none
Group policy default policy cannot be edited because network name not found

    Question

  • Hey everyone,

    I have been having issues on and off with my domain. Originally the PDC crashed (the only domain controller). I started an old server and made it a domain controller and forced the roles over. Then I repaired the PDC and elevated it back. although this appeared to work I found that I cannot get rid of the other DC because the PDC can no longer contact the domain for things like Group policy or anything else. I then start the secondary and the domain is magically reachable. Although while the secondary is down I can ping the domain and it replies with the ip of the PDC it appears my PDC has no control over anything. My questions are the following.

    1. The GPOs I created before the crash no longer work. I rebuilt the sysvol and now everything is back to default problem is I can't edit the default domain policy. I don't believe I am having replication problems but I am new to repairing domains as setting them up and maintaining them is where most of my education came from. 

    2. If the PDC GPO management console can't access the GPOs what can as the secondary does not have this installed?

    3. Why is the domain unreachable as if no DCs are online when I shutdown secondary.

    Thanks in advance and I will try to edit this with a dc diag log but right now there is so much on it that fails I want to narrow some of it out for you guys to only concentrate on the hardest problems.

    Matt

    Edit one:

    I just installed GPMC on my secondary which is server 2003 and the same error is happening. What am I missing I feel like an idiot that this isn't just coming to me. The sysvol folder is on both DCs the domain is there but there are no GUID folders below that. Is that what I am missing the policies are not there? I am going to delete the default and see what I can recreate.

    Thanks

    Matt

    Ok so here is some more information. 

    I created a new GPO and it appeared to be ok. Suddenly I can no longer access the gpo to edit it. It is saying that the network path is not found on the new one and the old ones. What is going on here. attached you will also find my DC Diag  report.

    irectory Server Diagnosis

    Performing initial setup:
       Trying to find home server...
       Home Server = SERVER1
       * Identified AD Forest.
       Done gathering initial info.

    Doing initial required tests

       Testing server: Default-First-Site-Name\SERVER1
          Starting test: Connectivity
             ......................... SERVER1 passed test Connectivity

