SBS 2011 "All GC's are down" after migration
I had an SBS 2008 server that was on its last legs, so I did a migration from SBS 2008 to SBS 2011.
Everything was going great, until I got to the last step and did a dcpromo on the old SBS 2008 machine to take it off the network. It refused to disconnect from the network (it had... issues), so I followed the technet instructions for doing a dcpromo /forceremoval and then did a cleanup after forcibly removing a domain controller from the network.
Now the fun really begins. I don't seem to have any trouble authenticating against the network for logging in, Exchange is working for everyone, network shares are OK, folder redirection is fine, but when I go to any of the domain-level configurations (such as Sites and Services or go to modify a GPO) I get:
Naming information cannot be located because:
The specified domain either does not exist or could not be contacted.
Contact your system administrator to verify that your domain is properly configured and is currently online.
ipconfig /all:
C:\Windows\system32>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : EPPINGSBS2011
Primary Dns Suffix . . . . . . . : epping.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : epping.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Ada
pter
Physical Address. . . . . . . . . : 00-15-5D-A1-85-02
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::40a5:9698:961:869b%11(Preferred)
Link-local IPv6 Address . . . . . : fe80::cb10:e7e2:95aa:a038%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.254
DHCPv6 IAID . . . . . . . . . . . : 234886493
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-35-19-31-00-15-5D-02-02-06
DNS Servers . . . . . . . . . . . : fe80::cb10:e7e2:95aa:a038%11
192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{F662EDAB-23E8-433D-89E8-0832059C3278}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
And here's nltest /server:eppingsbs2011 /dsgetdc:epping.local:
C:\Windows\system32>nltest /server:eppingsbs2011 /dsgetdc:epping.local
DC: \\EPPINGSBS2011.epping.local
Address: \\192.168.2.1
Dom Guid: c36db7ef-81b9-4487-93ad-f582e745f27a
Dom Name: epping.local
Forest Name: epping.local
Dc Site Name: Default-First-Site-Name
Our Site Name: Default-First-Site-Name
Flags: PDC GC DS LDAP KDC WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SI
TE FULL_SECRET WS
The command completed successfully
As you can hopefully see, everything kinda looks like it's in order, until you get to the dcdiag (in all its hideous glory):
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = EPPINGSBS2011
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\EPPINGSBS2011
Starting test: Connectivity
......................... EPPINGSBS2011 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\EPPINGSBS2011
Starting test: Advertising
Fatal Error:DsGetDcName (EPPINGSBS2011) call failed, error 1355
The Locator could not find the server.
......................... EPPINGSBS2011 failed test Advertising
Starting test: FrsEvent
......................... EPPINGSBS2011 passed test FrsEvent
Starting test: DFSREvent
......................... EPPINGSBS2011 passed test DFSREvent
Starting test: SysVolCheck
......................... EPPINGSBS2011 passed test SysVolCheck
Starting test: KccEvent
A warning event occurred. EventID: 0x80000B46
Time Generated: 11/21/2011 20:47:41
Event String:
The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or Digest) LDAP binds that do not request signing (integrity verification) and LDAP simple binds that are performed on a cleartext (non-SSL/TLS-encrypted) connection. Even if no clients are using such binds, configuring the server to reject them will improve the security of this server.
An error event occurred. EventID: 0xC0000837
Time Generated: 11/21/2011 20:48:12
Event String:
The Active Directory Domain Services database has been restored using an unsupported restoration procedure.
