unable to find domain controller in the domain

G

Guest

Hi,
I have two 2000 server domain controller with SP4 named DCAEXCH1 and
DCAFPSVR. Both are GC, and DCAEXCH1 also serve as exchange server and PDC
emulator master role holder.
Previously the two server unable to replicate with each other, give "access
denied " error msg when running dcdiag /q on DCAEXCH1, then I used netdom.exe
and the instruction specified from the link
(http://support.microsoft.com/kb/260575/EN-US) to reset my DCAEXCH1 computer
account password. What I did are below:

1. Stop KDC on DCAEXCH1
2. Issue the command netdom with correct parameter.
3. restart DCAEXCH1
4. Restart KDC.

Then run dcdiag /q on DCAEXCH1, got the following err :

[Replications Check,DCAEXCH1] A recent replication attempt failed:
From DCAFPSVR to DCAEXCH1
Naming Context: CN=Schema,CN=Configuration,DC=dcadcas,DC=com
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2005-08-25 14:49.07.
The last success occurred at 2005-05-11 22:50.35.
2555 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,DCAEXCH1] A recent replication attempt failed:
From DCAFPSVR to DCAEXCH1
Naming Context: CN=Configuration,DC=dcadcas,DC=com
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2005-08-25 14:49.07.
The last success occurred at 2005-05-11 23:12.20.
2555 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,DCAEXCH1] A recent replication attempt failed:
From DCAFPSVR to DCAEXCH1
Naming Context: DC=dcadcas,DC=com
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2005-08-25 14:49.07.
The last success occurred at 2005-05-11 22:50.35.
2567 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.

Questions
1. Can I run netdom.exe to reset computer account password on the DC that
hold PDC emulator master role. Because i check other document, all said run
this command on the dc that not the PDC emulator. then where are the KDC
information stored). or where I did wrongly?
2. How can I verify my two DC are correctly running , what tools can help?
3. Any way can solve this problem?

Also paste the old output of command DCDIAG /Q which running on the same
server (DCAEXCH1) before I reset my computer account password:

[Replications Check,DCAEXCH1] A recent replication attempt failed:
From DCAFPSVR to DCAEXCH1
Naming Context:
CN=Schema,CN=Configuration,DC=dcadcas,DC=com
The replication generated an error (5):
Access is denied.
The failure occurred at 2005-08-18 13:46.26.
The last success occurred at 2005-05-11 22:50.35.
2378 failures have occurred since the last success.

[Replications Check,DCAEXCH1] A recent replication attempt failed:
From DCAFPSVR to DCAEXCH1
Naming Context: CN=Configuration,DC=dcadcas,DC=com
The replication generated an error (5):
Access is denied.
The failure occurred at 2005-08-18 13:46.03.
The last success occurred at 2005-05-11 23:12.20.
2378 failures have occurred since the last success.

[Replications Check,DCAEXCH1] A recent replication attempt failed:
From DCAFPSVR to DCAEXCH1
Naming Context: DC=dcadcas,DC=com
The replication generated an error (5):
Access is denied.
The failure occurred at 2005-08-18 13:45.40.
The last success occurred at 2005-05-11 22:50.35.
2378 failures have occurred since the last success.

There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
An Warning Event occured. EventID: 0x800004F1
Time Generated: 08/18/2005 13:56:46
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800004F1
Time Generated: 08/18/2005 13:56:46
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800004F1
Time Generated: 08/18/2005 13:56:46
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800004F1
Time Generated: 08/18/2005 13:57:09
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800004F1
Time Generated: 08/18/2005 13:57:32
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800004F1
Time Generated: 08/18/2005 13:57:55
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800004F1
Time Generated: 08/18/2005 13:57:55
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800004F1
Time Generated: 08/18/2005 13:57:55
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800004F1
Time Generated: 08/18/2005 13:57:55
(Event String could not be retrieved)
.......................... DCAEXCH1 failed test kccevent


Very appreciate your kind help.

Rgds

Shermaine
 
H

Herb Martin

I have to run out so can't read and answer carefully but almost
all such problems start in DNS trouble, so check the following,
especically that your DCs are ALL STRICTLY DNS clients
(themselves) of ONLY the internal DNS server (set) -- and the
DNS servers themselves must be replicating the zone.

IF you are using AD integrated DNS though, and the DNS AND
AD are not replicated you are in a "catch-22" so temporarily
point every DC to a single (favored master) DC-DNS, get them
all registered in a single database.

