1355 the spec domain could not be contacted 1355, other AD mess

I've inherited a mess here.  What I have is an environment with 1) Windows Server 2003 Std (vm) 2) Server 2008 R2 (vm) running on a 2008 R2 Hyper V host.  Both servers were DC's.  The problem is that when pointing DNS to either DC, there would
be all kinds of different errors such as access denied or domain controller couldn't be contacted, etc.  I also noticed that they were not replicating with each other for some time.  When specifying DNS to only use a specific DC, users could connect
to shares on one server but not the other.
I have run restores from the last good backups, but apparently this was a problem even at that point and restores would produce the same results.
After running the BPA on the 2008 R2 OS for AD, it came up all errors.  I proceeded under the premise that this server was more corrupt than the other, and knowing I can still go back to the backups I do have, I decided to do a dcpromo /forceremoval
after a graceful demotion wouldn't work.  At this point I was able to see that 1) was a GC, and it held all the fsmo roles.  
I could also access ADUC and ADSS from 1) so I proceeded.  I ran a metadata cleanup on 1) and then proceeded.
It's somewhat back as now I can access servers by dnsname (I couldn't before and that's what started all of this), but I can't add machines to the domain, nor can I promote the host OS to a DC (hoping that after a promo of a different server I could gracefully
remove 1) ).
I also saw that SYSVOL didn't show as a share on the 1) server although the directory exists.  I went to share it, but it couldn't populate a list of locations so I shared it to Everyone with Read access.
I then ran dcdiag and get the following failures:
Starting test: NetLogons
         Unable to connect to the NETLOGON share! (\\2003-DC-SERVER\netlogon)
         [2003-DC-SERVER] An net use or LsaPolicy operation failed with error 1203, 
No network provider accepted the given network path..
         ......................... 2003-DC-SERVER failed test NetLogons
      Starting test: Advertising
         Fatal Error:DsGetDcName (2003-DC-SERVER) call failed, error 1355
         The Locator could not find the server.
         ......................... 2003-DC-SERVER failed test Advertising
Starting test: frsevent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... 2003-DC-SERVER failed test frsevent
Starting test: systemlog
         An Error Event occured.  EventID: 0xC25A002E
            Time Generated: 10/01/2014   09:12:53
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC25A002E
            Time Generated: 10/01/2014   09:17:21
            (Event String could not be retrieved)
         ......................... 2003-DC-SERVER failed test systemlog
Starting test: FsmoCheck
         Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
         A Global Catalog Server could not be located - All GC's are down.
         Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
         A Time Server could not be located.
         The server holding the PDC role is down.
         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 135
5
         A Good Time Server could not be located.
         Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
         A KDC could not be located - All the KDCs are down.
         ......................... lia.local failed test FsmoCheck

Hi,
So you have tried to demote the 2008 R2 DC and failed then you force-remove it and cleanup metadata, but realized it was holding FSMO roles?
Looks like all dcdiag tests are failing since you lost FSMO roles, realiable time source (which was this DC as PDC), GC. Kinda like a forest/domain recovery if i meay say.
I believe you can to do a seize operations of FSMO roles to the DC that is still running, make it a GC and set it as NTP realiable time source for the domain. Then after you test health you can promote the 2008 R2 back under a different name as additional
DC and go from there.
More on seize FSMO roles on a 2003 DC.
http://support.microsoft.com/kb/255504
Hope it helps.
Regards,
Calin

Similar Messages

  • HT1483 I get a message "The Itunes server could not be contacted, check your internet connection" when trying to check for Ipod Nano software updates. I have a 1st generation Nano and haven't updated the software for a while. My internet connection is wor

    I get a message "The Itunes server could not be contacted, check your internet connection" when trying to check for Ipod Nano software updates. I have a 1st generation Nano and haven't updated the software for a while. My internet connection is working. Was thre a change in the internet address for NANO software updates? Do I have to reconfigure something in Itunes to point to the correct address?

    What version of iTunes are you using?  The latest is 10.6.3. In iTunes, choose Help -> About iTunes to check the version number. If it's lower than 10.6.3, download the latest version from here.
    B-rock

  • I'm getting this problem when trying to update my iphone 3gs it says that the iphone software could not be contacted and I went on youtube got some advise to go into my hard drive to fix the error I have nothing in my host file please help me if you can

    I'm getting this problem when trying to update my iphone 3gs it says that the iphone software could not be contacted and I went on youtube got some advise to go into my hard drive to fix the error I have nothing in my host file please help me if you can this is all new to me.

