Questions

windows 2003 domain controller DNS problem

+
0 Votes
Locked

windows 2003 domain controller DNS problem

salahaddin
Hi,

i have windows 2003 domain server,configured active directory,dns. it was working fine. suddenly the system board crashed. i replaced the board, after replcing the board the dns services was not working due to NIC card problem. i replace the card and configured the with differnt IP address. still the dns service was not working. so i remove the zones and creat again. now the dns service working.

but i can not able to join any computer in domain, i can able to ping the server ( domain server ). i think the dns not delegating the active directory services.

please can some one advise me how to fix this problem.ther are baout 25 computers are connected.

regards
  • +
    0 Votes

    RPC

    Charles Bundy

    I had something like this about three years ago. Problem was related to a hotfix that munged RPC. Hope this helps!

    +
    0 Votes
    markp24

    Hi,

    Have you tried removing that computer account from AD users computers before readding it?
    Also try using some of the tools in the resource kit to troubleshoot the DNS and AD .
    Not sure how large you network is but if its pretty large , you may have tobe patient and wait for the AD to replicate the changes before readding the server.

    +
    0 Votes
    jonathan.mason1

    Did I read that correctly? You changed the IP address of your DNS server? When you did that did you account for those changes in dhcp?

    +
    0 Votes
    Spitfire_Sysop

    When you change the MB, generally you have to reinstall windows due to it's relationship with the hardware GUID.

    Aside from that. Use tools like NSLOOKUP from clients to test DNS. Check what settings are being pushed out by DHCP at the clients. If you don't want to reinstall you could remove server roles and reload them to re-establish proper settings. This can be much faster than manually hacking out each setting that is stuck.

    +
    0 Votes
    salahaddin

    hi,

    i did not reload the OS, since it was same model motherboard . there was only proble with NIC card so replace it. i tried configure same IP but i could not. there was error message saying the ip address already assigned to hidden NIC. os i change the IP to new .
    after that noticed the DNS error log..that the service not starting properly. i did remove the zones and re created. now the service dns service is working. but it is not replicating active directory. there was i can not able to join new workstation to domain.

    previous users are able logon... i did not tried re join any existing computers.
    there are total 30 users connected on domains. the problem if i do fresh installation. i have configure all users profiles.. since every users having outlook pop3 mail accounts.. once change user profiles... i have re setup there accounts.

    is there any utility to fix this problem.. it just need to syncronized the active directory datbase with dns.

    from the clients side i can able to ping the server IP.. but i can not able to join in domain.
    .

    +
    0 Votes
    Charrison2503

    NetDom includes many other commands that can be used to manage your domain. Check out
    the full online reference for NetDom at http://technet.microsoft.com/library/cc772217.aspx.
    These are some other commands that may be of interest to you:
    ???u NetDom Reset resets a machine???s account. Sometimes you???ll sit down at a system and be
    unable to log onto the domain because the machine has lost its domain account, or so it
    says. Sometimes just resetting it does the job.
    ???u NetDom ResetPwd resets a machine???s domain password. You must be sitting at the machine
    for this to run. If a machine has not connected to the domain for an extended period, it???s
    possible for its account password to expire, and this command can resolve the problem.
    ???u NetDom Remove removes a system from a domain.

    +
    0 Votes
    salahaddin

    Hi,

    i tried all possiblities.. failed to run the domain normal.
    so finally i decided to reinstall from scratch.
    here cani get back all user account if have system state backup.

    what is the best way to keep disaster recovery for my domain.

    regards

    +
    0 Votes
    jonathan.mason1

    When you changed the IP address of the Domain Controller did you address the DNS setting in the DHCP scope?
    Also if you change the IP address did you also set the helper address to the new IP address so traffic for DHCP requests could be forwarded to the correct location?

    Sounds like all you needed to do to fix your problem was have the clients look in the right spot, you cant just change the the IP address of the domain controller without addressing the ip change on the network

    +
    0 Votes
    drumright

    When you replaced the motherboard was it the same model and manufacturer as the failed board? Usually your account in the domain is setup by looking at your hardware and creating a hardware id from all installed components and software ID (SID). That is why you needed to reset the account. Question Was this server your first DC in the domain? is there another DC in the environment that could use for locating the old server boards (NIC) MAC address? Also you need to make sure you have all firewall ports open for dns, dhcp, REPLICATION!!, etc. A system state could possibly work if the motherboard is the same model from the same manufacturer. Your conflict with the old IP address would be due to a dhcp reservation, or lease that has not expired. Check DHCP on (hopefully a second DC in case of this happening) your second DC if you see the old reservation write down the old mac address (just in case) delete the old reservation and add the new reservation with the new MAC. Clear Arp and dns on your working DC, Switch, Router?, Firewall, (other servers?, dhcp server options, dns server options.) You get the picture. Make sure you delete the old A, PTR records in dhcp. Reload the zones on the working DNS and dhcp zones in the GUI. While you are waiting for those to reload go ahead and reset your new server to the correct ip address, make sure you go into advanced options to set options for dns records on the server to be updated. You should not have to but I would go ahead and restart the server (mobo replaced server) sign in hopefully with a domain account (preferably Administrator) go to start/run/ CMD Enter type ipconfig /all see if you are showing the IP address that was the original before failure. Ping the gateway, working dns and dhcp server. Success means you should be able to replicate IF! you do not need to reset the domain account one more time on the existing DC, You will be able to find this out by checking eventvwr, or just try to manage another server, or pc in your environment. BTW it might take some time for the new config changes to propagate to the devices in your network. I would force replication and possibly gpupdate on the working DC, but only after you make sure you can replicate dns etc to your old server. Make sure you get the DC's to succesfully authenticate to each other first..........Have fun and yes this is overkill but I am not sure what has been changed, replaced, deleted, added since the 24th

  • +
    0 Votes

    RPC

    Charles Bundy

    I had something like this about three years ago. Problem was related to a hotfix that munged RPC. Hope this helps!

