can't see Domain Controller - need help ASAP!

[Marie (Zionkowski) Gozikowski]

ok.... found it under:

C:\WINDOWS\SYSVOL\sysvol\Iddings.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}

[Jeff Zylstra]

Just curious here...   If you go to Start - Active Directory Users and Computers, what is there?  Is a domain controller listed there, and is it Iddings.local? 

This whole thing of not being able to run DCDIAG is a little concerning.  At a command prompt, try typing DCDIAG.EXE again.  I can't believe that it's not there.

[Bloody Jack Kidd]

my concern is that it's been DCPROMO'd out somehow... now it's just a box with blinking lights

[Jeff Zylstra]

my concern is that it's been DCPROMO'd out somehow... now it's just a box with blinking lights

Yes, mine too.   I'm still wondering what has caused this.  Some times unbinding the protocols can have some very weird consequences.  I'm hoping that is all that has happened.  In any case, I think they need a tech who understands servers. 

[Marie (Zionkowski) Gozikowski]

Just curious here...   If you go to Start - Active Directory Users and Computers, what is there?  Is a domain controller listed there, and is it Iddings.local? 

This whole thing of not being able to run DCDIAG is a little concerning.  At a command prompt, try typing DCDIAG.EXE again.  I can't believe that it's not there.

DCDiag is not there...

When I look under active dir & users.... I see APPSRV02, but not iddings.local
double clicking on APPSRV02  gives me a list of Shared printers, and something called NTFRS Subscriptions and RID set, but nothing else

I don't know what "DCPROMO'd out" means - but it can't be good :-)   something like BSOD?   sigh

[Jan Regnier]

Oh, Marie....I have a headache just reading the issues!!!  I hope you find the solution quickly...

[Bloody Jack Kidd]

dcpromo is a command line utility for doing stuff with DCs - gets used as a verb sometimes...

http://technet.microsoft.com/en-us/library/cc732887(WS.10).aspx

what Jeff and I fear is that some action has in effect demoted your DC, or otherwise removed AD Domain Services... although IIRC, removing the last DC (or only) in a forest would generate at least a few "Are You Sure You Want To Do This?" kind of messages.

I wonder if you restored the system state from tape from a couple days ago, if that would get things back in order.  Either way, I think you need someone onsite familiar with AD and MS to get things back in order.

[Jeff Zylstra]

A couple of more wild guesses on my part here.  I'm wondering if there is anything in Active Directory Users and Computers for "Lost and Found".  And if so, what is it?  Something else.  What if SYSVOL was no longer shared?  This would make it available locally on the server, but not from a workstation by its UNC path.  


Oops, almost forgot.  At a command prompt, type  NET SHARE   SYSVOL should be one of the folders that is shared.  Let's hope that's it.

I agree that someone with knowledge of Active Directory needs to be on site to fix this.  

[stevenhart]

Hey everyone, i gave Marie a hand on this and we figured it out.  The firewall was functioning as the DHCP Server and it was handing out the ISP's DNS servers to the workstations, so the workstations couldn't find the domain.  I moved DHCP to the SBS (Microsoft best-practice), setup the scope options, and everything's looking good.

Prior to that the server had the IP address of the router assigned to its network adapter causing a conflict.

Prior to that (the original cause of the problem) is unknown, as is so often the case... There were some Windows Updates installed around the time the problem started so who knows, something could have been thrown off in the course of that, and subsequent troubleshooting has resolved it since everything's running normally now.

The server looks healthy, nothing harmful in the system, application, FRS, DNS or Directory Services event logs.

And as an fyi, dcdiag isn't on a 2003 server by default.  One has to install the Windows 2003 Support Tools in order to get it (in case it comes up in the future).  It is built into a 2008 server.

Also a tidbit of info (from past experience) if the sysvol share were indeed missing, it would  likely have been due to the SBS being in "Journal Wrap" - a condition that can occur when an environment has a single domain controller.  There's a registry edit, followed by restarting some services that can cure that.  So a missing sysvol is not necessarily a disastrous situation.

[Bob]

Thanks for helping her Steve! 

[Marie (Zionkowski) Gozikowski]

I just want to send out a HUGE thank you to Steve Hart for all his help.... I only have the vaguest idea as to what he did, but it is fixed and works and now I can sleep tonight!

He went over and above to get us running again, and I just can't say enough

Thanks again Steve!!!!!   I so owe you a beer (or a case)   LOL

[Jan Regnier]

And now we can say on THIS NG Forum .....I LOVE OUR NG!!...really IS Users Helping Users...   I think Marie was "our" first BIG save (not that I can take any credit - just sharing in her headache - but you "guys" are awesome!)


always....."what goes around - comes around".....

[Marie (Zionkowski) Gozikowski]

Oh, I so agree there Jan!

And I posted a thanks on the old NG's under Hardware... AND plugged this
web forum as well....

Don't know what I would have done without the help and support here
Web forums ROCK!   

[Bloody Jack Kidd]

Karma for Steve.

[Marie (Zionkowski) Gozikowski]

Oh, definitely Karma!   And for you and Jeff and Bob and anyone else who tried helping me as well....

Good news is, I learned a LOT about DHCP / DNS / DC's.... in fact, this morning our remote office still couldn't connect to the server... went into our terminal server and knew just how to point it in the right direction - tada... all better!

(I know, such small things make me happy)   

It always works that way, though.... you learn so much when things go down and you HAVE to try and fix them, and watch how other people DO fix them :-)   really tends to stick in your head that way!

LOL