    Read this: iOS 4: Updating your device to iOS 5 or later
    ... oh I think it is a 3gs or a 3
    This makes a difference. What does it say in Settings > General > About?

  • We have a ipod and iphone 4 when we try to do software updates this message comes up'cannot be updated at this time because the software server could not be contacted or tenporarilly unavailable .' we have tried over 3-4 weeks but still come up the same

    we are getting a message ,'the ipod cannot be updated at this time because the ipod software update server could not be contacted or is temporarilly unavailable ' . we have been trying for 3-4 weeks now same same ?

    Try turning off the Firewall.
    System Preferences / Security - Firewall.
    or System Preferences / Sharing - Firewall.

  • HT1212 i have done all of these steps more than once and my iphone is continuing to be disabled. my computer shows "the iphone server could not be contacted." what do i do? i am in desperate need of my iphone to no longer be disabled!

    I have completed the steps given to me to have my iphone 5 no longer be disabled. I have completed the steps multiple times but my computer continues to say "The Iphone spftware update server could not be contacted." I have officially ran out of patience and I am in need of some assistance. I have never disabled my Iphone before and i am having some difficulties trying to get it restored. Please give me any helpful tips possible!!!!
                                                                                                                                               Thanks, Iphone 5 lover

    Temporarily disable any security software on the computer.

  • HT201210 im trying to restore my iphone 4s and its says the 'update server could not be contacted or is temporarily unavailable' help! :(

    i cant restore my iphone becuase this error message keeps on apearing help!

    Windows user? Maybe you should check your HOSTS file to make sure nothing is stopping you from contacting Apple's servers - though if you're not looking to update you might still be out of luck. Also, maybe disable IP blacklist apps like PeerBlock just in case they're interfering with your connection to Apple.

  • The portlet could not be contacted and other time-out errors: the cause!

    Did you encounter these kind of errors? Even after upgrading to
    version 3.0.9.8.1?
    We have searched for many months for the cause of these problems
    and finally found it. It's the user SYS ! When you analyze SYS's
    objects (tables and indexes), Portal gets totally confused.
    Especially after rebooting a server, retrieving the first page
    can take five minutes or even more.
    We have removed all statistics from SYS and the responstimes
    have been increased dramatically. From minutes to just a few
    seconds!
    So, if you want to experience these problems, just analyze user
    SYS. And if you want to get rid of these problems, drop SYS's
    statistics.

    hi,
    Have a look at this discussion. It is the same problem what you face, provided your portal version is also 3.0.9.
    Re: ocopy.exe utility in Oracle 9i
    Thanks,
    Sriram

  • Update iphone 4 to ios7 now could not restore... Tried several time could not restore contacts and other data"... Please help

    I just updated my iphone 4 to ios 7. But after updated, it wont restore my contacts or pics from backup thru itunes.
    Not sure what else to do. I tried to reboot and restore again but still got the error.
    Please help!!!

    Your phone is in "recovery" mode, which means you data on your phone is already gone.  You have no other choice but to restore your phone.  If you've not been backing up regularly and importing your photos to your computer for safe keeping as is strongly recommended, then you've learned a very hard lesson.

  • Federated free busy information - the recipients mailbox server could not be contacted

    Hi guys, really hoping someone can help with a free busy issue I'm having.  
    I've configured a new forest with exchange 2013 installed in preparation for moving all AD objects to the newly created forest to resolve a single label domain issue.  The source forest has exchange 2010 SP2 installed.  I've setup a trust between
    the forests and dns is resolving okay.  Federation has been setup for each of the forests and sharing configured but free busy info isn't available.  When trying to retrieve FB from the new exchange 2013 mailboxes i get "the recipients mailbox
    server could not be contacted"  Trying to lookup FB from new forest to source "the recipients server could not be contacted"  I've followed the troubleshooting steps in the following link: http://johanveldhuis.nl/en/troubleshooting-federared-sharing/
    which are all okay except when I run Test-FederationTrust -UserIdentity [email protected]  On the exchange 2013 forest all tests are successful, on the exchange 2010 forest all tests are successful with the exception of token request which
    returns: failed to request validation token.  Any help on this really appreciated 

