3

BACKGROUND:

1) Some time ago, a colleague did a clean install of Windows Server 2008 R2, promoted it to Domain Controller from an old Windows Server 2003, and life seemed to be good. In the meantime, a bunch of software was installed the on server.

2) He asked me to take a look because of a seeming annoyance: the Active Directory for Users and Computers (dsa.msc) fails with this error:

  ERROR: Naming information cannot be located because:
  The specified domain either does not exist or could not be contacted.

3) Looking further: - There is no SYSVOL and no NETLOGON - dcdiag passes most tests, but flags this error:

...
Running enterprise tests on : myserver.local
      Starting test: LocatorCheck
         Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
         A Global Catalog Server could not be located - All GC's are down.
         Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
         A Time Server could not be located.
         The server holding the PDC role is down.

4) Most things seem to work. Active Directory exists, users can log in, the databases and 3rd-party enterprise software installed on the server all work.

But we seem to have a domain without a PDC.

It is not practical to reinstall from scratch.

Q: Is there any chance I can somehow create a Global Catalog, SYSVOL and NETLOGON and turn our Domain Controller into a viable PDC?

PS:

1) When I try to seize the relevant FSMO roles, ntdsutil reports "FSMO transferred successfully - seizure not required." So this is not the problem.

2) Both dsa.msc (Active Directory for Users & Computers) and dssite.msc (Active Directory Sites and Services) snap-ins fail with Naming information cannot be located.

paulsm4
  • 280
  • 1
  • 12
  • 1
    http://support.microsoft.com/kb/296882 and http://support.microsoft.com/kb/283133 and http://support.microsoft.com/kb/257338 – TheCleaner Sep 20 '13 at 21:20
  • If you had a car and that car had a problem that you had a vague idea about, and you knew enough to do some basic analysis and troubleshooting, but you didn't quite know how to fix it would you attempt to fix it yourself or would you take it to a mechanic, knowing that if you try to fix it yourself you could possibly render it unusable, leaving you without a car? – joeqwerty Sep 20 '13 at 22:29
  • 4
    My point being, you've identified that there's a problem, you've done some basic analysis and troubleshooting but you're not quite sure how to fix it. Call Microsoft PSS and let them help you. You'll get the problem fixed, you'll learn something in the process and, most importantly, you won't make the problem worse. – joeqwerty Sep 20 '13 at 22:29
  • 1
    Is `myserver.local` the only Domain Controller? – Mathias R. Jessen Dec 29 '13 at 00:18
  • @MathiasR.Jessen: thank you for the reply. Yes, it's the only Domain Controller. The problem is still unresolved - I've just been living with it. – paulsm4 Dec 30 '13 at 01:08
  • Do you have the appropriate firewall ports open? 3268/3269 for global catalog and UDP 123 NTP? Has the server been made a global catalog? http://technet.microsoft.com/en-us/library/cc755257.aspx – Ryan Newington Feb 12 '14 at 20:41

1 Answers1

2

Is it possible to standup another server, make it a DC, seize the roles from the current 'broken' PDC, and then re-take the roles back onto the PDC? Then simply remove your 'adhoc' DC from the domain?

Or alternately standup a new DC and make it the PDC, then remove AD from your current PDC, reinstall it, and take all roles from the temp PDC.

Also, why are you not running with a secondary DC??? Living on the edge!

You could also make any other server your Temp PDC by installing AD to avoid standing up a new server. I would leave the temp AD server as your secondary DC after you get the roles all transferred though.

Lee Harrison
  • 486
  • 1
  • 5
  • 19