none
Cannot open ADUC - Naming Information cannot be located.

    Question

  • Hi,

    I have one domain controller on 2008 R2 and it holds all the FSMO roles. I am having a few issues and I am struggling to resolve the issue.

    So here it goes, below is a list of problems:

    1. Cannot open ADUS, Sites & Services, ADSI Edit or Domains and Trust because of error: Naming Information cannot be located. However I can open AD Admin Centre to manage users.

    2. Netdom query fsmo reports: specified domain either does not exist.

    3. DcDiag reports: ALL GCs are down and server holding PDC is down.

    Things I have checked so far:

    1. Check DNS to ensure all SRV records are in place for the GC and PDC under msdcs container.

    2. NTDS util to check the FSMO roles returns the correct server for each role (itself).

    3. IP config  has DNS server setup correctly. i.e. Primary DNS is the server itself and Secondary points elsewhere.

    4. IPv6 is disabled in the Network Adapter and in the registry.

    5. Nslookup of _ldap._tcp.dc._msdcs.domainname returns the correct SRV record.

    6. Restart AD Service, DNS service, netlogon service and problem still exists.

    7. Windows firewall is turned off so pretty sure its not causing the issue.

    8. Anti-virus installed is Forefront Endpoint Protection, doubt this is causing any interference.

    Things I haven't done:

    1. Delete the _msdcs zone and restart DNS server service.

    2. I have read in an article somewhere that a tdi filter driver on 2008 R2 could result in networking issues? How do I check if TDI filter driver is installed or its causing the problem?

    The funny thing is on random occasions you can open ADUS and netdom query fsmo reports all the FSMO roles but most of the time there is this problem. I am sort of stuck right now on where to go next with this issue. Any help will be appreciated.

    Thanks

    Friday, May 03, 2013 9:36 AM

Answers

  • This problem has now been resolved. We found that the Server wasn't advertising itself correctly as a GC or a PDC and also the SYSVOL shares were not initiated correctly i.e. the scripts and policies folders were not under c:\windows\sysvol. We therefore moved the Scripts and Policies folder to the SYSVOL directory and forced AD to reshare the NETLOGON AND SYSVOL shares. To "force" AD into doing this, we had to modify the "BurFlags" registry value to "D4" and restart the NTFRS service.

    Doing this shared the NETLOGON AND SYSVOL folders again. We then restarted the netlogon service as well and this solved the problem.

    Most errors in DCDIAG report were corrected and I was able to open ADUC and other consoles. I hope this solution can be helpful to someone out there as I spent 2 weeks in trying to correct it!

    Thanks

    Friday, May 17, 2013 2:05 PM

All replies

  • you may have problems with NTFRS replication. check NTFRS logs to see whether the replication works fine.

    ondrej.

    Friday, May 03, 2013 10:49 AM
  • I have no errors showing in the FRS log files through event viewer. There is one warning however which states:

    "FRS is scanning the data in system volume. Computer Succeed-AD cannot become a domain controller until this process is complete. The system will then be shared as SYSVOL".

    By looking at the time stamp of this event I am inclined to think that this warning was generated when DCpromo was initiated and has no bearing on the issue we are facing now.

    Friday, May 03, 2013 11:22 AM
  • Please post an ipconfig /all from your DC

    Run diagnostics against your Active Directory domain.

    If you don't have the support tools installed, install them from your server install disk.
    d:\support\tools\setup.exe

    Run dcdiag and repadmin in verbose mode.
    -> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
    -> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt
    -> ntfrsutl ds your_dc_name > c:\sysvol.log
    -> dnslint /ad /s "ip address of your dc"

    **Note: Using the /E switch in dcdiag will run diagnostics against ALL dc's in the forest. If you have significant numbers of DC's this test could generate significant detail and take a long time. You also want to take into account slow links to dc's will also add to the testing time.

    Description and download for dnslint
    http://support.microsoft.com/kb/321045

    Please post any errors you are unfamiliar with or the entire dump to Skydrive.
    http://explore.live.com/windows-live-skydrive

    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    Twitter @pbbergs
    http://blogs.dirteam.com/blogs/paulbergson

    Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

    Friday, May 03, 2013 11:56 AM
  • Skydrive and all other upload sites are blocked off. Ok to post here or I can email them.

    Friday, May 03, 2013 12:30 PM
  • Skydrive and all other upload sites are blocked off. Ok to post here or I can email them.

    Post here

    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    http://www.pbbergs.com    Twitter @pbbergs
    http://blogs.dirteam.com/blogs/paulbergson

    Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

    Friday, May 03, 2013 12:46 PM
  • Here is the dcdiag part one:


    Performing initial setup:

       * Connecting to directory service on server test-ad.

       test-ad.currentTime = 20130503120510.0Z

       test-ad.highestCommittedUSN = 270395

       test-ad.isSynchronized = 1

       test-ad.isGlobalCatalogReady = 1

       * Identified AD Forest.
       Collecting AD specific global data
       * Collecting site info.

       Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=test,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
       The previous call tested
       Iterating through the sites
       Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=local
       Getting ISTG and options for the site
       * Identifying all servers.

       Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=test,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
       The previous call tested....
       The previous call tested
       Iterating through the list of servers
       Getting information for the server CN=NTDS Settings,CN=test-AD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=local
       objectGuid obtained
       InvocationID obtained
       dnsHostname obtained
       site info obtained
       All the info for the server collected
       test-AD.currentTime = 20130503120510.0Z

       test-AD.highestCommittedUSN = 270395

       test-AD.isSynchronized = 1

       test-AD.isGlobalCatalogReady = 1

       * Identifying all NC cross-refs.

