AD Advice needed please

This topic contains 7 replies, has 3 voices, and was last updated by Avatar Si_Pe 13 years, 4 months ago.

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • Avatar
    Si_Pe
    Member
    #113243

    Hello,

    I am having issues with our Active Directory at one of our sites. It’s a bit of a long story but with your expert knowledge I am hoping you all could help me try and solve my issues before they turn out to be a major issue.

    My setup.

    We have 3 x DC that are running windows 2000 advance server all running the latest service packs etc. The problem that I have is when I check the FSMO roles it just display’s ERROR. I know this isn’t good and I want to get to the bottom of it before the servers die and we have no AD! As far as I know DNS is working ok, but I have read that 90% of AD issues are down to DNS. I have looked at various tools to check things and replication is ok to each server and I have two global catloge servers but if server2 goes offline the others won’t process logons.

    Here is the DCDIAG report from server1

    DC Diagnosis

    Performing initial setup:
    Done gathering initial info.

    Doing initial non skippeable tests

    Testing server: Default-First-Site-NameENDSCS1
    Starting test: Connectivity
    ……………………. ENDSCS1 passed test Connectivity

    Doing primary tests

    Testing server: Default-First-Site-NameENDSCS1
    Starting test: Replications
    ……………………. ENDSCS1 passed test Replications
    Starting test: NCSecDesc
    ……………………. ENDSCS1 passed test NCSecDesc
    Starting test: NetLogons
    ……………………. ENDSCS1 passed test NetLogons
    Starting test: Advertising
    Warning: DsGetDcName returned information for \endscs2.endsnet
    when we were trying to reach ENDSCS1.
    Server is not responding or is not considered suitable.
    ……………………. ENDSCS1 failed test Advertising
    Starting test: KnowsOfRoleHolders
    Warning: CN=”NTDS Settings
    DEL:cd53d892-b33e-4b2f-9934-a46359430699″,CN=”ENDSCS1
    DEL:5609fab6-8f1c-4de3-b588-669ba20fb267″,CN=Servers,CN=Default-First-Si
    CN=Sites,CN=Configuration,DC=endsnet,DC=local is the Schema Owner, but i
    d.
    Warning: CN=”NTDS Settings
    DEL:cd53d892-b33e-4b2f-9934-a46359430699″,CN=”ENDSCS1
    DEL:5609fab6-8f1c-4de3-b588-669ba20fb267″,CN=Servers,CN=Default-First-Si
    CN=Sites,CN=Configuration,DC=endsnet,DC=local is the Domain Owner, but i
    d.
    Warning: CN=”NTDS Settings
    DEL:cd53d892-b33e-4b2f-9934-a46359430699″,CN=”ENDSCS1
    DEL:5609fab6-8f1c-4de3-b588-669ba20fb267″,CN=Servers,CN=Default-First-Si
    CN=Sites,CN=Configuration,DC=endsnet,DC=local is the PDC Owner, but is d
    Warning: CN=”NTDS Settings
    DEL:cd53d892-b33e-4b2f-9934-a46359430699″,CN=”ENDSCS1
    DEL:5609fab6-8f1c-4de3-b588-669ba20fb267″,CN=Servers,CN=Default-First-Si
    CN=Sites,CN=Configuration,DC=endsnet,DC=local is the Rid Owner, but is d
    Warning: CN=”NTDS Settings
    DEL:cd53d892-b33e-4b2f-9934-a46359430699″,CN=”ENDSCS1
    DEL:5609fab6-8f1c-4de3-b588-669ba20fb267″,CN=Servers,CN=Default-First-Si
    CN=Sites,CN=Configuration,DC=endsnet,DC=local is the Infrastructure Upda
    , but is deleted.
    ……………………. ENDSCS1 failed test KnowsOfRoleHolder
    Starting test: RidManager
    Warning: FSMO Role Owner is deleted.
    ldap_search_sW of CN=ENDSCS1
    DEL:5609fab6-8f1c-4de3-b588-669ba20fb267,CN=Servers,CN=Default-First-Sit
    N=Sites,CN=Configuration,DC=endsnet,DC=local for hostname failed with 2:
    tem cannot find the file specified.
    ……………………. ENDSCS1 failed test RidManager
    Starting test: MachineAccount
    ……………………. ENDSCS1 passed test MachineAccount
    Starting test: Services
    SMTPSVC Service is stopped on [ENDSCS1]
    ……………………. ENDSCS1 failed test Services
    Starting test: ObjectsReplicated
    ……………………. ENDSCS1 passed test ObjectsReplicated
    Starting test: frssysvol
    Error: No record of File Replication System, SYSVOL started.
    The Active Directory may be prevented from starting.
    There are errors after the SYSVOL has been shared.
    The SYSVOL can prevent the AD from starting.
    ……………………. ENDSCS1 passed test frssysvol
    Starting test: kccevent
    An Warning Event occured. EventID: 0x800004F1
    Time Generated: 06/27/2006 17:34:21
    (Event String could not be retrieved)
    An Warning Event occured. EventID: 0x800004F1
    Time Generated: 06/27/2006 17:34:21
    (Event String could not be retrieved)
    An Warning Event occured. EventID: 0x800004F1
    Time Generated: 06/27/2006 17:34:21
    (Event String could not be retrieved)
    An Warning Event occured. EventID: 0x80000679
    Time Generated: 06/27/2006 17:34:59
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005BA
    Time Generated: 06/27/2006 17:34:59
    (Event String could not be retrieved)
    An Warning Event occured. EventID: 0x80000581
    Time Generated: 06/27/2006 17:34:59
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC000055D
    Time Generated: 06/27/2006 17:34:59
    (Event String could not be retrieved)
    ……………………. ENDSCS1 failed test kccevent
    Starting test: systemlog
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 16:39:52
    Event String: The account-identifier allocator failed to
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 16:41:52
    Event String: The account-identifier allocator failed to
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 16:43:52
    Event String: The account-identifier allocator failed to
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 16:45:52
    Event String: The account-identifier allocator failed to
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 16:47:52
    Event String: The account-identifier allocator failed to
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 16:49:52
    Event String: The account-identifier allocator failed to
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 16:51:52
    Event String: The account-identifier allocator failed to
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 16:53:52
    Event String: The account-identifier allocator failed to
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 16:55:52
    Event String: The account-identifier allocator failed to
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 16:57:52
    Event String: The account-identifier allocator failed to
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 16:59:52
    Event String: The account-identifier allocator failed to
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 17:01:52
    Event String: The account-identifier allocator failed to
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 17:03:52
    Event String: The account-identifier allocator failed to
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 17:05:52
    Event String: The account-identifier allocator failed to
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 17:07:52
    Event String: The account-identifier allocator failed to
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 17:09:52
    Event String: The account-identifier allocator failed to
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 17:11:52
    Event String: The account-identifier allocator failed to
    An Error Event occured. EventID: 0x0000410A
    Time Generated: 06/27/2006 17:13:52
    Event String: The account-identifier allocator failed to
    Time Generated: 06/27/2006 17:37:52
    Event String: The account-identifier allocator failed to
    ……………………. ENDSCS1 failed test systemlog

