Two Windows Server 2008 R2 domain controllers. One was cloned, and the clone was introduced into the network. This created AD problems - group policy did not run, users could not access network drives, DNS lookup failures. I followed the steps
in article 875495 to fix. All steps were completed: cloned DC forced demoted, metadata cleaned, FSMO roles seized.
DC1 = cloned and demoted server - now a member server
DC2 = domain controller that seized FSMO roles from DC1
Any assistance would be appreciated. Thanks.
****Cannot access DNS Manager on DC2: when DNS Manager is expanded in Server Manager, an error pops up:"The server DC2 could not be contacted. The error was: access is denied. Would you like to add anyway?" If I add the server, the there is a red circle with a white dash through it. There are no zones shown. I tried to add DNS Manager through an empty MMC too, not luck with name, FQDN, IP address or localhost.
All commands and errors are from DC2.
***FSMO
netdom query fsmo
Schema master DC2..local
Domain naming master DC2..local
PDC DC2..local
RID pool manager DC2..local
Infrastructure master DC2..local
The command completed successfully.
****Errors in Event Viewer ->
--DFS Replication:
The DFS Replication service failed to contact domain controller to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes.
This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.
Additional Information:
Error: 160 (One or more arguments are not correct.)
--Directory Service:
Active Directory Domain Services was unable to establish a connection with the global catalog.
Additional Data
Error value:
8430 The directory service encountered an internal failure.
Internal ID:
3200db0
User Action:
Make sure a global catalog is available in the forest, and is reachable from this domain controller. You may use the nltest utility to diagnose this problem.
Active Directory Domain Services attempted to communicate with the following global catalog and the attempts were unsuccessful.
Global catalog:
\\DC2..local
The operation in progress might be unable to continue. Active Directory Domain Services will use the domain controller locator to try to find an available global catalog server.
Additional Data
Error value:
5 Access is denied.
--DNS Server:
The DNS server was unable to open Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.
--FRS:
Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller DC2..local for FRS replica set configuration information.
Could not bind to a Domain Controller. Will try again at next polling cycle.
--System:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
The processing of Group Policy failed. Windows attempted to read the file \\.local\sysvol\.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
***IPCONFIG
ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC2
Primary Dns Suffix . . . . . . . : .local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : .local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-0C-29-20-58-9E
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::9582:81bf:c619:4af8%11(Preferred)
IPv4 Address. . . . . . . . . . . : 10.154.1.22(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.224
Default Gateway . . . . . . . . . : 10.154.1.254
DHCPv6 IAID . . . . . . . . . . . : 234884137
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-D5-1E-58-00-0C-29-20-58-9E
DNS Servers . . . . . . . . . . . : 10.154.1.22
Primary WINS Server . . . . . . . : 10.154.1.20
Secondary WINS Server . . . . . . : 10.154.1.22
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{169A634F-5876-49F7-AFE5-319BD7B78A89}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
dcdiag /test:dns ->
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DC2
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC2
Starting test: Connectivity
The host cd24f743-c955-4530-9a42-358a4869b53f._msdcs..local
could not be resolved to an IP address. Check the DNS server, DHCP,
server name, etc.
Got error while checking LDAP and RPC connectivity. Please check your
firewall settings.
......................... DC2 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC2
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... DC2 failed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on :
Running enterprise tests on : .local
Starting test: DNS
Test results for domain controllers:
DC: DC2..local
Domain: .local
TEST: Basic (Basc)
Error: No LDAP connectivity
Warning: adapter
[00000007] Intel(R) PRO/1000 MT Network Connection has
invalid DNS server: 10.154.1.22 (DC2)
Error: all DNS servers are invalid
No host records (A or AAAA) were found for this DC
Warning: no DNS RPC connectivity (error or non Microsoft DNS server is running)
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 10.154.1.22 (DC2)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp..local. failed on the DNS server 10.154.1.22
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: .local
DC2 PASS FAIL n/a n/a n/a n/a n/a
......................... .local failed test DNS
DC1 = cloned and demoted server - now a member server
DC2 = domain controller that seized FSMO roles from DC1
Any assistance would be appreciated. Thanks.
****Cannot access DNS Manager on DC2: when DNS Manager is expanded in Server Manager, an error pops up:"The server DC2 could not be contacted. The error was: access is denied. Would you like to add anyway?" If I add the server, the there is a red circle with a white dash through it. There are no zones shown. I tried to add DNS Manager through an empty MMC too, not luck with name, FQDN, IP address or localhost.
All commands and errors are from DC2.
***FSMO
netdom query fsmo
Schema master DC2..local
Domain naming master DC2..local
PDC DC2..local
RID pool manager DC2..local
Infrastructure master DC2..local
The command completed successfully.
****Errors in Event Viewer ->
--DFS Replication:
The DFS Replication service failed to contact domain controller to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes.
This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.
Additional Information:
Error: 160 (One or more arguments are not correct.)
--Directory Service:
Active Directory Domain Services was unable to establish a connection with the global catalog.
Additional Data
Error value:
8430 The directory service encountered an internal failure.
Internal ID:
3200db0
User Action:
Make sure a global catalog is available in the forest, and is reachable from this domain controller. You may use the nltest utility to diagnose this problem.
Active Directory Domain Services attempted to communicate with the following global catalog and the attempts were unsuccessful.
Global catalog:
\\DC2..local
The operation in progress might be unable to continue. Active Directory Domain Services will use the domain controller locator to try to find an available global catalog server.
Additional Data
Error value:
5 Access is denied.
--DNS Server:
The DNS server was unable to open Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.
--FRS:
Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller DC2..local for FRS replica set configuration information.
Could not bind to a Domain Controller. Will try again at next polling cycle.
--System:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
The processing of Group Policy failed. Windows attempted to read the file \\.local\sysvol\.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
***IPCONFIG
ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC2
Primary Dns Suffix . . . . . . . : .local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : .local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-0C-29-20-58-9E
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::9582:81bf:c619:4af8%11(Preferred)
IPv4 Address. . . . . . . . . . . : 10.154.1.22(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.224
Default Gateway . . . . . . . . . : 10.154.1.254
DHCPv6 IAID . . . . . . . . . . . : 234884137
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-D5-1E-58-00-0C-29-20-58-9E
DNS Servers . . . . . . . . . . . : 10.154.1.22
Primary WINS Server . . . . . . . : 10.154.1.20
Secondary WINS Server . . . . . . : 10.154.1.22
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{169A634F-5876-49F7-AFE5-319BD7B78A89}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
dcdiag /test:dns ->
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DC2
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC2
Starting test: Connectivity
The host cd24f743-c955-4530-9a42-358a4869b53f._msdcs..local
could not be resolved to an IP address. Check the DNS server, DHCP,
server name, etc.
Got error while checking LDAP and RPC connectivity. Please check your
firewall settings.
......................... DC2 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC2
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... DC2 failed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on :
Running enterprise tests on : .local
Starting test: DNS
Test results for domain controllers:
DC: DC2..local
Domain: .local
TEST: Basic (Basc)
Error: No LDAP connectivity
Warning: adapter
[00000007] Intel(R) PRO/1000 MT Network Connection has
invalid DNS server: 10.154.1.22 (DC2)
Error: all DNS servers are invalid
No host records (A or AAAA) were found for this DC
Warning: no DNS RPC connectivity (error or non Microsoft DNS server is running)
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 10.154.1.22 (DC2)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp..local. failed on the DNS server 10.154.1.22
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: .local
DC2 PASS FAIL n/a n/a n/a n/a n/a
......................... .local failed test DNS