Discussion:
Cannot locate Global Catalog server error 1355 from dcdiag
(too old to reply)
George
2009-09-15 10:22:05 UTC
Permalink
Hello,

I'm running Windows SBS 2003 SP2. This is the only server up and running in
my domain. This morning users reported slow login times. The application
log shows two errors every 5 minutes:

event ID 1006
Windows cannot bind to mydomain domain. (Local Error). Group Policy
processing aborted.

and

event ID 1030
Windows cannot query for the list of Group Policy objects. Check the event
log for possible messages previously logged by the policy engine that
describes the reason for this.

I also have this error once in the system log:

event ID 16645
The maximum account identifier allocated to this domain controller has been
assigned. The domain controller has failed to obtain a new identifier pool. A
possible reason for this is that the domain controller has been unable to
contact the master domain controller. Account creation on this controller
will fail until a new pool has been allocated. There may be network or
connectivity problems in the domain, or the master domain controller may be
offline or missing from the domain. Verify that the master domain controller
is running and connected to the domain.

At 4:30am my time I had the 16645, the other two started appearing two
minutes later and are still appearing every 5 minutes.

I ran dcdiag and saw this in the output:

Starting test: FsmoCheck

Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.

Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.

The server holding the PDC role is down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355

A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355

A KDC could not be located - All the KDCs are down.
......................... mydomain failed test FsmoCheck

I am now wondering what course of action I should take. I have backups of
the system state but I'm wondering if there's something else I could to to
fix this. I don't even know how it might have happened as I've made no
changes on the server.

I've tried restarting the DNS server service and the netlogon service, no
good. I can also access \\myserver\netlogon and \\myserver\sysvol

Seems to me that something's going on with the Global Catalog role?

Any help is appreciated.
Ace Fekay [MCT]
2009-09-15 14:06:39 UTC
Permalink
Post by George
Hello,
I'm running Windows SBS 2003 SP2. This is the only server up and running in
my domain. This morning users reported slow login times. The application
event ID 1006
Windows cannot bind to mydomain domain. (Local Error). Group Policy
processing aborted.
and
event ID 1030
Windows cannot query for the list of Group Policy objects. Check the event
log for possible messages previously logged by the policy engine that
describes the reason for this.
event ID 16645
The maximum account identifier allocated to this domain controller has been
assigned. The domain controller has failed to obtain a new identifier pool. A
possible reason for this is that the domain controller has been unable to
contact the master domain controller. Account creation on this controller
will fail until a new pool has been allocated. There may be network or
connectivity problems in the domain, or the master domain controller may be
offline or missing from the domain. Verify that the master domain controller
is running and connected to the domain.
At 4:30am my time I had the 16645, the other two started appearing two
minutes later and are still appearing every 5 minutes.
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... mydomain failed test FsmoCheck
I am now wondering what course of action I should take. I have backups of
the system state but I'm wondering if there's something else I could to to
fix this. I don't even know how it might have happened as I've made no
changes on the server.
I've tried restarting the DNS server service and the netlogon service, no
good. I can also access \\myserver\netlogon and \\myserver\sysvol
Seems to me that something's going on with the Global Catalog role?
Any help is appreciated.
Hello George,

To better diagnose this, post an ipconfig /all of the SBS server. This will
help evaluate the configuration, taking into account the event log errors
you posted, in order to provide specific suggestions.

Can you recall what occurred prior to this happening? Were there any
application installs, hotfix or updates installed, something changed, etc?

Are there any antivirus or security apps installed? Is ISA involved and the
firewall client possibly installed on the DCs?
--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
George
2009-09-15 14:16:02 UTC
Permalink
As it turns out, I just found the solution, it's here:

http://support.microsoft.com/kb/839879

I inherited this configuration. Turns out the server with the problem is
Windows SBS 2003 that was at one point replicating with a Windows 2003
Standard Edition Domain Controller. I was under the impression that SBS has
only one DC that has all the FSMO roles?

Anyway, I still had the Standard Edition server and I started dcpromo on it
and sure enough, dcpromo said this was a domain controller.

After I deleted the replication links as per the article, the problme
disappeared right away.

