Mark Minasi's Tech Forum
Register Calendar Latest Topics Chat
 
 
 


Reply
  Author   Comment  
nikolas.e

Senior Member
Registered:
Posts: 102
Reply with quote  #1 
In our network enviroment we have the forest root domain company.local and also a child domain  child.company.local.  Running Active directory replication tool  i see another 2 domains that do not exist in our environment example xxx.xxx.local and xxx.com.cy with results Failed Discovery: The LDAP Server is unavailable.



Issues : on child domain, domain controller on event viewer system i see this msg : 

This computer was not able to set up a secure session with a domain controller in domain xxx (where xxx is the domain that does not exist) due to the following:
There are currently no logon servers available to service the logon request.
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.

ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.


Also : 

This computer is now hosting the specified directory instance, but Active Directory Web Services could not service it. Active Directory Web Services will retry this operation periodically.

Directory instance: GC
Directory instance LDAP port: 3268
Directory instance SSL port: 3269


Also : 

The local domain controller has been selected to be a global catalog. However, the domain controller does not host a read-only replica of the following directory partition.

Directory partition:
DC=xxx,DC=com,DC=cy,DC=local  (where xxx is the domain that does not exist)

A precondition to becoming a global catalog is that a domain controller must host a read-only replica of all directory partitions in the forest. This event might have occurred because a Knowledge Consistency Checker (KCC) task has not completed or because the domain controller is unable to add a replica of the directory partition due to unavailable source domain controllers.

An attempt to add the replica will be tried again at the next KCC interval.



Note : By running repadmin /showrepl on child domain, domain controller i get the result 

DSA Options: IS_GC
WARNING: Not advertising as a global catalog.


By going to AD Site and Services on child domain,ntds properties it is selected as global catalog.
By checking Active Directory replication tool i can see also that child domain, domain controller is selected as global catalog.


Any help will be appreciated.


Thanks










__________________
Just call me the 1000Questionsguy
0
wkasdo

Avatar / Picture

Administrator
Registered:
Posts: 177
Reply with quote  #2 
You need to clean out the non-existing domains from the AD database using ntdsutil. This article tells you how: https://support.microsoft.com/en-us/kb/230306
__________________
[MSFT]; Blog: https://blogs.technet.microsoft.com/389thoughts/
0
nikolas.e

Senior Member
Registered:
Posts: 102
Reply with quote  #3 
Quote:
Originally Posted by wkasdo
You need to clean out the non-existing domains from the AD database using ntdsutil. This article tells you how: https://support.microsoft.com/en-us/kb/230306


Much appreciate it Willem. 

__________________
Just call me the 1000Questionsguy
0
Previous Topic | Next Topic
Print
Reply

Quick Navigation: