Domain Controller cannot contact domain???? WTF???

[Stewart Thomson]

So I seem to have a problem. One of two domain controllers cannot
connect to the domain. I.e. If I try to create an exchange mailbox,
I get an error that the domain is unavailable. If I try to create a
new user on the server, it says that AD is unable to verify the
uniqueness of the account because it could not contact the domain.

Now the weird part.... If I fire up AD users and computers on
server02 (the one with problems), it shows up in the Domain
Controllers OU. Furthermore, user accounts created on Server01 (which
has no issues) will replicate and show up on server02.

Need help ASAP!

 

[Cary Shultz [A.D. MVP]]

Stewart,

Make sure that the DNS information on DC2 is correct - meaning, make sure
that in your tcp/ip configuration you have specified only the correct IP
Address(es) for internal DNS Servers and not any external DNS Servers.
Also, make sure that all of the records are there for DC2 in your DNS.

Have you installed the Support Tools on your DCs and ran dcdiag /c /v to
give you a better picture of what is going on? Have you verified that all
five of your FSMO Roles is available and 'bindable'? You can use netdom
query fsmo to determine which DC holds which role and you can use replmon to
see if each role is available and bindable. I would start there.

Is a Global Catalog Server available?

HTH,

Cary