or error events within the last 24 hours after the
                  SYSVOL has been shared. Failing SYSVOL replication problems may cause
                  Group Policy problems.
                  ......................... DC01 passed test FrsEvent
                  Starting test: DFSREvent
                  ......................... DC01 passed test DFSREvent
                  Starting test: SysVolCheck
                  .........................DC01 passed test SysVolCheck
                  Starting test: KccEvent
                  ......................... DC01 passed test KccEvent
                  Starting test: KnowsOfRoleHolders
                  ......................... DC01 passed test KnowsOfRoleHolders
                  Starting test: MachineAccount
                  ......................... DC01 passed test MachineAccount
                  Starting test: NCSecDesc
                  Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
                  Replicating Directory Changes In Filtered Set
                  access rights for the naming context:
                  DC=DomainDnsZones,DC=contoso,DC=com
                  ......................... DC01 failed test NCSecDesc
                  Starting test: NetLogons
                  ......................... DC01 passed test NetLogons
                  Starting test: ObjectsReplicated
                  ......................... DC01 passed test ObjectsReplicated
                  Starting test: Replications
                  ......................... DC01 passed test Replications
                  Starting test: RidManager
                  ......................... DC01 passed test RidManager
                  Starting test: Services
                  ......................... DC01 passed test Services
                  Starting test: SystemLog
                  ......................... DC01 passed test SystemLog
                  Starting test: VerifyReferences
                  ......................... DC01 passed test VerifyReferences

                  Comment


                  • #10
                    Re: Active directory won't open.

                    Are you specifically running CMD as an administrtaor when you run DCDIAG? As in, right clicking on it and Run As Administrator? Also worth running a DCDIAG /e /v >DCDIAG15thFeb2012.txt
                    Last edited by Virtual; 15th February 2012, 09:28.

                    Comment


                    • #11
                      Re: Active directory won't open.

                      Originally posted by Virtual View Post
                      Are you specifically running CMD as an administrtaor when you run DCDIAG? As in, right clicking on it and Run As Administrator? Also worth running a DCDIAG /e /v >DCDIAG15thFeb2012.txt
                      Hi Virtual.
                      I ran cmd as administrator. same same.
                      Dcdiag won't do any switch.

                      Z:\>DCDIAG /e /v

                      Directory Server Diagnosis

                      Performing initial setup:
                      Trying to find home server...
                      * Verifying that the local machine DC01, is a Directory Server.
                      Home Server = DC01
                      * Connecting to directory service on server DC01.
                      [DC01] LDAP connection failed with error 0,
                      The operation completed successfully..
                      [DC01] Unrecoverable LDAP Error 89:

                      Comment


                      • #12
                        Re: Active directory won't open.

                        Its a straight fix and that is DNS settings. Check all Server DNS and make sure they are pointing to main primary DNS. Flushdns and register dns again and ping by name to see if it resolve the name.

                        Comment


                        • #13
                          Re: Active directory won't open.

                          Originally posted by mohammedyusuf View Post
                          Its a straight fix and that is DNS settings. Check all Server DNS and make sure they are pointing to main primary DNS. Flushdns and register dns again and ping by name to see if it resolve the name.
                          Hi Muhammedyusuf.
                          Thanks for reply.
                          I figured out that the fault dc can't resolve fully qualified name.
                          I think this my problem because replication using FQDN.
                          Am i right?

                          Thanks in advance.

                          Comment


                          • #14
                            Re: Active directory won't open.

                            As I said in post 3, change the DNS settings on all the DC to point to one Dc and then reboot or at least run a ipconfig /registerdns.
                            Caesar's cipher - 3

                            ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

                            SFX JNRS FC U6 MNGR

                            Comment


                            • #15
                              Re: Active directory won't open.

                              As recommended, do the DNS changes. With regards to the command. Drop the /v and run as dcdiag /e >dcdiag.txt.

                              You can just run dcdiag /e, which will return the results in the command prompt rather than exporting to the text file. Also, you need to make sure command prompt is in the location of dcdiag. As the /e checks all DCs, I would expect most to fail if DNS is not configured properly.

                              Comment

                              Working...
                              X