none
Windows 2008 Complete Restore issues with DNS

    问题

  • I have a running windows 2008 Server AD with Exchange, to test our disaster recovery process, we purchased another server with same Hardware spces.

    I restored the backup from USB backup drive which contains full backup of our main server.

    system comes up fine with no issue, you can login with no problem but when i tried to open up active directory site and services, got an error stating it cannot contact the domain controller,

    DNS is working, I also assigned same IP address as original server to one of the NIC and used same IP for DNS server.

    it looks like something in DNS is changed and none of AD related application can find domain controller (like exchange mmc)

    is there anything special that needs to be done when restoring a full vol on AD ?

    • 已移动 Tiger Li 2012年6月13日 7:26 (From:Branch Office)
    2012年6月11日 21:46

答案

  • Have you verified that sysvol and netlogon share is available.Run net share command to check the same.

    Check NIC binding the NIC which is online and has ip details should be in first order.If multiple NIC are present then disabled the unrequired NIC.http://theregime.wordpress.com/2008/03/04/how-to-setview-the-nic-bind-order-in-windows/

    Restart the netlogon and dns service.Run dcdiag /fix and check how does it work.

    In case if sysvol and netlogon share is not available.Assuming you have single DC perfrom authorative restore(D4) of sysvol.Kindly take the backup of the sysvol folder from DC that is copy paste the content of the sysvol to temp location.http://support.microsoft.com/kb/316790

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    2012年6月17日 16:41

全部回复

  • Hi,

    Please run the command: dcdiag /test:dns to verify DNS registration and TCP/IP connectivity. For the detailed information, please refer to the following Microsoft TechNet article:

    Verify DNS Registration and TCP/IP Connectivity

    http://technet.microsoft.com/en-us/library/cc816791(v=ws.10).aspx

    For more information, please also refer to the following Microsoft TechNet article:

    Recovering Active Directory Domain Services

    http://technet.microsoft.com/en-us/library/cc816751(v=ws.10).aspx

    Regards,


    Arthur Li

    TechNet Community Support

    2012年6月14日 9:10
    版主
  • Hi,

    1)How did you verified that DNS is working, can you paste the result of dcdiag /test:dns (if not confedential) as suggested by arthur

    2)Have you checked if the new DC is authenticating client machines

    I guess the article given in below link applies to your scenario.

    http://technet.microsoft.com/en-us/library/cc816932(v=ws.10)


    Hope it helps __________________________ Best regards Sarang Tinguria MCP, MCSA, MCTS Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    2012年6月14日 9:24
  • Hello,

    beside the already requested output files, which better are uploaded btw., i would like to mention that Exchange on DCs is NOT recommended by Microsoft:

    ipconfig /all >c:\ipconfig.txt [from each DC/DNS Server]

    dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt

    repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt  ["dc* is a place holder for the starting name of the DCs if they all begin the same (if more then one DC exists)]

    dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045)

    As the output will become large, DON'T post them into the thread, please use Windows Sky Drive (skydrive.live.com) [with open access!] and add the link from it here. Also the /e in dcdiag scans the complete forest, so better run it on COB.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    • 已建议为答案 VenkatSP 2012年6月17日 17:19
    2012年6月14日 9:51
  • My first question, is it a SBS server or normal windows 2008 Server with standard or enterprise edition? Running domain with single DC can be risky & difficult to provide high availability to the apps/machine dependent on the AD for the authentication. What are the error seen in the event log, because they may provide pointer to the actual error causing the issue.


    Awinish Vishwakarma - MVP - Directory Services

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    2012年6月14日 10:54
    版主
  • here is the output for ipconfig and dnsdiag:

    C:\>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : DC01
       Primary Dns Suffix  . . . . . . . : mydomain.local
       Node Type . . . . . . . . . . . . : Broadcast
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : mydomain.local

    Ethernet adapter Private:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
     VBD Client) #4
       Physical Address. . . . . . . . . : 00-22-19-01-8E-20
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 10.0.2.120(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . :
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter Main:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
     VBD Client) #3
       Physical Address. . . . . . . . . : 00-22-19-01-8E-1E
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::2929:7239:a0d6:7b9f%13(Preferred)
       Link-local IPv6 Address . . . . . : fe80::5cd3:da9e:8e7a:886a%13(Preferred)
       IPv4 Address. . . . . . . . . . . : 10.0.0.6(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 10.0.0.1
       DHCPv6 IAID . . . . . . . . . . . : 285221401
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-A3-88-35-00-22-19-91-A2-4C

       DNS Servers . . . . . . . . . . . : fe80::5cd3:da9e:8e7a:886a%13
                                           10.0.0.6
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter Local Area Connection* 9:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : isatap.{81C00C44-79B8-4B85-9CBF-5A2626B5D
    61A}
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 11:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : isatap.{3F0CF6F7-E2EE-4DAF-A782-76DA0D330
    075}
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    C:\>

    C:\>dcdiag /test:dns

    Directory Server Diagnosis

    Performing initial setup:
       Trying to find home server...
       Home Server = DC01
       * Identified AD Forest.
       Done gathering initial info.