       * Found 1 DC(s). Testing 1 of them.

       Done gathering initial info.

     

    ===============================================Printing out pDsInfo

    GLOBAL:
     ulNumServers=1
     pszRootDomain=test.local
     pszNC=
     pszRootDomainFQDN=DC=test,DC=local
     pszConfigNc=CN=Configuration,DC=test,DC=local
     pszPartitionsDn=CN=Partitions,CN=Configuration,DC=test,DC=local
     fAdam=0
     iSiteOptions=0
     dwTombstoneLifeTimeDays=180

     dwForestBehaviorVersion=2

     HomeServer=0, test-AD

     SERVER: pServer[0].pszName=test-AD
      pServer[0].pszGuidDNSName (binding str)=9fd331d4-e66d-4771-aaec-3aa1aae81b42._msdcs.test.local
      pServer[0].pszDNSName=test-ad.test.local
      pServer[0].pszLdapPort=(null)
      pServer[0].pszSslPort=(null)
      pServer[0].pszDn=CN=NTDS Settings,CN=test-AD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=local
      pServer[0].pszComputerAccountDn=CN=test-AD,OU=Domain Controllers,DC=test,DC=local
      pServer[0].uuidObjectGuid=9fd331d4-e66d-4771-aaec-3aa1aae81b42
      pServer[0].uuidInvocationId=0f7143dd-57bb-41cb-a270-2b8b07cd1f7a
      pServer[0].iSite=0 (Default-First-Site-Name)
      pServer[0].iOptions=1
      pServer[0].ftLocalAcquireTime=761ef3f0 01ce47f6

      pServer[0].ftRemoteConnectTime=758c9f00 01ce47f6

      pServer[0].ppszMaster/FullReplicaNCs:
       ppszMaster/FullReplicaNCs[0]=DC=ForestDnsZones,DC=test,DC=local
       ppszMaster/FullReplicaNCs[1]=DC=DomainDnsZones,DC=test,DC=local
       ppszMaster/FullReplicaNCs[2]=CN=Schema,CN=Configuration,DC=test,DC=local
       ppszMaster/FullReplicaNCs[3]=CN=Configuration,DC=test,DC=local
       ppszMaster/FullReplicaNCs[4]=DC=test,DC=local

     SITES:  pSites[0].pszName=Default-First-Site-Name
      pSites[0].pszSiteSettings=CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=local
      pSites[0].pszISTG=CN=NTDS Settings,CN=test-AD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=local
      pSites[0].iSiteOption=0

      pSites[0].cServers=1

     NC:     pNCs[0].pszName=ForestDnsZones
      pNCs[0].pszDn=DC=ForestDnsZones,DC=test,DC=local

       pNCs[0].aCrInfo[0].dwFlags=0x00000201
       pNCs[0].aCrInfo[0].pszDn=CN=ff60cf33-3887-4da7-9134-384b5d75e560,CN=Partitions,CN=Configuration,DC=test,DC=local
       pNCs[0].aCrInfo[0].pszDnsRoot=ForestDnsZones.test.local
       pNCs[0].aCrInfo[0].iSourceServer=0
       pNCs[0].aCrInfo[0].pszSourceServer=(null)
       pNCs[0].aCrInfo[0].ulSystemFlags=0x00000005
       pNCs[0].aCrInfo[0].bEnabled=TRUE
       pNCs[0].aCrInfo[0].ftWhenCreated=00000000 00000000    pNCs[0].aCrInfo[0].pszSDReferenceDomain=(null)
       pNCs[0].aCrInfo[0].pszNetBiosName=(null)
       pNCs[0].aCrInfo[0].cReplicas=-1
       pNCs[0].aCrInfo[0].aszReplicas=


     NC:     pNCs[1].pszName=DomainDnsZones
      pNCs[1].pszDn=DC=DomainDnsZones,DC=test,DC=local

       pNCs[1].aCrInfo[0].dwFlags=0x00000201
       pNCs[1].aCrInfo[0].pszDn=CN=bd05c93d-bb8e-4090-a8bf-4d292a624a5f,CN=Partitions,CN=Configuration,DC=test,DC=local
       pNCs[1].aCrInfo[0].pszDnsRoot=DomainDnsZones.test.local
       pNCs[1].aCrInfo[0].iSourceServer=0
       pNCs[1].aCrInfo[0].pszSourceServer=(null)
       pNCs[1].aCrInfo[0].ulSystemFlags=0x00000005
       pNCs[1].aCrInfo[0].bEnabled=TRUE
       pNCs[1].aCrInfo[0].ftWhenCreated=00000000 00000000    pNCs[1].aCrInfo[0].pszSDReferenceDomain=(null)
       pNCs[1].aCrInfo[0].pszNetBiosName=(null)
       pNCs[1].aCrInfo[0].cReplicas=-1
       pNCs[1].aCrInfo[0].aszReplicas=


