Domain controller malfunction

user1452932 asked:

We have one domain and two domain controllers (on Windows Server 2008 Enterprise).

For about a week, we have enormous problems: some users can’t log in to Windows (domain could not be contacted). Sometimes restart of Windows helps, but mostly it doesn’t.

As administrator, I can’t log in to DC0, on DC1 I can. The other administrator for example can log in to both DC.

I attached dcdiag /test:dns for both DC0. DC0:

 Directory Server Diagnosis


 Performing initial setup:

Trying to find home server...

 Home Server = DC0

* Identified AD Forest. 
  Done gathering initial info.


 Doing initial required tests


 Testing server: Default-First-Site-NameDC0

  Starting test: Connectivity

     ......................... DC0 passed test Connectivity

Doing primary tests


Testing server: Default-First-Site-NameDC0


  Starting test: DNS



     DNS Tests are running and not hung. Please wait a few minutes...

     ......................... DC0 passed test DNS


 Running partition tests on : ForestDnsZones


 Running partition tests on : DomainDnsZones


 Running partition tests on : Schema


 Running partition tests on : Configuration


 Running partition tests on : our_domain


 Running enterprise tests on : our_domain.si

  Starting test: DNS

     Test results for domain controllers:


        DC: DC0.our_domain.si

        Domain: our_domain.si




           TEST: Records registration (RReg)
              Network Adapter

              [00000006] Intel(R) PRO/1000 MT Network Connection:

                 Warning: 
                 Missing AAAA record at DNS server 193.77.60.214: 
                 gc._msdcs.our_domain.si

           Warning: Record Registrations not found in some network adapters


           DC0                          PASS PASS PASS PASS PASS WARN n/a  
     ......................... our_domain.si passed test DNS

DC1:

 Directory Server Diagnosis
 Performing initial setup:

 Trying to find home server...

 Home Server = DC1

 * Identified AD Forest. 
 Done gathering initial info.


 Doing initial required tests


  Testing server: Default-First-Site-NameDC1

  Starting test: Connectivity

     ......................... DC1 passed test Connectivity



 Doing primary tests


  Testing server: Default-First-Site-NameDC1


  Starting test: DNS



     DNS Tests are running and not hung. Please wait a few minutes...

     ......................... DC1 passed test DNS


 Running partition tests on : ForestDnsZones


 Running partition tests on : DomainDnsZones


 Running partition tests on : Schema


 Running partition tests on : Configuration


 Running partition tests on : our_domain


 Running enterprise tests on : our_domain.si

  Starting test: DNS

     Test results for domain controllers:


        DC: DC1.our_domain.si

        Domain: our_domain.si




           TEST: Dynamic update (Dyn)
              Warning: Failed to add the test record _dcdiag_test_record in zone our_domain.si

           TEST: Records registration (RReg)
              Network Adapter

              [00000006] Intel(R) PRO/1000 MT Network Connection:

                 Warning: 
                 Missing AAAA record at DNS server 193.77.60.213: 
                 DC1.our_domain.si

                 Warning: 
                 Missing AAAA record at DNS server 193.77.60.213: 
                 gc._msdcs.our_domain.si

                 Warning: 
                 Missing AAAA record at DNS server 193.77.60.214: 
                 DC1.our_domain.si

                 Warning: 
                 Missing AAAA record at DNS server 193.77.60.214: 
                 gc._msdcs.our_domain.si

           Warning: Record Registrations not found in some network adapters


           DC1                          PASS PASS PASS PASS WARN WARN n/a  
     ......................... our_domain.si passed test DNS

Here are IP’s for DC0 and DC1 – they are all right (why there are so many?):
DC0
DC1

Here is ‘ipconfig /all’ on DC0:
enter image description here

My answer:


(This is only a partial answer to one of your side questions…)

For some reason your DCs have 6to4 addresses. If you’re sure you aren’t using 6to4 (you probably aren’t) then you should probably disable it.

netsh interface ipv6 6to4 set state disabled
netsh interface teredo set state disabled

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.