none
A Global Catalog Server could not be located - All GC's are down SBS 2011

    Question

  • I have been searching through these forums and manage to find similar errors but am struggling to find an answer that applies to this me.


    I seem to be having a number of issues with our SBS. I believe this was originally domain was previously on a SBS 2003 box before being moved to this SBS 2011 box last year, it has been running fine until yesterday. I cant see anything that has changed then though.

    Everything seems to point to DNS although I am struggling to pinpoint the actual cause. The most worrying is when I try to open something on the SBS such as AD sites and services.

    the error is

    Active Directory Domain Services - Naming information cannot be located because: The specified domain either does not exist or could not be contacted. Contact your system administrator to verify that your domain is properly configured and is currently online.

    Here is the IPconfig/all from the server

    v

    Host Name . . . . . . . . . . . . : SBS2012
       Primary Dns Suffix  . . . . . . . : Contosso.local
       Node Type . . . . . . . . . . . . : Broadcast
       IP Routing Enabled. . . . . . . . : Yes
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : Contosso.local
    
    Ethernet adapter Local Area Connection 2:
    
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Intel(R) 82575EB Gigabit Network Connecti
    on #2
       Physical Address. . . . . . . . . : 00-1E-67-39-23-14
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::8087:34f0:59f9:6a26%12(Preferred)
       IPv4 Address. . . . . . . . . . . : 192.168.35.250(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.35.1
       DHCPv6 IAID . . . . . . . . . . . : 301997671
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-39-46-22-00-1E-67-39-23-15
    
       DNS Servers . . . . . . . . . . . : 192.168.35.250
       NetBIOS over Tcpip. . . . . . . . : Enabled
    
    PPP adapter RAS (Dial In) Interface:
    
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : RAS (Dial In) Interface
       Physical Address. . . . . . . . . :
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 192.168.35.24(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.255
       Default Gateway . . . . . . . . . :
       NetBIOS over Tcpip. . . . . . . . : Enabled
    
    Tunnel adapter isatap.{6E06F030-7526-11D2-BAF4-00600815A4BD}:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    
    Tunnel adapter Teredo Tunneling Pseudo-Interface:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    
    Tunnel adapter isatap.{A23E95B8-B5C2-4D88-BDE9-E9F1C2DD3902}:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    and here is the nltest

    nltest /server:sbs2012 /dsgetdc:contosso.local
               DC: \\SBS2012.contosso.local
          Address: \\192.168.35.250
         Dom Guid: c50b6df3-9d22-4c87-b2a7-adadc4fd5ec1
         Dom Name: contosso.local
      Forest Name: contosso.local
     Dc Site Name: Default-First-Site-Name
    Our Site Name: Default-First-Site-Name
            Flags: PDC GC DS LDAP KDC TIMESERV GTIMESERV WRITABLE DNS_DC DNS_DOMAIN
    DNS_FOREST CLOSE_SITE FULL_SECRET WS
    The command completed successfully

    As far as I can see everything so far looks ok (highly possible I am missing something) but when I run a DCDIAG it gets messy

    Directory Server Diagnosis
    
    
    Performing initial setup:
    
       Trying to find home server...
    
       Home Server = SBS2012
    
       * Identified AD Forest. 
       Done gathering initial info.
    
    
    Doing initial required tests
    
    
       Testing server: Default-First-Site-Name\SBS2012
    
          Starting test: Connectivity
    
             ......................... SBS2012 passed test Connectivity
    
    
    
    Doing primary tests
    
    
       Testing server: Default-First-Site-Name\SBS2012
    
          Starting test: Advertising
    
             Fatal Error:DsGetDcName (SBS2012) call failed, error 1355
    
             The Locator could not find the server.
    