     NC:     pNCs[2].pszName=Schema
      pNCs[2].pszDn=CN=Schema,CN=Configuration,DC=test,DC=local

       pNCs[2].aCrInfo[0].dwFlags=0x00000201
       pNCs[2].aCrInfo[0].pszDn=CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=test,DC=local
       pNCs[2].aCrInfo[0].pszDnsRoot=test.local
       pNCs[2].aCrInfo[0].iSourceServer=0
       pNCs[2].aCrInfo[0].pszSourceServer=(null)
       pNCs[2].aCrInfo[0].ulSystemFlags=0x00000001
       pNCs[2].aCrInfo[0].bEnabled=TRUE
       pNCs[2].aCrInfo[0].ftWhenCreated=00000000 00000000    pNCs[2].aCrInfo[0].pszSDReferenceDomain=(null)
       pNCs[2].aCrInfo[0].pszNetBiosName=(null)
       pNCs[2].aCrInfo[0].cReplicas=-1
       pNCs[2].aCrInfo[0].aszReplicas=


     NC:     pNCs[3].pszName=Configuration
      pNCs[3].pszDn=CN=Configuration,DC=test,DC=local

       pNCs[3].aCrInfo[0].dwFlags=0x00000201
       pNCs[3].aCrInfo[0].pszDn=CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=test,DC=local
       pNCs[3].aCrInfo[0].pszDnsRoot=test.local
       pNCs[3].aCrInfo[0].iSourceServer=0
       pNCs[3].aCrInfo[0].pszSourceServer=(null)
       pNCs[3].aCrInfo[0].ulSystemFlags=0x00000001
       pNCs[3].aCrInfo[0].bEnabled=TRUE
       pNCs[3].aCrInfo[0].ftWhenCreated=00000000 00000000    pNCs[3].aCrInfo[0].pszSDReferenceDomain=(null)
       pNCs[3].aCrInfo[0].pszNetBiosName=(null)
       pNCs[3].aCrInfo[0].cReplicas=-1
       pNCs[3].aCrInfo[0].aszReplicas=


     NC:     pNCs[4].pszName=test
      pNCs[4].pszDn=DC=test,DC=local

       pNCs[4].aCrInfo[0].dwFlags=0x00000201
       pNCs[4].aCrInfo[0].pszDn=CN=test,CN=Partitions,CN=Configuration,DC=test,DC=local
       pNCs[4].aCrInfo[0].pszDnsRoot=test.local
       pNCs[4].aCrInfo[0].iSourceServer=0
       pNCs[4].aCrInfo[0].pszSourceServer=(null)
       pNCs[4].aCrInfo[0].ulSystemFlags=0x00000003
       pNCs[4].aCrInfo[0].bEnabled=TRUE
       pNCs[4].aCrInfo[0].ftWhenCreated=00000000 00000000    pNCs[4].aCrInfo[0].pszSDReferenceDomain=(null)
       pNCs[4].aCrInfo[0].pszNetBiosName=(null)
       pNCs[4].aCrInfo[0].cReplicas=-1
       pNCs[4].aCrInfo[0].aszReplicas=


     5 NC TARGETS: ForestDnsZones, DomainDnsZones, Schema, Configuration, test,
     1 TARGETS: test-AD,

    =============================================Done Printing pDsInfo

    Doing initial required tests

      
       Testing server: Default-First-Site-Name\test-AD

          Starting test: Connectivity

             * Active Directory LDAP Services Check
             Determining IP4 connectivity
             Failure Analysis: test-AD ... OK.
             * Active Directory RPC Services Check
             ......................... test-AD passed test Connectivity

     

    Doing primary tests

      
       Testing server: Default-First-Site-Name\test-AD

          Starting test: Advertising

             Fatal Error:DsGetDcName (test-AD) call failed, error 1355

             The Locator could not find the server.

             ......................... test-AD failed test Advertising

          Starting test: CheckSecurityError

             * Dr Auth:  Beginning security errors check!
             No KDC found for domain test.local in site Default-First-Site-Name

             (1355, NULL)

             [test-AD] Unable to contact a KDC for the destination domain in

             it's own site.  This means either there are no available KDC's for

             this domain in the site, *including* the destination DC itself, or

             we're having network or packet fragmentation issues connecting to it.

             We'll check packet fragmentation connection to the destination DC,

             make recommendations, and continue.

             Checking UDP fragmentation issues to test-AD.
              The KDC on test-AD isn't responsive, please verify that it's

             running and advertising.

             No KDC found for domain test.local in site (ALL SITES) (1355, NULL)

             [test-AD] Unable to contact a KDC for the destination domain.  If

             no KDC for the destination domain is available, replication will be

             blocked!

             If there is some KDC for that domain available, check network

             connectivity issues or see possible packet fragmentation issues above.

             Checking machine account for DC test-AD on DC test-AD.
             * SPN found :LDAP/test-ad.test.local/test.local
             * SPN found :LDAP/test-ad.test.local
             * SPN found :LDAP/test-AD
             * SPN found :LDAP/test-ad.test.local/test
             * SPN found :LDAP/9fd331d4-e66d-4771-aaec-3aa1aae81b42._msdcs.test.local
             * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/9fd331d4-e66d-4771-aaec-3aa1aae81b42/test.local
             * SPN found :HOST/test-ad.test.local/test.local
             * SPN found :HOST/test-ad.test.local
             * SPN found :HOST/test-AD
             * SPN found :HOST/test-ad.test.local/test
             * SPN found :GC/test-ad.test.local/test.local
             [test-AD] No security related replication errors were found on this

             DC!  To target the connection to a specific source DC use

             /ReplSource:<DC>.

