DNS Issue Windows 2003 AD-The server holding the PDC role is down

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by Dave M on Server Fault See other posts from Server Fault or by Dave M
Published on 2011-08-03T15:41:19Z Indexed on 2013/10/19 15:58 UTC
Read the original article Hit count: 218

Filed under:
|
|

Our network of Windows 2003 and Windows 2008 servers suddenly hasDNS issues. There are 7 DCs. Two at our main office and one each at branch sites (one branch has two a 2008R2 and WIN2K3) Only two are WIN2008R2 Running DCDIAG on the WIN2K3 at main site (DC1) reports no issues. Running at any branch site reports two issues All other test pass. The server DC1 can be PINGed by name from any site

Starting test: frsevent

 There are warning or error events within the last 24 hours after the
SYSVOL has been shared.  Failing SYSVOL replication problems may cause
Group Policy problems.

Starting test: FsmoCheck

  Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.

Netdom.exe /query DC reports the expected servers.

netdom query fsmo

This reports the server at the main office holds the following roles:
* Schema owner

  • Domain role owner

  • PDC role

  • RID pool manager

Infrastructure owner

In the DNS management snap-in, DC1 appears as DNS server but does not appear in
_msdcs-dc-_sites-Default-First-Site-Name-_TCP

There is no _ldap or –kerberos record pointing to DC1

Same issue msdcs-dc-_sites- -_TCP
Again there is no _ldap or –kerberos record pointing to DC1

Under Domain DNS Zones there is no entry for the server. This is the case for any _tcp folder in the DNS.

The server DC1 appears correctly as a name server in the Reverse Lookup Zone. There is a Host(A) record for DC1 but in the Forward Lookup Zone there is no (same as parent folder) Host(A) for the DC1 server but such an entry exists for the other DCs at branch sites and the other DC at the main office.

We have tried stopping and starting the netlogon service, restarting DNS and also dcdiag /fix.

Netdiag reports error:

Trust relationship test. . . . . . : Failed  
[FATAL] Secure channel to domain 'XXX' is broken. [ERROR_NO_LOGON_SERVERS]

[WARNING] Failed to query SPN registration on DC- One entry for each branch DC

All braches lsit the problem server and it can be Pinged by name from any branch

Fixing is number one priority but also would like to determine the casue.

© Server Fault or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about Windows

Related posts about dns

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle