A Global Catalog Server could not be located - All GC's are down
Event Logs
#################
Level,Date and Time,Source,Event ID,Task Category
Error,12-07-2016 19:35:16,Microsoft-Windows-ActiveDirectory_DomainService,1126,Global Catalog,"Active Directory Domain Services was unable to establish a connection with the global catalog.
Additional Data
Error value:
1792 An attempt was made to logon, but the network logon service was not started.
Internal ID:
3200e25
User Action:
Make sure a global catalog is available in the forest, and is reachable from this domain controller. You may use the nltest utility to diagnose this problem."
Warning,12-07-2016 19:20:16,Microsoft-Windows-ActiveDirectory_DomainService,2089,Backup,"This directory partition has not been backed up since at least the following number of days.
Directory partition:
DC=ForestDnsZones,DC=ppicsolutions,DC=com
'Backup latency interval' (days):
90
It is recommended that you take a backup as often as possible to recover from accidental loss of data. However if you haven't taken a backup since at least the 'backup latency interval' number of days, this message will be logged every day until a backup is taken. You can take a backup of any replica that holds this partition.
By default the 'Backup latency interval' is set to half the 'Tombstone Lifetime Interval'. If you want to change the default 'Backup latency interval', you could do so by adding the following registry key.
'Backup latency interval' (days) registry key:
System\CurrentControlSet\Services\NTDS\Parameters\Backup Latency Threshold (days)
"
Warning,12-07-2016 19:20:16,Microsoft-Windows-ActiveDirectory_DomainService,2089,Backup,"This directory partition has not been backed up since at least the following number of days.
Directory partition:
DC=DomainDnsZones,DC=ppicsolutions,DC=com
'Backup latency interval' (days):
90
It is recommended that you take a backup as often as possible to recover from accidental loss of data. However if you haven't taken a backup since at least the 'backup latency interval' number of days, this message will be logged every day until a backup is taken. You can take a backup of any replica that holds this partition.
By default the 'Backup latency interval' is set to half the 'Tombstone Lifetime Interval'. If you want to change the default 'Backup latency interval', you could do so by adding the following registry key.
'Backup latency interval' (days) registry key:
System\CurrentControlSet\Services\NTDS\Parameters\Backup Latency Threshold (days)
"
Warning,12-07-2016 19:20:16,Microsoft-Windows-ActiveDirectory_DomainService,2089,Backup,"This directory partition has not been backed up since at least the following number of days.
DCDIAG Results
########################
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Administrator>dcdiag /test:dns
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = WIN-D0MEIBVQ62T
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\WIN-D0MEIBVQ62T
Starting test: Connectivity
The host 83c247f2-55e7-4349-8cca-53a795cfc25c._msdcs.192.168.1.50.com
could not be resolved to an IP address. Check the DNS server, DHCP,
server name, etc.
Got error while checking LDAP and RPC connectivity. Please check your
firewall settings.
......................... WIN-D0MEIBVQ62T failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\WIN-D0MEIBVQ62T
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
NETLOGON Service is stopped on [WIN-D0MEIBVQ62T]
......................... WIN-D0MEIBVQ62T passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : 192.168.1.50
Running enterprise tests on : nevergiveup.com
Starting test: DNS
Test results for domain controllers:
DC: WIN-D0MEIBVQ62T.192.168.1.50.com
Domain: 192.168.1.50.com
TEST: Authentication (Auth)
Error: Authentication failed with specified credentials
TEST: Basic (Basc)
Error: No LDAP connectivity
Error: NETLOGON service is not running
Warning: adapter
[00000028] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Clien
t)
has invalid DNS server: 192.168.1.50 (<name unavailable>)
Warning: adapter
[00000029] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Clien
t)
has invalid DNS server: 192.168.1.50 (<name unavailable>)
Warning: adapter
[00000029] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Clien
t)
has invalid DNS server: 192.168.1.50 (<name unavailable>)
No host records (A or AAAA) were found for this DC
TEST: Forwarders/Root hints (Forw)
Error: All forwarders in the forwarder list are invalid.