    Doing primary tests

       Testing server: Default-First-Site-Name\SERVER1
          Starting test: Advertising
             ......................... SERVER1 passed test Advertising
          Starting test: FrsEvent
             There are warning or error events within the last 24 hours after the
             SYSVOL has been shared.  Failing SYSVOL replication problems may cause
             Group Policy problems.
             ......................... SERVER1 passed test FrsEvent
          Starting test: DFSREvent
             ......................... SERVER1 passed test DFSREvent
          Starting test: SysVolCheck
             ......................... SERVER1 passed test SysVolCheck
          Starting test: KccEvent
             ......................... SERVER1 passed test KccEvent
          Starting test: KnowsOfRoleHolders
             ......................... SERVER1 passed test KnowsOfRoleHolders
          Starting test: MachineAccount
             ......................... SERVER1 passed test MachineAccount
          Starting test: NCSecDesc
             ......................... SERVER1 passed test NCSecDesc
          Starting test: NetLogons
             Unable to connect to the NETLOGON share! (\\SERVER1\netlogon)
             [SERVER1] An net use or LsaPolicy operation failed with error 67,
             The network name cannot be found..
             ......................... SERVER1 failed test NetLogons
          Starting test: ObjectsReplicated
             ......................... SERVER1 passed test ObjectsReplicated
          Starting test: Replications
             [DELLSERVER] DsBindWithSpnEx() failed with error 1722,
             The RPC server is unavailable..
             ......................... SERVER1 failed test Replications
          Starting test: RidManager
             ......................... SERVER1 passed test RidManager
          Starting test: Services
             ......................... SERVER1 passed test Services
          Starting test: SystemLog
             An error event occurred.  EventID: 0x00000406
                Time Generated: 02/23/2016   17:58:54
                Event String:
                The processing of Group Policy failed. Windows attempted to retrieve
     new Group Policy settings for this user or computer. Look in the details tab fo
    r error code and description. Windows will automatically retry this operation at
     the next refresh cycle. Computers joined to the domain must have proper name re
    solution and network connectivity to a domain controller for discovery of new Gr
    oup Policy objects and settings. An event will be logged when Group Policy is su
    ccessful.
             An error event occurred.  EventID: 0x00000406
                Time Generated: 02/23/2016   18:03:55
                Event String:
                The processing of Group Policy failed. Windows attempted to retrieve
     new Group Policy settings for this user or computer. Look in the details tab fo
    r error code and description. Windows will automatically retry this operation at
     the next refresh cycle. Computers joined to the domain must have proper name re
    solution and network connectivity to a domain controller for discovery of new Gr
    oup Policy objects and settings. An event will be logged when Group Policy is su
    ccessful.
             An error event occurred.  EventID: 0x00000406
                Time Generated: 02/23/2016   18:08:56
                Event String:
                The processing of Group Policy failed. Windows attempted to retrieve
     new Group Policy settings for this user or computer. Look in the details tab fo
    r error code and description. Windows will automatically retry this operation at
     the next refresh cycle. Computers joined to the domain must have proper name re
    solution and network connectivity to a domain controller for discovery of new Gr
    oup Policy objects and settings. An event will be logged when Group Policy is su
    ccessful.
             An error event occurred.  EventID: 0x00000406
                Time Generated: 02/23/2016   18:13:56
                Event String:
                The processing of Group Policy failed. Windows attempted to retrieve
     new Group Policy settings for this user or computer. Look in the details tab fo
    r error code and description. Windows will automatically retry this operation at
     the next refresh cycle. Computers joined to the domain must have proper name re
    solution and network connectivity to a domain controller for discovery of new Gr
    oup Policy objects and settings. An event will be logged when Group Policy is su
    ccessful.
             An error event occurred.  EventID: 0x00000406
                Time Generated: 02/23/2016   18:18:57
                Event String:
                The processing of Group Policy failed. Windows attempted to retrieve
     new Group Policy settings for this user or computer. Look in the details tab fo
    r error code and description. Windows will automatically retry this operation at
     the next refresh cycle. Computers joined to the domain must have proper name re
    solution and network connectivity to a domain controller for discovery of new Gr
    oup Policy objects and settings. An event will be logged when Group Policy is su
    ccessful.
             A warning event occurred.  EventID: 0x000003F6
                Time Generated: 02/23/2016   18:21:51
                Event String:
                Name resolution for the name eitel.local timed out after none of the
     configured DNS servers responded.
             An error event occurred.  EventID: 0x00000406
                Time Generated: 02/23/2016   18:23:57
                Event String:
                The processing of Group Policy failed. Windows attempted to retrieve
     new Group Policy settings for this user or computer. Look in the details tab fo
    r error code and description. Windows will automatically retry this operation at
     the next refresh cycle. Computers joined to the domain must have proper name re
    solution and network connectivity to a domain controller for discovery of new Gr
    oup Policy objects and settings. An event will be logged when Group Policy is su
    ccessful.
             An error event occurred.  EventID: 0x0000164A
                Time Generated: 02/23/2016   18:26:30
                Event String:
                The Netlogon service could not create server share C:\Windows\SYSVOL
    \sysvol\eitel.local\SCRIPTS.  The following error occurred:
             An error event occurred.  EventID: 0x00000422
                Time Generated: 02/23/2016   18:28:58
                Event String:
                The processing of Group Policy failed. Windows attempted to read the
     file \\eitel.local\sysvol\eitel.local\Policies\{6AC1786C-016F-11D2-945F-00C04FB
    984F9}\gpt.ini from a domain controller and was not successful. Group Policy set
    tings may not be applied until this event is resolved. This issue may be transie
    nt and could be caused by one or more of the following:
             An error event occurred.  EventID: 0x00000422
                Time Generated: 02/23/2016   18:33:58
                Event String:
                The processing of Group Policy failed. Windows attempted to read the
     file \\eitel.local\sysvol\eitel.local\Policies\{6AC1786C-016F-11D2-945F-00C04FB
    984F9}\gpt.ini from a domain controller and was not successful. Group Policy set
    tings may not be applied until this event is resolved. This issue may be transie
    nt and could be caused by one or more of the following:
             An error event occurred.  EventID: 0x00000422
                Time Generated: 02/23/2016   18:38:59
                Event String:
                The processing of Group Policy failed. Windows attempted to read the
     file \\eitel.local\sysvol\eitel.local\Policies\{6AC1786C-016F-11D2-945F-00C04FB
    984F9}\gpt.ini from a domain controller and was not successful. Group Policy set
    tings may not be applied until this event is resolved. This issue may be transie
    nt and could be caused by one or more of the following:
             An error event occurred.  EventID: 0x00000422
                Time Generated: 02/23/2016   18:43:59
                Event String:
                The processing of Group Policy failed. Windows attempted to read the
     file \\eitel.local\sysvol\eitel.local\Policies\{6AC1786C-016F-11D2-945F-00C04FB
    984F9}\gpt.ini from a domain controller and was not successful. Group Policy set
    tings may not be applied until this event is resolved. This issue may be transie
    nt and could be caused by one or more of the following:
             An error event occurred.  EventID: 0x00000422
                Time Generated: 02/23/2016   18:49:00
                Event String:
                The processing of Group Policy failed. Windows attempted to read the
     file \\eitel.local\sysvol\eitel.local\Policies\{6AC1786C-016F-11D2-945F-00C04FB
    984F9}\gpt.ini from a domain controller and was not successful. Group Policy set
    tings may not be applied until this event is resolved. This issue may be transie
    nt and could be caused by one or more of the following:
             An error event occurred.  EventID: 0x00000422
                Time Generated: 02/23/2016   18:54:00
                Event String:
                The processing of Group Policy failed. Windows attempted to read the
     file \\eitel.local\sysvol\eitel.local\Policies\{6AC1786C-016F-11D2-945F-00C04FB
    984F9}\gpt.ini from a domain controller and was not successful. Group Policy set
    tings may not be applied until this event is resolved. This issue may be transie
    nt and could be caused by one or more of the following:
             ......................... SERVER1 failed test SystemLog
          Starting test: VerifyReferences
             ......................... SERVER1 passed test VerifyReferences