    Just check the application log again and found this:
    Process 5660: ProxyWebRequest FederatedCrossForest from S-1-5-21-672479773-2712238020-2201217990-2314 to
    https://mail.contoso.com/ews/exchange.asmx/WSSecurity failed. Caller SIDs: WSSecurity. The exception returned is Microsoft.Exchange.InfoWorker.Common.Availability.ProxyWebRequestProcessingException:
    System.Net.WebException: The request failed with HTTP status 401: Unauthorized.
       at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
       at System.Web.Services.Protocols.SoapHttpClientProtocol.EndInvoke(IAsyncResult asyncResult)
       at Microsoft.Exchange.InfoWorker.Common.Availability.Proxy.Service.EndGetUserAvailability(IAsyncResult asyncResult)
       at Microsoft.Exchange.InfoWorker.Common.Availability.FreeBusyApplication.EndProxyWebRequest(ProxyWebRequest proxyWebRequest, QueryList queryList, Service service, IAsyncResult asyncResult)
       at Microsoft.Exchange.InfoWorker.Common.Availability.ProxyWebRequest.EndInvoke(IAsyncResult asyncResult)
       at Microsoft.Exchange.InfoWorker.Common.Availability.AsyncWebRequest.EndInvokeWithErrorHandling():. The request information is ProxyWebRequest type = FederatedCrossForest, url =
    https://mail.contoso.com/ews/exchange.asmx/WSSecurity
    Mailbox list = <<a href="mailto:[email protected]>SMTP:[email protected]">[email protected]>SMTP:[email protected], Parameters: windowStart = 27/01/2014 00:00:00, windowEnd = 10/03/2014 00:00:00, MergedFBInterval = 30, RequestedView = MergedOnly
    . ---> System.Net.WebException: The request failed with HTTP status 401: Unauthorized.
       at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
       at System.Web.Services.Protocols.SoapHttpClientProtocol.EndInvoke(IAsyncResult asyncResult)
       at Microsoft.Exchange.InfoWorker.Common.Availability.Proxy.Service.EndGetUserAvailability(IAsyncResult asyncResult)
       at Microsoft.Exchange.InfoWorker.Common.Availability.FreeBusyApplication.EndProxyWebRequest(ProxyWebRequest proxyWebRequest, QueryList queryList, Service service, IAsyncResult asyncResult)
       at Microsoft.Exchange.InfoWorker.Common.Availability.ProxyWebRequest.EndInvoke(IAsyncResult asyncResult)
       at Microsoft.Exchange.InfoWorker.Common.Availability.AsyncWebRequest.EndInvokeWithErrorHandling()
       --- End of inner exception stack trace ---
    . Name of the server where exception originated: "MailServer". Make sure that the Active Directory site/forest that contain the user's mailbox has at least one local Exchange 2010 server running the Availability service. Turn up logging for the Availability
    service and test basic network connectivity.

  • FIM Portal - FIM service could not be contacted. Please contact your administrator.

    Hello,
    I have an issue with FIM where I can access the fim portal in it's entirety on the fim server itself using my domain admin credentials, but if I try to connect in from another server I can get the FIM homepage, but clicking through various menus I receive
    a "service  could not be contacted error".
    I've setup fim as shown below:
    http://technet.microsoft.com/en-us/library/ff512685(v=ws.10).aspx
    vm-fim08-01 --- fim service + portal (uses SharePoint foundation 2010)
    DNS Alias "fimportal" for vm-fim08-01
    SharePoint - 80 application account: service.spportal
    FIM service account - service.fim
    vm-fim-sync -- fim sync service + sql 2008 R2
    vm-fim-sql08 -- contains SQL 2008 R2 DB for fim service
    SPNs configured as shown below (setspn -l):
    service.fim
    FIMService/fimportal
    FIMService/fimportal.domaina.local
    mssqlsvc/vm-fim-sql-01:1433
    service.spportal
    HTTP/fimportal.domaina.local
    HTTP/fimportal
    Delegation setup as shown in the pics on the two service accounts only.
    http://fimportal/IdentityManagement/default.aspxfrom the
    fim portal server (vm-fim08-01) works OK without  a login prompt for full portal access (I don't received the service could not be contacted message). Using the fqdn fimportal.domaina.local from the same server this time asks for a login prompt,
    I enter my current Windows credentials, get the home page, but I soon receive "The FIM service could not be contacted".
    Using a different server with the fqdn I'm prompted for a login (using the alias logs me in immediately). Either way, whenever I use a different server other than the fim portal server I soon receive "The FIM service could not be contacted".
    On the fim portal server's application event logs I see
    The Portal cannot connect to the middle tier using the web service interface.  This failure prevents all portal scenarios from functioning correctly. The cause may be
    due to a missing or invalid server url, a downed server, or an invalid server firewall configuration. Ensure the portal configuration is present and points to the resource management service."
    I'm pretty sure this is down to an authentication failure, but changing delegation settings have not helped (I've tried setting my service accounts and computer accounts to delegate for any service, but it didn't help). I've checked my SPNs which
    look right to me. Any advice is much appreciated.
    Thanks in advance

