Domain Controller Down (VM)
-
@wirestyle22 said in Domain Controller Down (VM):
@JaredBusch said in Domain Controller Down (VM):
@scottalanmiller said in Domain Controller Down (VM):
@wirestyle22 said in Domain Controller Down (VM):
@JaredBusch It has both. I set a static IP on the computer I am on currently and can connect to the internet.
Now that you are online again, is DNS working on the DC that is up? If so, good. If not, why not?
Willing to bet that the second DNS server is not in the DHCP config so the clients only looked to the first.
BUt that is unfixable at the moment.
How do I make it fixable? This places backups are absolutely horrendous and I'm sure it is not recoverable. I have been fighting with them to change it and then this happens.
Then this is a blessing. You just did your job well, they failed at management, now you have proof. This is a good thing for you and for IT and maybe for the company. Nothing matters much less than losing a domain controller. Be thankful that the pudding with the proof was cheap pudding.
-
@BRRABill said in Domain Controller Down (VM):
@JaredBusch said in Domain Controller Down (VM):
@coliver said in Domain Controller Down (VM):
@BRRABill said in Domain Controller Down (VM):
@JaredBusch said
This does not matter FFS, forget about AD.
He said there is another DC. How does it not matter?
It only matters if that other DC is also a DNS and DHCP server.
And this is not possible in a 2003/2008 environment. DHCP redundancy was only added in 2012 R2 (maybe 2012).
DHCP is not what I am thinking about.
It was my understand that AD and DNS are linked. AKA, DNS is required to run AD.
I understand what you are saying. But if AD was installed and working correctly, then so potentially was DNS. So there could be in theory a working DC with AD and DNS already on the network.
Hence if he is doing a restore of a DC with another working DC in the domain, it could cause even more issues.
Or am I totally wrong here?
DHCP, as was mentioned, could be fixed by anything. I am more thinking about AD and DNS which as I said might actually be fine.
You are not troubleshooting the problem.
You are conflating AD sync with a simple down server.
The only thing that has happened is he (incorrectly) removed a domain joined machine from the network.
So when the FSMO DC comes back up there may need to be a minor manual cleanup.
Had he not reomved his machine from the network, there would have been no changes to worry about in the first place. -
@coliver said in Domain Controller Down (VM):
If you have no backups then
you need to look at DHCP and getting a second/new server set up. Or seeing if your firewall has the ability to hand out addresses that may be the quickest way to do it.management decided that this outage doesn't matter.And I mean this. Stop for a moment, remove the stress. Management has made it totally clear to you, before this happened, that they were not concerned about this outage, right? Don't take on stress that the company doesn't have. If they don't care, why do you? I'm not saying you don't fix it, of course you fix it. But don't stress about it. They knew this was going to happen and being a 2003 machine, they knew it would be soon. They accepted the risk, they accept the consequences. It's as simple as that.
-
@wirestyle22 said in Domain Controller Down (VM):
@coliver said in Domain Controller Down (VM):
@wirestyle22 said in Domain Controller Down (VM):
@JaredBusch said in Domain Controller Down (VM):
@wirestyle22 is the VMDK there?
When I attempt to browse it kicks back an error stating "the server could not interpret the users request. the server is unavailable"
You're browsing in the VMWare console? The easiest way to get to it is via:
I'm running version 5.1.0 and I just click on Datastores
So you are using the fat client on your workstation?
Are you logged in with VMWare local account or a domain account?
Because obviously you have domain issues because of the bad DNS setup.
log in to the VMWare client with root and the local password.
-
@BRRABill said in Domain Controller Down (VM):
@JaredBusch said in Domain Controller Down (VM):
The fastest thing to do is to do is to simply restore from Veeam/Unitrends/Whatever.
Done up and nothing else matters.
You can then prioritize resolving the fagility in the current setup.
So AD on the down DC would not have been syncing with the other DC he has if DNS was set up incorrectly?
Correct. Nothing works when it doesn't work. That's what not working means. "Set up incorrectly" is just another way of saying "not working."
-
@scottalanmiller said in Domain Controller Down (VM):
@coliver said in Domain Controller Down (VM):
If you have no backups then
you need to look at DHCP and getting a second/new server set up. Or seeing if your firewall has the ability to hand out addresses that may be the quickest way to do it.management decided that this outage doesn't matter.And I mean this. Stop for a moment, remove the stress. Management has made it totally clear to you, before this happened, that they were not concerned about this outage, right? Don't take on stress that the company doesn't have. If they don't care, why do you? I'm not saying you don't fix it, of course you fix it. But don't stress about it. They knew this was going to happen and being a 2003 machine, they knew it would be soon. They accepted the risk, they accept the consequences. It's as simple as that.
I'm stressed because I honestly do not know how to fix it. I have people calling me literally every 2 minutes for progress updates and I really have nothing to tell them. My job is to know and I don't know.
-
@BRRABill said in Domain Controller Down (VM):
@JaredBusch said
This does not matter FFS, forget about AD.
