I have a physical DC running Windows Server 2008 R2.
We are currently experiencing a full failure with AD and DNS. We cannot access any of the VMs in Hyper-V at this time. We have a virtual DC that is not reachable. On our physical DC, AD-DS is completely unresponsive. I can log into the server with the domain administrator account, but when trying to open any management consoles, such as ADUC or Sites and Services, these fail. The error message I receive is shown below:
When trying to open the DNS mmc, I am told that access is denied, as shown below:
Running a DCDIAG of the DC shows the following results:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DC-01
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC-01
Starting test: Connectivity
The host
11e9af9b-504a-4ee7-8e68-648b85c91bb7._msdcs.ad.domain.org could
not be resolved to an IP address. Check the DNS server, DHCP, server
name, etc.
Neither the the server name (DC-01.ad.domain.org) nor the Guid
DNS name
(11e9af9b-504a-4ee7-8e68-648b85c91bb7._msdcs.ad.domain.org)
could be resolved by DNS. Check that the server is up and is
registered correctly with the DNS server.
Got error while checking LDAP and RPC connectivity. Please check your
firewall settings.
......................... DC-01 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC-01
Skipping all tests, because server DC-01 is not responding to directory
service requests.
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : ad
Starting test: CheckSDRefDom
......................... ad passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ad passed test CrossRefValidation
Running enterprise tests on : ad.domain.org
Starting test: LocatorCheck
......................... ad.domain.org passed test
LocatorCheck
Starting test: Intersite
......................... ad.domain.org passed test Intersite
Also, looking at the Roles in Server Manager, I can see several errors for both the DNS Server role and the AD-DS role. The DNS service is flooded with Event ID 4015 errors, indicating that the DNS server has encountered a critical error from the Active Directory. Looking at the AD-DS role, I see that there is one service that is stopped: Intersite Messaging. When I try to start ismserv, I receive and error indicating the service could not be started and am not given much information past that.
We are not sure what has caused this issue as it started a couple days ago. There are no known changes in the environment or any changes to AD that we are aware of.
Any help or insight would be greatly appreciated.