TEST: Dynamic update (Dyn)
Warning: Failed to add the test record dcdiag-test-record in z
one 192.168.1.50.com
TEST: Records registration (RReg)
Network Adapter
[00000028] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Clien
t):
Warning:
Missing CNAME record at DNS server 192.168.1.50:
83c247f2-55e7-4349-8cca-53a795cfc25c._msdcs.192.168.1.50.c
om
Error:
Missing SRV record at DNS server 192.168.1.50:
_ldap._tcp.192.168.1.50.com
Error:
Missing SRV record at DNS server 192.168.1.50:
_ldap._tcp.aa68743b-567b-43b3-a498-28aefc27ae7d.domains._ms
dcs.192.168.1.50.com
Error:
Missing SRV record at DNS server 192.168.1.50:
_kerberos._tcp.dc._msdcs.192.168.1.50.com
Error:
Missing SRV record at DNS server 192.168.1.50:
_ldap._tcp.dc._msdcs.192.168.1.50.com
Error:
Missing SRV record at DNS server 192.168.1.50:
_kerberos._tcp.192.168.1.50.com
Error:
Missing SRV record at DNS server 192.168.1.50:
_kerberos._udp.192.168.1.50.com
Error:
Missing SRV record at DNS server 192.168.1.50:
_kpasswd._tcp.192.168.1.50.com
Error:
Missing SRV record at DNS server 192.168.1.50:
_ldap._tcp.Default-First-Site-Name._sites.192.168.1.50.com
Error:
Missing SRV record at DNS server 192.168.1.50:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ppi
csolutions.com
Error:
Missing SRV record at DNS server 192.168.1.50:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ppicsol
utions.com
Error:
Missing SRV record at DNS server 192.168.1.50:
_kerberos._tcp.Default-First-Site-Name._sites.192.168.1.50
.com
Error:
Missing SRV record at DNS server 192.168.1.50:
_ldap._tcp.gc._msdcs.192.168.1.50.com
Error:
Missing SRV record at DNS server 192.168.1.50:
_gc._tcp.Default-First-Site-Name._sites.192.168.1.50.com
Error:
Missing SRV record at DNS server 192.168.1.50:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ppicsol
utions.com
Error:
Missing SRV record at DNS server 192.168.1.50:
_ldap._tcp.pdc._msdcs.192.168.1.50.com
Error: Record registrations cannot be found for all the network
adapters
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 192.168.1.50 (<name unavailable>)
3 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.192.168.1.50.com.
failed on the DNS server 192.168.1.50
DNS server: 192.168.1.51 (<name unavailable>)
2 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.192.168.1.50.com.
failed on the DNS server 192.168.1.51
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.8.10.90
DNS server: 192.168.1.190 (<name unavailable>)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.168.1.190
DNS server: 192.168.1.244 (<name unavailable>)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.168.1.244
DNS server: 192.168.1.250 (<name unavailable>)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.168.1.250
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: 192.168.1.50.com
WIN-D0MEIBVQ62T FAIL FAIL FAIL PASS WARN FAIL n/a
......................... 192.168.1.50.com failed test DNS
C:\Users\Administrator>
C:\Users\Administrator>
##############################
SOLUTION :
1. Check if the DCs can resolve each other using their DNSHostName. If not, this indicates some DNS misconfiguration -- you need to fix that first.
2. Check if the both the DCs are pointing to the same DNS server (or DNS servers that are replica of each other). Run: "ipconfig /all" and check its output. If not, correct the DNS client settings and run dcdiag after sometime.
3. Check if dynamic updates are "turned on" on the DNS server.
4. Try re-registering the DCs SRV records by either restarting netlogon service or by running the following command:
nltest.exe /dsregdns
Note : (Important )
Check whether netlogon service and dependency services are running . If it is running Restart the NETLOGON SERVICE and try connecting AD console
This time you will be able to connect to AD console without any error messages .
