locked
Windows Server 2008 R2 AD Not working *Urgent* RRS feed

  • Question

  • Hi all,

     

    Recently i have migrated my AD from windows 2000 server to windows 2008 R2.

    At first, i managed to get the AD replicated from the Windows 2k Server to Windows 2008 R2

    Everything went well until today when i removed the AD role in the old server.

     

    Users are not able to use shared network folders (Due to the domain being unavailable)

    Users are not able to logon to the workstations.

     

    I have ran the ntdsutil and have made the new DC (Windows 2008 R2) seize PDC, RID.

    upon running dcdiag i get this error :

    Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
    A Global Catalog Server could not be located - All GC's are down.
    Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
    A Time Server could not be located.
    The server holding the PDC role is down.
    Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
    1355
    A Good Time Server could not be located.
    Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355

    A KDC could not be located - All the KDCs are down.

    What should i do now?

    I figure if i can fix the global catalog issue, i should be able to resolve this.

    Monday, September 20, 2010 3:30 AM

Answers

  • Hi,

    According to the errors received, the issue can be caused due to the DNS factor, we can see that it could not locate GC, PDC and KDC.

     

    This issue may occur if the DNS settings on the new DC and clients are not correct (still pointing to the old DC). Please check it on your side and collect “ipconfig /all >>ip.txt” for research.

     

    If the issue persists, let’s refer to the following information.

     

    1 From a client PC, ping the 2008 DC via IP, host name and FQDN

    2 From the 2008 DC, ping a client as a test via IP, host name and FQDN

    3 Use the nslookup.exe utility to test name resolution from each one of your DNS servers.

     

    At a command prompt, type the following command by using the IP address of your DNS server and the name of the host that you are trying to resolve

    C:\>nslookup <host> <DNS_server_IP>

     

    For more information on how to use NSlookup.exe, please refer to http://support.microsoft.com/default.aspx?scid=kb;en-us;200525 

     

    If any error is received, please let me know.

     

    If everything is fine, please check if the SRV DNS records have been created correctly for the 2008 domain controller. Refer to:  http://support.microsoft.com/kb/816587/en-us

     

    If any SRV records are missing, we can run the command “netdiag /fix” on the 2008 DC to fix them.

     

    For your reference, I have included some general upgrading guide as follows:

     

    Upgrade Domain Controllers: Microsoft Support Quick Start for Adding Windows Server 2008 or Windows Server 2008 R2 Domain Controllers to Existing Domains

    http://technet.microsoft.com/en-us/library/upgrade-domain-controllers-to-windows-server-2008-r2(WS.10).aspx

     

    Upgrading Active Directory Domains to Windows Server 2008 and Windows Server 2008 R2 AD DS Domains

    http://technet.microsoft.com/en-us/library/cc731188(WS.10).aspx


    I hope the above information will be helpful.

     

    Thanks.

    Nina


    This posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by Mervyn Zhang Tuesday, September 28, 2010 4:43 AM
    Tuesday, September 21, 2010 8:15 AM

All replies

  • You need to be sure you have a GC.  Use the sites and services to make sure... http://www.petri.co.il/configure_a_new_global_catalog.htm

    Also, you might want to post your showrepl and replsummary... http://blogs.technet.com/b/askds/archive/2009/07/01/getting-over-replmon.aspx.  People seem to really like that around here.

    Monday, September 20, 2010 5:29 AM
  • Please type netdom query fsmo on the server and make it sure that your all fsmo roles are intact.

    your log below clearly indicates that you pdc role server is down or might not reachable or you have not tranfered the roles properly

    In this case you will have to seize the roles http://support.microsoft.com/kb/255504

    A Time Server could not be located.
    The server holding the PDC role is down.
    Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
    1355
    A Good Time Server could not be located.
    Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355

    A KDC could not be located - All the KDCs are down.

     


    http://www.virmansec.com/blogs/skhairuddin
    Monday, September 20, 2010 6:08 AM
  • Hi,

     

    Thanks for the help,

    I have seize all the roles already, but still i have the same error.

    after hitting in netdom query fsmo, this is what i got:

    The specified domain either does not exist or could not be contacted.

    The command failed to complete successfully.

    Monday, September 20, 2010 6:39 AM
  • Please check your dns if its working good and also please post the unedited

    dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt


    http://www.virmansec.com/blogs/skhairuddin
    Monday, September 20, 2010 7:31 AM
  • Doesn't seem that your new DC is actuall a domain controller this server doesn't seem like that it was promoted fully during the promotion. Please make sure this DC is pointing to an existing DC for DNS. If this is your only DC left then I hope you  have a backup.
    Monday, September 20, 2010 2:00 PM
  • Hello

    Please post the information that is requested by Syed dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt


    Isaac Oben MCITP:EA, MCSE
    Monday, September 20, 2010 2:38 PM
  • Hi,

    According to the errors received, the issue can be caused due to the DNS factor, we can see that it could not locate GC, PDC and KDC.

     

    This issue may occur if the DNS settings on the new DC and clients are not correct (still pointing to the old DC). Please check it on your side and collect “ipconfig /all >>ip.txt” for research.

     

    If the issue persists, let’s refer to the following information.

     

    1 From a client PC, ping the 2008 DC via IP, host name and FQDN

    2 From the 2008 DC, ping a client as a test via IP, host name and FQDN

    3 Use the nslookup.exe utility to test name resolution from each one of your DNS servers.

     

    At a command prompt, type the following command by using the IP address of your DNS server and the name of the host that you are trying to resolve

    C:\>nslookup <host> <DNS_server_IP>

     

    For more information on how to use NSlookup.exe, please refer to http://support.microsoft.com/default.aspx?scid=kb;en-us;200525 

     

    If any error is received, please let me know.

     

    If everything is fine, please check if the SRV DNS records have been created correctly for the 2008 domain controller. Refer to:  http://support.microsoft.com/kb/816587/en-us

     

    If any SRV records are missing, we can run the command “netdiag /fix” on the 2008 DC to fix them.

     

    For your reference, I have included some general upgrading guide as follows:

     

    Upgrade Domain Controllers: Microsoft Support Quick Start for Adding Windows Server 2008 or Windows Server 2008 R2 Domain Controllers to Existing Domains

    http://technet.microsoft.com/en-us/library/upgrade-domain-controllers-to-windows-server-2008-r2(WS.10).aspx

     

    Upgrading Active Directory Domains to Windows Server 2008 and Windows Server 2008 R2 AD DS Domains

    http://technet.microsoft.com/en-us/library/cc731188(WS.10).aspx


    I hope the above information will be helpful.

     

    Thanks.

    Nina


    This posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by Mervyn Zhang Tuesday, September 28, 2010 4:43 AM
    Tuesday, September 21, 2010 8:15 AM