Single 2003 server, single domain, with Exchange 2003

Discussion in 'Active Directory' started by Lee, Feb 19, 2005.

  1. Lee

    Lee Guest

    I run DCDiag on my windows 2003 server with exchange 2003 and I get the
    following error. (This is a single machine, single DC, not Small Business
    Server.)
    ----------------------------
    Starting test: FsmoCheck
    Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
    A Global Catalog Server could not be located - All GC's are down.
    Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
    A Time Server could not be located.
    The server holding the PDC role is down.
    Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
    135
    5
    A Good Time Server could not be located.
    Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
    A KDC could not be located - All the KDCs are down.
    ......................... domain.com failed test FsmoCheck
    ----------------------------
    I have no dns error messages, the server is a DNS server and its pointing to
    itself.

    I've got an Event ID 1126 source NTDS General:
    ------------------------
    Active Directory was unable to establish a connection with the global
    catalog.

    Additional Data
    Error value:
    1355 The specified domain either does not exist or could not be contacted.
    Internal ID:
    3200caf

    User Action:
    Make sure a global catalog is available in the forest, and is reachable from
    this domain controller. You may use the nltest utility to diagnose this
    problem.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.
    ------------------------
    The server is a Global Catalog and I've even unchecked the GC setting hit
    apply and then checked it back then hitting apply. I've also noticed that
    the SYSVOL share is not shared currently. I can't seem to find any KB's that
    say "How" to get it shared out again. They all say how it's suppoed to be
    set, but nothing on how to recreate the share correctly.

    I've also gotten EVENT ID 40961 Source LSASRV with the following error
    message.
    ----------------------
    The Security System could not establish a secured connection with the server
    ldap/DOMAIN.COM. No authentication protocol was available.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.
     
    Lee, Feb 19, 2005
    #1
    1. Advertisements

  2. Lee

    Todd J Heron Guest

    Is the machine multi-homed? If so is the internal adapter at the top of
    the binding order? Is the machine also pointing to an external DNS server
    on any IP interface (I know you said it points to itself for DNS but how
    many IP interfaces does it have? Sysvol not shared out is a major problem.
    Are any shares visible on the DC? Is FRS started? What errors are in you DS
    and FRS event logs?

    See here:
    http://support.microsoft.com/default.aspx?scid=kb;en-us;257338
     
    Todd J Heron, Feb 19, 2005
    #2
    1. Advertisements

  3. Lee

    Lee Guest

    Nope it is not Multi-Homed. It has forwarders set for external dns. I've
    gone through Q257338 but there is nothing really there to show how to fix.
    Just describes what should be there. I can see a number of shares, only has
    one ip, the DS error log is the one below:
    ------------
    Active Directory was unable to establish a connection with the global
    catalog.

    Additional Data
    Error value:
    1355 The specified domain either does not exist or could not be contacted.
    Internal ID:
    3200caf

    User Action:
    Make sure a global catalog is available in the forest, and is reachable from
    this domain controller. You may use the nltest utility to diagnose this
    problem.

    For more information, see Help and Support Center at
     
    Lee, Feb 19, 2005
    #3
  4. Lee

    Todd J Heron Guest

    The 40961 error can be fixed by creating a reverse lookup zone for the
    subnet that you are running internally.

    We need more details on your setup. Can you please provide the following
    information:

    1) Domain name from Active Directory Users & Computers
    2) List of all Forward Lookup Zones in the DNS console
    3) Output of ipconfig /all (an unedited version - please do not make any
    changes)
     
    Todd J Heron, Feb 19, 2005
    #4
  5. Lee

    Lee Guest

    The challenge I have with showing the FQDN is that these things end up
    elsewhere on the net. So I will only change the domain name to domain.com,
    but everything before that will be accurate.

    Here goes.
    1: home.domain.com
    2: one forward lookup zone. home.domain.com
    3: Results of IPCONFIG /ALL
    C:\>ipconfig /all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : newmack
    Primary Dns Suffix . . . . . . . : home.domain.com
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : home.domain.com
    domain.com

    Ethernet adapter Local Area Connection 4:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
    Physical Address. . . . . . . . . : 00-08-74-1B-46-7F
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.1.2
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.1.1
    DNS Servers . . . . . . . . . . . : 192.168.1.2

    C:\>
     
    Lee, Feb 19, 2005
    #5
  6. Lee

    Todd J Heron Guest

    Ok that looks good so let us now see if you are missing any SRV records in
    the AD DNS zone. Open up the DNS MMC and see if your AD DNS zone contain
    these SRV folders: _msdcs, _sites, _tcp and _udp. Secondly, is you AD DNS
    zone set to allow dynamic updates? If not, configure it so that it does
    then restart the Netlogon service.
     