       Running partition tests on : ForestDnsZones
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test
             CrossRefValidation

       Running partition tests on : DomainDnsZones
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test
             CrossRefValidation

       Running partition tests on : Schema
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation

       Running partition tests on : Configuration
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation

       Running partition tests on : eitel
          Starting test: CheckSDRefDom
             ......................... eitel passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... eitel passed test CrossRefValidation

       Running enterprise tests on : eitel.local
          Starting test: LocatorCheck
             ......................... eitel.local passed test LocatorCheck
          Starting test: Intersite
             ......................... eitel.local passed test Intersite

    Any help here would be incredibly helpful

    Thanks again 

    Matt

    • Edited by MattSpotts Wednesday, February 24, 2016 12:32 AM
    Tuesday, February 23, 2016 10:46 PM

All replies

  • At their heart, Active Directory domain controllers each host a database which synchronize with one another.  There are certain key factors that maintain the state of good replication, and things turn bad when servers crash and old ones are brought back to life (as you mentioned you did).  There are tools available to repair these sorts of things, notably ntdsutil, but it involves taking a DC offline to do it.  It basically involving marking the authoritative Directory Service instance, but first, after noticing the errors in your dcdiag output, let's get an idea of where things stand right now at a more macro level.   Send us the output of the following from each DC so we can compare who thinks who has what.  The output will help indicate which one to focus repair efforts on.

    netdom query fsmo

    repadmin /replsum /bysrc /bydest

    ipconfig /all


    Best Regards, Todd Heron | Active Directory Consultant

    Wednesday, February 24, 2016 12:50 AM
  • I am running these now it appears to take a little while I will be with you as soon as they are done

    Wednesday, February 24, 2016 12:57 AM
  • Well I cannot run the first two command on my secondary but here is the report from the primary. 

