Help My DC cant find itself - cant run AD tools

  • Thread starter Thread starter James W. Long
  • Start date Start date
J

James W. Long

Hi All:

I have a pretty bad problem,
First, a w2k workstation became disjoined and can't rejoin,
and then my Win2k Adv DC can't find its own name.
I can't run any AD administrative tools such as
Active Directory Users and Computers.
If I can get my DC back I can work on the
first problem, LOL!

I can ping
(my dc name) jewelntserver
(my domain name) jewelconsulting
(my full domain) jewelconsulting.org,
it all resolves to 10.0.0.50,
from itself or (the problem machine) Hal9000.

I went into the DNS manager and removed
1 record (see *** below) then replaced it as it was.
That's when my DC quit being able to run the AD tools.

Did I blow DNS up?

Its all w2k and its in native mode and its AD integrated DNS.

Any help would be greatly appreciated.

Thanks in advance,
James W. Long






here is forward and reverse dns files
----------------
Name Type Data
hal9000 A 10.0.0.10
C18909-F A 10.0.0.20
(same as parent folder) A 10.0.0.50
jewelntserver A 10.0.0.50
thisworks A 10.0.0.50
_msdcs
_sites
_tcp
_udp
(same as parent folder) SOA [171], jewelntserver.jewelconsulting.org.,
administrator.jewelconsulting.org.
(same as parent folder) NS jewelntserver.jewelconsulting.org.
example CNAME jewelntserver.jewelconsulting.org.
***jewelconsulting CNAME jewelntserver.jewelconsulting.org.
----------------------
Name Type Data
(same as parent folder) NS jewelntserver.jewelconsulting.org.
10 PTR hal9000.jewelconsulting.org.
20 PTR c18909-f.jewelconsulting.org.
50 PTR jewelntserver.jewelconsulting.org.
(same as parent folder) SOA [60], jewelntserver.jewelconsulting.org.,
admin.jewelconsulting.org.
--------------------------


and here is dcdiag

------------------------------------

C:\winnt:dcdiag

DC Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial non skippeable tests

Testing server: Default-First-Site-Name\JEWELNTSERVER
Starting test: Connectivity
......................... JEWELNTSERVER passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\JEWELNTSERVER
Starting test: Replications
......................... JEWELNTSERVER passed test Replications
Starting test: NCSecDesc
......................... JEWELNTSERVER passed test NCSecDesc
Starting test: NetLogons
......................... JEWELNTSERVER passed test NetLogons
Starting test: Advertising
Fatal Error:DsGetDcName (JEWELNTSERVER) call failed, error 1355
The Locator could not find the server.
......................... JEWELNTSERVER failed test Advertising
Starting test: KnowsOfRoleHolders
......................... JEWELNTSERVER passed test
KnowsOfRoleHolders
Starting test: RidManager
......................... JEWELNTSERVER passed test RidManager
Starting test: MachineAccount
......................... JEWELNTSERVER passed test MachineAccount
Starting test: Services
NtFrs Service is stopped on [JEWELNTSERVER]
IsmServ Service is stopped on [JEWELNTSERVER]
w32time Service is stopped on [JEWELNTSERVER]
TrkWks Service is stopped on [JEWELNTSERVER]
TrkSvr Service is stopped on [JEWELNTSERVER]
NETLOGON Service is stopped on [JEWELNTSERVER]
Could not open IISADMIN Service on [JEWELNTSERVER]:failed with
1060:
The specified service does not exist as an installed service.
Could not open SMTPSVC Service on [JEWELNTSERVER]:failed with
1060:
The specified service does not exist as an installed service.
......................... JEWELNTSERVER failed test Services
Starting test: ObjectsReplicated
......................... JEWELNTSERVER passed test
ObjectsReplicated
Starting test: frssysvol
......................... JEWELNTSERVER passed test frssysvol
Starting test: kccevent
An Error Event occured. EventID: 0xC0000466
Time Generated: 08/31/2004 22:18:24
(Event String could not be retrieved)
......................... JEWELNTSERVER failed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0xC0001B5B
Time Generated: 08/31/2004 22:03:19
Event String: The Network DDE service depends on the following
An Error Event occured. EventID: 0xC0000021
Time Generated: 08/31/2004 22:04:33
(Event String could not be retrieved)
......................... JEWELNTSERVER failed test systemlog