    Running enterprise tests on : endsnet.local
    Starting test: Intersite
    ……………………. endsnet.local passed test Intersite
    Starting test: FsmoCheck
    Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 135
    A Global Catalog Server could not be located – All GC’s are dow
    Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
    A Primary Domain Controller could not be located.
    The server holding the PDC role is down.
    ……………………. endsnet.local failed test FsmoCheck

    I think the issues are down to old servers that have had ad just being removed etc but not being removed correctly. I have been dumped this little issue which I think is going to be a nightmare!

    All I am looking for is the best way to either fix restore or rebuild?

    Your help is very much appreciated

    Avatar
    m80arm
    Member
    #232027

    Re: AD Advice needed please

    Perhaps one of the old servers that you removed held all of the FSMO roles. The first DC in a new forest holds all of the FSMO roles.

    If this is the case then you may need to seize the FSMO roles onto one of the existing DC’s

    http://www.petri.com/seizing_fsmo_roles.htm

    Hope this helps

    Michael

    Avatar
    Si_Pe
    Member
    #278061

    Re: AD Advice needed please

    m80arm wrote:
    Perhaps one of the old servers that you removed held all of the FSMO roles. The first DC in a new forest holds all of the FSMO roles.

    If this is the case then you may need to seize the FSMO roles onto one of the existing DC’s

    http://www.petri.com/seizing_fsmo_roles.htm

    Hope this helps

    Michael

    Thanks for your reply, What happens if I do this?

    The one server that is running processing logons needs to be rebuilt but called the same server name etc as its a main till server.

    I have read about sezing the roles etc but I wanted to know what major impact it would have if I done this?

    Thanks again!

    Avatar
    Dumber
    Participant
    #195521

    Re: AD Advice needed please

    Is it possible to bring the server back online?

    Avatar
    Si_Pe
    Member
    #278062

    Re: AD Advice needed please

    Excellent, Seeing as the server is up and running at the moment is there a way of trying to fix the current issues and removing ad to another DC?

    Just trying to find the best route for this really, and work out whats the worst case senario.

    Thanks

    Avatar
    Dumber
    Participant
    #195522

    Re: AD Advice needed please

    move you’re fsmo roles then.

    http://www.petri.com/transferring_fsmo_roles.htm

    After that, run a Dcpromo to demote the server.
    Make a complete plan, an post it back if you still have any questions.

    Avatar
    Si_Pe
    Member
    #278063

    Re: AD Advice needed please

    Dumber wrote:

    Thanks, can user logons be processed still while I do this?

    Thanks

    Avatar
    Dumber
    Participant
    #195523

    Re: AD Advice needed please

    AFAIK: Yes.

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.