The rest is my standard suggestions on DNS for AD:

1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /server:DC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

xiaomei said:
Hi,
I have two 2000 server domain controller with SP4 named DCAEXCH1 and
DCAFPSVR. Both are GC, and DCAEXCH1 also serve as exchange server and PDC
emulator master role holder.
Previously the two server unable to replicate with each other, give
"access
denied " error msg when running dcdiag /q on DCAEXCH1, then I used
netdom.exe
and the instruction specified from the link
(http://support.microsoft.com/kb/260575/EN-US) to reset my DCAEXCH1
computer
account password. What I did are below:

1. Stop KDC on DCAEXCH1
2. Issue the command netdom with correct parameter.
3. restart DCAEXCH1
4. Restart KDC.

Then run dcdiag /q on DCAEXCH1, got the following err :

[Replications Check,DCAEXCH1] A recent replication attempt failed:
From DCAFPSVR to DCAEXCH1
Naming Context: CN=Schema,CN=Configuration,DC=dcadcas,DC=com
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2005-08-25 14:49.07.
The last success occurred at 2005-05-11 22:50.35.
2555 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,DCAEXCH1] A recent replication attempt failed:
From DCAFPSVR to DCAEXCH1
Naming Context: CN=Configuration,DC=dcadcas,DC=com
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2005-08-25 14:49.07.
The last success occurred at 2005-05-11 23:12.20.
2555 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,DCAEXCH1] A recent replication attempt failed:
From DCAFPSVR to DCAEXCH1
Naming Context: DC=dcadcas,DC=com
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2005-08-25 14:49.07.
The last success occurred at 2005-05-11 22:50.35.
2567 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.

Questions
1. Can I run netdom.exe to reset computer account password on the DC that
hold PDC emulator master role. Because i check other document, all said
run
this command on the dc that not the PDC emulator. then where are the KDC
information stored). or where I did wrongly?
2. How can I verify my two DC are correctly running , what tools can help?
3. Any way can solve this problem?

Also paste the old output of command DCDIAG /Q which running on the same
server (DCAEXCH1) before I reset my computer account password:

[Replications Check,DCAEXCH1] A recent replication attempt failed:
From DCAFPSVR to DCAEXCH1
Naming Context:
CN=Schema,CN=Configuration,DC=dcadcas,DC=com
The replication generated an error (5):
Access is denied.
The failure occurred at 2005-08-18 13:46.26.
The last success occurred at 2005-05-11 22:50.35.
2378 failures have occurred since the last success.

[Replications Check,DCAEXCH1] A recent replication attempt failed:
From DCAFPSVR to DCAEXCH1
Naming Context: CN=Configuration,DC=dcadcas,DC=com
The replication generated an error (5):
Access is denied.
The failure occurred at 2005-08-18 13:46.03.
The last success occurred at 2005-05-11 23:12.20.
2378 failures have occurred since the last success.

[Replications Check,DCAEXCH1] A recent replication attempt failed:
From DCAFPSVR to DCAEXCH1
Naming Context: DC=dcadcas,DC=com
The replication generated an error (5):
Access is denied.
The failure occurred at 2005-08-18 13:45.40.
The last success occurred at 2005-05-11 22:50.35.
2378 failures have occurred since the last success.

There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
An Warning Event occured. EventID: 0x800004F1
Time Generated: 08/18/2005 13:56:46
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800004F1
Time Generated: 08/18/2005 13:56:46
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800004F1
Time Generated: 08/18/2005 13:56:46
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800004F1
Time Generated: 08/18/2005 13:57:09
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800004F1
Time Generated: 08/18/2005 13:57:32
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800004F1
Time Generated: 08/18/2005 13:57:55
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800004F1
Time Generated: 08/18/2005 13:57:55
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800004F1
Time Generated: 08/18/2005 13:57:55
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800004F1
Time Generated: 08/18/2005 13:57:55
(Event String could not be retrieved)
......................... DCAEXCH1 failed test kccevent


Very appreciate your kind help.

Rgds

Shermaine
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Replication - NetDiag Error 2
Windows 2000 Replication error 0
DCDiag fails 1
AD Schema not replicating 1
DNS Issue 2
DsBind() failed with error 1722,The RPC server is unavailable 0
dcdiag errors 1
replication problems 2

Top