......................... EPPINGSBS2011 failed test KccEvent
Starting test: KnowsOfRoleHolders
......................... EPPINGSBS2011 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... EPPINGSBS2011 passed test MachineAccount
Starting test: NCSecDesc
......................... EPPINGSBS2011 passed test NCSecDesc
Starting test: NetLogons
......................... EPPINGSBS2011 passed test NetLogons
Starting test: ObjectsReplicated
......................... EPPINGSBS2011 passed test ObjectsReplicated
Starting test: Replications
......................... EPPINGSBS2011 passed test Replications
Starting test: RidManager
......................... EPPINGSBS2011 passed test RidManager
Starting test: Services
w32time Service is stopped on [EPPINGSBS2011]
NETLOGON Service is paused on [EPPINGSBS2011]
......................... EPPINGSBS2011 failed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x0000041E
Time Generated: 11/21/2011 20:00:21
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 11/21/2011 20:05:26
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 11/21/2011 20:05:26
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 11/21/2011 20:05:27
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 11/21/2011 20:10:15
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 11/21/2011 20:10:15
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 11/21/2011 20:15:20
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 11/21/2011 20:15:21
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 11/21/2011 20:15:21
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 11/21/2011 20:20:37
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 11/21/2011 20:20:37
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 11/21/2011 20:25:21
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 11/21/2011 20:25:21
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0xC0001B58
Time Generated: 11/21/2011 20:38:12
Event String:
The Link-Layer Topology Discovery Mapper I/O Driver service failed to start due to the following error:
An error event occurred. EventID: 0xC0001B58
Time Generated: 11/21/2011 20:38:12
Event String:
The Link-Layer Topology Discovery Responder service failed to start due to the following error:
An error event occurred. EventID: 0xC0001B59
Time Generated: 11/21/2011 20:38:22
Event String:
The Kerberos Key Distribution Center service depends on the Active Directory Domain Services service which failed to start because of the following error:
An error event occurred. EventID: 0xC0001B59
Time Generated: 11/21/2011 20:38:48
Event String:
The DNS Server service depends on the Active Directory Domain Services service which failed to start because of the following error:
An error event occurred. EventID: 0x0000040B
Time Generated: 11/21/2011 20:38:49
Event String:
The DHCP service was unable to create or lookup the DHCP Users local group on this computer. The error code is in the data.
An error event occurred. EventID: 0x0000040C
Time Generated: 11/21/2011 20:38:49
Event String:
The DHCP server was unable to create or lookup the DHCP Administrators local group on this computer. The error code is in the data.
An error event occurred. EventID: 0xC0001B59
Time Generated: 11/21/2011 20:38:49
Event String:
The Intersite Messaging service depends on the Active Directory Domain Services service which failed to start because of the following error:
An error event occurred. EventID: 0xC0001B70
Time Generated: 11/21/2011 20:41:20
Event String:
The Microsoft Exchange Forms-Based Authentication service service terminated with service-specific error %%-2147467259.
An error event occurred. EventID: 0xC0001B70
Time Generated: 11/21/2011 20:41:22
EvtFormatMessage failed (second call), error 15030 The description string for parameter reference (%1) could not be found..
(Event String (event log = System) could not be retrieved, error
0x3ab6)
An error event occurred. EventID: 0xC0001B7E
Time Generated: 11/21/2011 20:41:33
Event String:
The SPTimerV4 service was unable to log on as EPPING\spfarm with the currently configured password due to the following error:
An error event occurred. EventID: 0xC0001B58
Time Generated: 11/21/2011 20:41:33
Event String:
The SharePoint 2010 Timer service failed to start due to the following error:
An error event occurred. EventID: 0xC0001B7E
Time Generated: 11/21/2011 20:41:34
Event String:
The SPWriterV4 service was unable to log on as EPPING\spfarm with the currently configured password due to the following error:
An error event occurred. EventID: 0xC0001B58
Time Generated: 11/21/2011 20:41:34
Event String:
The SharePoint 2010 VSS Writer service failed to start due to the following error:
A warning event occurred. EventID: 0x80001421
Time Generated: 11/21/2011 20:41:37
Event String:
The Windows Process Activation Service (WAS) encountered an error attempting to look up the built in IIS_IUSRS group. There may be problems in viewing and setting security permissions with the IIS_IUSRS group. This happens if the machine has been joined and promoted to be a Domain Controller in a legacy domain. Please see the online help for more information and solutions to this problem. The data field contains the error number.
An error event occurred. EventID: 0xC0001B83
Time Generated: 11/21/2011 20:45:57
Event String:
The Group Policy Client service did not shut down properly after receiving a preshutdown control.
An error event occurred. EventID: 0xC0001B83
Time Generated: 11/21/2011 20:46:17
Event String:
The Microsoft Exchange Replication service did not shut down properly after receiving a preshutdown control.
A warning event occurred. EventID: 0x000003F6
Time Generated: 11/21/2011 20:48:13
Event String:
Name resolution for the name _ldap._tcp.Default-First-Site-Name._sites.epping.local timed out after none of the configured DNS servers responded.
A warning event occurred. EventID: 0x0000A001
Time Generated: 11/21/2011 20:48:17
Event String:
The Security System could not establish a secured connection with the server ldap/epping.local/epping.local@EPPING.LOCAL. No authentication protocol was available.
