DC seems to have fallen off the Domain
-
Can you ping the other DCs? can they ping you?
Both both name and IP?
-
Seeing Event ID 1311 in the event logs under ADDS.
-
@Dashrender said in DC seems to have fallen off the Domain:
Can you ping the other DCs? can they ping you?
Both both name and IP?
Problem server and known good server can ping each other via both IP address and FQDN.
-
-
@NerdyDad said in DC seems to have fallen off the Domain:
@Dashrender said in DC seems to have fallen off the Domain:
Can you ping the other DCs? can they ping you?
Both both name and IP?
Problem server and known good server can ping each other via both IP address and FQDN.
Any chance you added another IP to the server's NIC/LAG/whatever? Could be a bad DNS entry of some sort.
-
@thwr said in DC seems to have fallen off the Domain:
@NerdyDad said in DC seems to have fallen off the Domain:
@Dashrender said in DC seems to have fallen off the Domain:
Can you ping the other DCs? can they ping you?
Both both name and IP?
Problem server and known good server can ping each other via both IP address and FQDN.
Any chance you added another IP to the server's NIC/LAG/whatever? Could be a bad DNS entry of some sort.
No changes in IP addresses, NIC, etc. Think I might have found the issue with dualing AV's. We recently changed from Symantec cloud AV to Cisco SourceFire AMP. Failed to uninstall Symantec first. Need to wait for a quick reboot window before I can reboot WINDOWS. You see what I did there? Huh? Huh? ...Okay, I'll see myself out.
-
@NerdyDad said in DC seems to have fallen off the Domain:
@thwr said in DC seems to have fallen off the Domain:
@NerdyDad said in DC seems to have fallen off the Domain:
@Dashrender said in DC seems to have fallen off the Domain:
Can you ping the other DCs? can they ping you?
Both both name and IP?
Problem server and known good server can ping each other via both IP address and FQDN.
Any chance you added another IP to the server's NIC/LAG/whatever? Could be a bad DNS entry of some sort.
No changes in IP addresses, NIC, etc. Think I might have found the issue with dualing AV's. We recently changed from Symantec cloud AV to Cisco SourceFire AMP. Failed to uninstall Symantec first. Need to wait for a quick reboot window before I can reboot WINDOWS. You see what I did there? Huh? Huh? ...Okay, I'll see myself out.
You did... oh... consider self-flagellation as a viable learning strategy
Just kidding, I don't know both products (the specific versions mentioned here).
-
@NerdyDad said in DC seems to have fallen off the Domain:
@thwr said in DC seems to have fallen off the Domain:
@NerdyDad said in DC seems to have fallen off the Domain:
@Dashrender said in DC seems to have fallen off the Domain:
Can you ping the other DCs? can they ping you?
Both both name and IP?
Problem server and known good server can ping each other via both IP address and FQDN.
Any chance you added another IP to the server's NIC/LAG/whatever? Could be a bad DNS entry of some sort.
No changes in IP addresses, NIC, etc. Think I might have found the issue with dualing AV's. We recently changed from Symantec cloud AV to Cisco SourceFire AMP. Failed to uninstall Symantec first. Need to wait for a quick reboot window before I can reboot WINDOWS. You see what I did there? Huh? Huh? ...Okay, I'll see myself out.
Glad to hear you got rid of that virus from your network - Symantec - though I wonder if the SourceFire stuff is any better?
-
@Dashrender said in DC seems to have fallen off the Domain:
@NerdyDad said in DC seems to have fallen off the Domain:
@thwr said in DC seems to have fallen off the Domain:
@NerdyDad said in DC seems to have fallen off the Domain:
@Dashrender said in DC seems to have fallen off the Domain:
Can you ping the other DCs? can they ping you?
Both both name and IP?
Problem server and known good server can ping each other via both IP address and FQDN.
Any chance you added another IP to the server's NIC/LAG/whatever? Could be a bad DNS entry of some sort.
No changes in IP addresses, NIC, etc. Think I might have found the issue with dualing AV's. We recently changed from Symantec cloud AV to Cisco SourceFire AMP. Failed to uninstall Symantec first. Need to wait for a quick reboot window before I can reboot WINDOWS. You see what I did there? Huh? Huh? ...Okay, I'll see myself out.
Glad to hear you got rid of that virus from your network - Symantec - though I wonder if the SourceFire stuff is any better?
It seems to be a lot more thorough compared to Symantec. Symantec did find a few things here and there along the year. However, when we installed AMP, it started reporting back a lot more information in regards to security situations. It also gives me a more thorough analysis of either the infection or the device. Not sure if it is better or worse for the money (didn't write the check).
-
@NerdyDad said in DC seems to have fallen off the Domain:
@Dashrender said in DC seems to have fallen off the Domain:
@NerdyDad said in DC seems to have fallen off the Domain:
@thwr said in DC seems to have fallen off the Domain:
@NerdyDad said in DC seems to have fallen off the Domain:
@Dashrender said in DC seems to have fallen off the Domain:
Can you ping the other DCs? can they ping you?
