Server 2003 sp3 error - Domain controller cannot be found ?

Meinolf Weber · 08-07-2008

Hello Mmaxx,

Did you check that the sysvol and netlogon share's are available and you
can access them on the new DC? In another posting you had the error ind dcdiag.

Even it states 2000 check this one:
http://support.microsoft.com/kb/257338

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> Meinolf Weber wrote:
>
>> Hello Mmaxx,
>>
>> Please post an unedited ipconfig /all from both DC's.
>>
> Had 2 change the domain names to protect the innocent......
>
> Primary Domain Cont. Global Cat. :
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : dcserver1
> Primary Dns Suffix . . . . . . . : internal.mydomain.com
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : internal.mydomain.com
> mydomain.com
> com
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
> Ethernet
> Physical Address. . . . . . . . . : 00-11-09-2B-04-9C
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.160.5
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.160.11
> DNS Servers . . . . . . . . . . . : 192.168.160.5
> 192.168.160.2
> NetBIOS over Tcpip. . . . . . . . : Disabled
> Backup DC, Exchange :
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : dcserver
> Primary Dns Suffix . . . . . . . : internal.mydomain.com
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : internal.mydomain.com
> mydomain.com
> com
> Ethernet adapter Local Area Connection 2:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Realtek RTL8139/810x Family
> Fast
> Ethernet
> NIC #2
> Physical Address. . . . . . . . . : 00-13-D3-FD-02-3E
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.160.2
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.160.11
> DNS Servers . . . . . . . . . . . : 192.168.160.2
> 192.168.160.5
> NetBIOS over Tcpip. . . . . . . . : Disabled
> Leme know if you need more info
>

Ace Fekay [MVP] · 09-07-2008

In news:3PKdndMlNJE1u-7VnZ2dnUVZ8s3inZ2d@saix.net,
Mmaxx <mmaxx@webmail.co.za> typed:

> This is the problem i am sitting with, I realised later that I did not
> require the trusts and proceeded to delete them. The incoming one was
> deleted ok, but when I try to delete the outgoing trust I get : the
> Directory is busy, twice, then the trust just stays there
>
> I cant seem to delete the trust, looks like it will require editing
> the AD manually....
>
> Max

Did you take a look at the KB article Meinolf posted?

Also, I don't really think it has anything to do with the trusts, but then
again, this is a first that I've known someone to try creating a trust
between two DCs in the same domain or forest. Trusts are designed to be
created between domains or forests, not specific machines. I'm surprised the
GUI allowed the creation because it will ask for the domain or forest name,
not a computer name.

If the problem is with one DC, and as long as it's not the one with Exchange
installed on it, I would suggest to remove the DC, transfer all FSMOs to the
good one, run a Metadata Cleanup to remove the reference to the DC's
computer name, wipe and reinstall the bad one with the same name, and
promote it to a new DC.

Now, if the bad DC has Exchange installed on it, the steps are a bit more
complicated. I know Hank mentioned to not demote it because frankly, you
shouldn't demote a DC with Exchange on it. Exchange must be removed first,
but it will put you in a quandary because Exchange won't uninstall if it
can't contact the domain.

With moving Exchange to a different installation, first thing would be to
save a copy of the whole Exchange installation folder, databases and logs
somewhere else You can actually use the same databases as long as the
machine has the same computer name, but as I said, it's quite a complicated
procedure.

How did you handle moving the Exchange databases from the old Exchange setup
to the new one? Did you use a utility such as Exmerge or did you just
install a fresh copy?

I also see you have NetBIOS disabled. Any reason why? Did you know Exchange
requires NetBIOS for some of its functionality? AD doesn't, but Exchange
does.

When you look in DNS, under the _msdcs.mydomain.local zone,do you see a
CNAME (alias) entry that should be a long GUID number for the domain
controllers of the domain? Each DC should have one.

How about under _msdcs.mydomain.local.gc zone, do you see the IP of the GC?

Under mydomain.local zone, do you see two entries that look like the
following?
(same as parent) Host(A) 192.168.160.5
(same as parent) Host(A) 192.168.160.2

I may also suggest to make the mydomain.local and the _msdcs.mydomain.local
zones non-AD integrated on the good DC. Make it a Primary zone. In the DC's
IP properties, point to itself. Then on the other DC, change the DNS entry
to point to the first DC only, no others. This will at least make the zone
available because while it's an AD integrated zone, and AD is failing, the
zone will not be available. I would start here. For Exchange, enable
NetBIOS. Then go into Sites and Services to see if you can force replication
or at least see what the status is. Go into Domains and Trusts and try to
delete that trust again.

Let us know how you make out with this part so far.

