none
AD issue

    Question

  • hi All,

    we have 2 windows 2012 DC in our environment, recently we added 1 windows 2012 R2 DC, tested replication and seems fine.

    Over weekends we need to shutdown both win2012 DC and left only the w2102R2 DC online but we found that AD services failed as it cannot contact domain.

    W2012R2 DC is configured as GC, DNS IPs are set to point to the other DCs and itself.

    When we try ping domain, it can resolve the domain IP to itself. Any idea why domain services failed?

    Thanks

    Sunday, March 12, 2017 3:14 PM

All replies

  • Hi, When you say AD services failed as it can't contact domain, do you mean client machines can't authenticate? If so, is the DNS IP of W2012R2 DC configured on client machines? Is there anything relevant in the event logs you could post on here to help us?
    Sunday, March 12, 2017 3:49 PM
  • hi All,

    we have 2 windows 2012 DC in our environment, recently we added 1 windows 2012 R2 DC, tested replication and seems fine.

    Over weekends we need to shutdown both win2012 DC and left only the w2102R2 DC online but we found that AD services failed as it cannot contact domain.

    W2012R2 DC is configured as GC, DNS IPs are set to point to the other DCs and itself.

    When we try ping domain, it can resolve the domain IP to itself. Any idea why domain services failed?

    Thanks


    Which one is PDC??run "netdom query fsmo" also PDC must be available always..Also share "dcdiag","ipconfig /all","repadmin /replsum" results...

    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur


    • Proposed as answer by cthivierge Sunday, March 12, 2017 4:59 PM
    • Edited by Burak Uğur Sunday, March 12, 2017 5:03 PM
    Sunday, March 12, 2017 4:57 PM
  • hi All,

    we have tired to to change FSMO roles to the windows 2012 R2 DC, but AD services still fail. AD services failed on the Windows2012R2 DC when we disconnect the other DCs from network. The error message is that fail to contact domain.

    Thanks

    Monday, March 13, 2017 5:08 AM

  • run "netdom query fsmo" also  share "dcdiag","ipconfig /all","repadmin /replsum" results...


    You can seize fsmo roles on Server 2012 DC.

    https://support.microsoft.com/en-us/help/255504/using-ntdsutil.exe-to-transfer-or-seize-fsmo-roles-to-a-domain-controller


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Monday, March 13, 2017 6:17 AM