Tuesday, July 12, 2016

A Global Catalog Server could not be located - All GC's are down

A Global Catalog Server could not be located - All GC's are down







Event Logs
#################



Level,Date and Time,Source,Event ID,Task Category
Error,12-07-2016 19:35:16,Microsoft-Windows-ActiveDirectory_DomainService,1126,Global Catalog,"Active Directory Domain Services was unable to establish a connection with the global catalog.

Additional Data
Error value:
1792 An attempt was made to logon, but the network logon service was not started.
Internal ID:
3200e25

User Action:
Make sure a global catalog is available in the forest, and is reachable from this domain controller. You may use the nltest utility to diagnose this problem."
Warning,12-07-2016 19:20:16,Microsoft-Windows-ActiveDirectory_DomainService,2089,Backup,"This directory partition has not been backed up since at least the following number of days.

Directory partition:
DC=ForestDnsZones,DC=ppicsolutions,DC=com

'Backup latency interval' (days):
90

It is recommended that you take a backup as often as possible to recover from accidental loss of data. However if you haven't taken a backup since at least the 'backup latency interval' number of days, this message will be logged every day until a backup is taken. You can take a backup of any replica that holds this partition.

By default the 'Backup latency interval' is set to half the 'Tombstone Lifetime Interval'. If you want to change the default 'Backup latency interval', you could do so by adding the following registry key.

'Backup latency interval' (days) registry key:
System\CurrentControlSet\Services\NTDS\Parameters\Backup Latency Threshold (days)
"
Warning,12-07-2016 19:20:16,Microsoft-Windows-ActiveDirectory_DomainService,2089,Backup,"This directory partition has not been backed up since at least the following number of days.

Directory partition:
DC=DomainDnsZones,DC=ppicsolutions,DC=com

'Backup latency interval' (days):
90

It is recommended that you take a backup as often as possible to recover from accidental loss of data. However if you haven't taken a backup since at least the 'backup latency interval' number of days, this message will be logged every day until a backup is taken. You can take a backup of any replica that holds this partition.

By default the 'Backup latency interval' is set to half the 'Tombstone Lifetime Interval'. If you want to change the default 'Backup latency interval', you could do so by adding the following registry key.

'Backup latency interval' (days) registry key:
System\CurrentControlSet\Services\NTDS\Parameters\Backup Latency Threshold (days)
"
Warning,12-07-2016 19:20:16,Microsoft-Windows-ActiveDirectory_DomainService,2089,Backup,"This directory partition has not been backed up since at least the following number of days.





DCDIAG Results

########################


Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Administrator>dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = WIN-D0MEIBVQ62T
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\WIN-D0MEIBVQ62T
      Starting test: Connectivity
         The host 83c247f2-55e7-4349-8cca-53a795cfc25c._msdcs.192.168.1.50.com
         could not be resolved to an IP address. Check the DNS server, DHCP,
         server name, etc.
         Got error while checking LDAP and RPC connectivity. Please check your
         firewall settings.
         ......................... WIN-D0MEIBVQ62T failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\WIN-D0MEIBVQ62T

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         NETLOGON Service is stopped on [WIN-D0MEIBVQ62T]
         ......................... WIN-D0MEIBVQ62T passed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : 192.168.1.50

   Running enterprise tests on : nevergiveup.com
      Starting test: DNS
         Test results for domain controllers:

            DC: WIN-D0MEIBVQ62T.192.168.1.50.com
            Domain: 192.168.1.50.com


               TEST: Authentication (Auth)
                  Error: Authentication failed with specified credentials

               TEST: Basic (Basc)
                  Error: No LDAP connectivity
                  Error: NETLOGON service is not running
                  Warning: adapter
                  [00000028] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Clien
t)
                  has invalid DNS server: 192.168.1.50 (<name unavailable>)
                  Warning: adapter
                  [00000029] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Clien
t)
                  has invalid DNS server: 192.168.1.50 (<name unavailable>)
                  Warning: adapter
                  [00000029] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Clien
t)
                  has invalid DNS server: 192.168.1.50 (<name unavailable>)
                  No host records (A or AAAA) were found for this DC

               TEST: Forwarders/Root hints (Forw)
                  Error: All forwarders in the forwarder list are invalid.