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Users\admin>netdom query fsmo
    Schema master               SERVER1.eitel.local
    Domain naming master        SERVER1.eitel.local
    PDC                         SERVER1.eitel.local
    RID pool manager            SERVER1.eitel.local
    Infrastructure master       SERVER1.eitel.local
    The command completed successfully.


    C:\Users\admin>repadmin /replsum /bysrc /bydest
    Replication Summary Start Time: 2016-02-23 19:56:59

    Beginning data collection for replication summary, this may take awhile:
      .....


    Source DSA          largest delta    fails/total %%   error
     DELLSERVER                   :52s    0 /   5    0
     SERVER1                   01m:15s    0 /   5    0


    Destination DSA     largest delta    fails/total %%   error
     DELLSERVER                01m:16s    0 /   5    0
     SERVER1                      :52s    0 /   5    0



    C:\Users\admin>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : SERVER1
       Primary Dns Suffix  . . . . . . . : eitel.local
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : eitel.local

    Ethernet adapter Local Area Connection 2:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : HP NC326i PCIe Dual Port Gigabit Server A
    dapter #2
       Physical Address. . . . . . . . . : 78-E3-B5-08-BB-0E
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::e07f:e2a2:311c:3da7%12(Preferred)
       IPv4 Address. . . . . . . . . . . : 10.0.3.4(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.0.0.0
       Default Gateway . . . . . . . . . : 10.0.3.2
       DHCPv6 IAID . . . . . . . . . . . : 309912501
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-FC-82-FA-78-E3-B5-08-BB-0F

       DNS Servers . . . . . . . . . . . : ::1
                                           127.0.0.1
                                           10.0.3.4

    I am going to continue to look for a solution to those commands missing. 

    I did install the tools but to no avail.

    Thanks

    Matt

    Wednesday, February 24, 2016 1:09 AM
  • This is my secondary.

    C:\Program Files\Support Tools>netdom query fsmo
    Schema owner                SERVER1.eitel.local

    Domain role owner           SERVER1.eitel.local

    PDC role                    SERVER1.eitel.local

    RID pool manager            SERVER1.eitel.local

    Infrastructure owner        SERVER1.eitel.local

    The command completed successfully.


    C:\Program Files\Support Tools>repadmin /replsum /bysrc /bydest
    Replication Summary Start Time: 2016-02-23 20:11:05

    Beginning data collection for replication summary, this may take awhile:
      .....


    Source DC           largest delta  fails/total  %%  error
     DELLSERVER                14m:58s    0 /   5    0
     SERVER1                   15m:21s    0 /   5    0


    Destination DC    largest delta    fails/total  %%  error
     DELLSERVER                15m:21s    0 /   5    0
     SERVER1                   14m:58s    0 /   5    0



    C:\Program Files\Support Tools>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : dellserver
       Primary Dns Suffix  . . . . . . . : eitel.local
       Node Type . . . . . . . . . . . . : Unknown
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : eitel.local

    Ethernet adapter Hamachi:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Hamachi Network Interface
       Physical Address. . . . . . . . . : 7A-79-19-F4-38-C4
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : No
       IP Address. . . . . . . . . . . . : 25.244.56.196
       Subnet Mask . . . . . . . . . . . : 255.0.0.0
       Default Gateway . . . . . . . . . :
       DHCP Server . . . . . . . . . . . : 25.0.0.1
       Lease Obtained. . . . . . . . . . : Wednesday, January 27, 2016 9:12:48 AM
       Lease Expires . . . . . . . . . . : Thursday, January 26, 2017 9:12:48 AM

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
       Physical Address. . . . . . . . . : 00-1E-C9-57-8A-7E
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 10.0.3.3
       Subnet Mask . . . . . . . . . . . : 255.0.0.0
       Default Gateway . . . . . . . . . : 10.0.3.2
       DNS Servers . . . . . . . . . . . : 127.0.0.1
                                           10.0.3.3