However, I'm still left with this second server as a DC in my AD of the
Windows SBS 2003.
Post by Ace Fekay [MCT]
Post by George
Hello,
I'm running Windows SBS 2003 SP2. This is the only server up and running in
my domain. This morning users reported slow login times. The application
event ID 1006
Windows cannot bind to mydomain domain. (Local Error). Group Policy
processing aborted.
and
event ID 1030
Windows cannot query for the list of Group Policy objects. Check the event
log for possible messages previously logged by the policy engine that
describes the reason for this.
event ID 16645
The maximum account identifier allocated to this domain controller has been
assigned. The domain controller has failed to obtain a new identifier pool. A
possible reason for this is that the domain controller has been unable to
contact the master domain controller. Account creation on this controller
will fail until a new pool has been allocated. There may be network or
connectivity problems in the domain, or the master domain controller may be
offline or missing from the domain. Verify that the master domain controller
is running and connected to the domain.
At 4:30am my time I had the 16645, the other two started appearing two
minutes later and are still appearing every 5 minutes.
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... mydomain failed test FsmoCheck
I am now wondering what course of action I should take. I have backups of
the system state but I'm wondering if there's something else I could to to
fix this. I don't even know how it might have happened as I've made no
changes on the server.
I've tried restarting the DNS server service and the netlogon service, no
good. I can also access \\myserver\netlogon and \\myserver\sysvol
Seems to me that something's going on with the Global Catalog role?
Any help is appreciated.
Hello George,
To better diagnose this, post an ipconfig /all of the SBS server. This will
help evaluate the configuration, taking into account the event log errors
you posted, in order to provide specific suggestions.
Can you recall what occurred prior to this happening? Were there any
application installs, hotfix or updates installed, something changed, etc?
Are there any antivirus or security apps installed? Is ISA involved and the
firewall client possibly installed on the DCs?
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.
Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer
For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
Ace Fekay [MCT]
2009-09-15 15:33:45 UTC
Permalink
Post by George
http://support.microsoft.com/kb/839879
I inherited this configuration. Turns out the server with the problem is
Windows SBS 2003 that was at one point replicating with a Windows 2003
Standard Edition Domain Controller. I was under the impression that SBS has
only one DC that has all the FSMO roles?
Anyway, I still had the Standard Edition server and I started dcpromo on it
and sure enough, dcpromo said this was a domain controller.
After I deleted the replication links as per the article, the problme
disappeared right away.
However, I'm still left with this second server as a DC in my AD of the
Windows SBS 2003.
Yes, you can install additional DCs in an SBS domain, but the SBS would hold
all the FSMO roles. If there are additional DCs, they should all be GCs, as
well.

The allocation error is a RID Pool error indicating the RID Master (one of
the FSMOs) is not available to refresh the next block of 500 RIDs that are
used whenever a new object in the domain is created (users, computers, etc).

I'm a little confused. You said you there was an additional DC in the
domain, but it's no longer there or is it there? So you now have two DCs,
the SBS and a Windows 2003 Std Edtion as a current DC?

Was there a DC that was simply unplugged prior to this?

If you have two (SBS and the other one), are they both GCs?
Do they both have DNS installed?

Can you post an ipconfig /all from both, please?

Thanks,
Ace
George
2009-09-15 16:27:02 UTC
Permalink
The situation is as follows:

server alfa is the SBS DC
server beta is the Std Edition DC

Beta was taken off the network 10 months ago and has been off alfa's network
since then. However I have console access to beta even though it's not on
alfa's network anymore.

How can I tell if a DC is a GC? I opened up AD Sites and Services and
expanded each server. Under General tab of properties for NTDS settings, I
see that Global Catalog is checked for each server.

They both have DNS on them, alfa the master, beta the slave. The DNS is AD
integrated.

Here are the ipconfig /all (sanitized):

alfa

Windows IP Configuration

Host Name . . . . . . . . . . . . : alfa
Primary Dns Suffix . . . . . . . : mydomain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : mydomain.com

Ethernet adapter Server Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 CT Network Connection
Physical Address. . . . . . . . . : 00-00-00-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.9.30
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.9.2
DNS Servers . . . . . . . . . . . : 10.10.9.30
my_ISP_DNS_IP
Primary WINS Server . . . . . . . : 10.10.9.30


