I am really at my wits end here. Im wanting to completely restart (create new) our domain from scratch. It has been patched and patched again before I started here and a lot of issues have been resolved improperly (again, before I started here). But I need
to get communication working for now and worry about a real solution later.
Our current problems:
Some shares can be accessed using \\servername others I have to use the IP address (\\192.168.10.1).
Some cannot be accessed using the IP address
None can access using the servers FQDN
Can ping server name and it will resolve to the correct IP address.
Our DC that does DNS has been riddled with errors since yesterday morning.
Event IDs:
4015
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
4004
The DNS server was unable to complete directory service enumeration of zone .. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory
is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.
4013
The DNS server was unable to open the Active Directory. This DNS server is configured to use directory service information and can not operate without access to the directory. The DNS server will wait for the directory to start. If the
DNS server is started but the appropriate event has not been logged, then the DNS server is still waiting for the directory to start.
4000
The DNS server was unable to open Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly
and reload the zone. The event data is the error code.
Restarting the service, server, etc, has had no effect. This server's share can only be access via IP address. Forward and Reverse Lookup Zones are empty. I cannot add zone as I get the follow error:
The zone cannot be replicated to all DNS servers in the (null) Active Directory domain because the required directory partition does not exist. Only Enterprise Administrators have the appropriate permissions to create an application directory partition.
I am going to be jumping all over the place here because I believe these issues are related.
On the above server, in AD Users and Computers, this server is the RID, PDC, and Infrastructure masters. But when I am looking at the operations masters from another DC, it lists itself as the mentioned operations masters. Our 3rd and 4th DCs just have the
operations managers listed as 'ERROR'.
The first DC has the following Event ID listed in event viewer -> Directory Services: Event 1925
The attempt to establish a replication link for the following writable directory partition failed.
Directory partition:
DC=xxdomain,DC=og
Source domain controller:
CN=NTDS Settings,CN=ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xxdomain,DC=og
Source domain controller address:
ca789808-5ab3-4aa8-aed9-ff16d5cea65b._msdcs.xxdomain.og
Intersite transport (if any):
This domain controller will be unable to replicate with the source domain controller until this problem is corrected.
User Action
Verify if the source domain controller is accessible or network connectivity is available.
Additional Data
Error value:
5 Access is denied.
Also NTDS replication errors 2089, 2092, and 1864.
It seems like the 2 main DCs cannot communicate to each other. DC1 seized FSMO roles in the past.
When I attempt to ad the DC2 to dnsmgmt of DC1, it says 'Access was denied'. But I was able to add DC1 to DC2 and I can view its details.
So frustrated, my brain is scrambled. Need to get this working today as I will be gone all the coming work week and there will be no one to work on it in my absence. Please let me know what logs I need to provide you. Thanks in advance.