General discussion

Locked

active directory isnt communicating

By rain_kitten ·
I have a w2k3 small business server that is not allowing a system to login. when investigating problem i tryed to reset a password on a different account and it said it couldent find file. ldap has given a error about not communicating with active directory. several exchange related messages in the event viewer siad they could not contact the domain controler. the system was rebooted and I atempted to restart the varous services with no luck I have no idea what to do

This conversation is currently closed to new comments.

14 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by BFilmFan In reply to active directory isnt com ...

Let's troubleshoot this issue one step at a time.

Okay, before we begin troubleshooting, make sure that you have the following available:

Complete and utter backup of the Active Directory domain controller's system state and SYSVOL.

Complete and utter backup of Exchange's mailbox stores, logs and transaction files.

Note that if you do not have a backup of SYSVOL and the System State prior to this issue beginning, stop and immediately call Microsoft Support. There is a HUGE change that any repair activity will make the problem MUCH worse than better.

Have both the Windows 2003 SBS CD.

Link to SBS 2003 Technical Support Site at Microsoft:

http://www.microsoft.com/windowsserver2003/sbs/techinfo/productdoc/default.mspx

http://support.microsoft.com/ph/3208

The number for Microsoft Support and your support contract number (if the client purchased one).

Okay let's start troubleshooting this issue:

Do all the other systems in the office, except this one, function correctly? If no, proceed to the AD Troubleshooting Section.

If yes, this is most likely an issue with the RPC channel losing connectivity to the server. You can follow the advice listed here:

http://techrepublic.com.com/5100-6268_11-5502341.html

Collapse -

by BFilmFan In reply to

DNS Troubleshooting

Check the IP address information on the workstation. See if you can ping the DNS server by both name and IP address (this should be the Windows 2003 SBS system, but it might not, depending upon your configuration).

If all other systems are functionign normally except this system, check the network drivers and the cable for issues. Plug into a known working port to see if the issues is resolved. If so, then the issue is most likely in the switch. Check with a known good working cable to verify it isn't the cable that is an issue.

If only this one system is having an issue, then I would advise running a Windows In-Place Repair. Details for that operation are to be found here:

http://www.michaelstevenstech.com/XPrepairinstall.htm

Collapse -

by BFilmFan In reply to

AD Troubleshooting Section

Go to the SBS 2003 Server, which should be the domain controller. Login to the server with an account having domain administrator-level privileges.

Open the event viewer and check the Directory Service, DNS Server, File Replication Service and System logs. Note any warning or error messages that you see.

You can research those here on this Microsoft site with recommended corrective action:

http://www.microsoft.com/technet/support/ee/search.aspx?DisplayName=Windows%20Server%202003&ProdName=Windows%20Operating%20System&MajorMinor=5.2&LCID=1033

(If you could kindly post up any errors that you are seeing in the event logs for others to offer their suggestions, it would be very helpful.)

Check the FRS, DNS and DHCP client (note that this is NOT the DHCP service itself) services are all started.

Check that you can ping both the server and the issue workstation by its computer object name and IP address.

Check Active Directory Users and Computers and do a FIND for the computer and user objects. Check that both have been activated. Check the user object to make sure the account is not locked out.

Check to see that you have sufficient client access licenses (CALs) for your environment. You are limited to a total of 75 User and/or device CALs with SBS 2003. You can follow the steps listed here to verify the currently installed number of licenses:

http://support.microsoft.com/default.aspx?scid=kb;en-us;296052

If you can provide us with the event and error codes that you are seeing, I am positive that someone here at TR can offer a resolution for your issue.

Collapse -

by BFilmFan In reply to

You will need to download the following ebooks and read them after this issue is resolved, so that you can become a highly paid AD consultant and make lots of money :). Note all these are free:

http://www.netpro.com/ebook/index.cfm

This is a webcast on Troubleshooting AD from Microsoft:

http://itpapers.techrepublic.com/abstract.aspx?docid=82757&promo=400222&kw=\'Active+Directory+Troubleshooting\'

http://itpapers.techrepublic.com/abstract.aspx?docid=83025&promo=400222&kw=\'Active+Directory+Troubleshooting\'

http://itpapers.techrepublic.com/abstract.aspx?docid=102936&promo=400222&kw=\'Active+Directory+Troubleshooting\'

http://itpapers.techrepublic.com/abstract.aspx?docid=102926&promo=400222&kw=\'Active+Directory+Troubleshooting\'

http://itpapers.techrepublic.com/abstract.aspx?docid=128569&promo=400222&kw=\'Active+Directory+Troubleshooting\'

http://itpapers.techrepublic.com/abstract.aspx?docid=39222&promo=400222&kw=\'Active+Directory+Troubleshooting\'

Collapse -

by BFilmFan In reply to

Do you have the exact EVENT ID numbers that appears in Directory Service and the FRS logs?

To troubleshoot this issue, we are going to need a tool called DCDIAG, which is included on the Windows 2003 SBS CD. Follow these steps to install the tools that are going to be needed:

Insert the Windows Server 2003 CD.

From the Welcome screen, click Browse this CD.

Locate the Support\Tools directory on the CD.

Double click the suptools.msi and follow the instructions to complete the installation.

Once you have the tools installed, open a command box.

Navigate to C:\TEMP.

Input the command:

IPCONFIG /FLUSHDNS

This will clear all DNS info out of the cache

Followed by:

IPCONFIG /REGISTERDNS

This will force the domain controller to make sure it has registered itself in the DNS records.

Then run, the command:

dcdiag /v /e /f:dcdiagLOG.txt /ferr:dcdiagERROR.txt

This will create 2 files in C:\TEMP named dcdiaglog.txt and dcdiagerror.txt.