             ......................... test-AD passed test CheckSecurityError

          Starting test: CutoffServers

             * Configuration Topology Aliveness Check
             * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=test,DC=local.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=test,DC=local.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=test,DC=local.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             * Analyzing the alive system replication topology for CN=Configuration,DC=test,DC=local.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             * Analyzing the alive system replication topology for DC=test,DC=local.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             ......................... test-AD passed test CutoffServers

          Starting test: FrsEvent

             * The File Replication Service Event log test
             There are warning or error events within the last 24 hours after the

             SYSVOL has been shared.  Failing SYSVOL replication problems may cause

             Group Policy problems.
             A warning event occurred.  EventID: 0x800034FE

                Time Generated: 05/03/2013   09:38:51

                Event String:

                File Replication Service is scanning the data in the system volume. Computer test-AD cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.

                

                To check for the SYSVOL share, at the command prompt, type:

                net share

                

                When File Replication Service completes the scanning process, the SYSVOL share will appear.

                

                The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume.

             A warning event occurred.  EventID: 0x800034C8

                Time Generated: 05/03/2013   09:39:06

                Event String:

                The File Replication Service has detected an enabled disk write cache on the drive containing the directory c:\windows\ntfrs\jet on the computer test-AD. The File Replication Service might not recover when power to the drive is interrupted and critical updates are lost.

             A warning event occurred.  EventID: 0x800034CE

                Time Generated: 05/03/2013   12:05:09

                Event String:

                The File Replication Service did not grant the user "share92admin" access to the API "Get Internal Information".

                

                Permissions for "Get Internal Information" can be changed by running regedit.

                

                Click on Start, Run, and type regedit.

                

                Expand HKEY_LOCAL_MACHINE, SYSTEM, CurrentControlSet, Services, NtFrs, Parameters, Access Checks, and highlight "Get Internal Information". Click on the toolbar option Security and then Permissions...

                

                Access checks can be disabled for "Get Internal Information". Double click on "Access checks are [Enabled or Disabled]" and change the string to Disabled.

             ......................... test-AD passed test FrsEvent

          Starting test: DFSREvent

             The DFS Replication Event Log.
             Skip the test because the server is running FRS.

             ......................... test-AD passed test DFSREvent

          Starting test: SysVolCheck

             * The File Replication Service SYSVOL ready test
             The registry lookup failed to determine the state of the SYSVOL.  The

             error returned  was 0x0 "The operation completed successfully.".

             Check the FRS event log to see if the SYSVOL has successfully been

             shared.
             ......................... test-AD passed test SysVolCheck

          Starting test: FrsSysVol

             * The File Replication Service SYSVOL ready test
             The registry lookup failed to determine the state of the SYSVOL.  The

             error returned  was 0x0 "The operation completed successfully.".

             Check the FRS event log to see if the SYSVOL has successfully been

             shared.
             ......................... test-AD passed test FrsSysVol

          Starting test: KccEvent

             * The KCC Event log test
             Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
             ......................... test-AD passed test KccEvent

          Starting test: KnowsOfRoleHolders

             Role Schema Owner = CN=NTDS Settings,CN=test-AD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=local
             Role Domain Owner = CN=NTDS Settings,CN=test-AD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=local
             Role PDC Owner = CN=NTDS Settings,CN=test-AD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=local
             Role Rid Owner = CN=NTDS Settings,CN=test-AD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=local
             Role Infrastructure Update Owner = CN=NTDS Settings,CN=test-AD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=local
             ......................... test-AD passed test KnowsOfRoleHolders

          Starting test: MachineAccount

             Checking machine account for DC test-AD on DC test-AD.
             * SPN found :LDAP/test-ad.test.local/test.local
             * SPN found :LDAP/test-ad.test.local
             * SPN found :LDAP/test-AD
             * SPN found :LDAP/test-ad.test.local/test
             * SPN found :LDAP/9fd331d4-e66d-4771-aaec-3aa1aae81b42._msdcs.test.local
             * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/9fd331d4-e66d-4771-aaec-3aa1aae81b42/test.local
             * SPN found :HOST/test-ad.test.local/test.local
             * SPN found :HOST/test-ad.test.local
             * SPN found :HOST/test-AD
             * SPN found :HOST/test-ad.test.local/test
             * SPN found :GC/test-ad.test.local/test.local
             ......................... test-AD passed test MachineAccount

     

    Friday, May 03, 2013 12:50 PM
  • DCDiag Part 2:

    Starting test: NCSecDesc

             * Security Permissions check for all NC's on DC test-AD.
             The forest is not ready for RODC. Will skip checking ERODC ACEs.
             * Security Permissions Check for

               DC=ForestDnsZones,DC=test,DC=local
                (NDNC,Version 3)
             Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

                Replicating Directory Changes In Filtered Set
             access rights for the naming context:

             DC=ForestDnsZones,DC=test,DC=local
             * Security Permissions Check for

               DC=DomainDnsZones,DC=test,DC=local
                (NDNC,Version 3)
             Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

                Replicating Directory Changes In Filtered Set
             access rights for the naming context:

             DC=DomainDnsZones,DC=test,DC=local
             * Security Permissions Check for

               CN=Schema,CN=Configuration,DC=test,DC=local
                (Schema,Version 3)
             * Security Permissions Check for

               CN=Configuration,DC=test,DC=local
                (Configuration,Version 3)
             * Security Permissions Check for

               DC=test,DC=local
                (Domain,Version 3)
             ......................... test-AD failed test NCSecDesc

          Starting test: NetLogons

             * Network Logons Privileges Check
             Unable to connect to the NETLOGON share! (\\test-AD\netlogon)

             [test-AD] An net use or LsaPolicy operation failed with error 67,

             The network name cannot be found..

