Server 2003 AD/Domain/Domain Controller/DNS confusion!

calrubbo · Jun 27, 2013

I encountered a problem after a power outage and my Server 2003 computer restarted. Keep in mind I did not set up this system and I think the person that did before me kinda messed it up.

Now, when I try to connect my computer to the domain registered to my server, I get the following error message:

An Active Directory Domain Controller for the domain NORTONGLASSPRODUCTS.local could not be contacted. Ensure that the domain name is typed correctly.

then, if I click more details:

The error was: "This operation returned because the timeout period expired."
(error code 0x000005B4 ERROR_TIMEOUT)

The query was for the SRV record for _ldap._tcp.dc._msdcs.NORTONGLASSPRODUCTS.LOCAL

The DNS servers used by this computer for name resolution are not responding. This computer is configured to use DNS servers with the following IP addresses:

192.168.1.1

Verify that this computer is connected to the network, that these are the correct DNS server IP addresses, and that at least one of the DNS servers is running.

I have tried to map all the connections back to the right places, however I am having no luck. I am able to ping my server (192.168.1.67) from both computers, however I cannot ping the domain controller name for that server anymore. I used to set the DNS servers on the client computers to the location of the server but now I have to set it to the default gateway (192.168.1.1) in order to even get internet access on the client computer.

For some reason, one computer can still log into the domain (the settings are saved I guess?) but once it's in, it's slow and can't open any server-based programs.

ANY help at all would be greatly appreciated, I only have a single day to fix this.

- Cal

skit75 · Jun 27, 2013

I really feel for you. You may need more than a day to work some of this out. Your gateway/router is probably using your ISP DNS servers. Your local AD/DC/DNS server has changed in some way. Shared directories and applications ran from your server will also not work until you can get users back on to your domain. Start by checking your 2003 Server Event Viewer for errors on DNS and AD/DC. Use your ISP DNS servers via your gateway to allow your users to get the internet while you figure out how to re-connect them to your Domain.
Make sure you have the Local Administrator Passwords for your user's computers.... in-case you have to create a new domain, you will need these passwords to migrate your users data/email.
If your old domain is dead, you will lose the login to these machines as soon as you switch them into a Workgroup or other Domain. They may able to use thier current domain credentials for a while to do a local login(they will see there desktop but have zero access to anything shared/server side).

Snipergod87 · Jun 27, 2013

Do you know the domain controllers IP, can you ping that? Is the DC on? Or is the testing you are doing actually on the domain controller? (1.67) (Wasn't clear).

Clients will cache credentials so you can still login even if the DC is down. If the DC is up have you looked at its firewall settings, try turning them off temporarily if they are on, we have had some strange issues popup for us regarding the windows firewall.

calrubbo · Jun 27, 2013

Thanks for your replies! Again, I apologize for my lack of server/networking knowledge and terminology.

@skit75
I think you are right, the AD/DC/DNS changed somewhere and I'm not sure how to get it all working again. There are event logs that display errors regarding the DNS setup, both of them read the following:

"DNS server has updated its own host(A) records. In order to ensure its DS-integrated peer DNS servers are able to replicate with this server, an attempt was made to update them with the new records through dynamic update. An error was encountered during this update, the record data is the error code.

If the DNS server's Active Directory replication partners do not have the correct IP addresses for this server, they will be unable to replicate with it."

I have all of the passwords and account information saved. I hope I won't have to create a new domain but if that's what it takes, I guess I'll have to.

@Snipergod87
I'm confused about this process, but I know the IP of the computer that the domain controller is assigned to, yes: it is the same as the server IP (192.168.1.67, the IP address that used to work before all this). The testing was done on two client computers, both of which could ping the server IP. Maybe the server IP shouldn't be the same thing as the domain controller IP, is that what's wrong?

I'll look into the DC firewall settings now, although I think I might be at the wrong place. I'm in the Server Management/Advanced Management/Active Directory/my domain name/Domain Controllers location and all I see is that the domain controller listed is the name of the physical server. Did you want me to change the firewall settings on the server?

Snipergod87 · Jun 27, 2013

We had an issue recently where our firewalls got in an odd state on our DC's causing all sorts of issues that why I suggested that, it is just ths standard windows firewall settings.

I think Skit is on the right track, some of this is beyond me unfortunately.

flank2 · Jun 27, 2013

im still confused, is your dc also the dns server for your domain? and you keep saying server IP, what is this referring to, the dns server or the domain controller?

starting over with a new domain should be a last resort, no?

have you been doing backups? if so it may just be easier to restore your DNS records that way and then on each clients configure the network adapters to the way it was originally.

skit75 · Jun 27, 2013

Is your DNS server supposed to be using loop-back look-up 127.0.0.1? Sounds like your DNS server is pointing to your gateway/router address 192.167.1.1 for DNS look-ups also. Check to see if your DNS server it has a static IP/Mask/Gateway setting still saved in your IPv4 network properties window. Keep a note of changes you are making also.

Flank2: Always last resort, of course.

Beachnative · Jun 27, 2013

Change your host file to get to your DC.

192.168.1.67 NORTONGLASSPRODUCTS.local

Then look to see if DNS is running. And of course look over those log files

skit75 · Jun 27, 2013

Is it possible your DNS server was purposefully looking to your gateway router for DNS lookups and that the power outtage maybe reset the defaults on your gateway router? Maybe this can be resolved at your gateway. You should verify its settings.

calrubbo · Jun 27, 2013

Thanks to a friend who remotely connected to my computers and server, everything is back up and running.

I appreciate the responses though, it's all helped learn a little more about domains and servers today haha.

Cal

Beachnative · Jun 27, 2013

It sonds as if the local machines were not plugged into an UPS but the servers might have been. Think about the logic, why would you not use an UPS on two servers but have it on the local PC's?

Restart the server with a graceful shutdown then restart. Check your RR in DNS for accuracy. Look in services to see if DNS is running, if it's not start it.
Then go to your PC and point your DNS to the server. then do a lookup of a host

skit75 · Jun 27, 2013

the 127.0.0.1 loop back address would only be set on your DNS server, in the DNS section of the IPv4 properties. Your DNS server should have a static IP (Ex. 192.167.1.67). The .67 address would normally be in your users IPv4 properties window DNS section.

All users look for local Preferred DNS(192.167.1.67). Your DNS server should have a static IP(192.167.1.67), a Subnet Mask(255.255.255.0), and your gateway/router address(192.168.1.1) Your Preferred DNS on your DNS server should be 127.0.0.1 with maybe one of your ISP DNS servers as an alternate. Someone correct me if I am wrong...

calrubbo · Jun 27, 2013

Thanks to a friend who remotely connected to my computers and server, everything is back up and running.

I appreciate the responses though, it's all helped learn a little more about domains and servers today haha. There were a ton of problems with the clients routing to the server/gateway incorrectly apparently.

I'm looking for the way to mark this as solved at the moment.

Cal

skit75 · Jun 27, 2013

Cheers!

Search

Server 2003 AD/Domain/Domain Controller/DNS confusion!

calrubbo

Honorable

skit75

skit75

Splendid

Snipergod87

Splendid

calrubbo

Honorable

Snipergod87

Splendid

flank2

Distinguished

skit75

Splendid

Beachnative

Honorable

skit75

Splendid

calrubbo

Honorable

Beachnative

Honorable

skit75

Splendid

calrubbo

Honorable

skit75

Splendid

TRENDING THREADS

Latest posts

Moderators online

Share this page