Send me both of those files to my peer-listed address of bfilmfan@yahoo.com.

Just a couple of additional questions:

Was this a fresh install or an upgrade?

Were the CALS's that were purchased device or user or a mixture of both?

Collapse -

by BFilmFan In reply to

In an email to me RainKitten sent me the DCDIAG log as requested. In the log, I saw these errors:

The DS SERVER is advertising as a GC.
......................... SERVER failed test Advertising
Checking Service: w32time
w32time Service is stopped on [SERVER]
* Checking Service: NETLOGON
......................... SERVER failed test Services

This is my response to that log:

The first issue you have is that the Net Time Service either isn't started or can't synch.

Open a command box and run these commands:
net stop w32time
net start w32time
net time /querysntp (Note that you may see a server listed or you may not see a server listed, depending on if an external time soruce was configured)

In the event that one wasn't set, let's set it now by using hte command:
net time /setsntp:tick.usno.navy.mil

Then stop and restart the net time service.

Check and see if you can now restart the netlogon service on the DC. If you get an error setting the external time service, then
I suspect that someone closed off Port 123 TCP/UDP outbound on your firewall. You will need to open that back up and and configure the external microsoft time service by entering the command line I gave you above.

From what I am seeing in your domain controller's dcdiag log, you have:
All 5 FSMO roles on the one DC and all are responding.
It is a global catalog server.
NetLogon is failing, most likely as a result of the time service issue.
The driver for the OfficeJet Series 600 Fax is responding that it has an issue. (This one really might be nothing, but if you've had issues with it, I'd replace/update the driver.)
DNS is good.
Schema is good.
Check to see that your AD site has the correct subnet associated with it as the Default First Site is reporting that it is out of scope.
Re-run the test after you get the port opened and we'll see what other issues are remaining.

Collapse -

by rain_kitten In reply to

His Assistance was of great help especialy with the Active directory resources. I am now left with finding resources for troubleshooting the vpn which never got touched on but. he did a great deal of assistance to clean up the active directory.

Collapse -

by rain_kitten In reply to active directory isnt com ...

these are the brunt of the error messages all from aplications. in the directory log the last entry is around 3pm while aplication looks current.
duno why these didnt get copied to original post sory about that..

MSExchangeAL error "LDAP Bind was unsuccessful on directory
server.Schloss.local for distinguished name ''. Directory returned
error:[0x51] Server Down."

MSExchangeSA "DSACCESS returned an error '0x80004005' on DS notification.
Microsoft Exchange System Attendant will re-set DS notification later. "

MSExchangeDSAccess "DSACCESS returned an error '0x80004005' on DS
notification. Microsoft Exchange System Attendant will re-set DS notification
later. "

Userenv "Windows cannot load the user's profile but has logged you on with
the default profile for the system.

DETAIL - There is not enough space on the disk. "

10 gig 15gig and 4 gig free 10 gig in the share/userprofile drive

when changing passwd it is "windows cannot complete the password change to
-user- because The system cannot find the specified file

Collapse -

by rain_kitten In reply to active directory isnt com ...

It is posible to \\servername\sysvol... it has no problems there..

I went and checked all the errors in ms's site to see what might be causing them and could find none that matched my situation. what info i did find was a very basic description of the error code and no other suggesions.

[dialog box] when starting active directory mmc
Naming information cannot be located because
This operateion returned because the time out period expired
Contact your system administrator to verifythat your domain is properly configured and currently online


Under active directory users & computers I can add a computer but not a user


Ese id508

Information Store (3060) First Storage Group: A request to write to the file "C:\Program Files\Exchsrvr\mdbdata\pub1.edb" at offset 17817600 (0x00000000010fe000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (61 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

and

Information Store (3060) First Storage Group: A request to write to the file "C:\Program Files\Exchsrvr\mdbdata\pub1.edb" at offset 17629184 (0x00000000010d0000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (62 seconds) to be serviced by the OS. In addition, 17 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 350 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.


[dialog box] when opening active directory mmc
The directory schema is not accessible because
An invalid directory pathname was passed
For this reason the new menu may be inaccurate

Collapse -

by rain_kitten In reply to active directory isnt com ...

With your suggestions and poking around I have goten the user logging on now. Half or so errors are no longer occuring when the system was rebooted recently the errors came up in this order from the application log. No other log displays any sort of errors except this one warning from frs.

source:NtFrs Event I 13562

Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller server.Schloss.local for FRS replica set configuration information.

Could not find computer object for this computer. Will try again at next polling cycle.


------ Application log ---------

Source:MSExchangeDSAccess EventID:2104

Process STORE.EXE (PID=304. All the DS Servers in domain are not responding.

Source:MSExchangeAL EventID:8026

LDAP Bind was unsuccessful on directory server.Schloss.local for distinguished name ''. Directory returned error:[0x34] Unavailable.

Source:MSExchangeDSAccess EventID:2102

Process MAD.EXE (PID=2544). All Domain Controller Servers in use are not responding:
server.Schloss.local

Source: ESENT EventID:101

lsass (74 The database engine stopped.

Source:MSExchangeAL EventID:8026

LDAP Bind was unsuccessful on directory server.Schloss.local for distinguished name ''. Directory returned error:[0x51] Server Down.

Source:MSExchangeAL EventID:8250

The Win32 API call 'DsGetDCNameW' returned error code [0x862] The specified component could not be found in the configuration information. The service could not be initialized. Make sure that the operating system was installed properly.

Source:MSExchangeAL EventID:8026

LDAP Bind was unsuccessful on directory server.Schloss.local for distinguished name ''. Directory returned error:[0x51] Server Down.

Source:ESENT EventID:100

lsass (54 The database engine 5.02.3790.0076 started.

Back to Networks Forum
14 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums