DC seems to have fallen off the Domain
-
@NerdyDad said in DC seems to have fallen off the Domain:
@Dashrender said in DC seems to have fallen off the Domain:
@NerdyDad said in DC seems to have fallen off the Domain:
@thwr said in DC seems to have fallen off the Domain:
@NerdyDad said in DC seems to have fallen off the Domain:
@Dashrender said in DC seems to have fallen off the Domain:
Can you ping the other DCs? can they ping you?
Both both name and IP?
Problem server and known good server can ping each other via both IP address and FQDN.
Any chance you added another IP to the server's NIC/LAG/whatever? Could be a bad DNS entry of some sort.
No changes in IP addresses, NIC, etc. Think I might have found the issue with dualing AV's. We recently changed from Symantec cloud AV to Cisco SourceFire AMP. Failed to uninstall Symantec first. Need to wait for a quick reboot window before I can reboot WINDOWS. You see what I did there? Huh? Huh? ...Okay, I'll see myself out.
Glad to hear you got rid of that virus from your network - Symantec - though I wonder if the SourceFire stuff is any better?
It seems to be a lot more thorough compared to Symantec. Symantec did find a few things here and there along the year. However, when we installed AMP, it started reporting back a lot more information in regards to security situations. It also gives me a more thorough analysis of either the infection or the device. Not sure if it is better or worse for the money (didn't write the check).
Now you've (ok not you) have expanded the goal of the product. That's all fine and good if you need it.
-
@Dashrender said in DC seems to have fallen off the Domain:
@NerdyDad said in DC seems to have fallen off the Domain:
@Dashrender said in DC seems to have fallen off the Domain:
@NerdyDad said in DC seems to have fallen off the Domain:
@thwr said in DC seems to have fallen off the Domain:
@NerdyDad said in DC seems to have fallen off the Domain:
@Dashrender said in DC seems to have fallen off the Domain:
Can you ping the other DCs? can they ping you?
Both both name and IP?
Problem server and known good server can ping each other via both IP address and FQDN.
Any chance you added another IP to the server's NIC/LAG/whatever? Could be a bad DNS entry of some sort.
No changes in IP addresses, NIC, etc. Think I might have found the issue with dualing AV's. We recently changed from Symantec cloud AV to Cisco SourceFire AMP. Failed to uninstall Symantec first. Need to wait for a quick reboot window before I can reboot WINDOWS. You see what I did there? Huh? Huh? ...Okay, I'll see myself out.
Glad to hear you got rid of that virus from your network - Symantec - though I wonder if the SourceFire stuff is any better?
It seems to be a lot more thorough compared to Symantec. Symantec did find a few things here and there along the year. However, when we installed AMP, it started reporting back a lot more information in regards to security situations. It also gives me a more thorough analysis of either the infection or the device. Not sure if it is better or worse for the money (didn't write the check).
Now you've (ok not you) have expanded the goal of the product. That's all fine and good if you need it.
Sounds like when he was referring to AV he meant Symantec Endpoint protection. So he went from one Endpoint protection to another. New one seems to have more inventory management stuff
-
So have you rebooted it yet?
-
@Dashrender said in DC seems to have fallen off the Domain:
So have you rebooted it yet?
Did the reboot. Still a no-go.
Symantec.cloud is their SEP product that points to a cloud controller instead of a manager, as with normal SEP, which has a manager on the network. Symantec.cloud is marketed for the SMB market.
-
Scratch that. Its fixed. Thanks @Dashrender. That article led me to the right answer and cause of action.
I don't have a firewall on this server, but the conflict in AV's is what caused the issue and trying to keep the system secured.
-
@NerdyDad said in DC seems to have fallen off the Domain:
Scratch that. Its fixed. Thanks @Dashrender. That article led me to the right answer and cause of action.
I don't have a firewall on this server, but the conflict in AV's is what caused the issue and trying to keep the system secured.
It's not uncommon for Symantec products to not fully or correctly uninstall
-
@wirestyle22 said in DC seems to have fallen off the Domain:
@NerdyDad said in DC seems to have fallen off the Domain:
Scratch that. Its fixed. Thanks @Dashrender. That article led me to the right answer and cause of action.
I don't have a firewall on this server, but the conflict in AV's is what caused the issue and trying to keep the system secured.
