URGENT!!!! Can't Authenticate With Domain Controller

[AVB]

I had a HD failure yesterday on my RAID 5. The DC was running fine after the
failure although it was a little slow. All users were able to logon and
authenticate. This morning no one can authenticate although the DC is still
running. I can access AD on the DC but not from another PC. It says the Local
Security Authority can't be contacted. How do I get my Domain back online???

 

[Florian Frommherz [MVP]]

Howdie!

I had a HD failure yesterday on my RAID 5. The DC was running fine after the
failure although it was a little slow. All users were able to logon and
authenticate. This morning no one can authenticate although the DC is still
running. I can access AD on the DC but not from another PC. It says the Local
Security Authority can't be contacted. How do I get my Domain back online???

Already tried to look up the DC's eventviewer and see what messages it
logged? If this is _really_ urgent, opening a case with Microsoft
Product Support Services would be a good idea.

cheers,

Florian

 

[Paul Bergson [MVP-DS]]

Is the netlogon service running on your dc? How about the DNS service?


Run diagnostics against your Active Directory domain.

If you don't have the support tools installed, install them from your server
install disk.
d:\support\tools\setup.exe

Run dcdiag, netdiag and repadmin in verbose mode.
-> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log (On each dc)
-> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt
-> dnslint /ad /s "ip address of your dc"

**Note: Using the /E switch in dcdiag will run diagnostics against ALL dc's
in the forest. If you have significant numbers of DC's this test could
generate significant detail and take a long time. You also want to take
into account slow links to dc's will also add to the testing time.

If you download a gui script I wrote it should be simple to set and run
(DCDiag and NetDiag). It also has the option to run individual tests
without having to learn all the switch options. The details will be output
in notepad text files that pop up automagically.

The script is located on my website at
http://www.pbbergs.com/windows/downloads.htm

Just select both dcdiag and netdiag make sure verbose is set. (Leave the
default settings for dcdiag as set when selected)

When complete search for fail, error and warning messages.

Description and download for dnslint
http://support.microsoft.com/kb/321045


--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

Howdie!

I had a HD failure yesterday on my RAID 5. The DC was running fine after
the failure although it was a little slow. All users were able to logon
and authenticate. This morning no one can authenticate although the DC is
still running. I can access AD on the DC but not from another PC. It says
the Local Security Authority can't be contacted. How do I get my Domain
back online???

Already tried to look up the DC's eventviewer and see what messages it
logged? If this is _really_ urgent, opening a case with Microsoft Product
Support Services would be a good idea.

cheers,

Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Use a newsreader! http://www.frickelsoft.net/news.html