             ......................... test-AD failed test NetLogons

          Starting test: ObjectsReplicated

             test-AD is in domain DC=test,DC=local
             Checking for CN=test-AD,OU=Domain Controllers,DC=test,DC=local in domain DC=test,DC=local on 1 servers
                Object is up-to-date on all servers.
             Checking for CN=NTDS Settings,CN=test-AD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=local in domain CN=Configuration,DC=test,DC=local on 1 servers
                Object is up-to-date on all servers.
             ......................... test-AD passed test ObjectsReplicated

          Starting test: OutboundSecureChannels

             * The Outbound Secure Channels test
             ** Did not run Outbound Secure Channels test because /testdomain: was

             not entered

             ......................... test-AD passed test

             OutboundSecureChannels

          Starting test: Replications

             * Replications Check
             DC=ForestDnsZones,DC=test,DC=local has 3 cursors.
             DC=DomainDnsZones,DC=test,DC=local has 3 cursors.
             CN=Schema,CN=Configuration,DC=test,DC=local has 3 cursors.
             CN=Configuration,DC=test,DC=local has 3 cursors.
             DC=test,DC=local has 3 cursors.
             * Replication Latency Check
                DC=ForestDnsZones,DC=test,DC=local
                   Latency information for 2 entries in the vector were ignored.
                      2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
                DC=DomainDnsZones,DC=test,DC=local
                   Latency information for 2 entries in the vector were ignored.
                      2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
                CN=Schema,CN=Configuration,DC=test,DC=local
                   Latency information for 2 entries in the vector were ignored.
                      2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
                CN=Configuration,DC=test,DC=local
                   Latency information for 2 entries in the vector were ignored.
                      2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
                DC=test,DC=local
                   Latency information for 2 entries in the vector were ignored.
                      2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
             ......................... test-AD passed test Replications

          Starting test: RidManager

             ridManagerReference = CN=RID Manager$,CN=System,DC=test,DC=local
             * Available RID Pool for the Domain is 2743 to 1073741823
             fSMORoleOwner = CN=NTDS Settings,CN=test-AD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=local
             * test-ad.test.local is the RID Master
             * DsBind with RID Master was successful
             rIDSetReferences = CN=RID Set,CN=test-AD,OU=Domain Controllers,DC=test,DC=local
             * rIDAllocationPool is 2243 to 2742
             * rIDPreviousAllocationPool is 2243 to 2742
             * rIDNextRID: 2258
             ......................... test-AD passed test RidManager

          Starting test: Services

             * Checking Service: EventSystem
             * Checking Service: RpcSs
             * Checking Service: NTDS
             * Checking Service: DnsCache
             * Checking Service: NtFrs
             * Checking Service: IsmServ
             * Checking Service: kdc
             * Checking Service: SamSs
             * Checking Service: LanmanServer
             * Checking Service: LanmanWorkstation
             * Checking Service: w32time
             * Checking Service: NETLOGON
             ......................... test-AD passed test Services

          Starting test: SystemLog

             * The System Event log test
             An error event occurred.  EventID: 0xC00038D6

                Time Generated: 05/03/2013   13:02:23

                Event String:

                The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

             ......................... test-AD failed test SystemLog

          Starting test: Topology

             * Configuration Topology Integrity Check
             * Analyzing the connection topology for DC=ForestDnsZones,DC=test,DC=local.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             * Analyzing the connection topology for DC=DomainDnsZones,DC=test,DC=local.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=test,DC=local.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             * Analyzing the connection topology for CN=Configuration,DC=test,DC=local.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             * Analyzing the connection topology for DC=test,DC=local.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             ......................... test-AD passed test Topology

          Starting test: VerifyEnterpriseReferences

             ......................... test-AD passed test

             VerifyEnterpriseReferences

          Starting test: VerifyReferences

             The system object reference (serverReference)

             CN=test-AD,OU=Domain Controllers,DC=test,DC=local and backlink

             on

             CN=test-AD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=local

             are correct.
             The system object reference (serverReferenceBL)

             CN=test-AD,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=test,DC=local

             and backlink on

             CN=NTDS Settings,CN=test-AD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=local

             are correct.
             The system object reference (frsComputerReferenceBL)

             CN=test-AD,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=test,DC=local

             and backlink on

             CN=test-AD,OU=Domain Controllers,DC=test,DC=local are correct.
             ......................... test-AD passed test VerifyReferences

          Starting test: VerifyReplicas

             ......................... test-AD passed test VerifyReplicas

      
          Starting test: DNS

            

             DNS Tests are running and not hung. Please wait a few minutes...

