• Digital accessories
  • Server
  • Digital life
  • Privacy policy
  • Contact us
  1. Home
  2. Server
  3. [SOLVED] AD Problems Server 2016. DC not Advertising. Need ...

[SOLVED] AD Problems Server 2016. DC not Advertising. Need ...

Rsdaa 02/02/2022 1654

Migrating off an old server and onto a new one.

Old DC was 2012R2 server that seemed pretty solid. New DC is a 2016 Server.

Built up and added new server to AD, promoted it to a DC. Moved all FSMO roles off old DC and onto new. Confirmed they had been moved several times.

Ensured new DC was GC, it was. Confirmed old DC was a GC it was, but ....

In ADUC on the 2012 server the 2016 DC was listed as a DC not GC. But in ADUC on the new server it was listed as a GC. FSMO roles were confirmed on the new server, not the old (from memory).

These two servers lived like this for 2-3 weeks.

Today I demoted the old DC and now I have mega AD errors.

AD tools time out on the new DC & eventually open but don't display anything.

Netdom query FSMO returns with "Specified domain does not exist or could not be contacted"

Most fixes I've seen have been for 2012 or 2008, 2016 looks different to either of these.

Here's the output of DCDIAG:

Directory Server DiagnosisPerforming initial setup: Trying to find home server... Home Server = 2118SDC01 * Identified AD Forest.Done gathering initial info.Doing initial required testsTesting server: Default-First-Site-Name\2118SDC01Starting test: Connectivity ......................... 2118SDC01 passed test ConnectivityDoing primary testsTesting server: Default-First-Site-Name\2118SDC01Starting test: Advertising Fatal Error:DsGetDcName (2118SDC01) call failed, error 1355 The Locator could not find the server. ......................... 2118SDC01 failed test AdvertisingStarting test: FrsEvent ......................... 2118SDC01 passed test FrsEventStarting test: DFSREvent There are warning or error events within the last 24 hours after the SYSVOL has been shared.Failing SYSVOL replication problems may cause Group Policy problems.......................... 2118SDC01 failed test DFSREventStarting test: SysVolCheck ......................... 2118SDC01 passed test SysVolCheckStarting test: KccEvent A warning event occurred.EventID: 0x8000082CTime Generated: 04/19/2018 17:37:11Event String:A warning event occurred.EventID: 0x8000082CTime Generated: 04/19/2018 17:37:11Event String:A warning event occurred.EventID: 0x80000829Time Generated: 04/19/2018 17:37:11Event String:This directory partition has not been backed up since at least the following number of days.A warning event occurred.EventID: 0x8000082CTime Generated: 04/19/2018 17:37:11Event String:A warning event occurred.EventID: 0x80000829Time Generated: 04/19/2018 17:37:11Event String:This directory partition has not been backed up since at least the following number of days.A warning event occurred.EventID: 0x8000082CTime Generated: 04/19/2018 17:37:11Event String:A warning event occurred.EventID: 0x80000829Time Generated: 04/19/2018 17:37:11Event String:This directory partition has not been backed up since at least the following number of days.A warning event occurred.EventID: 0x80000829Time Generated: 04/19/2018 17:37:11Event String:This directory partition has not been backed up since at least the following number of days.A warning event occurred.EventID: 0x80000829Time Generated: 04/19/2018 17:37:11Event String:This directory partition has not been backed up since at least the following number of days.A warning event occurred.EventID: 0x8000082CTime Generated: 04/19/2018 17:38:12Event String:......................... 2118SDC01 passed test KccEventStarting test: KnowsOfRoleHolders ......................... 2118SDC01 passed test KnowsOfRoleHoldersStarting test: MachineAccount ......................... 2118SDC01 passed test MachineAccountStarting test: NCSecDesc ......................... 2118SDC01 passed test NCSecDescStarting test: NetLogons Unable to connect to the NETLOGON share! (\\2118SDC01\netlogon) [2118SDC01] An net use or LsaPolicy operation failed with error 67, The network name cannot be found.. ......................... 2118SDC01 failed test NetLogonsStarting test: ObjectsReplicated ......................... 2118SDC01 passed test ObjectsReplicatedStarting test: Replications [Replications Check,2118SDC01] A recent replication attempt failed:From 2118SDC0A to 2118SDC01Naming Context: DC=ForestDnsZones,DC=curric,DC=domain-x,DC=wanThe replication generated an error (1256):The remote system is not available. For information about network troubleshooting, see Windows Help.The failure occurred at 2018-04-19 16:52:53.The last success occurred at 2018-04-19 15:03:16.4 failures have occurred since the last success. [2118SDC0A] DsBindWithSpnEx() failed with error 1722, The RPC server is unavailable.. [Replications Check,2118SDC01] A recent replication attempt failed:From 2118SDC0A to 2118SDC01Naming Context: DC=DomainDnsZones,DC=curric,DC=domain-x,DC=wanThe replication generated an error (1256):The remote system is not available. For information about network troubleshooting, see Windows Help.The failure occurred at 2018-04-19 16:52:53.The last success occurred at 2018-04-19 15:05:15.4 failures have occurred since the last success. [Replications Check,2118SDC01] A recent replication attempt failed:From 2118SDC0A to 2118SDC01Naming Context:CN=Schema,CN=Configuration,DC=curric,DC=domain-x,DC=wanThe replication generated an error (1722):The RPC server is unavailable.The failure occurred at 2018-04-19 16:53:36.The last success occurred at 2018-04-19 14:47:23.4 failures have occurred since the last success.The source remains down. Please check the machine. [Replications Check,2118SDC01] A recent replication attempt failed:From 2118SDC0A to 2118SDC01Naming Context: CN=Configuration,DC=curric,DC=domain-x,DC=wanThe replication generated an error (1722):The RPC server is unavailable.The failure occurred at 2018-04-19 16:52:53.The last success occurred at 2018-04-19 15:07:14.4 failures have occurred since the last success.The source remains down. Please check the machine. [Replications Check,2118SDC01] A recent replication attempt failed:From 2118SDC0A to 2118SDC01Naming Context: DC=curric,DC=domain-x,DC=wanThe replication generated an error (1722):The RPC server is unavailable.The failure occurred at 2018-04-19 16:54:18.The last success occurred at 2018-04-19 15:03:57.4 failures have occurred since the last success.The source remains down. Please check the machine. ......................... 2118SDC01 failed test ReplicationsStarting test: RidManager ......................... 2118SDC01 passed test RidManagerStarting test: Services ......................... 2118SDC01 passed test ServicesStarting test: SystemLog A warning event occurred.EventID: 0x00001796Time Generated: 04/19/2018 17:07:56Event String:Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server. This event occurs once per boot of the server on the first time a client uses NTLM with this server. An error event occurred.EventID: 0xC00038D6Time Generated: 04/19/2018 17:42:48Event String:The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data. An error event occurred.EventID: 0x00000469Time Generated: 04/19/2018 17:45:02Event String:The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator. An error event occurred.EventID: 0x00002720Time Generated: 04/19/2018 17:45:04Event String:The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID......................... 2118SDC01 failed test SystemLogStarting test: VerifyReferences ......................... 2118SDC01 passed test VerifyReferences Running partition tests on : ForestDnsZonesStarting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDomStarting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidationRunning partition tests on : DomainDnsZonesStarting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDomStarting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidationRunning partition tests on : SchemaStarting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDomStarting test: CrossRefValidation ......................... Schema passed test CrossRefValidationRunning partition tests on : ConfigurationStarting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDomStarting test: CrossRefValidation ......................... Configuration passed test CrossRefValidationRunning partition tests on : curricStarting test: CheckSDRefDom ......................... curric passed test CheckSDRefDomStarting test: CrossRefValidation ......................... curric passed test CrossRefValidationRunning enterprise tests on : curric.domain-x.wanStarting test: LocatorCheck Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355 A Global Catalog Server could not be located - All GC's are down. Warning: DcGetDcName(TIME_SERVER) call failed, error 1355 A Time Server could not be located. The server holding the PDC role is down. Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355 A Good Time Server could not be located. Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355 A KDC could not be located - All the KDCs are down. ......................... curric.domain-x.wan failed test LocatorCheckStarting test: Intersite ......................... curric.domain-x.wan passed test IntersiteThanks for any help.