Event Logs
#################
Level,Date and Time,Source,Event ID,Task Category
Error,12-07-2016 19:35:16,Microsoft-Windows-ActiveDirectory_DomainService,1126,Global Catalog,"Active Directory Domain Services was unable to establish a connection with the global catalog.
Additional Data
Error value:
1792 An attempt was made to logon, but the network logon service was not started.
Internal ID:
3200e25
User Action:
Make sure a global catalog is available in the forest, and is reachable from this domain controller. You may use the nltest utility to diagnose this problem."
Warning,12-07-2016 19:20:16,Microsoft-Windows-ActiveDirectory_DomainService,2089,Backup,"This directory partition has not been backed up since at least the following number of days.
Directory partition:
DC=ForestDnsZones,DC=ppicsolutions,DC=com
'Backup latency interval' (days):
90
It is recommended that you take a backup as often as possible to recover from accidental loss of data. However if you haven't taken a backup since at least the 'backup latency interval' number of days, this message will be logged every day until a backup is taken. You can take a backup of any replica that holds this partition.
By default the 'Backup latency interval' is set to half the 'Tombstone Lifetime Interval'. If you want to change the default 'Backup latency interval', you could do so by adding the following registry key.
'Backup latency interval' (days) registry key:
System\CurrentControlSet\Services\NTDS\Parameters\Backup Latency Threshold (days)
"
Warning,12-07-2016 19:20:16,Microsoft-Windows-ActiveDirectory_DomainService,2089,Backup,"This directory partition has not been backed up since at least the following number of days.
Directory partition:
DC=DomainDnsZones,DC=ppicsolutions,DC=com
'Backup latency interval' (days):
90
It is recommended that you take a backup as often as possible to recover from accidental loss of data. However if you haven't taken a backup since at least the 'backup latency interval' number of days, this message will be logged every day until a backup is taken. You can take a backup of any replica that holds this partition.
By default the 'Backup latency interval' is set to half the 'Tombstone Lifetime Interval'. If you want to change the default 'Backup latency interval', you could do so by adding the following registry key.
'Backup latency interval' (days) registry key:
System\CurrentControlSet\Services\NTDS\Parameters\Backup Latency Threshold (days)
"
Warning,12-07-2016 19:20:16,Microsoft-Windows-ActiveDirectory_DomainService,2089,Backup,"This directory partition has not been backed up since at least the following number of days.
DCDIAG Results
########################
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Administrator>dcdiag /test:dns
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = WIN-D0MEIBVQ62T
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\WIN-D0MEIBVQ62T
Starting test: Connectivity
The host 83c247f2-55e7-4349-8cca-53a795cfc25c._msdcs.192.168.1.50.com
could not be resolved to an IP address. Check the DNS server, DHCP,
server name, etc.
Got error while checking LDAP and RPC connectivity. Please check your
firewall settings.
......................... WIN-D0MEIBVQ62T failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\WIN-D0MEIBVQ62T
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
NETLOGON Service is stopped on [WIN-D0MEIBVQ62T]
......................... WIN-D0MEIBVQ62T passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : 192.168.1.50
Running enterprise tests on : nevergiveup.com
Starting test: DNS
Test results for domain controllers:
DC: WIN-D0MEIBVQ62T.192.168.1.50.com
Domain: 192.168.1.50.com
TEST: Authentication (Auth)
Error: Authentication failed with specified credentials
TEST: Basic (Basc)
Error: No LDAP connectivity
Error: NETLOGON service is not running
Warning: adapter
[00000028] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Clien
t)
has invalid DNS server: 192.168.1.50 (<name unavailable>)
Warning: adapter
[00000029] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Clien
t)
has invalid DNS server: 192.168.1.50 (<name unavailable>)
Warning: adapter
[00000029] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Clien
t)
has invalid DNS server: 192.168.1.50 (<name unavailable>)
No host records (A or AAAA) were found for this DC
TEST: Forwarders/Root hints (Forw)
Error: All forwarders in the forwarder list are invalid.