             See DNS test in enterprise tests section for results
             ......................... test-AD passed test DNS

      
       Running partition tests on : ForestDnsZones

          Starting test: CheckSDRefDom

             ......................... ForestDnsZones passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... ForestDnsZones passed test

             CrossRefValidation

      
       Running partition tests on : DomainDnsZones

          Starting test: CheckSDRefDom

             ......................... DomainDnsZones passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... DomainDnsZones passed test

             CrossRefValidation

      
       Running partition tests on : Schema

          Starting test: CheckSDRefDom

             ......................... Schema passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... Schema passed test CrossRefValidation

      
       Running partition tests on : Configuration

          Starting test: CheckSDRefDom

             ......................... Configuration passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... Configuration passed test CrossRefValidation

      
       Running partition tests on : test

          Starting test: CheckSDRefDom

             ......................... test passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... test passed test CrossRefValidation

      
       Running enterprise tests on : test.local

          Starting test: DNS

             Test results for domain controllers:

               
                DC: test-ad.test.local

                Domain: test.local

               

                     
                   TEST: Authentication (Auth)
                      Authentication test: Successfully completed
                     
                   TEST: Basic (Basc)
                      The OS

                      Microsoft Windows Server 2008 R2 Standard  (Service Pack level: 0.0)

                      is supported.

                      NETLOGON service is running

                      kdc service is running

                      DNSCACHE service is running

                      DNS service is running

                      DC is a DNS server

                      Network adapters information:

                      Adapter

                      [00000007] Microsoft Virtual Machine Bus Network Adapter:

                         MAC address is 00:15:5D:C3:E9:0E
                         IP Address is static
                         IP address: 10.98.138.177
                         DNS servers:

                            127.0.0.1 (test-AD) [Valid]
                            10.98.138.177 (test-AD) [Valid]
                      The A host record(s) for this DC was found
                      The SOA record for the Active Directory zone was found
                      The Active Directory zone on this DC/DNS server was found primary
                      Root zone on this DC/DNS server was not found
                     
                   TEST: Forwarders/Root hints (Forw)
                      Recursion is enabled
                      Forwarders Information:
                         89.31.233.91 (<name unavailable>) [Valid]
                         89.31.233.92 (<name unavailable>) [Valid]
                     
                   TEST: Delegations (Del)
                      Delegation information for the zone: test.local.
                         Delegated domain name: _msdcs.test.local.
                            Error: DNS server: sharepoint-92.test.local.

                            IP:<Unavailable> [Missing glue A record]

                            [Error details: 9714 (Type: Win32 - Description: DNS name does not exist.)]
                     
                   TEST: Dynamic update (Dyn)
                      Test record dcdiag-test-record added successfully in zone test.local
                      Test record dcdiag-test-record deleted successfully in zone test.local
                     
                   TEST: Records registration (RReg)
                      Network Adapter

                      [00000007] Microsoft Virtual Machine Bus Network Adapter:

                         Matching CNAME record found at DNS server 10.98.138.177:
                         9fd331d4-e66d-4771-aaec-3aa1aae81b42._msdcs.test.local

                         Matching A record found at DNS server 10.98.138.177:
                         test-ad.test.local

                         Matching  SRV record found at DNS server 10.98.138.177:
                         _ldap._tcp.test.local

                         Matching  SRV record found at DNS server 10.98.138.177:
                         _ldap._tcp.6809823b-11dd-47ac-afb2-b382be7be813.domains._msdcs.test.local

                         Matching  SRV record found at DNS server 10.98.138.177:
                         _kerberos._tcp.dc._msdcs.test.local

                         Matching  SRV record found at DNS server 10.98.138.177:
                         _ldap._tcp.dc._msdcs.test.local

                         Matching  SRV record found at DNS server 10.98.138.177:
                         _kerberos._tcp.test.local

                         Matching  SRV record found at DNS server 10.98.138.177:
                         _kerberos._udp.test.local

                         Matching  SRV record found at DNS server 10.98.138.177:
                         _kpasswd._tcp.test.local

                         Matching  SRV record found at DNS server 10.98.138.177:
                         _ldap._tcp.Default-First-Site-Name._sites.test.local

                         Matching  SRV record found at DNS server 10.98.138.177:
                         _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.test.local

                         Matching  SRV record found at DNS server 10.98.138.177:
                         _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.test.local

                         Matching  SRV record found at DNS server 10.98.138.177:
                         _kerberos._tcp.Default-First-Site-Name._sites.test.local

                         Matching  SRV record found at DNS server 10.98.138.177:
                         _ldap._tcp.gc._msdcs.test.local

                         Matching A record found at DNS server 10.98.138.177:
                         gc._msdcs.test.local

                         Matching  SRV record found at DNS server 10.98.138.177:
                         _gc._tcp.Default-First-Site-Name._sites.test.local

                         Matching  SRV record found at DNS server 10.98.138.177:
                         _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.test.local

                         Matching  SRV record found at DNS server 10.98.138.177:
                         _ldap._tcp.pdc._msdcs.test.local

                         Matching CNAME record found at DNS server 10.98.138.177:
                         9fd331d4-e66d-4771-aaec-3aa1aae81b42._msdcs.test.local

                         Matching A record found at DNS server 10.98.138.177:
                         test-ad.test.local

                         Matching  SRV record found at DNS server 10.98.138.177:
                         _ldap._tcp.test.local

                         Matching  SRV record found at DNS server 10.98.138.177:
                         _ldap._tcp.6809823b-11dd-47ac-afb2-b382be7be813.domains._msdcs.test.local

                         Matching  SRV record found at DNS server 10.98.138.177:
                         _kerberos._tcp.dc._msdcs.test.local

                         Matching  SRV record found at DNS server 10.98.138.177:
                         _ldap._tcp.dc._msdcs.test.local

                         Matching  SRV record found at DNS server 10.98.138.177:
                         _kerberos._tcp.test.local

                         Matching  SRV record found at DNS server 10.98.138.177:
                         _kerberos._udp.test.local

                         Matching  SRV record found at DNS server 10.98.138.177:
                         _kpasswd._tcp.test.local

                         Matching  SRV record found at DNS server 10.98.138.177:
                         _ldap._tcp.Default-First-Site-Name._sites.test.local

                         Matching  SRV record found at DNS server 10.98.138.177:
                         _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.test.local

                         Matching  SRV record found at DNS server 10.98.138.177:
                         _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.test.local

                         Matching  SRV record found at DNS server 10.98.138.177:
                         _kerberos._tcp.Default-First-Site-Name._sites.test.local

                         Matching  SRV record found at DNS server 10.98.138.177:
                         _ldap._tcp.gc._msdcs.test.local

                         Matching A record found at DNS server 10.98.138.177:
                         gc._msdcs.test.local

                         Matching  SRV record found at DNS server 10.98.138.177:
                         _gc._tcp.Default-First-Site-Name._sites.test.local

                         Matching  SRV record found at DNS server 10.98.138.177:
                         _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.test.local

                         Matching  SRV record found at DNS server 10.98.138.177:
                         _ldap._tcp.pdc._msdcs.test.local

                   Total query time:0 min. 1 sec.. Total RPC connection

                   time:0 min. 0 sec.

                   Total WMI connection time:0 min. 42 sec. Total Netuse connection

                   time:0 min. 0 sec.

            
             Summary of test results for DNS servers used by the above domain

             controllers:

            

                DNS server: 10.98.138.177 (test-AD)

                   All tests passed on this DNS server

                   Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
                   Total query time:0 min. 0 sec., Total WMI connection

                   time:0 min. 0 sec.

                  
                DNS server: 89.31.233.91 (<name unavailable>)

                   All tests passed on this DNS server

                   Total query time:0 min. 0 sec., Total WMI connection

                   time:0 min. 21 sec.

                  
                DNS server: 89.31.233.92 (<name unavailable>)

                   All tests passed on this DNS server

                   Total query time:0 min. 0 sec., Total WMI connection

                   time:0 min. 21 sec.

                  
             Summary of DNS test results:

            
                                                Auth Basc Forw Del  Dyn  RReg Ext
                _________________________________________________________________
                Domain: test.local

                   test-ad                   PASS PASS PASS FAIL PASS PASS n/a 
            
             Total Time taken to test all the DCs:0 min. 44 sec.

             ......................... test.local failed test DNS

          Starting test: LocatorCheck

             Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355

             A Global Catalog Server could not be located - All GC's are down.

             PDC Name: \\test-ad.test.local
             Locator Flags: 0xe00031fd
             Warning: DcGetDcName(TIME_SERVER) call failed, error 1355

             A Time Server could not be located.

             The server holding the PDC role is down.

             Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error

             1355

             A Good Time Server could not be located.

             Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355

             A KDC could not be located - All the KDCs are down.

             ......................... test.local failed test LocatorCheck

          Starting test: FsmoCheck

             Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355

             A Global Catalog Server could not be located - All GC's are down.

             PDC Name: \\test-ad.test.local
             Locator Flags: 0xe00031fd
             Warning: DcGetDcName(TIME_SERVER) call failed, error 1355

             A Time Server could not be located.

             The server holding the PDC role is down.

             Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error

             1355

             A Good Time Server could not be located.

             Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355

             A KDC could not be located - All the KDCs are down.

             ......................... test.local failed test FsmoCheck

          Starting test: Intersite

             Skipping site Default-First-Site-Name, this site is outside the scope

             provided by the command line arguments provided.
             ......................... test.local passed test Intersite

    Friday, May 03, 2013 12:51 PM
  • I only have a couple of minutes and I have to run, but

    ipconfig /all                     post is needed too.

    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    http://www.pbbergs.com    Twitter @pbbergs
    http://blogs.dirteam.com/blogs/paulbergson

    Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

    Friday, May 03, 2013 12:54 PM

  • Windows IP Configuration

       Host Name . . . . . . . . . . . . : test-ad
       Primary Dns Suffix  . . . . . . . : test.local
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : test.local

    Ethernet adapter Frontend:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Adapter
       Physical Address. . . . . . . . . : 00-15-5D-C3-E9-0E
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 10.98.138.177(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.248
       Default Gateway . . . . . . . . . : 10.98.138.182
       DNS Servers . . . . . . . . . . . : 10.98.138.177
                                          
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.{11DC2B5A-9489-4ECA-8917-05AB74068DA8}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:3878:3e9d:f59d:754e(Preferred)
       Link-local IPv6 Address . . . . . : fe80::3878:3e9d:f59d:754e%13(Preferred)
       Default Gateway . . . . . . . . . : ::
       NetBIOS over Tcpip. . . . . . . . : Disabled


    • Edited by Mayur_- Friday, May 03, 2013 12:58 PM
    Friday, May 03, 2013 12:57 PM
  • I had expected to see a misconfigured dns setting, since that is so common but it looks good.  You don't need to disable ipv6 and it can now cause issues, but in your case I don't see that the problem.

    Can you do an nslookup on a machine within your domain from your DC and get resolution for it?

    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    http://www.pbbergs.com    Twitter @pbbergs
    http://blogs.dirteam.com/blogs/paulbergson

    Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

    Friday, May 03, 2013 1:06 PM
  • Yes nslookup gives me a successful return but when I use:

    ntdsutil

    metadata cleanup

    connections

    connect to domain

    I get the error: DsGetDcNameW error 0x54b < the specified domain does not exist or could not be contacted> and netdom query fsmo also reports something similar.