Serrano

OP

Ok for anyone else who suffers this catastrophic looking bunch of errors, my fix was extremely simple:

From this thread:

https://social.technet.microsoft.com/Forums/en-US/3d76a999-cfdc-4eff-b2ab-2fb697e8d7ee/2016-sysvol-a...

It came down to a simple registry change.

Open administrative powershell.

Run net share

Review shares and find NETLOGON and SYSVOL shares, if they are there turn them off and back on in registry.

Type regedt32 in Powershell and edit the following registry entry

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Change sysvolready=0 <<<< Turns off sysvol and netlogon shares.

Change sysvolready=1 <<<< Creates and shares sysvol and netlogon automatically.

Do this to all Domain Controllers

I did the above and the DC came to life after a reboot.

I did a 'netdom query fsmo' on the revived DC and it is indeed the role holder for all 5 roles.

I wasn't however a GC, so I just made it one.

Another useful link:

https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/troubleshoot/verify-dns-functi...

This thread also has lots of ideas to try:

https://community.spiceworks.com/topic/2050882-windows-server-2008-ad-missing

I'm still going through Event Viewer & cleaning up metadata.


PREV: how to access web server running in vmware

NEXT: Datacenter &amp; Virtual Machines: How do they work?|SoftwareKeep

Popular Articles

Hot Articles
Back to Top