    You did setup an alias for the DNS name. Kerberos delegation needs A records. If you use an Alias you get the type of errors you describe.
    Locally this works as the kerberos ticket is available on the local server. If you access the portal from another computer the FIM service has to request a ticket with delegation, that service needs a records as it uses the hostname in the request.

  • Message "iTunes could not sync contacts to iPhone because an error occurred while committing data"

    Hello all. I recently replaced the HD in my MacBook Pro. Just after, I retrieved my old files from the Time Machine backup, which I made just before the replacement. During the first sync of my iPhone via iTunes and while I was trying to sync my contacts I saw the message "iTunes could not sync contacts to iPhone because an error occurred while committing data". After that, I lost my iPhone contacts (I have them only from iCloud). The only problem is contacts, all the others (Calendars, Apps) are normally syncing. Does anybody has a solution? Thanks in advance!

    hello,
    There was a similiar posting that I have seen from others and they found out that the back up was bad. https://discussions.apple.com/message/6139533#6139533
    I would use a previous backup (earlier one) to the one you have tried to just do.

  • "Document Domain could not be saved."

    Evening folks,
    I'm working on a website and I'm trying to save and I'm getting an error that says "Document Domain could not be saved."
    A little background.
    In mid-may I wiped my drive and re-installed leopard. I reloaded iweb 09 and brought in the domain file from my back up. I was able to save at that point.
    I haven't been using iWeb lately because I'm using Rapidweaver more, but I need to work on a site that I have in iWeb.
    There currently is a domain file in application support. I tried moving it onto the desktop because I've read that can work, but still no dice.
    Any thoughts on how I can get this to save?

    Ran in a similar problem now with the 'document Domain could not be saved' message. When I closed and tried to reopen iWeb, the making working area would not open. Got it working again using the following steps:
    1. Close iWeb 09
    2. Find and renamed the Domain.site2 file to something else while retaining the extension
    3. Launch iWeb 09 and force it to create a new Domain.site2 file
    4. If iWeb opens up, create a new site and put in something that you can save. HIT SAVE. (at this stage, I did not get an error message).
    5. Close iWeb 09
    6. Restore the original Domain.site2 file to it's original name. Double-click it to launch iWeb. Hopefully your old iWeb file should work now. Mine did.

  • There was a problem starting c:\users\tom\appData\local\Apps\Apple Computer\xvgtv.dll The specified module could not be found

    I get error on Windows startup. I have iCloud installed as well as other apple software.
    error:
    there was a problem starting c:\users\tom\appData\local\Apps\Apple Computer\xvgtv.dll The specified module could not be found.

    I get error on Windows startup. I have iCloud installed as well as other apple software.
    error:
    there was a problem starting c:\users\tom\appData\local\Apps\Apple Computer\xvgtv.dll The specified module could not be found.

  • RUNDLL There was a problem starting Appdata/Roaming/Wisdl.dll The specified module could not be found.