    • Edited by Mayur_- Friday, May 03, 2013 1:09 PM
    Friday, May 03, 2013 1:08 PM
  • If this is a 2008 DC and you can't get into sites and services try the following url to promote a DC to a GC just to ensure it is one.
    http://technet.microsoft.com/en-us/library/dd378812(v=WS.10).aspx

    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    http://www.pbbergs.com    Twitter @pbbergs
    http://blogs.dirteam.com/blogs/paulbergson

    Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

    Friday, May 03, 2013 1:10 PM
  • when I ran your sggest readmin command I got the following:

    Default-First-Site-Name\Test-AD
    DSA Option: IS_GC
    Site Options: <none>
    DSA Object GUID: 9fd331d4-e66d-4771-aaec-3aa1aae81b42
    DSA Invocation ID: 0f7143dd-57bb-41cb-a270-2b8b07cd1f7a

    ===KCC COnnection Objects======================================

    This confirms that it is a gc?

    Friday, May 03, 2013 1:11 PM
  • It tells me it is now.  Test to see if anything changed, if you can reboot the Dc i would do that as well.

    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    http://www.pbbergs.com    Twitter @pbbergs
    http://blogs.dirteam.com/blogs/paulbergson

    Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

    Friday, May 03, 2013 1:18 PM
  • I didn't follow that tech guide you provide to make it a GC. That output was from earlier, when I was checking things.

    Rebooting the dc resolves the issue for a little while and this problem returns again. I have requested for a maintenance window from customer to reboot but still don't think its fixed..

    Friday, May 03, 2013 1:19 PM
  • Oh, ok, sorry I misunderstood.  Have you checked the bios/firmware of the nic from the manufacturer to verify it is all up to date?  I am dealing with an issue myself that all revolves around bad nic firmware.

    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    http://www.pbbergs.com    Twitter @pbbergs
    http://blogs.dirteam.com/blogs/paulbergson

    Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

    Friday, May 03, 2013 1:21 PM
  • Its a VM running on 2012 hyper-v host. I have already removed and readded a new network adapter and configured it. Still no joy. Maybe a call to Microsoft?

    Friday, May 03, 2013 1:23 PM
  • From what I can tell the DC can't contact even itself since it is having network issues.  I don't see an issue with the DC itself.  I haven't looked at the bit map since you said it works intermediately. 

    What happens when you do the following on your DC?

    ipconfig /flushdns
    nslookup member_Server              <- Put a member server name in here

    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    http://www.pbbergs.com    Twitter @pbbergs
    http://blogs.dirteam.com/blogs/paulbergson

    Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

    Friday, May 03, 2013 1:39 PM
  • When I do that I get successful name resolution and it works fine! Its mind boggling as to what's its doing. One test on dc reports success run another test and it reports a failure.

    It is definitely a DNS issue, I am 100% sure of it, but I don't know what it is. I have checked the DNS server is authorative for the domain etc and all that is fine as well.

    PS: Just checked again and it is working randomly now!!!! I can open ADUC and netdom query fsmo resolves correctly (for now).

    • Edited by Mayur_- Friday, May 03, 2013 1:51 PM
    Friday, May 03, 2013 1:42 PM
  • Next time is happens go to the DNS server and flush dns and also do an ipconfig /flushdns on the DC's command line.

    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    http://www.pbbergs.com    Twitter @pbbergs
    http://blogs.dirteam.com/blogs/paulbergson

    Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

    Friday, May 03, 2013 4:26 PM
  • it is happening again and I have tried your suggestion. The problem still persists, I also tried to register the dns but still no joy.
    Tuesday, May 07, 2013 8:31 AM
  • I have gone through everything again and I just don't see anything.  Perhaps you should post this in a Hyper-V forum, since this just looks like some type of network issue.

    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    http://www.pbbergs.com    Twitter @pbbergs
    http://blogs.dirteam.com/blogs/paulbergson

    Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

    Tuesday, May 07, 2013 12:32 PM
  • Ok I will try that tomorrow or something. I have been at this for 3-4 days now and just wanted to get another pair of eyes on it. Incase I missed something obvious but I guess not.

    Thanks for your help mate, appreciate it. When I find a solution, I will definitely update the thread, it will save some one the hassle.

    Mayur

    Tuesday, May 07, 2013 4:20 PM
  • This problem has now been resolved. We found that the Server wasn't advertising itself correctly as a GC or a PDC and also the SYSVOL shares were not initiated correctly i.e. the scripts and policies folders were not under c:\windows\sysvol. We therefore moved the Scripts and Policies folder to the SYSVOL directory and forced AD to reshare the NETLOGON AND SYSVOL shares. To "force" AD into doing this, we had to modify the "BurFlags" registry value to "D4" and restart the NTFRS service.

    Doing this shared the NETLOGON AND SYSVOL folders again. We then restarted the netlogon service as well and this solved the problem.

    Most errors in DCDIAG report were corrected and I was able to open ADUC and other consoles. I hope this solution can be helpful to someone out there as I spent 2 weeks in trying to correct it!

    Thanks

    Friday, May 17, 2013 2:05 PM
  • Thanks for sharing this. I've encountered similar problem and this has worked for me

    Thursday, November 14, 2013 8:20 AM