Cannot logon to domain, The Domain is not Available

By robertd ·
Our backup DC had been removed from our network without dc demote being run to remove the DC from the gaucholan. After this point the following steps were taken to remove the BDC:

*I attempted to remove the BDC (pdserver2) from the AD U&C on pdserver1. This failed.
* I then cleared the metadata for the old BDC.
* I deleted the BDC from AD S&S.
* I deleted the BDC from DNS forward and reverse lookups.
* I removed the BDC from ADM (SP4 Tool Kit)
* I was then able to remove the BDC from AD U&C

Other Info:
* Users are getting DHCP information correctly so when logging in locally they can not only get online (DNS is also working) and print but they can resolve and ping pdserver1 and get a record when doing an nslookup on gaucholan.
* Additionally NETBIOS reports there are no duplicates of any DC entries.
* We have tried removing and re-adding computers to the domain via Net Ident as well as added them to a workgroup and then put them back onto the domain. It wont even allow us to put the workstation back on the domain since it says the "domain is not valid or unavailable".
* Computers already on the domain from before report "The domain Gaucholan is unavailable". This has not changed since we fully removed the BDC.
* PDServer1 did not have FSMO roles changed and is still confirmed to be the GC.
* When users are logged in locally and access a share on pdserver1 (\\pdserver\) it will prompt for authent and if I put in a gaucholan user with privelages to access pdserver1 shares (such as administrator) I get on fine and am able to not only access files on pdserver1 but it also shows kerberos is working. There is no reason authent should not be working at logon.
* The workstations are not diabled in AD.
* The workstations have the correct time and restarting the Time service does not prove any results.
* I tried the Windows Management Instrumentation fix and cleared the directory and restarted the service.

So to recap, this all started when the BDC was removed from the network, however after removing the BDC from AD and checking every possible solution online we are still at square one with the workstations ("The domain GAUCHOLAN is not available.").

Workstations are win2k and xp, servers are win2k. DNS, DHCP, AD, and shares are all on pdserver1.

Any suggestions or help?

Thanks a bunch!

Robert Davis

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

On one workstation

by neilb@uk In reply to Cannot logon to domain, T ...

see if you can remove the workstation from AD and then re-add it back into the domain.

Sorry, read the bloody question, Neil! He's done that.

PDC Emulator role. Check that but I guess it's OK as it's the BDC that's gone.

Collapse -

a few things to go through

by lowlands In reply to On one workstation

First, since this seems to be an AD domain, there really are no BDC's anymore, even before you removed it.

On your remaining DC run dcdiag. Any errors?

On workstations run ipconfig /flushdns.

On the remaining DC, make sure it's holding ALL FSMO roles

On a workstation try a nslookup (or, whatever the real name of your domain is, not just netbios name)

You can't say for sure that kerberos is working, for all you know it's using ntlm to authenticate when connection to a share.

Run netdiag on a workstation, any errors?

Any events on your DC?

Collapse -

Workstation DNS Settings

by Churdoo In reply to Cannot logon to domain, T ...

Is it possible that your DHCP is handing out the IP of your retired DC for DNS (possibly followed by your ISP DNS servers)?

I would check the DNS settings in DHCP, making sure that the IP of pdserver1 is the first (or only) DNS server being given.

Secondly, I would go into the TCP/IP properties on pdserver1 and see if NETBIOS OVER TCP/IP is enabled.

Thirdly, I would take a test workstation, and staticly set its IP and DNS settings, and test functionality on that workstation.

Related Discussions

Related Forums