beta

Windows IP Configuration

Host Name . . . . . . . . . . . . : beta
Primary Dns Suffix . . . . . . . : mydomain.com
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : mydomain.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI TX NIC
(3C90
5B-TX)
Physical Address. . . . . . . . . : 00-00-00-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.9.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.9.2
DNS Servers . . . . . . . . . . . : 10.10.9.10
Post by Ace Fekay [MCT]
Post by George
http://support.microsoft.com/kb/839879
I inherited this configuration. Turns out the server with the problem is
Windows SBS 2003 that was at one point replicating with a Windows 2003
Standard Edition Domain Controller. I was under the impression that SBS has
only one DC that has all the FSMO roles?
Anyway, I still had the Standard Edition server and I started dcpromo on it
and sure enough, dcpromo said this was a domain controller.
After I deleted the replication links as per the article, the problme
disappeared right away.
However, I'm still left with this second server as a DC in my AD of the
Windows SBS 2003.
Yes, you can install additional DCs in an SBS domain, but the SBS would hold
all the FSMO roles. If there are additional DCs, they should all be GCs, as
well.
The allocation error is a RID Pool error indicating the RID Master (one of
the FSMOs) is not available to refresh the next block of 500 RIDs that are
used whenever a new object in the domain is created (users, computers, etc).
I'm a little confused. You said you there was an additional DC in the
domain, but it's no longer there or is it there? So you now have two DCs,
the SBS and a Windows 2003 Std Edtion as a current DC?
Was there a DC that was simply unplugged prior to this?
If you have two (SBS and the other one), are they both GCs?
Do they both have DNS installed?
Can you post an ipconfig /all from both, please?
Thanks,
Ace
Ace Fekay [MCT]
2009-09-15 17:17:18 UTC
Permalink
Post by George
server alfa is the SBS DC
server beta is the Std Edition DC
Beta was taken off the network 10 months ago and has been off alfa's network
since then. However I have console access to beta even though it's not on
alfa's network anymore.
How can I tell if a DC is a GC? I opened up AD Sites and Services and
expanded each server. Under General tab of properties for NTDS settings, I
see that Global Catalog is checked for each server.
They both have DNS on them, alfa the master, beta the slave. The DNS is AD
integrated.
alfa
Windows IP Configuration
Host Name . . . . . . . . . . . . : alfa
Primary Dns Suffix . . . . . . . : mydomain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : mydomain.com
Description . . . . . . . . . . . : Intel(R) PRO/1000 CT Network Connection
Physical Address. . . . . . . . . : 00-00-00-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.9.30
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.9.2
DNS Servers . . . . . . . . . . . : 10.10.9.30
my_ISP_DNS_IP
Primary WINS Server . . . . . . . : 10.10.9.30
beta
Windows IP Configuration
Host Name . . . . . . . . . . . . : beta
Primary Dns Suffix . . . . . . . : mydomain.com
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : mydomain.com
Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI TX NIC
(3C90
5B-TX)
Physical Address. . . . . . . . . : 00-00-00-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.9.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.9.2
DNS Servers . . . . . . . . . . . : 10.10.9.10
Thank you for posting the ipconfigs, and in a safe manner!

First thing I see is you are using your ISP's DNS. Let's remove that. For
AD, you must only use the internal DNS, and in this case, it's your SBS, on
both interfaces. Configure a Forwarder to that ISP DNS. That's done in DNS
properties, Forwarders tab. If you try to configure a Forwarder, yet the
Forwarding option is grayed out, delete the Root zone (the zone actually
looks like the period at the end of a sentence). The following link will
show you how.

323380 - HOW TO Configure DNS for Internet Access in Windows Server 2003 :
http://support.microsoft.com/?id=323380Check out the following to show how,
if not sure:

Back to the DCs...

That's exactly where to tell if a DC is in Sites and Services - click on the
respective server, choose properties of NTDS.

However....

Since beta was off the wire and the SBS was never able to replicate to it
for 10 months, it has passed the tombstone lifetime (for 2003, that would
have been 180 days) of all AD objects (users, computers, DCs, etc).
Therefore beta can no longer (never) be plugged back into the network. You
have to simply rebuild it if you want to use it again.

Now you must remove beta's reference from AD on alfa. To do that, you would
need to run a Metadata Cleanup procedure, then delete it's reference in
Sites and service under Server objects. Follow the proc in the following
link.

How to remove data in Active Directory after an unsuccessful domain
controller demotion (Metadata cleanup):
http://support.microsoft.com/kb/216498

After you've ran the cleanup process and deleted its server object in Sites
and Services, run the following to make sure things are cleaned up and ok.
netdiag /v /fix
dcdiag /v /fix
Report any errors.

Sorry to be the bearer of this bad news, this is one of the stipulations of
AD, SBS or not. Once a DC is a DC, it's like a symbiant, you can't simply
unplug it. If a DC was not wanted any longer, you would simply run dcpromo
to demote it. It can't be simply unplugged, or the remaining DC that is
plugged in will keep crying for its partner. The only way out is to run the
cleanup process on the remaining DC.

If you had transferred any FSMO roles (which is not advised with SBS), they
would now have to be 'seize' to the existing DC, but I don't think you did
that. Run the following to make sure that all the FSMOs are still on the
SBS:

netdom query fsmo

If anyone one of the show elsewhere, they would need to be seized back.