It's not uncommon with Symantec products to not fully or correctly uninstall
I'm seeing that with another DC. This other DC is working correctly, but I want to get Symantec off of there before it gets to be too big of a problem. Considering using CleanWipe but not sure if I should or not.
-
If you're DC is just a DC - you can demote it, then leave the domain, wipe and reload it, join the domain and promote.
If it's also a fileserver, etc, well - have fun.
This of course assumes you can't use the normal tools to remove the old AV cleanly.
-
@nerdydad is this a VM or a standalone server?
-
It's a vm. All of my DC's are vm's.
-
@Dashrender said in DC seems to have fallen off the Domain:
If you're DC is just a DC - you can demote it, then leave the domain, wipe and reload it, join the domain and promote.
If it's also a fileserver, etc, well - have fun.
This of course assumes you can't use the normal tools to remove the old AV cleanly.
mkfs.ntfs & format ... The only tools I know to fully remove Symantec products - except for a snapshot maybe.
-
@thwr said in DC seems to have fallen off the Domain:
@Dashrender said in DC seems to have fallen off the Domain:
If you're DC is just a DC - you can demote it, then leave the domain, wipe and reload it, join the domain and promote.
If it's also a fileserver, etc, well - have fun.
This of course assumes you can't use the normal tools to remove the old AV cleanly.
mkfs.ntfs & format ... The only tools I know to fully remove Symantec products - except for a snapshot maybe.
LOL
-
@NerdyDad Is that secondary domain controller doing anything else like being a file server?
-
@wirestyle22 said in DC seems to have fallen off the Domain:
@NerdyDad Is that secondary domain controller doing anything else like being a file server?
It is a secondary controller. FSMO roles are on another DC. The only other thing this server does is ots a print server and DHCP server.
-
@NerdyDad said in DC seems to have fallen off the Domain:
@wirestyle22 said in DC seems to have fallen off the Domain:
@NerdyDad Is that secondary domain controller doing anything else like being a file server?
It is a secondary controller. FSMO roles are on another DC. The only other thing this server does is ots a print server and DHCP server.
Well, as I said, if you can't remove the old AV using the typical tools, you do have other options, not great ones, but they are there.
-
As I am digging into this more and more, I am finding replication issues between DC's, namely the original problem child.
<code>
Source DSA largest delta fails/total %% errorDOS3 38d.14h:20m:23s 5 / 10 50 (8457) The destination server is currently rejecting replication requests.
DOS4B 38d.14h:20m:22s 5 / 15 33 (8457) The destination server is currently rejecting replication requests.
SMC4A 38d.14h:20m:23s 5 / 15 33 (8457) The destination server is currently rejecting replication requests.
SMC4B 35d.14h:24m:28s 15 / 15 100 (8456) The source server is currently rejecting replication requests.
Destination DSA largest delta fails/total %% error
DOS3 35d.14h:16m:35s 5 / 15 33 (8456) The source server is currently rejecting replication requests.
DOS4B 35d.14h:02m:35s 5 / 15 33 (8456) The source server is currently rejecting replication requests.
SMC4A 35d.14h:22m:52s 5 / 10 50 (8456) The source server is currently rejecting replication requests.
SMC4B 38d.14h:20m:24s 15 / 15 100 (8457) The destination server is currently rejecting replication requests.
</code> -
repadmin /sync
on all domain controllers. What does that return? -
@wirestyle22 said in DC seems to have fallen off the Domain:
repadmin /sync
on all domain controllers. What does that return?CALLBACK MESSAGE: Error contacting server cff6859a-1945-4334-aa88-e43a448de794._msdcs.smc.com (network error): -2146893 22 (0x80090322): The target principal name is incorrect. CALLBACK MESSAGE: SyncAll Finished. SyncAll reported the following errors: Error contacting server cff6859a-1945-4334-aa88-e43a448de794._msdcs.smc.com (network error): -2146893022 (0x80090322): The target principal name is incorrect.
-
@NerdyDad said in DC seems to have fallen off the Domain:
The target principal name is incorrect.
Check that these services are all running:
Active Directory Domain Services
Kerberos Key Distribution Center -
@wirestyle22 said in DC seems to have fallen off the Domain:
@NerdyDad said in DC seems to have fallen off the Domain:
The target principal name is incorrect.
Check that these services are all running:
Active Directory Domain Services.
Active Directory ReplicationHave ADDS but not Active Directory Replication