Ace

Mmaxx · 10-07-2008

Ace Fekay [MVP] wrote:

> Did you take a look at the KB article Meinolf posted?
Worked through it, although my netlogon problem still persists.

>
> If the problem is with one DC, and as long as it's not the one with Exchange
> installed on it, I would suggest to remove the DC, transfer all FSMOs to the
> good one, run a Metadata Cleanup to remove the reference to the DC's
> computer name, wipe and reinstall the bad one with the same name, and
> promote it to a new DC.
Unfortunately this one has exchange on it!

> With moving Exchange to a different installation, first thing would be to
> save a copy of the whole Exchange installation folder, databases and logs
> somewhere else You can actually use the same databases as long as the
> machine has the same computer name, but as I said, it's quite a complicated
> procedure.
There is some new server hardware coming next week, this will be a good
opportunity to do this.
>
> How did you handle moving the Exchange databases from the old Exchange setup
> to the new one? Did you use a utility such as Exmerge or did you just
> install a fresh copy?
That was a disaster, the backups would take an hour to restore, then
there would be no mailboxes! I extracted the edb and merged into the new
exchange using Power controls - fast and simple.

> I also see you have NetBIOS disabled. Any reason why? Did you know Exchange
> requires NetBIOS for some of its functionality? AD doesn't, but Exchange
> does.
Will look into this.

> or at least see what the status is. Go into Domains and Trusts and try to
> delete that trust again.
I applied your DNS changes, but still no luck :-(
I also enabled netbios with an explicit entry into the LMHOSTS file for
this server. Flushed the nbt cache and reloaded.

I deleted the trust by using adsiedit.msc and removing the trust domain
classes referencing the broken trust. It is gone from the trust list now
, however dcdiag still fails with netlogon error 1203

I do however notice that I am now able to access \\seconddc\admin$ ok,
but the other defined shares can still only be accessed by using the ip
address of the computer.

I think that It will be best to trash this install, move the exchange to
the new hardware and hope that I dont mess it up again ;-)

Thanks thus far to everyone for their help, aluta continua - the
struggle continues.....

Max

Ace Fekay [MVP] · 12-07-2008

In news:_uednYiaKN0gc-jVnZ2dnUVZ8rednZ2d@saix.net,
Mmaxx <mmaxx@webmail.co.za> typed:
> Ace Fekay [MVP] wrote:
> > With moving Exchange to a different installation, first thing would
> > be to save a copy of the whole Exchange installation folder,
> > databases and logs somewhere else You can actually use the same
> > databases as long as the machine has the same computer name, but as
> > I said, it's quite a complicated procedure.
> There is some new server hardware coming next week, this will be a
> good opportunity to do this.

Good. Setup the machine as a member server, NOT a domain controller. Install
Exchange, if you can, into the same organization. I say "if you can" because
the errors may prevent the installation from properly contacting a DC. If it
does install, follow the procedure to remove the first Exchange server in
the organization checklist:

How to remove the first Exchange Server 2003 computer from the ...This
article describes the steps to remove the first Microsoft Exchange Server
.... To display administrative groups, right-click First Organization ( First
....
http://support.microsoft.com/kb/822931

If you used Power Control tools, and still have a copy of the mailboxes, I
would do as you implied, to trash everything and install a whole new
installation from the ground up.At this point, doesn't seem like you have
anything to lose because of all the time you put into it. Too bad you're not
local. I could have offered some onsite assistance.

Empty out the entries you created in the LMHOSTS file. AD does not use it.
NetBIOS is required for Exchange, so keep NetBIOS enabled please. Read this
for more info:

Exchange Server 2003 and Exchange 2000 Server require NetBIOS name
resolution:
http://support.microsoft.com/kb/837391

Glad you figured out ADSIEdit. Nice tool. Just be careful in there. There is
no "are you sure you want to delete such and such" or the ability to hit a
"back" button to reverse what you did. You would need to perform an
authoratative restore to restore that type of data.

Let all of us know how you make out.

Ace

Ace Fekay [MVP] · 12-07-2008

In news:_uednYiaKN0gc-jVnZ2dnUVZ8rednZ2d@saix.net,
Mmaxx <mmaxx@webmail.co.za> typed:
> Ace Fekay [MVP] wrote:
>
One thing I did forget to ask, when or after you installed SP3, did you or
someone run the Security Config Wizard and apply the SecureDC or HiSecure
(forget which one it is called) to one of the machines?

Ace

Ace Fekay [MVP] · 12-07-2008

In news:_uednYiaKN0gc-jVnZ2dnUVZ8rednZ2d@saix.net,
Mmaxx <mmaxx@webmail.co.za> typed:

Darn, one more question. Was a third party firewall ever installed on it
such as Zone Alarm?

Ace