Running enterprise tests on : jewelconsulting.org
Starting test: Intersite
......................... jewelconsulting.org passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
135
5
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... jewelconsulting.org failed test FsmoCheck

C:\winnt:

--------------------------------------------------------------------
 
In
James W. Long said:
Hi All:

I have a pretty bad problem,
First, a w2k workstation became disjoined and can't rejoin,
and then my Win2k Adv DC can't find its own name.
I can't run any AD administrative tools such as
Active Directory Users and Computers.
If I can get my DC back I can work on the
first problem, LOL!

I can ping
(my dc name) jewelntserver
(my domain name) jewelconsulting
(my full domain) jewelconsulting.org,
it all resolves to 10.0.0.50,
from itself or (the problem machine) Hal9000.

I went into the DNS manager and removed
1 record (see *** below) then replaced it as it was.
That's when my DC quit being able to run the AD tools.

Did I blow DNS up?

Its all w2k and its in native mode and its AD integrated DNS.

Any help would be greatly appreciated.

Thanks in advance,
James W. Long






here is forward and reverse dns files
----------------
Name Type Data
hal9000 A 10.0.0.10
C18909-F A 10.0.0.20
(same as parent folder) A 10.0.0.50
jewelntserver A 10.0.0.50
thisworks A 10.0.0.50
_msdcs
_sites
_tcp
_udp
(same as parent folder) SOA [171], jewelntserver.jewelconsulting.org.,
administrator.jewelconsulting.org.
(same as parent folder) NS jewelntserver.jewelconsulting.org.
example CNAME jewelntserver.jewelconsulting.org.
***jewelconsulting CNAME jewelntserver.jewelconsulting.org.
----------------------
Name Type Data
(same as parent folder) NS jewelntserver.jewelconsulting.org.
10 PTR hal9000.jewelconsulting.org.
20 PTR c18909-f.jewelconsulting.org.
50 PTR jewelntserver.jewelconsulting.org.
(same as parent folder) SOA [60], jewelntserver.jewelconsulting.org.,
admin.jewelconsulting.org.
--------------------------


and here is dcdiag

------------------------------------

C:\winnt:dcdiag

DC Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial non skippeable tests

Testing server: Default-First-Site-Name\JEWELNTSERVER
Starting test: Connectivity
......................... JEWELNTSERVER passed test
Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\JEWELNTSERVER
Starting test: Replications
......................... JEWELNTSERVER passed test
Replications Starting test: NCSecDesc
......................... JEWELNTSERVER passed test NCSecDesc
Starting test: NetLogons
......................... JEWELNTSERVER passed test NetLogons
Starting test: Advertising
Fatal Error:DsGetDcName (JEWELNTSERVER) call failed, error
1355 The Locator could not find the server.
......................... JEWELNTSERVER failed test
Advertising Starting test: KnowsOfRoleHolders
......................... JEWELNTSERVER passed test
KnowsOfRoleHolders
Starting test: RidManager
......................... JEWELNTSERVER passed test
RidManager Starting test: MachineAccount
......................... JEWELNTSERVER passed test
MachineAccount Starting test: Services
NtFrs Service is stopped on [JEWELNTSERVER]
IsmServ Service is stopped on [JEWELNTSERVER]
w32time Service is stopped on [JEWELNTSERVER]
TrkWks Service is stopped on [JEWELNTSERVER]
TrkSvr Service is stopped on [JEWELNTSERVER]
NETLOGON Service is stopped on [JEWELNTSERVER]
Could not open IISADMIN Service on [JEWELNTSERVER]:failed
with 1060:
The specified service does not exist as an installed service.
Could not open SMTPSVC Service on [JEWELNTSERVER]:failed
with 1060:
The specified service does not exist as an installed service.
......................... JEWELNTSERVER failed test Services
Starting test: ObjectsReplicated
......................... JEWELNTSERVER passed test
ObjectsReplicated
Starting test: frssysvol
......................... JEWELNTSERVER passed test frssysvol
Starting test: kccevent
An Error Event occured. EventID: 0xC0000466
Time Generated: 08/31/2004 22:18:24
(Event String could not be retrieved)
......................... JEWELNTSERVER failed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0xC0001B5B
Time Generated: 08/31/2004 22:03:19
Event String: The Network DDE service depends on the
following An Error Event occured. EventID: 0xC0000021
Time Generated: 08/31/2004 22:04:33
(Event String could not be retrieved)
......................... JEWELNTSERVER failed test systemlog