Ace
George
2009-09-15 18:27:01 UTC
Permalink
Thanks for the quick and thorough reply. Tomorrow I'll have a look at
setting up the DNS forwarding. I ran netdom query fsmo on alfa and got this
so I think alfa's got everything it needs:

Schema owner alfa.mydomain.com

Domain role owner alfa.mydomain.com

PDC role alfa.mydomain.com

RID pool manager alfa.mydomain.com

Infrastructure owner alfa.mydomain.com

The command completed successfully.

Too bad I didn't know about that command before I deleted the replication
links between alfa and beta, would have liked to have seen that output. I
can live with having to rebuild beta if we want to use it as another DC.

Would it be enough to have a backup of alfa's System State for restoring AD
on alfa in the event the AD cleanup of beta on alfa went wrong?

How to remove data in Active Directory after an unsuccessful domain
controller demotion (Metadata cleanup):
http://support.microsoft.com/kb/216498
Post by Ace Fekay [MCT]
Post by George
server alfa is the SBS DC
server beta is the Std Edition DC
Beta was taken off the network 10 months ago and has been off alfa's network
since then. However I have console access to beta even though it's not on
alfa's network anymore.
How can I tell if a DC is a GC? I opened up AD Sites and Services and
expanded each server. Under General tab of properties for NTDS settings, I
see that Global Catalog is checked for each server.
They both have DNS on them, alfa the master, beta the slave. The DNS is AD
integrated.
alfa
Windows IP Configuration
Host Name . . . . . . . . . . . . : alfa
Primary Dns Suffix . . . . . . . : mydomain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : mydomain.com
Description . . . . . . . . . . . : Intel(R) PRO/1000 CT Network Connection
Physical Address. . . . . . . . . : 00-00-00-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.9.30
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.9.2
DNS Servers . . . . . . . . . . . : 10.10.9.30
my_ISP_DNS_IP
Primary WINS Server . . . . . . . : 10.10.9.30
beta
Windows IP Configuration
Host Name . . . . . . . . . . . . : beta
Primary Dns Suffix . . . . . . . : mydomain.com
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : mydomain.com
Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI TX NIC
(3C90
5B-TX)
Physical Address. . . . . . . . . : 00-00-00-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.9.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.9.2
DNS Servers . . . . . . . . . . . : 10.10.9.10
Thank you for posting the ipconfigs, and in a safe manner!
First thing I see is you are using your ISP's DNS. Let's remove that. For
AD, you must only use the internal DNS, and in this case, it's your SBS, on
both interfaces. Configure a Forwarder to that ISP DNS. That's done in DNS
properties, Forwarders tab. If you try to configure a Forwarder, yet the
Forwarding option is grayed out, delete the Root zone (the zone actually
looks like the period at the end of a sentence). The following link will
show you how.
http://support.microsoft.com/?id=323380Check out the following to show how,
Back to the DCs...
That's exactly where to tell if a DC is in Sites and Services - click on the
respective server, choose properties of NTDS.
However....
Since beta was off the wire and the SBS was never able to replicate to it
for 10 months, it has passed the tombstone lifetime (for 2003, that would
have been 180 days) of all AD objects (users, computers, DCs, etc).
Therefore beta can no longer (never) be plugged back into the network. You
have to simply rebuild it if you want to use it again.
Now you must remove beta's reference from AD on alfa. To do that, you would
need to run a Metadata Cleanup procedure, then delete it's reference in
Sites and service under Server objects. Follow the proc in the following
link.
How to remove data in Active Directory after an unsuccessful domain
http://support.microsoft.com/kb/216498
After you've ran the cleanup process and deleted its server object in Sites
and Services, run the following to make sure things are cleaned up and ok.
netdiag /v /fix
dcdiag /v /fix
Report any errors.
Sorry to be the bearer of this bad news, this is one of the stipulations of
AD, SBS or not. Once a DC is a DC, it's like a symbiant, you can't simply
unplug it. If a DC was not wanted any longer, you would simply run dcpromo
to demote it. It can't be simply unplugged, or the remaining DC that is
plugged in will keep crying for its partner. The only way out is to run the
cleanup process on the remaining DC.
If you had transferred any FSMO roles (which is not advised with SBS), they
would now have to be 'seize' to the existing DC, but I don't think you did
that. Run the following to make sure that all the FSMOs are still on the
netdom query fsmo
If anyone one of the show elsewhere, they would need to be seized back.
Ace
Ace Fekay [MCT]
2009-09-15 21:45:34 UTC
Permalink
"George" <***@discussions.microsoft.com> wrote in message news:4D52C944-D5EF-409A-8273-***@microsoft.com...