    C:\Program Files\Support Tools>

    Thanks

    Matt

    Wednesday, February 24, 2016 1:12 AM
  • There's a lot going on here.  It's taken me a little while to analyze your outputs and provide a straightforward recommendation.  I understand that your primary is "SERVER1", IP of 10.0.3.4, and the secondary is "dellserver", with IPs of 25.244.56.196 and 10.0.3.3.  By the way, is that 25.244.56.196 IP actually public-facing?  Let's hope not! That's also problematic for another reason, DCs shouldn't be multi-homed.  Though, the repadmin output shows they are actually successfully replicating with each other, so it must be successfully understanding to use the 10.0.3.3 interface for internal AD communications.  The netdom fsmo output shows that both DCs know the PDCe is SERVER1.  When using the Group Policy management tools, and you are having a problem with editng policies, put the focus on the PDCe - in your case SERVER1. I think you are already doing this - your previous writing indicates that you are aware that SERVER1 the "master" Group Policy server (the DCs are all writable masters, but the PDCe is the master of the master, as it were, for Group Policy, just like it is the final "arbiter" for Time, and for Password changes).  All that said, let's talk about the ipconfig output.  Assuming both servers are also a DNS server, and that appears to be the case based on the ipconfig output, it would benefit you to make a small change to the primary and secondary DNS servers in the NIC settings of both DCs.  For one, the Primary DNS server of 127.0.0.1 listed on both is the Loopback address and shouldn't be appearing in that list in any case (if you had only one DC, then you could get away with that).  Change on both to the actual IPv4 address of the server, and also making the other DC the Secondary DNS server on both.  So, change them like this, and perhaps give each server a fresh restart afterwards:

    ----
    SERVER1:
    Current-
      DNS Servers . . . . . . . . . . . : ::1
                                           127.0.0.1
                                           10.0.3.4

    Change to-
    Primary - 10.0.3.4
    Secondary - 10.0.3.3
     
    (Note - On this server, move the IPv6 address down below the IPv4 address in the Network Connections Advanced Settings Binding Order.  Since the other server doesn't have an IPv6 address listener, it could be the source of the "network name not found" error message when queries are sent to that address)
    ----
    dellserver:
    Current-
       DNS Servers . . . . . . . . . . . : 127.0.0.1
                                           10.0.3.3

    Change to-
    Primary - 10.0.3.3
    Secondary - 10.0.3.4
    ----
    I'm still concerned about the public IP on SERVER1.  If this DC needs to resolve names on the Internet, you can setup DNS Forwarders on for the Internet name resolution.

    Best Regards, Todd Heron | Active Directory Consultant

    • Proposed as answer by Todd Heron Wednesday, February 24, 2016 3:31 AM
    Wednesday, February 24, 2016 3:31 AM
  • Todd, 

    I apologize I have not gotten back to you. It has been shaping up to be a rough day. 

    In response to the public IP that was a program that was used prior to my time here called Hamachi. it was a VPN software that was used for salesmen to gain access to the network. That server was a multipurpose server that has since become obsolete by new software and servers so I made it a DC when the PDC crashed. 

    I will make the corrections to the IP configuration as you had suggested and be sure to report any new information. 

    A problem I noticed and resolved with the GPO is that I can go to server1 and see the syvol folder at c:\windows\sysvol I could also type into the address bar \\server1.eitel.local\sysvol and see that folder problem was they were not the same folder. When I copied the one from c:\ to \\server1 the error with the GPOs disappeared and I was able to edit it. Only problem I see is that the clients may not be seeing the GPOs as they are still following old rules. Another problem that throws me through the loop is that when the SDC goes down the GPOs and everything disappear and the domain is no longer able to be contacted. This may be the dns issue but when I ping the domain with or with out the SDC it returns .04 which is the PDC so what is the SDC holding onto that I can't see?

    Thanks again Todd I know this is very amateurish of me to be missing whats going on here but I can't seem to find that little link that I am missing.