             ......................... SBS2012 failed test Advertising
    
          Starting test: FrsEvent
    
             There are warning or error events within the last 24 hours after the
    
             SYSVOL has been shared.  Failing SYSVOL replication problems may cause
    
             Group Policy problems. 
             ......................... SBS2012 passed test FrsEvent
    
          Starting test: DFSREvent
    
             ......................... SBS2012 passed test DFSREvent
    
          Starting test: SysVolCheck
    
             ......................... SBS2012 passed test SysVolCheck
    
          Starting test: KccEvent
    
             ......................... SBS2012 passed test KccEvent
    
          Starting test: KnowsOfRoleHolders
    
             ......................... SBS2012 passed test KnowsOfRoleHolders
    
          Starting test: MachineAccount
    
             ......................... SBS2012 passed test MachineAccount
    
          Starting test: NCSecDesc
    
             Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have 
    
                Replicating Directory Changes In Filtered Set
             access rights for the naming context:
    
             DC=DomainDnsZones,DC=Contosso,DC=local
             Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have 
    
                Replicating Directory Changes In Filtered Set
             access rights for the naming context:
    
             DC=ForestDnsZones,DC=Contosso,DC=local
             ......................... SBS2012 failed test NCSecDesc
    
          Starting test: NetLogons
    
             Unable to connect to the NETLOGON share! (\\SBS2012\netlogon)
    
             [SBS2012] An net use or LsaPolicy operation failed with error 67,
    
             The network name cannot be found..
    
             ......................... SBS2012 failed test NetLogons
    
          Starting test: ObjectsReplicated
    
             ......................... SBS2012 passed test ObjectsReplicated
    
          Starting test: Replications
    
             [Replications Check,SBS2012] DsReplicaGetInfo(PENDING_OPS, NULL)
    
             failed, error 0x2105 "Replication access was denied."
    
             ......................... SBS2012 failed test Replications
    
          Starting test: RidManager
    
             ......................... SBS2012 passed test RidManager
    
          Starting test: Services
    
                Could not open NTDS Service on SBS2012, error 0x5
    
                "Access is denied."
    
             ......................... SBS2012 failed test Services
    
          Starting test: SystemLog
    
             An error event occurred.  EventID: 0x0000041E
    
                Time Generated: 07/12/2013   08:27:32
    
                Event String:
    
                The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
    
             An error event occurred.  EventID: 0x0000041E
    
                Time Generated: 07/12/2013   08:32:32
    
                Event String:
    
                The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
    
             An error event occurred.  EventID: 0x0000041E
    
                Time Generated: 07/12/2013   08:37:32
    
                Event String:
    
                The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
    
             An error event occurred.  EventID: 0x0000041E
    
                Time Generated: 07/12/2013   08:42:32
    
                Event String:
    
                The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
    
             An error event occurred.  EventID: 0x0000041E
    
                Time Generated: 07/12/2013   08:47:32
    
                Event String:
    
                The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
    
             An error event occurred.  EventID: 0x0000041E
    
                Time Generated: 07/12/2013   08:52:32
    
                Event String:
    
                The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
    
             An error event occurred.  EventID: 0x00000457
    
                Time Generated: 07/12/2013   08:54:09
    
                Event String:
    
                Driver EPSON WorkForce 645 Series required for printer EPSON WorkForce 645 Series is unknown. Contact the administrator to install the driver before you log in again.
    
             An error event occurred.  EventID: 0x00000457
    
                Time Generated: 07/12/2013   08:54:10
    
                Event String:
    
                Driver FX DocuCentre-IV C2270 PCL 6 required for printer scanner - 212 Manukau Rd Epsom is unknown. Contact the administrator to install the driver before you log in again.
    
             An error event occurred.  EventID: 0x00000457
    
                Time Generated: 07/12/2013   08:54:10
    
                Event String:
    
                Driver HP ePrint required for printer HP ePrint is unknown. Contact the administrator to install the driver before you log in again.
    
             An error event occurred.  EventID: 0x00000457
    
                Time Generated: 07/12/2013   08:54:11
    
                Event String:
    
                Driver PDF Complete Converter required for printer PDF Complete is unknown. Contact the administrator to install the driver before you log in again.
    
             An error event occurred.  EventID: 0x00000457
    
                Time Generated: 07/12/2013   08:54:14
    
                Event String:
    
                Driver Send To Microsoft OneNote 2010 Driver required for printer Send To OneNote 2010 is unknown. Contact the administrator to install the driver before you log in again.
    