Running enterprise tests on : jewelconsulting.org
Starting test: Intersite
......................... jewelconsulting.org passed test
Intersite Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error
1355 A Global Catalog Server could not be located - All GC's
are down. Warning: DcGetDcName(PDC_REQUIRED) call failed,
error 1355 A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call
failed, error 135
5
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... jewelconsulting.org failed test
FsmoCheck

C:\winnt:

--------------------------------------------------------------------

Hi James,

Why was there a CNAME to one of your DCs in DNS? You know that will cause
problems anyway.

Now, for the real question, do the SRV records exist in DNS? That's what its
looking for. Pinging is not a good test for AD connectivity. The SRV's must
exist in the zone.Are they all intact?

I remember you posted awhile back and thought that everything was ok. What
happened since then? Did something change?

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
At the bottom Ace:

"Ace Fekay [MVP]"
In
James W. Long said:
Hi All:

I have a pretty bad problem,
First, a w2k workstation became disjoined and can't rejoin,
and then my Win2k Adv DC can't find its own name.
I can't run any AD administrative tools such as
Active Directory Users and Computers.
If I can get my DC back I can work on the
first problem, LOL!

I can ping
(my dc name) jewelntserver
(my domain name) jewelconsulting
(my full domain) jewelconsulting.org,
it all resolves to 10.0.0.50,
from itself or (the problem machine) Hal9000.

I went into the DNS manager and removed
1 record (see *** below) then replaced it as it was.
That's when my DC quit being able to run the AD tools.

Did I blow DNS up?

Its all w2k and its in native mode and its AD integrated DNS.

Any help would be greatly appreciated.

Thanks in advance,
James W. Long






here is forward and reverse dns files
----------------
Name Type Data
hal9000 A 10.0.0.10
C18909-F A 10.0.0.20
(same as parent folder) A 10.0.0.50
jewelntserver A 10.0.0.50
thisworks A 10.0.0.50
_msdcs
_sites
_tcp
_udp
(same as parent folder) SOA [171], jewelntserver.jewelconsulting.org.,
administrator.jewelconsulting.org.
(same as parent folder) NS jewelntserver.jewelconsulting.org.
example CNAME jewelntserver.jewelconsulting.org.
***jewelconsulting CNAME jewelntserver.jewelconsulting.org.
----------------------
Name Type Data
(same as parent folder) NS jewelntserver.jewelconsulting.org.
10 PTR hal9000.jewelconsulting.org.
20 PTR c18909-f.jewelconsulting.org.
50 PTR jewelntserver.jewelconsulting.org.
(same as parent folder) SOA [60], jewelntserver.jewelconsulting.org.,
admin.jewelconsulting.org.
--------------------------


