I hope someone out there can help, I have asked on all IRC channels I can find. Please also bear in mind that I am in now way an expert at this, quite the opposite, I am a newbie so please bear with me.
I have two servers, One is my main server (named civil) and is the DC for the domain GA065.org (therefore its FQDN is civil.ga065.org. My other server I tried intorducing a few months ago as a backup server and I made it a DC as well (sorry I do not recall any settings I made to it). Now about three days ago I decided to put this server (named civil2) back into action. I went through the configure your server wizard and promoted it to a child domain as backup.ga065.org. After all that happened, it finished successful and both servers restarted. Now on the login screen I have a choice of two domains to log into (Ga065 or backup).
The problem I am facing is that on my original DC, civil, I cannot access anything related to active directory. Net logon will not start, sql will not start, I cannot view users in AD, exchange will not start...so on and so forth. I have looked through the event log and I have found a few errors that may be indicative of the problem. I tried looking through the MS KB articles to no avail. Below please see the errors and an attached dcdiag /test:dns log.
Another interesting point is that my passwords for the administrator account on each server were different and after the promotion, they switched! Also MSTSC will not let me remote to my server, it says something like the domain doesn't exist.( I am forced to use the slow java connection of RLO or be at the console)
Thanks so much for your help!
C/Capt. Gorlin
GA065 Administrator
2092: This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role.
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
FSMO Role: CN=Schema,CN=Configuration,DC=ga065,DC=org
1126:Active Directory was unable to establish a connection with the global catalog.
Additional Data
Error value:
1792 An attempt was made to logon, but the network logon service was not started.
Internal ID:
3200cd1
1308:The Knowledge Consistency Checker (KCC) has detected that successive attempts to replicate with the following domain controller has consistently failed.
Attempts:
5
Domain controller:
CN=NTDS Settings,CN=CIVIL2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ga065,DC=org
Period of time (minutes):
147
The Connection object for this domain controller will be ignored, and a new temporary connection will be established to ensure that replication continues. Once replication with this domain controller resumes, the temporary connection will be removed.
Additional Data
Error value:
8524 The DSA operation is unable to proceed because of a DNS lookup failure.
2087: Active Directory could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources.
Source domain controller:
civil2
Failing DNS host name:
7a9e2649-2240-4853-b2c3-9da6f97b31aa._msdcs.ga065.org
And Finally the DCDIAG results:
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\CIVIL
Starting test: Connectivity
......................... CIVIL passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\CIVIL
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : ga065
Running enterprise tests on : ga065.org
Starting test: DNS
Test results for domain controllers:
DC: civil.ga065.org
Domain: ga065.org
TEST: Authentication (Auth)
Error: Authentication failed with specified credentials
TEST: Basic (Basc)
Error: NETLOGON service is not running
Warning: adapter [00000002] HP NC3131 Fast Ethernet NIC has in
valid DNS server: 69.15.99.130 (<name unavailable>)
TEST: Forwarders/Root hints (Forw)
Error: Forwarders list has invalid forwarder: 69.15.99.130 (<n
ame unavailable>)
Error: Root hints list has invalid root hint server: a.root-se
rvers.net. (198.41.0.4)
Error: Root hints list has invalid root hint server: b.root-se
rvers.net . (192.228.79.201)
Error: Root hints list has invalid root hint server: c.root-se
rvers.net. (192.33.4.12 )
Error: Root hints list has invalid root hint server: d.root-se
rvers.net. (128.8.10.90)
Error: Root hints list has invalid root hint server: e.root-se
rvers.net. (192.203.230.10)
Error: Root hints list has invalid root hint server: f.root-se
rvers.net. (192.5.5.241)
Error: Root hints list has invalid root hint server: g.root-se
rvers.net. ( 192.112.36.4)
Error: Root hints list has invalid root hint server: h.root-se
rvers.net. (128.63.2.53)
Error: Root hints list has invalid root hint server: i.root-se
rvers.net. (192.36.148.17)
Error: Root hints list has invalid root hint server: j.root-se
rvers.net . (192.58.128.30)
Error: Root hints list has invalid root hint server: k.root-se
rvers.net. (193.0.14.129 )
Error: Root hints list has invalid root hint server: l.root-se
rvers.net. (198.32.64.12)
Error: Root hints list has invalid root hint server: m.root-se
rvers.net. (202.12.27.33)
TEST: Delegations (Del)
Error: DNS server: civil.ga065.org. IP:69.15.99.138 [Broken de
legated domain backup.ga065.org .]
Error: DNS server: ns1.ga065.org. IP:10.1.2.48 [Broken delegat
ed domain backup.ga065.org.]
Error: DNS server: ns1.ga065.org. IP:69.15.99.138 [Broken dele
gated domain backup.ga065.org.]
TEST: Dynamic update (Dyn)
Warning: Dynamic update is enabled on the zone but not secure
ga065.org.
TEST: Records registration (RReg)
Network Adapter [00000002] HP NC3131 Fast Ethernet NIC:
Error: Missing CNAME record at DNS server 69.15.99.130 :
6532f09f-ef61-4c57-bd2e-8478fde72c74._msdcs.ga065.org
Error: Missing DC SRV record at DNS server 69.15.99.130 :
_ldap._tcp.dc._msdcs.ga065.org
Error: Missing GC SRV record at DNS server 69.15.99.130 :
_ldap._tcp.gc._msdcs.ga065.org
Error: Missing PDC SRV record at DNS server 69.15.99.130 :
_ldap._tcp.pdc._msdcs.ga065.org
Error: Record registrations cannot be found for all the network a
dapters
Summary of test results for DNS servers used by the above domain contro
llers:
DNS server: 69.15.99.130 (<name unavailable>)
2 test failures on this DNS server
Name resolution is not functional. _ldap._tcp.ga065.org. failed o
n the DNS server 69.15.99.130
DNS server: 69.15.99.138 (civil.ga065.org.)
2 test failures on this DNS server
Delegation is broken for the domain backup.ga065.org. on the DNS
server 69.15.99.138
DNS server: 10.1.2.48 (ns1.ga065.org.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 10.1.2.48
Delegation is broken for the domain backup.ga065.org. on the DNS
server 10.1.2.48
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.63.2.53
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.8.10.90
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.112.36.4
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.203.230.10
DNS server: 192.228.79.201 (b.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.228.79.201
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.33.4.12
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.36.148.17
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.5.5.241
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.58.128.30
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 193.0.14.129
DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.32.64.12
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.41.0.4
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 202.12.27.33
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
________________________________________________________________
Domain: ga065.org
civil FAIL FAIL FAIL FAIL WARN FAIL n/a
......................... ga065.org failed test DNS