TEST: Dynamic update (Dyn)
Warning: Failed to add the test record dcdiag-test-record in z
one 192.168.1.50.com
TEST: Records registration (RReg)
Network Adapter
[00000028] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Clien
t):
Warning:
Missing CNAME record at DNS server 192.168.1.50:
83c247f2-55e7-4349-8cca-53a795cfc25c._msdcs.192.168.1.50.c
om
Error:
Missing SRV record at DNS server 192.168.1.50:
_ldap._tcp.192.168.1.50.com
Error:
Missing SRV record at DNS server 192.168.1.50:
_ldap._tcp.aa68743b-567b-43b3-a498-28aefc27ae7d.domains._ms
dcs.192.168.1.50.com
Error:
Missing SRV record at DNS server 192.168.1.50:
_kerberos._tcp.dc._msdcs.192.168.1.50.com
Error:
Missing SRV record at DNS server 192.168.1.50:
_ldap._tcp.dc._msdcs.192.168.1.50.com
Error:
Missing SRV record at DNS server 192.168.1.50:
_kerberos._tcp.192.168.1.50.com
Error:
Missing SRV record at DNS server 192.168.1.50:
_kerberos._udp.192.168.1.50.com
Error:
Missing SRV record at DNS server 192.168.1.50:
_kpasswd._tcp.192.168.1.50.com
Error:
Missing SRV record at DNS server 192.168.1.50:
_ldap._tcp.Default-First-Site-Name._sites.192.168.1.50.com
Error:
Missing SRV record at DNS server 192.168.1.50:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ppi
csolutions.com
Error:
Missing SRV record at DNS server 192.168.1.50:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ppicsol
utions.com
Error:
Missing SRV record at DNS server 192.168.1.50:
_kerberos._tcp.Default-First-Site-Name._sites.192.168.1.50
.com
Error:
Missing SRV record at DNS server 192.168.1.50:
_ldap._tcp.gc._msdcs.192.168.1.50.com
Error:
Missing SRV record at DNS server 192.168.1.50:
_gc._tcp.Default-First-Site-Name._sites.192.168.1.50.com
Error:
Missing SRV record at DNS server 192.168.1.50:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ppicsol
utions.com
Error:
Missing SRV record at DNS server 192.168.1.50:
_ldap._tcp.pdc._msdcs.192.168.1.50.com
Error: Record registrations cannot be found for all the network
adapters
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 192.168.1.50 (<name unavailable>)
3 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.192.168.1.50.com.
failed on the DNS server 192.168.1.50
DNS server: 192.168.1.51 (<name unavailable>)
2 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.192.168.1.50.com.
failed on the DNS server 192.168.1.51
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.8.10.90
DNS server: 192.168.1.190 (<name unavailable>)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.168.1.190
DNS server: 192.168.1.244 (<name unavailable>)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.168.1.244
DNS server: 192.168.1.250 (<name unavailable>)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.168.1.250
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: 192.168.1.50.com
WIN-D0MEIBVQ62T FAIL FAIL FAIL PASS WARN FAIL n/a
......................... 192.168.1.50.com failed test DNS
C:\Users\Administrator>
C:\Users\Administrator>
##############################
SOLUTION :
1. Check if the DCs can resolve each other using their DNSHostName. If not, this indicates some DNS misconfiguration -- you need to fix that first.
2. Check if the both the DCs are pointing to the same DNS server (or DNS servers that are replica of each other). Run: "ipconfig /all" and check its output. If not, correct the DNS client settings and run dcdiag after sometime.
3. Check if dynamic updates are "turned on" on the DNS server.
4. Try re-registering the DCs SRV records by either restarting netlogon service or by running the following command:
nltest.exe /dsregdns
Note : (Important )
Check whether netlogon service and dependency services are running . If it is running Restart the NETLOGON SERVICE and try connecting AD console
This time you will be able to connect to AD console without any error messages .