and here is dcdiag

------------------------------------

C:\winnt:dcdiag

DC Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial non skippeable tests

Testing server: Default-First-Site-Name\JEWELNTSERVER
Starting test: Connectivity
......................... JEWELNTSERVER passed test
Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\JEWELNTSERVER
Starting test: Replications
......................... JEWELNTSERVER passed test
Replications Starting test: NCSecDesc
......................... JEWELNTSERVER passed test NCSecDesc
Starting test: NetLogons
......................... JEWELNTSERVER passed test NetLogons
Starting test: Advertising
Fatal Error:DsGetDcName (JEWELNTSERVER) call failed, error
1355 The Locator could not find the server.
......................... JEWELNTSERVER failed test
Advertising Starting test: KnowsOfRoleHolders
......................... JEWELNTSERVER passed test
KnowsOfRoleHolders
Starting test: RidManager
......................... JEWELNTSERVER passed test
RidManager Starting test: MachineAccount
......................... JEWELNTSERVER passed test
MachineAccount Starting test: Services
NtFrs Service is stopped on [JEWELNTSERVER]
IsmServ Service is stopped on [JEWELNTSERVER]
w32time Service is stopped on [JEWELNTSERVER]
TrkWks Service is stopped on [JEWELNTSERVER]
TrkSvr Service is stopped on [JEWELNTSERVER]
NETLOGON Service is stopped on [JEWELNTSERVER]
Could not open IISADMIN Service on [JEWELNTSERVER]:failed
with 1060:
The specified service does not exist as an installed service.
Could not open SMTPSVC Service on [JEWELNTSERVER]:failed
with 1060:
The specified service does not exist as an installed service.
......................... JEWELNTSERVER failed test Services
Starting test: ObjectsReplicated
......................... JEWELNTSERVER passed test
ObjectsReplicated
Starting test: frssysvol
......................... JEWELNTSERVER passed test frssysvol
Starting test: kccevent
An Error Event occured. EventID: 0xC0000466
Time Generated: 08/31/2004 22:18:24
(Event String could not be retrieved)
......................... JEWELNTSERVER failed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0xC0001B5B
Time Generated: 08/31/2004 22:03:19
Event String: The Network DDE service depends on the
following An Error Event occured. EventID: 0xC0000021
Time Generated: 08/31/2004 22:04:33
(Event String could not be retrieved)
......................... JEWELNTSERVER failed test systemlog

Running enterprise tests on : jewelconsulting.org
Starting test: Intersite
......................... jewelconsulting.org passed test
Intersite Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error
1355 A Global Catalog Server could not be located - All GC's
are down. Warning: DcGetDcName(PDC_REQUIRED) call failed,
error 1355 A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call
failed, error 135
5
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... jewelconsulting.org failed test
FsmoCheck

C:\winnt:

--------------------------------------------------------------------



Hi Ace! good to hear from you again!
Man did this get blown up. dunno what happened to it.
I answered inline.
Thanks my friend.
James Long
Hi James,

Why was there a CNAME to one of your DCs in DNS? You know that will cause
problems anyway.

"example" is just an example I left in there, its another way to call
jewelntserver,
I can take it out. I dont use it. or need it.

"jewelconsulting" I put in as a cname so my clients could find the domain,
it resolves to jewelntserver.jewelconsulting.org 10.0.0.50
I can change that, but if I make jewelconsulting
an A REC it becomes jewelconsulting.jewelconsulting.org 10.0.0.50.
Now, for the real question, do the SRV records exist in DNS? That's what its
looking for. Pinging is not a good test for AD connectivity. The SRV's must
exist in the zone.Are they all intact?

yes I hope that all that should be there are there, I have not messed with
it.
under forward>jewelconsulting.org>_msdcs>dc>sites>default-first-site>_tcp
are 1 kerberos and 1 ldap srv recs
under forward>jewelconsulting.org>_msdcs>_tcp are 1 kerberos and 1 ldap srv
recs
under
forward>jewelconsulting.org>domains>614016d1-52be-4990-acc7-a92282738c9>_tcp
is 1 ldap SRV rec
under gc sites tree at the _tcp is 1 ldap srv rec
under gc tree at the _tcp is 1 ldap srv rec
under pdc tcp is one ldap srv rec
under sites>default-first-site-name>_tcp are 1 gc, 1 kerberos,and 1 ldap srv
recs,
under _tcp are 1 gc,kerberos,kpasswd and ldap srv recs
under udp is 1 kerberos and kpasswd srv recs.
I remember you posted awhile back and thought that everything was ok. What
happened since then? Did something change?

I did not touch a thing honest. My dns has been this way since I set it up.
I came home one day, my gf was playing sims, and the wrkstation could not
get in
then the DC hosed over. I dont understand it.

if you would like to remote in email me. (e-mail address removed)
248-541-8654
 
In
James W. Long said:
At the bottom Ace:
Hi Ace! good to hear from you again!
Man did this get blown up. dunno what happened to it.
I answered inline.
Thanks my friend.
James Long

Same here James! Rather say Hi on better circumstances! :-)
Let's see...
"example" is just an example I left in there, its another way to call
jewelntserver,
I can take it out. I dont use it. or need it.