He said there is another DC. How does it not matter?
He also said it doesn't work. AD isn't the issue right now.
-
@JaredBusch said in Domain Controller Down (VM):
@wirestyle22 said in Domain Controller Down (VM):
@coliver said in Domain Controller Down (VM):
@wirestyle22 said in Domain Controller Down (VM):
@JaredBusch said in Domain Controller Down (VM):
@wirestyle22 is the VMDK there?
When I attempt to browse it kicks back an error stating "the server could not interpret the users request. the server is unavailable"
You're browsing in the VMWare console? The easiest way to get to it is via:
I'm running version 5.1.0 and I just click on Datastores
So you are using the fat client on your workstation?
Are you logged in with VMWare local account or a domain account?
Because obviously you have domain issues because of the bad DNS setup.
log in to the VMWare client with root and the local password.
I'm logging in with root and the local password actually on the server itself.
-
@wirestyle22 said in Domain Controller Down (VM):
@JaredBusch said in Domain Controller Down (VM):
@wirestyle22 said in Domain Controller Down (VM):
@coliver said in Domain Controller Down (VM):
@wirestyle22 said in Domain Controller Down (VM):
@JaredBusch said in Domain Controller Down (VM):
@wirestyle22 is the VMDK there?
When I attempt to browse it kicks back an error stating "the server could not interpret the users request. the server is unavailable"
You're browsing in the VMWare console? The easiest way to get to it is via:
I'm running version 5.1.0 and I just click on Datastores
So you are using the fat client on your workstation?
Are you logged in with VMWare local account or a domain account?
Because obviously you have domain issues because of the bad DNS setup.
log in to the VMWare client with root and the local password.
I'm logging in with root and the local password actually on the server itself.
No you are not. You said you are using a client. The VMWare server itself only provides a command line interface.
-
@BRRABill said in Domain Controller Down (VM):
@JaredBusch said in Domain Controller Down (VM):
@coliver said in Domain Controller Down (VM):
@BRRABill said in Domain Controller Down (VM):
@JaredBusch said
This does not matter FFS, forget about AD.
He said there is another DC. How does it not matter?
It only matters if that other DC is also a DNS and DHCP server.
And this is not possible in a 2003/2008 environment. DHCP redundancy was only added in 2012 R2 (maybe 2012).
DHCP is not what I am thinking about.
It was my understand that AD and DNS are linked. AKA, DNS is required to run AD.
Unilaterally coupled, yes. DNS is needed for AD; AD is irrelevant to DNS. Right now, he has a network issue. AD simply doesn't matter right now. AD outages rarely matter. DNS and DHCP outages, normally are critical.
-
@JaredBusch said in Domain Controller Down (VM):
@wirestyle22 said in Domain Controller Down (VM):
@JaredBusch said in Domain Controller Down (VM):
@wirestyle22 said in Domain Controller Down (VM):
@coliver said in Domain Controller Down (VM):
@wirestyle22 said in Domain Controller Down (VM):
@JaredBusch said in Domain Controller Down (VM):
@wirestyle22 is the VMDK there?
When I attempt to browse it kicks back an error stating "the server could not interpret the users request. the server is unavailable"
You're browsing in the VMWare console? The easiest way to get to it is via:
I'm running version 5.1.0 and I just click on Datastores
So you are using the fat client on your workstation?
Are you logged in with VMWare local account or a domain account?
Because obviously you have domain issues because of the bad DNS setup.
log in to the VMWare client with root and the local password.
I'm logging in with root and the local password actually on the server itself.
No you are not. You said you are using a client. The VMWare server itself only provides a command line interface.
They created a VM called vcenter that uses the client so yes you are correct.
-
@BRRABill said in Domain Controller Down (VM):
Hence if he is doing a restore of a DC with another working DC in the domain, it could cause even more issues.
Or am I totally wrong here?
There isn't another working DC.
-
@scottalanmiller said in Domain Controller Down (VM):
@BRRABill said in Domain Controller Down (VM):
@JaredBusch said
This does not matter FFS, forget about AD.
He said there is another DC. How does it not matter?
He also said it doesn't work. AD isn't the issue right now.
Well it might work but he has not easy way to know that right now because DHCP is down. If his DHCP server had handed out this DC as a secondary DNS, then things would still be working. Thus why I assume his DHCP is improperly configured. but again. no way to know that until he brings it back online.
-
@scottalanmiller said in Domain Controller Down (VM):
@BRRABill said in Domain Controller Down (VM):
@JaredBusch said
This does not matter FFS, forget about AD.
He said there is another DC. How does it not matter?
He also said it doesn't work. AD isn't the issue right now.
No he said he can't access it.
If, as was mentioned (by @JaredBusch I think) the DNS settings in DHCP were incorrect, that would make sense.
All I was trying to say is that there MIGHT be a working DC on the network still. It's possible the only issue MIGHT be that DNS settings on the client are wrong.
So...