Both both name and IP?
Problem server and known good server can ping each other via both IP address and FQDN.
Any chance you added another IP to the server's NIC/LAG/whatever? Could be a bad DNS entry of some sort.
No changes in IP addresses, NIC, etc. Think I might have found the issue with dualing AV's. We recently changed from Symantec cloud AV to Cisco SourceFire AMP. Failed to uninstall Symantec first. Need to wait for a quick reboot window before I can reboot WINDOWS. You see what I did there? Huh? Huh? ...Okay, I'll see myself out.
Glad to hear you got rid of that virus from your network - Symantec - though I wonder if the SourceFire stuff is any better?
It seems to be a lot more thorough compared to Symantec. Symantec did find a few things here and there along the year. However, when we installed AMP, it started reporting back a lot more information in regards to security situations. It also gives me a more thorough analysis of either the infection or the device. Not sure if it is better or worse for the money (didn't write the check).
Now you've (ok not you) have expanded the goal of the product. That's all fine and good if you need it.
-
@Dashrender said in DC seems to have fallen off the Domain:
@NerdyDad said in DC seems to have fallen off the Domain:
@Dashrender said in DC seems to have fallen off the Domain:
@NerdyDad said in DC seems to have fallen off the Domain:
@thwr said in DC seems to have fallen off the Domain:
@NerdyDad said in DC seems to have fallen off the Domain:
@Dashrender said in DC seems to have fallen off the Domain:
Can you ping the other DCs? can they ping you?
Both both name and IP?
Problem server and known good server can ping each other via both IP address and FQDN.
Any chance you added another IP to the server's NIC/LAG/whatever? Could be a bad DNS entry of some sort.
No changes in IP addresses, NIC, etc. Think I might have found the issue with dualing AV's. We recently changed from Symantec cloud AV to Cisco SourceFire AMP. Failed to uninstall Symantec first. Need to wait for a quick reboot window before I can reboot WINDOWS. You see what I did there? Huh? Huh? ...Okay, I'll see myself out.
Glad to hear you got rid of that virus from your network - Symantec - though I wonder if the SourceFire stuff is any better?
It seems to be a lot more thorough compared to Symantec. Symantec did find a few things here and there along the year. However, when we installed AMP, it started reporting back a lot more information in regards to security situations. It also gives me a more thorough analysis of either the infection or the device. Not sure if it is better or worse for the money (didn't write the check).
Now you've (ok not you) have expanded the goal of the product. That's all fine and good if you need it.
Sounds like when he was referring to AV he meant Symantec Endpoint protection. So he went from one Endpoint protection to another. New one seems to have more inventory management stuff
-
So have you rebooted it yet?
-
@Dashrender said in DC seems to have fallen off the Domain:
So have you rebooted it yet?
Did the reboot. Still a no-go.
Symantec.cloud is their SEP product that points to a cloud controller instead of a manager, as with normal SEP, which has a manager on the network. Symantec.cloud is marketed for the SMB market.
-
Scratch that. Its fixed. Thanks @Dashrender. That article led me to the right answer and cause of action.
I don't have a firewall on this server, but the conflict in AV's is what caused the issue and trying to keep the system secured.
-
@NerdyDad said in DC seems to have fallen off the Domain:
Scratch that. Its fixed. Thanks @Dashrender. That article led me to the right answer and cause of action.
I don't have a firewall on this server, but the conflict in AV's is what caused the issue and trying to keep the system secured.
It's not uncommon for Symantec products to not fully or correctly uninstall
-
@wirestyle22 said in DC seems to have fallen off the Domain:
@NerdyDad said in DC seems to have fallen off the Domain:
Scratch that. Its fixed. Thanks @Dashrender. That article led me to the right answer and cause of action.
I don't have a firewall on this server, but the conflict in AV's is what caused the issue and trying to keep the system secured.
It's not uncommon with Symantec products to not fully or correctly uninstall
I'm seeing that with another DC. This other DC is working correctly, but I want to get Symantec off of there before it gets to be too big of a problem. Considering using CleanWipe but not sure if I should or not.
-
If you're DC is just a DC - you can demote it, then leave the domain, wipe and reload it, join the domain and promote.
If it's also a fileserver, etc, well - have fun.
This of course assumes you can't use the normal tools to remove the old AV cleanly.
-
@nerdydad is this a VM or a standalone server?
-
It's a vm. All of my DC's are vm's.
-
@Dashrender said in DC seems to have fallen off the Domain:
If you're DC is just a DC - you can demote it, then leave the domain, wipe and reload it, join the domain and promote.
If it's also a fileserver, etc, well - have fun.
This of course assumes you can't use the normal tools to remove the old AV cleanly.
mkfs.ntfs & format ... The only tools I know to fully remove Symantec products - except for a snapshot maybe.