An error event occurred. EventID: 0xC00038D6
Time Generated: 11/21/2011 20:48:37
Event String:
The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.
An error event occurred. EventID: 0xC00038D6
Time Generated: 11/21/2011 20:48:52
Event String:
The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.
An error event occurred. EventID: 0xC00038D6
Time Generated: 11/21/2011 20:49:07
Event String:
The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.
An error event occurred. EventID: 0xC00038D6
Time Generated: 11/21/2011 20:49:22
Event String:
The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.
An error event occurred. EventID: 0xC00038D6
Time Generated: 11/21/2011 20:49:37
Event String:
The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.
An error event occurred. EventID: 0xC00038D6
Time Generated: 11/21/2011 20:49:52
Event String:
The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.
An error event occurred. EventID: 0x0000002E
Time Generated: 11/21/2011 20:49:53
Event String:
The time service encountered an error and was forced to shut down. The error was: 0x80070700: An attempt was made to logon, but the network logon service was not started.
An error event occurred. EventID: 0xC0001B6F
Time Generated: 11/21/2011 20:49:53
Event String:
The Windows Time service terminated with the following error:
An error event occurred. EventID: 0x0000002E
Time Generated: 11/21/2011 20:49:54
Event String:
The time service encountered an error and was forced to shut down. The error was: 0x80070700: An attempt was made to logon, but the network logon service was not started.
An error event occurred. EventID: 0xC0001B6F
Time Generated: 11/21/2011 20:49:54
Event String:
The Windows Time service terminated with the following error:
An error event occurred. EventID: 0xC2000001
Time Generated: 11/21/2011 20:49:56
Event String: Unexpected failure. Error code: 490@01010004
An error event occurred. EventID: 0x00000469
Time Generated: 11/21/2011 20:49:56
Event String:
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
An error event occurred. EventID: 0xC00038D6
Time Generated: 11/21/2011 20:50:07
Event String:
The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.
An error event occurred. EventID: 0xC00038D6
Time Generated: 11/21/2011 20:50:24
Event String:
The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.
An error event occurred. EventID: 0x0000041E
Time Generated: 11/21/2011 20:50:25
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 11/21/2011 20:50:33
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 11/21/2011 20:50:33
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0xC00038D6
Time Generated: 11/21/2011 20:50:39
Event String:
The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.
An error event occurred. EventID: 0x00000457
Time Generated: 11/21/2011 20:50:50
Event String:
Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 11/21/2011 20:50:51
Event String:
Driver HP Officejet 6500 E710n-z required for printer HP Officejet 6500 E710n-z (Network) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 11/21/2011 20:50:52
Event String:
Driver Fax - HP Officejet 6500 E710n-z required for printer Fax - HP Officejet 6500 E710n-z (Network) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 11/21/2011 20:50:54
Event String:
Driver HP psc 2100 Series required for printer HP psc 2100 Series is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0xC00038D6
Time Generated: 11/21/2011 20:50:54
Event String:
The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.
An error event occurred. EventID: 0xC00038D6
Time Generated: 11/21/2011 20:51:09
Event String:
The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.
A warning event occurred. EventID: 0x000727AA
Time Generated: 11/21/2011 20:52:05
Event String:
The WinRM service failed to create the following SPNs: WSMAN/EPPINGSBS2011.epping.local; WSMAN/EPPINGSBS2011.
An error event occurred. EventID: 0xC000042B
Time Generated: 11/21/2011 20:55:10
Event String:
The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
An error event occurred. EventID: 0x0000041E
Time Generated: 11/21/2011 20:55:29
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 11/21/2011 20:55:29
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
......................... EPPINGSBS2011 failed test SystemLog
Starting test: VerifyReferences
......................... EPPINGSBS2011 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : epping
Starting test: CheckSDRefDom
......................... epping passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... epping passed test CrossRefValidation
Running enterprise tests on : epping.local
Starting test: LocatorCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
1355
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... epping.local failed test LocatorCheck
Starting test: Intersite
......................... epping.local passed test Intersite
Mark Henderson1 Answer
Today is just not my day. If I had read my dcdiag closely:
NETLOGON Service is paused on [EPPINGSBS2011]
Un-paused the service, and hey presto, everybody is happy. Now - to find out why it was paused in the first place.
CommunityUser contributions licensed under CC BY-SA 3.0