That's a good thought. I usually recommend a backup prior to any changes,
System state AND a full C: backup (if that's where Windows and Sysvol and
NTDS folders are installed).

It would be easier to rebuild beta. But remember, save any data on it before
wiping it clean.

Ace
Post by George
Thanks for the quick and thorough reply. Tomorrow I'll have a look at
setting up the DNS forwarding. I ran netdom query fsmo on alfa and got this
Schema owner alfa.mydomain.com
Domain role owner alfa.mydomain.com
PDC role alfa.mydomain.com
RID pool manager alfa.mydomain.com
Infrastructure owner alfa.mydomain.com
The command completed successfully.
Too bad I didn't know about that command before I deleted the replication
links between alfa and beta, would have liked to have seen that output. I
can live with having to rebuild beta if we want to use it as another DC.
Would it be enough to have a backup of alfa's System State for restoring AD
on alfa in the event the AD cleanup of beta on alfa went wrong?
How to remove data in Active Directory after an unsuccessful domain
http://support.microsoft.com/kb/216498
Post by Ace Fekay [MCT]
Post by George
server alfa is the SBS DC
server beta is the Std Edition DC
Beta was taken off the network 10 months ago and has been off alfa's network
since then. However I have console access to beta even though it's not on
alfa's network anymore.
How can I tell if a DC is a GC? I opened up AD Sites and Services and
expanded each server. Under General tab of properties for NTDS
settings,
I
see that Global Catalog is checked for each server.
They both have DNS on them, alfa the master, beta the slave. The DNS
is
AD
integrated.
alfa
Windows IP Configuration
Host Name . . . . . . . . . . . . : alfa
Primary Dns Suffix . . . . . . . : mydomain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : mydomain.com
Description . . . . . . . . . . . : Intel(R) PRO/1000 CT Network Connection
Physical Address. . . . . . . . . : 00-00-00-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.9.30
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.9.2
DNS Servers . . . . . . . . . . . : 10.10.9.30
my_ISP_DNS_IP
Primary WINS Server . . . . . . . : 10.10.9.30
beta
Windows IP Configuration
Host Name . . . . . . . . . . . . : beta
Primary Dns Suffix . . . . . . . : mydomain.com
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : mydomain.com
Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI TX NIC
(3C90
5B-TX)
Physical Address. . . . . . . . . : 00-00-00-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.9.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.9.2
DNS Servers . . . . . . . . . . . : 10.10.9.10
Thank you for posting the ipconfigs, and in a safe manner!
First thing I see is you are using your ISP's DNS. Let's remove that. For
AD, you must only use the internal DNS, and in this case, it's your SBS, on
both interfaces. Configure a Forwarder to that ISP DNS. That's done in DNS
properties, Forwarders tab. If you try to configure a Forwarder, yet the
Forwarding option is grayed out, delete the Root zone (the zone actually
looks like the period at the end of a sentence). The following link will
show you how.
http://support.microsoft.com/?id=323380Check out the following to show how,
Back to the DCs...
That's exactly where to tell if a DC is in Sites and Services - click on the
respective server, choose properties of NTDS.
However....
Since beta was off the wire and the SBS was never able to replicate to it
for 10 months, it has passed the tombstone lifetime (for 2003, that would
have been 180 days) of all AD objects (users, computers, DCs, etc).
Therefore beta can no longer (never) be plugged back into the network. You
have to simply rebuild it if you want to use it again.
Now you must remove beta's reference from AD on alfa. To do that, you would
need to run a Metadata Cleanup procedure, then delete it's reference in
Sites and service under Server objects. Follow the proc in the following
link.
How to remove data in Active Directory after an unsuccessful domain
http://support.microsoft.com/kb/216498
After you've ran the cleanup process and deleted its server object in Sites
and Services, run the following to make sure things are cleaned up and ok.
netdiag /v /fix
dcdiag /v /fix
Report any errors.
Sorry to be the bearer of this bad news, this is one of the stipulations of
AD, SBS or not. Once a DC is a DC, it's like a symbiant, you can't simply
unplug it. If a DC was not wanted any longer, you would simply run dcpromo
to demote it. It can't be simply unplugged, or the remaining DC that is
plugged in will keep crying for its partner. The only way out is to run the
cleanup process on the remaining DC.
If you had transferred any FSMO roles (which is not advised with SBS), they
would now have to be 'seize' to the existing DC, but I don't think you did
that. Run the following to make sure that all the FSMOs are still on the
netdom query fsmo
If anyone one of the show elsewhere, they would need to be seized back.
Ace
Loading...