"jewelconsulting" I put in as a cname so my clients could find the
domain, it resolves to jewelntserver.jewelconsulting.org 10.0.0.50
I can change that, but if I make jewelconsulting
an A REC it becomes jewelconsulting.jewelconsulting.org 10.0.0.50.

If you created a CNAME called jewelconsulting under jewelconsulting.org,
then the CNAME is referred to as:
jewelconsulting.jewelconsulting.org
which points to:
jewelntserver.jewelconsulting.org

See what I mean?


yes I hope that all that should be there are there, I have not messed
with it.
under
forward>jewelconsulting.org>_msdcs>dc>sites>default-first-site>_tcp
are 1 kerberos and 1 ldap srv recs
under forward>jewelconsulting.org>_msdcs>_tcp are 1 kerberos and 1
ldap srv recs
under
forward>jewelconsulting.org>domains>614016d1-52be-4990-acc7-a92282738c9>_tcp
is 1 ldap SRV rec
under gc sites tree at the _tcp is 1 ldap srv rec
under gc tree at the _tcp is 1 ldap srv rec
under pdc tcp is one ldap srv rec
under sites>default-first-site-name>_tcp are 1 gc, 1 kerberos,and 1
ldap srv recs,
under _tcp are 1 gc,kerberos,kpasswd and ldap srv recs
under udp is 1 kerberos and kpasswd srv recs.

I did not touch a thing honest. My dns has been this way since I set
it up. I came home one day, my gf was playing sims, and the
wrkstation could not get in
then the DC hosed over. I dont understand it.

Hmm.... no game playing allowed!!!

if you would like to remote in email me. (e-mail address removed)
248-541-8654

If I get some time, I might be able to login during the day while my
students are performing a lab in class. I'll let you know. I emailed this to
myself to remind myself.


Ace
 
"Ace Fekay [MVP]"
In


Same here James! Rather say Hi on better circumstances! :-)
Let's see...


If you created a CNAME called jewelconsulting under jewelconsulting.org,
then the CNAME is referred to as:
jewelconsulting.jewelconsulting.org
which points to:
jewelntserver.jewelconsulting.org

See what I mean?

color it gone. I made an A rec for jewelconsulting at 10.0.0.50 is that
cool?

I got my DC working again, had to start more services including FRS and
netlogon
and presto its back. better not mess with services again, huh.

one thing that was installed on hal9000 was a cisco vpn client which bound a
service
to tcpip which prevents it from accessing the internet or the local network
during a vpn
session, BUT. that was removed and I had internet and lan since then.

now im back to the same basic problem on hal9000 where it cant find the DC,

here is the message when I try to join it:

The following error occurred attempting to join jewelconsultin.org:
The service cannot be started either because it it is disabled or
because it has no enabled devices associated with it.

Ive tried to join with jewelconsulting and jewelconsulting.org

It asks me the name and pw of someone who can add a workstation
and I give it administrator.

I still get the error.
 
In
James W. Long said:
"Ace Fekay [MVP]"


color it gone. I made an A rec for jewelconsulting at 10.0.0.50 is
that cool?

I got my DC working again, had to start more services including FRS
and netlogon
and presto its back. better not mess with services again, huh.

one thing that was installed on hal9000 was a cisco vpn client which
bound a service
to tcpip which prevents it from accessing the internet or the local
network during a vpn
session, BUT. that was removed and I had internet and lan since then.

now im back to the same basic problem on hal9000 where it cant find
the DC,

here is the message when I try to join it:

The following error occurred attempting to join jewelconsultin.org:
The service cannot be started either because it it is disabled or
because it has no enabled devices associated with it.

Ive tried to join with jewelconsulting and jewelconsulting.org

It asks me the name and pw of someone who can add a workstation
and I give it administrator.

I still get the error.

Interesting. All the services are running on the client machine? DHCP client
service is running as well? Any errors in the Event logs?

Ace
 
Ace:
heading up north for a long weekend, I'll have to get back to this tuesday.
have a good one
James

"Ace Fekay [MVP]"
 
In
James W. Long said:
Ace:
heading up north for a long weekend, I'll have to get back to this
tuesday. have a good one
James


Ok, you too! Enjoy the weekend!

Ace
 
Back
Top