    Todd J Heron, Feb 19, 2005
    #6
  7. Lee

    Lee Guest

    None of those are missing and it is set to allow secure dynamic updates.
     
    Lee, Feb 20, 2005
    #7
  8. Hello,

    I suggest that you check if there is a GC in your domain.

    1. Run AD sites and services mmc
    2. Go to Servers-><DC name>->Ntds settings
    3. Right click Ntds settings->Properties->General, and check if Glabal
    Catalog is checked.

    Also, this issue can occur if Distributed Link Tracking objects exist in
    AD. If it is case, please check if 2 services TrkWks TrkSvr are started
    properly

    1. Run Servcies.msc
    2. Check Distributed Link Tracking Client/server service are started.

    312403 Distributed Link Tracking on Windows-based domain controllers
    http://support.microsoft.com/?id=312403

    In addition, I'd like to know when the issue first appeared. Did it appear
    right after DC promotion? If so, it seems there was problems when running
    DCpromo.

    If the issue appeared after a restoration and the DC is the only domain
    controller in the domain, I suggest that you refer to the following article
    to fix the problem:

    316790 The Sysvol and Netlogon Shares Are Missing After You Restore a Domain
    http://support.microsoft.com/?id=316790

    Also, according to the error message, PDC role is down. I suggest that you
    refer to the following articles to view/seize FSMO and GC role.

    255690.KB.EN-US HOW TO: View and Transfer FSMO Roles in the Graphical User
    Interface
    http://support.microsoft.com/default.aspx?scid=KB;EN-US;255690

    255504.KB.EN-US: Using Ntdsutil.exe to Seize or Transfer the FSMO Roles to
    a Domain
    http://support.microsoft.com/default.aspx?scid=KB;EN-US;255504

    293421.KB.EN-US Domain Controllers Continue to Use Global Catalog Server
    After It Has
    http://support.microsoft.com/default.aspx?scid=KB;EN-US;293421

    Best Regards,

    Peter Yang
    MCSE2000/2003, MCSA, MCDBA
    Microsoft Online Partner Support

    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.

    =====================================================

    This posting is provided "AS IS" with no warranties, and confers no rights.




    --------------------
    | Thread-Topic: Single 2003 server, single domain, with Exchange 2003
    | thread-index: AcUXDezH3RmmJI3US2CnEYqEh138Mg==
    | X-WBNR-Posting-Host: 216.102.65.59
    | From: =?Utf-8?B?TGVl?= <>
    | References: <>
    <>
    <>
    <>
    <>
    <>
    | Subject: Re: Single 2003 server, single domain, with Exchange 2003
    | Date: Sat, 19 Feb 2005 21:35:02 -0800
    | Lines: 18
    | Message-ID: <>
    | MIME-Version: 1.0
    | Content-Type: text/plain;
    | charset="Utf-8"
    | Content-Transfer-Encoding: 7bit
    | X-Newsreader: Microsoft CDO for Windows 2000
    | Content-Class: urn:content-classes:message
    | Importance: normal
    | Priority: normal
    | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    | Newsgroups: microsoft.public.windows.server.active_directory
    | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
    | Path: TK2MSFTNGXA02.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl
    | Xref: TK2MSFTNGXA02.phx.gbl
    microsoft.public.windows.server.active_directory:32989
    | X-Tomcat-NG: microsoft.public.windows.server.active_directory
    |
    | None of those are missing and it is set to allow secure dynamic updates.
    |
    | "Todd J Heron" wrote:
    |
    | > Ok that looks good so let us now see if you are missing any SRV records
    in
    | > the AD DNS zone. Open up the DNS MMC and see if your AD DNS zone
    contain
    | > these SRV folders: _msdcs, _sites, _tcp and _udp. Secondly, is you AD
    DNS
    | > zone set to allow dynamic updates? If not, configure it so that it
    does
    | > then restart the Netlogon service.
    | >
    | > --
    | > Todd J Heron, MCSE
    | > Windows Server 2003/2000/NT
    | >
    ----------------------------------------------------------------------------
    | > This posting is provided "as is" with no warranties and confers no
    rights
    | >
    | >
    | >
    |
     
    Peter Yang [MSFT], Feb 21, 2005
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.