none
Windows 2008 Server AD Issues

    Question

  • Single Windows 2008 R2 server in small office. Was a replacement for a Windows 2003 SBS unit that has been decommissioned.

    Issues include slow and inconsistant logins for file sharing and even issues running AD admin tools on the server itself. Errors saying the tool cannot find the domain or tree. Somehow when AD was setup the DNS service was not. Has been addded and several attempts to get all of the SRV entries and settings completed have not resolved problems.Have siezed all of the FSMO roles. 

    Attempted to uninstall AD and got error indicating there is a child partition which I cannot figure out how to remove.  

    Have now far exceeded my expertise. Any ideas?

    Monday, August 19, 2013 10:27 PM

All replies

  • Could be a lot of problem, but the rule of thumb that a bad DNS always crash a AD. (AD is built with the DNS) 

    Seem a bad DNS configuration. Check your DNS console and be sure your DNS server is the master of everything.

    If you tried to dcpromo on the other side, I wonder how much user you got and if you got like an exchange tied to that. Is it a SOHO shop ? If yes it might be speedier to redo from stracth the DC.


    MCP | MCTS - Exchange 2007, Configuring | Member of TechNet Wiki Community Council | French Moderator on TechNet Wiki (Translation Widget)

    Tuesday, August 20, 2013 4:20 AM
  • Hello,

    is the new machine also DNS/GC and are all machines configured to use it on the NIC ONLY. Please post an unedited ipconfig /all from the DC and a client with problems.

    If you open dnsmgmt.msc in the RUN line on the DC does you see the domain name under the FORWARD lookup zone? Is that name the same as shown in AD UC on top?


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Tuesday, August 20, 2013 7:38 AM
  • Thanks so much for the response. Here is what I have:

    RE:If you open dnsmgmt.msc in the RUN line on the DC does you see the domain name under the FORWARD lookup zone? Is that name the same as shown in AD UC on top?

    Yes the domain appears in the FORWARD lookup zone but I cannot get AC UC to connect to the domain at all. I get the error "Naming information could not be located because: The specified Domain either does not exist or could not be contacted."

    Keep in mind this is on the same machine...

    RE:is the new machine also DNS/GC and are all machines configured to use it on the NIC ONLY. Please post an unedited ipconfig /all from the DC and a client with problems.

    Yes it is the only DC as well as DNS/GC. Not sure how to answer "are all machines configured to use it on the NIC ONLY"

    I do not havea client config but here is the IPCONFIG For Server. 

    C:\Users\administrator.TOWNOFWESTPOINT>ipconfig /all

     

    Windows IP Configuration

     

       Host Name . . . . . . . . . . . . : WestPointFile

       Primary Dns Suffix  . . . . . . . : townofwestpoint.local

       Node Type . . . . . . . . . . . . : Unknown

       IP Routing Enabled. . . . . . . . : No

       WINS Proxy Enabled. . . . . . . . : No

       DNS Suffix Search List. . . . . . : townofwestpoint.local

     

    Ethernet adapter Local Area Connection 2:

     

       Connection-specific DNS Suffix  . :

       Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet #2

       Physical Address. . . . . . . . . : E0-DB-55-16-9C-02

       DHCP Enabled. . . . . . . . . . . : No

       Autoconfiguration Enabled . . . . : Yes

       IPv4 Address. . . . . . . . . . . : 192.168.10.253(Preferred)

       Subnet Mask . . . . . . . . . . . : 255.255.255.0

       Default Gateway . . . . . . . . . : 192.168.10.1

       DNS Servers . . . . . . . . . . . : 192.168.10.253

                                           8.8.8.8

       NetBIOS over Tcpip. . . . . . . . : Enabled

     

    Tunnel adapter isatap.{88E229EC-4ACE-4FB6-8632-3EADB72ED16C}:

     

       Media State . . . . . . . . . . . : Media disconnected

       Connection-specific DNS Suffix  . :

       Description . . . . . . . . . . . : Microsoft ISATAP Adapter

       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

       DHCP Enabled. . . . . . . . . . . : No

       Autoconfiguration Enabled . . . . : Yes

     

    Tunnel adapter Local Area Connection* 11:

     

       Connection-specific DNS Suffix  . :

       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

       DHCP Enabled. . . . . . . . . . . : No

       Autoconfiguration Enabled . . . . : Yes

       IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:3820:5403:b956:7ef4(Pref

    erred)

       Link-local IPv6 Address . . . . . : fe80::3820:5403:b956:7ef4%14(Preferred)

       Default Gateway . . . . . . . . . : ::

       NetBIOS over Tcpip. . . . . . . . : Disabled

    ___________________________________________________________

    Microsoft Windows [Version 6.1.7601]

    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

     

    Tuesday, August 20, 2013 10:01 AM
  • Hello,

    external DNS servers as  8.8.8.8 are not to use domain internally. Please remove them on ALL domain machines and run ipconfig /flushdns and ipconfig /registerdns and restart the netlogon service on DCs and reboot clients.