-
In this scenario, if he adds the second DC to his client DNS and it works, that temporarily fixes his issue. He can install DHCP and take his time getting the 2003 server back up.
-
Also in this scenario (if there is a working DC still there) I thought it was verboten to just restore. It has to be restored a certain way.
-
-
@wirestyle22 said in Domain Controller Down (VM):
@scottalanmiller said in Domain Controller Down (VM):
@coliver said in Domain Controller Down (VM):
If you have no backups then
you need to look at DHCP and getting a second/new server set up. Or seeing if your firewall has the ability to hand out addresses that may be the quickest way to do it.management decided that this outage doesn't matter.And I mean this. Stop for a moment, remove the stress. Management has made it totally clear to you, before this happened, that they were not concerned about this outage, right? Don't take on stress that the company doesn't have. If they don't care, why do you? I'm not saying you don't fix it, of course you fix it. But don't stress about it. They knew this was going to happen and being a 2003 machine, they knew it would be soon. They accepted the risk, they accept the consequences. It's as simple as that.
I'm stressed because I honestly do not know how to fix it. I have people calling me literally every 2 minutes for progress updates and I really have nothing to tell them. My job is to know and I don't know.
Tell them to stop calling. Have someone send out a notice that there is a network down and any request for update means that they think that their status is MORE important than fixing the outage. Make this clear. Ask the CEO to notify the company. Tell him that you have people causing further network problems by blocking you from working.
Or just stop answering the phone. Where is your boss, his job is to protect you from this. Why are calls coming to the person working on the problem?
-
@scottalanmiller said in Domain Controller Down (VM):
@BRRABill said in Domain Controller Down (VM):
Hence if he is doing a restore of a DC with another working DC in the domain, it could cause even more issues.
Or am I totally wrong here?
There isn't another working DC.
How do you know that? He said there was one, and the only reason mentioned it might be down was that his PC says "no domain controllers found" but as @JaredBusch has been saying, if DNS is misconfigured, that could also happen, right?
-
@BRRABill said in Domain Controller Down (VM):
@scottalanmiller said in Domain Controller Down (VM):
@BRRABill said in Domain Controller Down (VM):
@JaredBusch said
This does not matter FFS, forget about AD.
He said there is another DC. How does it not matter?
He also said it doesn't work. AD isn't the issue right now.
No he said he can't access it.
If, as was mentioned (by @JaredBusch I think) the DNS settings in DHCP were incorrect, that would make sense.
All I was trying to say is that there MIGHT be a working DC on the network still. It's possible the only issue MIGHT be that DNS settings on the client are wrong.
The secondary DC is not relevant. And changing every client to static IP scheme would be a pain in the ass when he should simply connect to ESXi, and make a new VM based on the VMDK we hope is still there.
-
@JaredBusch said
The secondary DC is not relevant. And changing every client to static IP scheme would be a pain in the ass when he should simply connect to ESXi, and make a new VM based on the VMDK we hope is still there.
Oh yes, that is fine.
My concern was a restore from backup.
-
@wirestyle22 said in Domain Controller Down (VM):
@JaredBusch said in Domain Controller Down (VM):
@wirestyle22 said in Domain Controller Down (VM):
@JaredBusch said in Domain Controller Down (VM):
@wirestyle22 said in Domain Controller Down (VM):
@coliver said in Domain Controller Down (VM):
@wirestyle22 said in Domain Controller Down (VM):
@JaredBusch said in Domain Controller Down (VM):
@wirestyle22 is the VMDK there?
When I attempt to browse it kicks back an error stating "the server could not interpret the users request. the server is unavailable"
You're browsing in the VMWare console? The easiest way to get to it is via:
I'm running version 5.1.0 and I just click on Datastores
So you are using the fat client on your workstation?
Are you logged in with VMWare local account or a domain account?
Because obviously you have domain issues because of the bad DNS setup.
log in to the VMWare client with root and the local password.
I'm logging in with root and the local password actually on the server itself.
No you are not. You said you are using a client. The VMWare server itself only provides a command line interface.
They created a VM called vcenter that uses the client so yes you are correct.
That's not what anyone means when we say to log into the VMware ESXi server itself. That's a client on a VM. Very, very different.
Log into the actual server to remove any unnecessary points of complexity.
-
@JaredBusch said in Domain Controller Down (VM):
@scottalanmiller said in Domain Controller Down (VM):
@BRRABill said in Domain Controller Down (VM):
@JaredBusch said
This does not matter FFS, forget about AD.
He said there is another DC. How does it not matter?
He also said it doesn't work. AD isn't the issue right now.
Well it might work but he has not easy way to know that right now because DHCP is down. If his DHCP server had handed out this DC as a secondary DNS, then things would still be working. Thus why I assume his DHCP is improperly configured. but again. no way to know that until he brings it back online.
Oh good point. Yes, it might be fine on its own. But we assume that it's not actively on the domain or that domain members are not aware of it, so it can't cause problem because it is isolated.