             An error event occurred.  EventID: 0x0000041E
    
                Time Generated: 07/12/2013   08:57:32
    
                Event String:
    
                The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
    
             An error event occurred.  EventID: 0x0000041E
    
                Time Generated: 07/12/2013   09:02:33
    
                Event String:
    
                The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
    
             A warning event occurred.  EventID: 0x00002724
    
                Time Generated: 07/12/2013   09:03:32
    
                Event String:
    
                This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses.
    
             An error event occurred.  EventID: 0x0000041A
    
                Time Generated: 07/12/2013   09:03:33
    
                Event String:
    
                The DHCP/BINL service on the local machine encountered a network error. The error was: 0x       2.
    
             An error event occurred.  EventID: 0x0000041E
    
                Time Generated: 07/12/2013   09:03:33
    
                Event String:
    
                The DHCP/BINL service on this computer is shutting down. See the previous event log messages for reasons.
    
             An error event occurred.  EventID: 0xC0002720
    
                Time Generated: 07/12/2013   09:03:45
    
                Event String:
    
                The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
    
    
             An error event occurred.  EventID: 0xC0002720
    
                Time Generated: 07/12/2013   09:03:46
    
                Event String:
    
                The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
    
    
             An error event occurred.  EventID: 0xC0002720
    
                Time Generated: 07/12/2013   09:03:46
    
                Event String:
    
                The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
    
    
             An error event occurred.  EventID: 0xC0002720
    
                Time Generated: 07/12/2013   09:03:46
    
                Event String:
    
                The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
    
    
             An error event occurred.  EventID: 0xC0002720
    
                Time Generated: 07/12/2013   09:03:46
    
                Event String:
    
                The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
    
    
             An error event occurred.  EventID: 0x00000406
    
                Time Generated: 07/12/2013   09:07:33
    
                Event String:
    
                The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
    
             An error event occurred.  EventID: 0x00000406
    
                Time Generated: 07/12/2013   09:12:34
    
                Event String:
    
                The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
    
             An error event occurred.  EventID: 0xC00038D6
    
                Time Generated: 07/12/2013   09:16:24
    
                Event String:
    
                The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.
    
             An error event occurred.  EventID: 0x0000041E
    
                Time Generated: 07/12/2013   09:17:34
    
                Event String:
    
                The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
    
             An error event occurred.  EventID: 0x0000041E
    
                Time Generated: 07/12/2013   09:22:34
    
                Event String:
    
                The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
    
             ......................... SBS2012 failed test SystemLog
    
          Starting test: VerifyReferences
    
             ......................... SBS2012 passed test VerifyReferences
    
    
    
       Running partition tests on : DomainDnsZones
    
          Starting test: CheckSDRefDom
    
             ......................... DomainDnsZones passed test CheckSDRefDom
    
          Starting test: CrossRefValidation
    
             ......................... DomainDnsZones passed test
    
             CrossRefValidation
    
    
       Running partition tests on : ForestDnsZones
    
          Starting test: CheckSDRefDom
    
             ......................... ForestDnsZones passed test CheckSDRefDom
    
          Starting test: CrossRefValidation
    
             ......................... ForestDnsZones passed test
    
             CrossRefValidation
    
    
       Running partition tests on : Schema
    
          Starting test: CheckSDRefDom
    
             ......................... Schema passed test CheckSDRefDom
    
          Starting test: CrossRefValidation
    
             ......................... Schema passed test CrossRefValidation
    
    
       Running partition tests on : Configuration
    
          Starting test: CheckSDRefDom
    
             ......................... Configuration passed test CheckSDRefDom
    
          Starting test: CrossRefValidation
    
             ......................... Configuration passed test CrossRefValidation
    
    
       Running partition tests on : Contosso
    
          Starting test: CheckSDRefDom
    
             ......................... Contosso passed test CheckSDRefDom
    
          Starting test: CrossRefValidation
    
             ......................... Contosso passed test CrossRefValidation
    
    
       Running enterprise tests on : Contosso.local
    
          Starting test: LocatorCheck
    
             Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
    
             A Global Catalog Server could not be located - All GC's are down.
    
             Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
    
             A Time Server could not be located.
    
             The server holding the PDC role is down.
    
             Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
    
             1355
    
             A Good Time Server could not be located.
    
             Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
    
             A KDC could not be located - All the KDCs are down.
    
             ......................... Contosso.local failed test LocatorCheck
    
          Starting test: Intersite
    
             ......................... Contosso.local passed test Intersite

    I found a few people who have had similar issues that was caused by the "netlogon" service being paused or stopped but in my case it is set to automatically start and is running.

    I have also posted this to serverfault  (cant post links yet serverfault.com/questions/522691/a-global-catalog-server-could-not-be-located-all-gcs-are-down) added as there may be info there that may help.

    Thanks for taking the time to read this, hopefully someone out there has come across this before or can offer something in regards to the next steps I should take.

    Thursday, July 11, 2013 11:22 PM

Answers

  • Assuming we just have a single DC on the network.

    If 'm correct follow the steps below:

    Take a backup of the SYSVOL folder (Your Scripts and Policies)

    Stop the FRS service. (net stop ntfrs)

    Open regedit.

    HKLM\SYSTEM\CurrentControlSet\Services\NTFRS\CumulativeReplicaSet

    Set the Burflags to D4

    Start the FRS service. (net start ntfrs)

    Check the eventviewer for 13516 event for FRS.

    We should be good now !! :D


    Regards, Lohorong

    • Marked as answer by Jase nz Sunday, July 14, 2013 9:19 AM
    Friday, July 12, 2013 11:10 AM

All replies

  • Hi
    You say this happened yesterday.  In the US, that is not likely to be as a result of the current round of updates, but we can't overlook the possibility that it was a new (or even an older but newly applied) update that broke your server.  I think I would open a case with MS as update support calls are no charge and see what they have to say.  Even if in the end they don't find any cause and effect with updates, it would be worth the cost of the support call to get this fixed asap.  I think your other possible choice is to restore from a recent known good backup.

    Having said that, please look in the event logs for possible error events that may give you further clues.


    Larry Struckmeyer[SBS-MVP]

    Friday, July 12, 2013 2:53 AM
  • Assuming we just have a single DC on the network.

    If 'm correct follow the steps below:

    Take a backup of the SYSVOL folder (Your Scripts and Policies)

    Stop the FRS service. (net stop ntfrs)

    Open regedit.

    HKLM\SYSTEM\CurrentControlSet\Services\NTFRS\CumulativeReplicaSet

    Set the Burflags to D4

    Start the FRS service. (net start ntfrs)

    Check the eventviewer for 13516 event for FRS.

    We should be good now !! :D


    Regards, Lohorong

    • Marked as answer by Jase nz Sunday, July 14, 2013 9:19 AM
    Friday, July 12, 2013 11:10 AM
  • Here is more information about the fix recommended by Lohorong.

    http://www.eventid.net/display.asp?eventid=13568&eventno=1743&source=NtFrs&phase=1

    You should be able to see an Error Event 13568 in the Event View with the error that the system is in Jrnl_Wrap.

    I hope Lohorong has it right.  If so this is a simple fix and you should do it.  I did not see any reference to Jrnl Wrap in the orginal post, and I have never seen it cause these symptoms.

    But, let's hope it does fix it.  Please let us know.


    Larry Struckmeyer[SBS-MVP]

    Saturday, July 13, 2013 9:41 PM
  • Thanks Lohorong, this did not work for me unfortunately (sysvol folder was not rebuilt). But it did point me in the right direction. I ended up restoring the sysvolfolder from an earlier backup and it all seems to be fine now.
    Sunday, July 14, 2013 9:19 AM
  • Some troubleshooting ideas:

    0. Check if the DCs can resolve each other using their DNSHostName. If not, this indicates some DNS misconfiguration -- you need to fix that first.
    1. Check if the both the DCs are pointing to the same DNS server (or DNS servers that are replica of each other). Run: "ipconfig /all" and check its output. If not, correct the DNS client settings and run dcdiag after sometime.
    2. Check if dynamic updates are "turned on" on the DNS server.
    3. Try re-registering the DCs SRV records by either restarting netlogon service or by running the following command: 
         nltest.exe /dsregdns
    Friday, January 24, 2014 7:00 AM