    Every time I start my laptop, this message box pops up.
    RUNDLL
    There was a problem starting _____ Appdata/Roaming/Wisdl.dll  
    The specified module could not be found.
    Other then being a pain in the neck it does not seem to cause any performance problems.   I can not find any internet help in fixing this issue.
    Thanks for any help
    Richard

    Every time I start my laptop, this message box pops up.
    RUNDLL
    There was a problem starting _____ Appdata/Roaming/Wisdl.dll  
    The specified module could not be found.
    Other then being a pain in the neck it does not seem to cause any performance problems.   I can not find any internet help in fixing this issue.
    Thanks for any help
    Richard
    Richard
    It sounds as though you’ve had a recent infection and one of your ‘anti’ programs has removed the malware files, or some of them, but missed the entry in the registry, possibly due to an out-dated definitions database. I suggest you, firstly, download and
    run the free Malwarebytes' Anti-Malware from
    http://www.malwarebytes.org/free/ to ensure that you are completely clean. If you then restart the computer and the message is still appearing try one of these, but it is prudent to create a system restore point before you change the registry in (1) below
    by going to Control Panel > All Control Panel Items > System > System Protection (in the left pane) > System Protection Tab > Create and make sure you give it a meaningful name.
    1. The entry is probably in one of the \Run keys, but as the rascal could be hiding in a number of other ‘autorun’ keys, it’s quicker to search the whole registry. Open a Run window (Windows Logo key+R), type regedit and press Enter. Click Edit > Find and
    type the rogue’s name, put ticks in Keys, Values and Data, then click Find Next. When it’s found in the right pane, right-click it and delete it. There should be only one entry but press F3 to continue searching, just to confirm there are no more.
    2. If you’re concerned about making registry changes disable the entry using the system configuration utility, but bear in mind that you’re disabling the entry not deleting it as you would in (1) above. Open a Run window (Windows Logo key+R), type msconfig
    and press Enter. Go to the Startup Tab and remove the tick alongside the rogue’s name. Click Apply, OK, etc. and restart the computer. When it restarts, put a tick in ‘Don‘t show this again‘ as you‘re effectively doing a selective start up.
    Ninety-nine per cent of politicians give the rest a bad name.

  • The specified domain either does not exist or could not be contacted when logging in through RDP. Server 2012/SBS 2007

    I have a server 2012 machine running RDP and a PDC running SBS 2007. Every once a while all my users get an error saying "The specified domain either does not exist or could not be contacted". After waiting ~5-10 minutes the issue resolves itself.
    I believe it has something to do with the syncing between the two but am not 100% sure. Anyone know a fix or what I should look at? 
    Jerry T

    Hi Jerry,
    Thank you for posting in Windows Server Forum.
    After referring to your error, it seems to have DNS issue in your case which can’t locate the DC. Please check the setting related to DNS issue as following. (Below quoted from
    this thread)
    If this is the case, I would recommend proceeding like that:
    1. Make sure that each DC has only one IP address in use and ONLY one NIC card enabled (Other NICs should be disabled)
    2. Make sure that public DNS servers are configured as DNS forwarders and not in IP settings of DCs
    3. Choose a healthy DC / DNS server and make each DC point to it as primary DNS server
    4. Make each DC / DNS server point to its private IP address as secondary DNS server
    5. Make sure that needed ports for AD replication are opened: http://technet.microsoft.com/en-us/library/bb727063.aspx
    6. Check your DNS zones and remove manually all obsolete / unused DNS records for DCs
    Once done, run ipconfig /registerdns and restart netlogon on each DC you have.
    On the client computer, run ipconfig /flushdns and check again.
    Hope it helps!
    Thanks.
    Dharmesh Solanki

Maybe you are looking for

  • G4 and Macbook!??!

    kk i have to questions and if you guys could help me it would be greAT!!! ok so my first question is, is there a way to hook up my G4 and Macbook so they share an internet connection while my MB is hooked up to the internet through airport? second is

  • Keeps asking me for password over and over and over!!!

    This is so annoying, I went to download new music onto my laptop which I had bought through my I pad and phone but after a little while it kept asking for my username and password, so I put it in about 5 times then it carried on ok for about 5 mins t

  • ITunes Store Downloads

    Hi! I have a problem. I have some TV shows downloaded already, and everytime I sync my iPod, I am prompted to enter my Apple ID info to check for downloads. My problem is that I already have downloaded what iTunes is trying to download. Does anyone k

  • Can Airport Express do two things at once

    I've used my Airport Express for music up to now, and it seems to work fine. After a fairly length remodeling project, I'm starting to plan on reconnecting all my new components and devices. My question is can I use the Airport Express to connect to

  • Vaja case for i4

    I ordered an i4 case by Vaja last Friday and got two emails confirming the order. However, the charge has not shown up on my credit card. By contrast, the charge for my iPad showed up almost immediately. Anyone place an order with Vaja for the i4 tha