    Matt

    Wednesday, February 24, 2016 3:50 PM
  • Hmmmm...on this statement:  "I can go to server1 and see the syvol folder at c:\windows\sysvol I could also type into the address bar \\server1.eitel.local\sysvol and see that folder problem was they were not the same folder. " 

    I think there is a misunderstanding here.  c:\windows\sysvol will eventually lead you into \\server1.eitel.local\sysvol if you drill down far enough.  I don't think you should have been messing around in there.  Bring up the two SYSVOL shares on both servers side by side and make sure they have the same folders and files in them:

    \\server1.eitel.local\sysvol

    \\dellserver.eitel.local\sysvol


    Best Regards, Todd Heron | Active Directory Consultant

    Wednesday, February 24, 2016 9:46 PM
  • Hi Matt,

    Originally the PDC crashed (the only domain controller). I started an old server and made it a domain controller and forced the roles over. Then I repaired the PDC and elevated it back.

    >>>I noticed that you have seized FSMO roles from original DC. Role seizure could cause directory problems, such as: Data loss or directory inconsistency as a result of replication latency and Two domain controllers performing the same role.

    Base on my experience, originally roles holder should keep offline after seizing the FSMO. If original roles holder comes back online,it might try to perform the operations master role that it previously owned. If two domain controllers are performing the same operations master role simultaneously, the severity of the effect from duplicate operations master roles varies, depending on the role that was seized. The effect can range from no visible effect to potential corruption of the Active Directory database. Do not allow a former operations master role holder whose role has been seized to return to an online domain controller.

    For more information, you could refer to the article below.

    Seizing an operations master role

    https://technet.microsoft.com/en-us/library/cc816741(v=ws.10).aspx

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, February 25, 2016 7:57 AM
    Moderator
  • I understand what you mean that they should lead to the same place. This caught me off guard that they did not match at all. When I drilled down I found the GPOs when I whent to the server.domain\sysvol it was blank. This is my biggest concern that something is right in there and that I have to rebuild it yet again.
    Friday, February 26, 2016 1:58 PM
  • Jay,

    Although your answer is very helpful hindsight is 20/20. I understand what I did was wrong or not a best practice but when you have a DC go down with no backup and 50 people twiddling their thumbs waiting for you and bosses checking in every 5 minutes you make rash unresearched decisions. Now that you understand my plight I ask that instead of saying you should not have done that please help me understand how to untangle what I did.

    As far as I can see it looks like my secondary is still acting like PDC but the front end says its the other way. Do i Have to demote the PDC and then uninstall the roles reinstall them and then promote it properly?

    Thanks for your help

    Friday, February 26, 2016 3:38 PM
  • In your situation with inconsistent Group Policies between the domain controllers, and since data provided indicates Server1 believes it is the PDC:

    PDC                         SERVER1.eitel.local

    try running the following command on server1:

    gpfixup.exe

    you use the Gpfixup.exe command-line tool to repair GPOs as well as GPO references.  It is designed for following domain rename operations which wasn't the case here but since you brought up a very old DC in trying to hastily resolve a problem (I get it) we are going for a hail mary pass here so there is no hurt to try it.


    Best Regards, Todd Heron | Active Directory Consultant

    • Proposed as answer by Todd Heron Friday, February 26, 2016 4:33 PM
    Friday, February 26, 2016 4:33 PM
  • Well there are a few new developments. I discovered a big issue but I discovered the issue. 

    The SDC is the PDC and the PDC is the PDC. I know my head all but exploded when I figured it out but here is the best way I can describe it. Server1 is set to be PDC within the Domain controllers. The dellserver is the PDC that all the clients recognize as the PDC. 

    This explains why when the secondary is taken offline the domain freaks out. 

    So Here is what I am thinking the solution should be but any input would be great. 

    1 promote the SDC(dellserver) upto PDC with in AD.

    2 Remove the Server1 from the domain.

    3. uninstall the Role of DNS, Domain controller reboot and reinstall.

    4. Promote server 1 to PDC and the problem should be resolved. 

    Does this sound reasonable or am I off in left field?

    Thanks

    MAtt 

    Thursday, March 03, 2016 4:10 PM
  • Does anyone think this is good bad or indifferent?

    Thanks

    Matt

    Tuesday, March 08, 2016 2:43 PM
  • At this point I would initiate a Microsoft case with their support services.  The problems are too deep to resolve via this forum.

    Best Regards, Todd Heron | Active Directory Consultant

    Friday, March 11, 2016 2:02 AM