Demoted DC often can't find new DC's
i'm posting here because issue demoted server can't find new domain controllers on network. dns issue; feel free move if doesn't belong here. thanks.
update 2:
the issue seems have gone away, last issue registered is 31/12/2012 02:40:54 p.m.
falls 2 hours after last reboot due teaming removal on domain controller.
so, either or server got tired of messing me.
now i'll wait see if "access denied" errors gone well.
we'll mark thread solved and, hope not, open new 1 errors pop-up again (or maybe re-read whole thread)
many help.
update:
i'm sorry if i've missed anyone's post , didn't reply. forum's thread layout isn't helping me.
to clarify: issues i'm having aren't being reflected in way regular users interact server. shares, thing access server for, being accessed without issue.
on other hand, we, users access server on rdp ones affected. first noticed wrong once started having "access denied" prompts while trying remote server. go away once wait while.
there isn't other server or computer access/logon issues either local or remote.
errors started appearing day demoted server. "access denied" issue started couple of weeks later.
status: of december 31st issue remains same, 3 errors made post still popping day. , they're seem more common rather fading.
i appreciate help.
i have server 2008 sp1 playground operations manager quite years before came here.
it had adds fsmo roles, dns server, dhcp server, ts server, file server, iis, our erp, exchange time, every single utility find test, 20 users logged on fulltime using office remote apps , surfing web (on admin privileges) on , some. thing didn't have updates. of on single raid 5 volume no hs. mess.
i've been working way kill , managed remove every essential service out of it, recent (oct) being adds. created new server, promoted , moved fsmo roles it, demoted old server. dcdiag reported ok.
since then, i've been having conectivity issues time on that server.
i'm having 3 different errors poping time:
level: error source: netlogon event id: 5719 description: computer not able set secure session domain controller in domain <domain> due following: there no logon servers available service logon request. may lead authentication problems. make sure computer connected network. if problem persists, please contact domain administrator.
level: error source: grouppolicy event id: 1054 description: processing of group policy failed. windows not obtain name of domain controller. caused name resolution failure. verify domain name sysytem (dns) configured , working correctly.
level: error source: grouppolicy event id: 1030 description: processing of group policy failed. windows attempted retrieve new group policy settings user or computer. in details tab error code , description. windows automatically retry operation @ next refresh cycle. computers joined domain must have proper name resolution , network connectivity domain controller discovery of new group policy objects , settings. event logged when group policy successful.
errorcode: 58
errordescription: the specified server cannot perform requested operation.
as result takes 3 or 4 tries rdp on it, other times won't let until later. says "access denied" on dialog.
the errors tell me there dns/network issues server. couldn't find network issue: flawlessly serves files, keeps rdp sessions open , responds ping <1ms lattency day, must dns or else.
thing can't scrap server yet, not until buy new file server , may still take months , year.
so option fix problems.
further info:
- the remaining roles on server are: file services, npas, ts , iis.
- any other server/service in network works fine, it's server issues.
- it doesn't have athentication issues on shares (most shares authenticated users)
- nslookup detects dc no issue. can't check whether when starts throwing "access denied" since happens when i'm trying log onto it, hence, i'm out of it.
i'd appreciate provide.
cheers.
"when not working supposed to, working expected" -r
hi,
ipconfig on problem server fine. 1 correction dns pointing on both dc add each others ip addresses there in nic alternate dns. can remove loopback ip (127.x.x.x) or set @ third position.
edit: is there nic teaming enabled on main dc, if yes, it not recomended gives multiple problems.
see following article dns best practice.
best practices dns client settings on dc , domain members.
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
you getting netlogon 5719 error, further troubleshooting may refer following kb/articles:
netlogon 5719 , disappearing domain [controller]
http://blogs.technet.com/b/instan/archive/2008/09/18/netlogon-5719-and-the-disappearing-domain.aspx
event id 5719 logged when start computer
http://support.microsoft.com/kb/938449
best regards,
abhijit waikar.
mcsa | mcsa:messaging | mcitp:sa | mcc:2012
blog: http://abhijitw.wordpress.com
disclaimer: posting provided "as is" no warranties or guarantees , confers no rights.
Windows Server > Directory Services
Comments
Post a Comment