Win Server 2012 - Backup Domain Controller Failure
Recently our PDC, which was windows server 2003, failed. The backup dc was possibly not setup correctly before this failure happened. The backup dc, which is now our PDC is not functioning correctly after taking up the mantle.
The first step I undertook was seizing the fSMO roles on the new PDC. After I successfully seized these roles I ran netdom query fsmo, this returned the error message "The specified domain either does not exist or could not be contacted".
I get the same error when trying to open any active directory tools such as dsa. I have attempted everything I could think of to rectify these issues, ensuring ntp is set correctly, cleaning dc metadata, dcdiag fix, disabling iv6, trying to change the domain the AD is using, and updating the dns records.
We have a second backup dc which for some reason was offline when this error occurred, this second backup is called BDC2 in the log below. The new primary pdc is called VSI-PDC-S12.
Below is the log from the command dcdiag /fix. I'd appreciate any input. Thanks in advance.
P.S. I have ensured our ntp is correct so I believe the GOOD_TIME_SERVER_PREFERRED error is symptomatic of a higher issue.
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = VSI-PDC-S12
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\VSI-PDC-S12
Starting test: Connectivity
......................... VSI-PDC-S12 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\VSI-PDC-S12
Starting test: Advertising
Fatal Error:DsGetDcName (VSI-PDC-S12) call failed, error 1355
The Locator could not find the server.
......................... VSI-PDC-S12 failed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... VSI-PDC-S12 passed test FrsEvent
Starting test: DFSREvent
......................... VSI-PDC-S12 passed test DFSREvent
Starting test: SysVolCheck
......................... VSI-PDC-S12 passed test SysVolCheck
Starting test: KccEvent
......................... VSI-PDC-S12 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... VSI-PDC-S12 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... VSI-PDC-S12 passed test MachineAccount
Starting test: NCSecDesc
......................... VSI-PDC-S12 passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\VSI-PDC-S12\netlogon)
[VSI-PDC-S12] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... VSI-PDC-S12 failed test NetLogons
Starting test: ObjectsReplicated
......................... VSI-PDC-S12 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,VSI-PDC-S12] A recent replication attempt failed:
From BDC2 to VSI-PDC-S12
Naming Context: DC=ForestDnsZones,DC=DOMAIN,DC=DOMAIN,DC=COM
The replication generated an error (8614):
The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2016-11-28 15:53:25.
The last success occurred at 2016-09-19 08:51:44.
1692 failures have occurred since the last success.
[BDC2] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
[Replications Check,VSI-PDC-S12] A recent replication attempt failed:
From BDC2 to VSI-PDC-S12
Naming Context: DC=DomainDnsZones,DC=DOMAIN,DC=DOMAIN,DC=COM
The replication generated an error (8614):
The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2016-11-28 15:53:25.
The last success occurred at 2016-09-19 08:56:08.
1692 failures have occurred since the last success.
[Replications Check,VSI-PDC-S12] A recent replication attempt failed:
From BDC2 to VSI-PDC-S12
Naming Context:
CN=Schema,CN=Configuration,DC=DOMAIN,DC=DOMAIN,DC=COM
The replication generated an error (8614):
The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2016-11-28 15:53:25.
The last success occurred at 2016-09-19 08:51:44.
1692 failures have occurred since the last success.
[Replications Check,VSI-PDC-S12] A recent replication attempt failed:
From BDC2 to VSI-PDC-S12
Naming Context: CN=Configuration,DC=DOMAIN,DC=DOMAIN,DC=COM
The replication generated an error (8614):
The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2016-11-28 15:53:25.
The last success occurred at 2016-09-19 08:51:44.
1692 failures have occurred since the last success.
[Replications Check,VSI-PDC-S12] A recent replication attempt failed:
From BDC2 to VSI-PDC-S12
Naming Context: DC=DOMAIN,DC=DOMAIN,DC=COM
The replication generated an error (8614):
The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2016-11-28 15:53:25.
The last success occurred at 2016-09-19 08:56:05.
1692 failures have occurred since the last success.
......................... VSI-PDC-S12 failed test Replications
Starting test: RidManager
......................... VSI-PDC-S12 passed test RidManager
Starting test: Services
......................... VSI-PDC-S12 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x0000000C
Time Generated: 11/28/2016 15:14:14
Event String:
Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
An error event occurred. EventID: 0xC00038D6
Time Generated: 11/28/2016 15:29:02
Event String:
The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.
A warning event occurred. EventID: 0xC000042B
Time Generated: 11/28/2016 15:31:27
Event String:
The RD Session Host server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
An error event occurred. EventID: 0x00000004
Time Generated: 11/28/2016 15:35:46
Event String:
The time provider 'NtpClient' failed to start due to the following error: The system cannot find the file specified. (0x80070002)
......................... VSI-PDC-S12 failed test SystemLog
Starting test: VerifyReferences
......................... VSI-PDC-S12 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : DOMAIN
Starting test: CheckSDRefDom
......................... DOMAIN passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DOMAIN passed test CrossRefValidation
Running enterprise tests on : DOMAIN.DOMAIN.COM
Starting test: LocatorCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
1355
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... DOMAIN.DOMAIN.COM failed test
LocatorCheck
Starting test: Intersite
......................... DOMAIN.DOMAIN.COM passed test Intersite
asked on Server Fault Nov 28, 2016 by 
jazzzzja
jazzzzja0 Answers
Nobody has answered this question yet.
User contributions licensed under CC BY-SA 3.0