    +
    0 Votes
    markp24

    Hi,

    Have you tried removing that computer account from AD users computers before readding it?
    Also try using some of the tools in the resource kit to troubleshoot the DNS and AD .
    Not sure how large you network is but if its pretty large , you may have tobe patient and wait for the AD to replicate the changes before readding the server.

    +
    0 Votes
    jonathan.mason1

    Did I read that correctly? You changed the IP address of your DNS server? When you did that did you account for those changes in dhcp?

    +
    0 Votes
    Spitfire_Sysop

    When you change the MB, generally you have to reinstall windows due to it's relationship with the hardware GUID.

    Aside from that. Use tools like NSLOOKUP from clients to test DNS. Check what settings are being pushed out by DHCP at the clients. If you don't want to reinstall you could remove server roles and reload them to re-establish proper settings. This can be much faster than manually hacking out each setting that is stuck.

    +
    0 Votes
    salahaddin

    hi,

    i did not reload the OS, since it was same model motherboard . there was only proble with NIC card so replace it. i tried configure same IP but i could not. there was error message saying the ip address already assigned to hidden NIC. os i change the IP to new .
    after that noticed the DNS error log..that the service not starting properly. i did remove the zones and re created. now the service dns service is working. but it is not replicating active directory. there was i can not able to join new workstation to domain.

    previous users are able logon... i did not tried re join any existing computers.
    there are total 30 users connected on domains. the problem if i do fresh installation. i have configure all users profiles.. since every users having outlook pop3 mail accounts.. once change user profiles... i have re setup there accounts.

    is there any utility to fix this problem.. it just need to syncronized the active directory datbase with dns.

    from the clients side i can able to ping the server IP.. but i can not able to join in domain.
    .

    +
    0 Votes
    Charrison2503

    NetDom includes many other commands that can be used to manage your domain. Check out
    the full online reference for NetDom at http://technet.microsoft.com/library/cc772217.aspx.
    These are some other commands that may be of interest to you:
    ???u NetDom Reset resets a machine???s account. Sometimes you???ll sit down at a system and be
    unable to log onto the domain because the machine has lost its domain account, or so it
    says. Sometimes just resetting it does the job.
    ???u NetDom ResetPwd resets a machine???s domain password. You must be sitting at the machine
    for this to run. If a machine has not connected to the domain for an extended period, it???s
    possible for its account password to expire, and this command can resolve the problem.
    ???u NetDom Remove removes a system from a domain.

    +
    0 Votes
    salahaddin

    Hi,

    i tried all possiblities.. failed to run the domain normal.
    so finally i decided to reinstall from scratch.
    here cani get back all user account if have system state backup.

    what is the best way to keep disaster recovery for my domain.

    regards

    +
    0 Votes
    jonathan.mason1

    When you changed the IP address of the Domain Controller did you address the DNS setting in the DHCP scope?
    Also if you change the IP address did you also set the helper address to the new IP address so traffic for DHCP requests could be forwarded to the correct location?

    Sounds like all you needed to do to fix your problem was have the clients look in the right spot, you cant just change the the IP address of the domain controller without addressing the ip change on the network

    +
    0 Votes
    drumright

    When you replaced the motherboard was it the same model and manufacturer as the failed board? Usually your account in the domain is setup by looking at your hardware and creating a hardware id from all installed components and software ID (SID). That is why you needed to reset the account. Question Was this server your first DC in the domain? is there another DC in the environment that could use for locating the old server boards (NIC) MAC address? Also you need to make sure you have all firewall ports open for dns, dhcp, REPLICATION!!, etc. A system state could possibly work if the motherboard is the same model from the same manufacturer. Your conflict with the old IP address would be due to a dhcp reservation, or lease that has not expired. Check DHCP on (hopefully a second DC in case of this happening) your second DC if you see the old reservation write down the old mac address (just in case) delete the old reservation and add the new reservation with the new MAC. Clear Arp and dns on your working DC, Switch, Router?, Firewall, (other servers?, dhcp server options, dns server options.) You get the picture. Make sure you delete the old A, PTR records in dhcp. Reload the zones on the working DNS and dhcp zones in the GUI. While you are waiting for those to reload go ahead and reset your new server to the correct ip address, make sure you go into advanced options to set options for dns records on the server to be updated. You should not have to but I would go ahead and restart the server (mobo replaced server) sign in hopefully with a domain account (preferably Administrator) go to start/run/ CMD Enter type ipconfig /all see if you are showing the IP address that was the original before failure. Ping the gateway, working dns and dhcp server. Success means you should be able to replicate IF! you do not need to reset the domain account one more time on the existing DC, You will be able to find this out by checking eventvwr, or just try to manage another server, or pc in your environment. BTW it might take some time for the new config changes to propagate to the devices in your network. I would force replication and possibly gpupdate on the working DC, but only after you make sure you can replicate dns etc to your old server. Make sure you get the DC's to succesfully authenticate to each other first..........Have fun and yes this is overkill but I am not sure what has been changed, replaced, deleted, added since the 24th