    FORWARDERS on the DNS server properties in dnsmgmt.msc should be used for the ISPs one.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Tuesday, August 20, 2013 12:15 PM
  • Thanks.

    Done and still am seeing errors when trying to launch the AD admin tools. Also I noticed this error in the system event log:

    "The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly."

    Seems obvious that the DNS is fouled up but I have rebuilt with wizard and still have these issues.

    Can you further explain or prompt my action re:"FORWARDERS on the DNS server properties in dnsmgmt.msc should be used for the ISPs one"

    Should I create a forwarder to the ISP DNS servers?

    Again, I appreciate the help.
    Tuesday, August 20, 2013 12:34 PM
  • Hi, no, only put your DNS server in it for now, you have to fix the issue locally before triing to make the server reach the rest of the world.

    Try ping townofwestpoint.local

    If it does not resolve, check the DNS service to be sure it's bind to your IPv4 address


    MCP | MCTS - Exchange 2007, Configuring | Member of TechNet Wiki Community Council | French Moderator on TechNet Wiki (Translation Widget)


    Tuesday, August 20, 2013 1:11 PM
  • Hello,

    please post again an unedited ipconfig /all to review the settings.

    Did you restart the services and machines after running the ipconfig commands?


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Tuesday, August 20, 2013 2:51 PM
  • First I should note that I am doing all of this on the server and NOT from a second client machine in case that is relevant. Yes I restarted netlogin but nothing else after ipconfig /flushdns and /registerdns. I can restart the whole DC after hours if needed.

    When I ping twonofwestpoint.local I get a response so that seems to be resolving correctly. Even so, I then attempt to run AD UC and it tells me it cannot find the domain.

    Here is the IPCONFIG /ALL unedited:

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Users\administrator.TOWNOFWESTPOINT>ping townofwestpoint.local

    Pinging townofwestpoint.local [192.168.10.253] with 32 bytes of data:
    Reply from 192.168.10.253: bytes=32 time<1ms TTL=128
    Reply from 192.168.10.253: bytes=32 time<1ms TTL=128
    Reply from 192.168.10.253: bytes=32 time<1ms TTL=128
    Reply from 192.168.10.253: bytes=32 time<1ms TTL=128

    Ping statistics for 192.168.10.253:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 0ms, Maximum = 0ms, Average = 0ms

    C:\Users\administrator.TOWNOFWESTPOINT>cd\

    C:\>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : WestPointFile
       Primary Dns Suffix  . . . . . . . : townofwestpoint.local
       Node Type . . . . . . . . . . . . : Unknown
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : townofwestpoint.local

    Ethernet adapter Local Area Connection 2:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet #2
       Physical Address. . . . . . . . . : E0-DB-55-16-9C-02
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 192.168.10.253(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.10.1
       DNS Servers . . . . . . . . . . . : 192.168.10.253
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.{88E229EC-4ACE-4FB6-8632-3EADB72ED16C}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 11:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    C:\>


    Tuesday, August 20, 2013 6:02 PM
  • Hi

    If the ping answer I found it strange, your DNS answer and it locate itselft.

    Tried a AD database repair ? (Esentutl /p c:\windows\ntds\ntds.dit while in Active directory service mode)  (http://technet.microsoft.com/en-us/library/hh875504.aspx or http://www.digitalforensics.be/blog/?p=193) 

    Thanks


    MCP | MCTS - Exchange 2007, Configuring | Member of TechNet Wiki Community Council | French Moderator on TechNet Wiki (Translation Widget)

    Wednesday, August 21, 2013 3:00 AM
  • I have rebuilt the database and started and stopped Netlogin multiple times but I still cannot reliably connect to many resources. Sometimes it works, sometimes it does not.

    Again. Single server with AD, DNS, and GC on it. Here is a sample error from AD:

    • Active Directory Domain Services was unable to establish a connection with the global catalog. 

      Additional Data 
      Error value:
      1355 The specified domain either does not exist or could not be contacted. 
      Internal ID:
      3200e25 

     I am convinced that the DNS service is fouled up but cannot figure out what to do.

    Any ideas anyone...?

    Friday, August 23, 2013 7:16 PM
  • Hi,

    Please check the sysvol and netlogon share are available or not. The DNS seems not to run correct this may result in the missing folders.

    You could refer to the artilce below to troubleshoot your issue:

    Error Message: The Specified Domain Either Does Not Exist or Could Not Be Contacted

    http://support.microsoft.com/kb/283133/en-us

    If your issue still exists, you could restore the DC from backup.

    I hope this helps.

    Regards,


    Mandy Ye


    Monday, August 26, 2013 4:45 AM