    Doing initial required tests

       Testing server: Default-First-Site-Name\DC01
          Starting test: Connectivity
             ......................... DC01 passed test Connectivity

    Doing primary tests

       Testing server: Default-First-Site-Name\DC01

          Starting test: DNS

             DNS Tests are running and not hung. Please wait a few minutes...
             ......................... DC01 passed test DNS

       Running partition tests on : ForestDnsZones

       Running partition tests on : DomainDnsZones

       Running partition tests on : Schema

       Running partition tests on : Configuration

       Running partition tests on : mydomain

       Running enterprise tests on : mydomain.local
          Starting test: DNS
             Test results for domain controllers:

                DC: DC01.mydomain.local
                Domain: mydomain.local


                   TEST: Basic (Basc)
                      Warning: The AAAA record for this DC was not found

                   TEST: Records registration (RReg)
                      Network Adapter
                      [00000010] Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
    t):

                         Warning:
                         Missing AAAA record at DNS server 10.0.0.6:
                         DC01.mydomain.local

                         Warning:
                         Missing AAAA record at DNS server 10.0.0.6:
                         gc._msdcs.mydomain.local

                   Warning: Record Registrations not found in some network adapters

                   DC01                         PASS WARN PASS PASS PASS WARN n/a
             ......................... mydomain.local passed test DNS

    2012年6月14日 21:08
  • this is a test environment , just a test server no clients so far.

    thanks for the article i'll read it and hopefully find the answer!

    2012年6月14日 21:10
  • this is not SBS, its Server 2008 standard with exchange 2007, it the production we have two DC, for this test, we are just trying to restore first DC (which already have exchange installed ) in our test environment, so just one server, no client machine and secondary DC.

    error logs sample:

    The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
    ....
    Process STORE.EXE (PID=4132). Topology discovery failed, error 0x80040a02 (DSC_E_NO_SUITABLE_CDC). Look up the Lightweight Directory Access Protocol (LDAP) error code specified in the event description. To do this, use Microsoft Knowledge Base article 218185, "Microsoft LDAP Error Codes." Use the information in that article to learn more about the cause and resolution to this error. Use the Ping or PathPing command-line tools to test network connectivity to local domain controllers.

    also when i try to open anything AD related like users and computers:Naming information cannot be located because the specific domain either does not exist or could not be contacted. 

    Opening up exchange MMC: Domain mydomain.local cannot be contacted or does not exit.

    2012年6月14日 21:22
  • Hello,

    the DC is multihomed, which is also bad configuration on DCs, more then one ip address/NIC is used. This result always in name resolution problems as you see now.

    So disable one NIC and run ipconfig /flushdns and ipconfig /registerdns and restart the netlogon service. Also assure there is only one ip address for the server registered in DNS.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    2012年6月14日 21:33
  • I disabled private NIC and changed DNS to listen to Main NIC IP, still same issue like this event:

    Active Directory Domain Services was unable to establish a connection with the global catalog. 
     
    Additional Data 
    Error value:
    1355 The specified domain either does not exist or could not be contacted. 
    Internal ID:
    3200d50 
     
    User Action: 
    Make sure a global catalog is available in the forest, and is reachable from this domain controller. You may use the nltest utility to diagnose this problem.

    2012年6月15日 19:39
  • Hello,

    so you have also run "ipconfig /flushdns and ipconfig /registerdns and restart the netlogon service"?

    And if you check within AD sites and services you also have the GC checkmark set?


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    2012年6月17日 15:12
  • Have you verified that sysvol and netlogon share is available.Run net share command to check the same.

    Check NIC binding the NIC which is online and has ip details should be in first order.If multiple NIC are present then disabled the unrequired NIC.http://theregime.wordpress.com/2008/03/04/how-to-setview-the-nic-bind-order-in-windows/

    Restart the netlogon and dns service.Run dcdiag /fix and check how does it work.

    In case if sysvol and netlogon share is not available.Assuming you have single DC perfrom authorative restore(D4) of sysvol.Kindly take the backup of the sysvol folder from DC that is copy paste the content of the sysvol to temp location.http://support.microsoft.com/kb/316790

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    2012年6月17日 16:41