2

Both of the 2 DC's are running Svr 2012 R2 and are global catalogs. The DC that is down is our oldest one, SBS 2008. I have pointed DNS and DHCP at the 2x Svr 2012 R2 domain controllers. Also, both of the 2012 R2 DC's use themselves and each other for DNS, neither use the old SBS 08 DC. Yet, I still cannot logon while the SBS 08 DC is down (except for with cached credentials, which shows SBS 08 as %logonserver%). What could be the issue here? Thanks.

EDIT: Also, I cannot open ADUC from any client PC's. Running DCDIAG on both of the 2 Svr2012R2 DC's, they both "failed test NetLogons" and " failed test Advertising"

EDIT2: The NETLOGON folder does not exist on the old SBS '08 DC and I cannot figure out how to force it to get created.

KidACrimson
  • 320
  • 1
  • 10
  • 24
  • Can you open ADUC from the console on 2012 R2 DCs themselves? or is it just inaccessible from clients? – bao7uo Mar 10 '17 at 07:58
  • 1
    While the SBS 2008 server is down run dcdiag on one of the 2012 R2 servers and review the dcdiag output/log. – joeqwerty Mar 10 '17 at 08:37
  • Thank you both. I will have to try again after hours. The SBS 08 domain controller also runs Exchange and must stay up during working hours. – KidACrimson Mar 10 '17 at 14:36

2 Answers2

1

Thanks, everyone. This is resolved now. The particular issue here was that the NETLOGON share was missing from the only working DC (SBS '08) in our domain. Once I created it and replicated out from the SBS 08 DC, all started working:
Windows SBS 08 domain controller is missing \\Localhost\NETLOGON share

Community
  • 1
KidACrimson
  • 320
  • 1
  • 10
  • 24
0

Ensure the system time/timezone in synch between the clients and the DCs.

Check the DNS server settings on both the DCs, and fix if they are not set correctly. Both DCs should be running the DNS service, and the DNS server setting in TCP/IP config on the DCs should point to the other DC as primary, and themselves as secondary (secondary address should be the loopback: 127.0.0.1)

The client workstation DNS server settings should point to both DCs, one as primary, one as secondary.

Then, if that does not fix it, on the DCs try:

ipconfig /flushdns
ipconfig /registerdns

If that does not resolve it, you could also try the advice in this link:

http://support.microsoft.com/kb/325850/en-us

If that doesn't work, check the results of:

dcdiag /v
repadmin /showreps

Post any errors on here.

bao7uo
  • 1,664
  • 11
  • 24
  • Thank you, Paul. Now that you mention it, I think the clients are set to use NTP from the SBS 08 DC, so that's a very good point. – KidACrimson Mar 10 '17 at 14:34
  • 1
    You're welcome, it's one of those things the error message doesn't tell you - if the clients are enough out of synch with the DC they won't log in. Would be interested to know if that was the problem? – bao7uo Mar 10 '17 at 17:34
  • So, running DCDIAG on both of the 2 Svr2012R2 DC's, they both "failed test NetLogons" and " failed test Advertising" – KidACrimson Mar 10 '17 at 21:25
  • 1
    See updated answer for things to try – bao7uo Mar 11 '17 at 05:20
  • Missing NETLOGON share from the old SBS '08 DC was the culprit. – KidACrimson Mar 14 '17 at 03:19