               TEST: Dynamic update (Dyn)
                  Warning: Failed to add the test record dcdiag-test-record in z
one 192.168.1.50.com

               TEST: Records registration (RReg)
                  Network Adapter
                  [00000028] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Clien
t):

                     Warning:
                     Missing CNAME record at DNS server 192.168.1.50:
                     83c247f2-55e7-4349-8cca-53a795cfc25c._msdcs.192.168.1.50.c
om

                     Error:
                     Missing SRV record at DNS server 192.168.1.50:
                     _ldap._tcp.192.168.1.50.com

                     Error:
                     Missing SRV record at DNS server 192.168.1.50:
                     _ldap._tcp.aa68743b-567b-43b3-a498-28aefc27ae7d.domains._ms
dcs.192.168.1.50.com

                     Error:
                     Missing SRV record at DNS server 192.168.1.50:
                     _kerberos._tcp.dc._msdcs.192.168.1.50.com

                     Error:
                     Missing SRV record at DNS server 192.168.1.50:
                     _ldap._tcp.dc._msdcs.192.168.1.50.com

                     Error:
                     Missing SRV record at DNS server 192.168.1.50:
                     _kerberos._tcp.192.168.1.50.com

                     Error:
                     Missing SRV record at DNS server 192.168.1.50:
                     _kerberos._udp.192.168.1.50.com

                     Error:
                     Missing SRV record at DNS server 192.168.1.50:
                     _kpasswd._tcp.192.168.1.50.com

                     Error:
                     Missing SRV record at DNS server 192.168.1.50:
                     _ldap._tcp.Default-First-Site-Name._sites.192.168.1.50.com


                     Error:
                     Missing SRV record at DNS server 192.168.1.50:
                     _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ppi
csolutions.com

                     Error:
                     Missing SRV record at DNS server 192.168.1.50:
                     _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ppicsol
utions.com

                     Error:
                     Missing SRV record at DNS server 192.168.1.50:
                     _kerberos._tcp.Default-First-Site-Name._sites.192.168.1.50
.com

                     Error:
                     Missing SRV record at DNS server 192.168.1.50:
                     _ldap._tcp.gc._msdcs.192.168.1.50.com

                     Error:
                     Missing SRV record at DNS server 192.168.1.50:
                     _gc._tcp.Default-First-Site-Name._sites.192.168.1.50.com

                     Error:
                     Missing SRV record at DNS server 192.168.1.50:
                     _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ppicsol
utions.com

                     Error:
                     Missing SRV record at DNS server 192.168.1.50:
                     _ldap._tcp.pdc._msdcs.192.168.1.50.com

               Error: Record registrations cannot be found for all the network
               adapters

         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 192.168.1.50 (<name unavailable>)
               3 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.192.168.1.50.com.
failed on the DNS server 192.168.1.50

            DNS server: 192.168.1.51 (<name unavailable>)
               2 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.192.168.1.50.com.
failed on the DNS server 192.168.1.51

            DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.8.10.90
            DNS server: 192.168.1.190 (<name unavailable>)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.168.1.190
            DNS server: 192.168.1.244 (<name unavailable>)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.168.1.244
            DNS server: 192.168.1.250 (<name unavailable>)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.168.1.250
         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: 192.168.1.50.com
               WIN-D0MEIBVQ62T              FAIL FAIL FAIL PASS WARN FAIL n/a

         ......................... 192.168.1.50.com failed test DNS

C:\Users\Administrator>

C:\Users\Administrator>




##############################





SOLUTION :

1. Check if the DCs can resolve each other using their DNSHostName. If not, this indicates some DNS misconfiguration -- you need to fix that first.
2. Check if the both the DCs are pointing to the same DNS server (or DNS servers that are replica of each other). Run: "ipconfig /all" and check its output. If not, correct the DNS client settings and run dcdiag after sometime.
3. Check if dynamic updates are "turned on" on the DNS server.
4. Try re-registering the DCs SRV records by either restarting netlogon service or by running the following command: 
     nltest.exe /dsregdns




Note : (Important ) 


Check whether netlogon service and dependency services are running . If it is running Restart the NETLOGON SERVICE and try connecting AD console 

This time you will be able to connect to AD console without any error messages .

No comments:

Post a Comment