Could Not Query Trusted Domain Error 0x2
Contents |
Help Receive Real-Time Help Create a Freelance Project Hire for a Full Time Job Ways to Get Help Ask a Question Ask for Help Receive Real-Time Help dns server cannot find itself Create a Freelance Project Hire for a Full Time Job Ways
Domain Controller Cannot See Itself
to Get Help Expand Search Submit Close Search Login Join Today Products BackProducts Gigs Live Careers Vendor dcdiag Services Groups Website Testing Store Headlines Experts Exchange > Questions > Secure Channels not working between DCs Want to Advertise Here? Solved Secure Channels not working between DCs Posted on 2007-09-14 Active Directory Windows 2000 DNS 1 Verified Solution 23 Comments 4,147 Views Last Modified: 2012-05-05 Environment: W2K Server, all available service packs and critical updates installed. SERVER01 is the PDC for our single-site AD domain. One additional W2K server, SERVER02 is the only other DC and holds the Domain Naming role and is the Global Catalog. Domain Operational Mode is "Mixed Mode". 5 W2K3 member servers and 50+ XP Pro PCs and 30 Linux workstations accessing W2K3 servers via SFU. All servers are multi-homed with one NIC connecting to internal network (192.168.x.x). Second NIC had, until recently, connected to the public Internet. 10 days or so ago we implemented a firewall. By yesterday we had all servers, except the DCs, moved from public to DMZ (10.0.0.x). Yesterday morning (7am) I moved the DCs to the DMZ as well. This included changing the NICs IP addresses from public addresses to DMZ addresses. All seemed well to begin with but around 5pm we started throwing authentication errors. I've been digging through everything I can find to determine and fix the problem. Every test with DCDIAG succeeds on both DCs, except the OutboundSecureChannels test: SERVER01: * The Outbound Secure Channels test Could not Check secure channel from SERVER01 to domainname.com: The specified domain either does not exist or could n
(עברית)المملكة العربية السعودية (العربية)ไทย (ไทย)대한민국 (한국어)中华人民共和国 (中文)台灣 (中文)日本 (日本語) HomeOnline20132010Other VersionsRelated ProductsLibraryForumsGallery Ask a question Quick access Forums home Browse forums users FAQ Search related threads Remove From My Forums Answered by: Only Domain Controller cannot find itself Windows Server > Directory Services Question 0 Sign in to vote Hi there, Attempting to join a server to the domain, but having issues. Two virtualized Server 2008 R2 machines. DC is running, but when opening the "Manage Your Server" window it cannot connect to its own Active Directory. Also cannot access the NETLOGON share. Second server cannot contact a domain controller when attempting to join the domain. There were previously two DC's, "orangebox" https://www.experts-exchange.com/questions/22828515/Secure-Channels-not-working-between-DCs.html and "blackmesa" which are no longer in existence. I seized their roles using the FSMO Maintenance console. Where should I start? The only domain controller can't even contact itself (???). Thank-you, Monday, March 05, 2012 11:09 PM Reply | Quote Answers 0 Sign in to vote Hi, Perform the below steps: •Since this is the single DC, chnage DNS pointing to its private IP 172.16.1.15 as https://social.technet.microsoft.com/Forums/sharepoint/en-US/0647204c-72fa-4f17-86c3-cce158c428fb/only-domain-controller-cannot-find-itself?forum=winserverDS preferred DNS, you can use 127.x.x. as an alternate . Run "ipconfig /flushdns & ipconfig /registerdns", restart NETLOGON serviceDC. •SYSVOL and NETLOGON shares are missing on DC. To recover, do take a SYSVOL backup (copy & paste)and Perform Authorative Restore : http://support.microsoft.com/kb/290762 •Ensure the DC (PDC role holder)is configured as an Authorative Time server: http://support.microsoft.com/kb/816042 •Perform metadata cleanup to remove failed DC objects from AD. http://msmvps.com/blogs/mweber/archive/2010/05/16/active-directory-metadata-cleanup.aspx Once you are done with above steps, again perform DCDIAG or BPA test and let us know the result.Best Regards, Abhijit Waikar. MCSA 2003 | MCSA:Messaging | MCTS | MCITP:Server Administrator | Microsoft Community Contributor | My Blog Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Marked as answer by vocatus Wednesday, March 07, 2012 2:00 PM Tuesday, March 06, 2012 3:10 PM Reply | Quote 0 Sign in to vote From the log is clear that sysvol and netlogon share is missing.I would also recommend to remove loopback IP address 127.0.0.1 as it is not required run ipconfig /flushdns & ipconfig /registerdns and restart the netlogon and DNS server. Since the netlogon & sysvol share are missing and
Check secure channel from MERCURY to solsys2: The specifieddomain either does not exist or could not be contacted.Could not Query http://microsoft.public.windows.server.active-directory.narkive.com/7TGqoj8e/dcdiag-and-outboundsecurechannels-and-nltest-too Trusted Domain :The system cannot find the filespecified.......................... MERCURY failed test OutboundSecureChannelsCan anyone tell me what this means? If this is the only DC for thedomain, then is this failure expected? b/c there are no other DC's toconnect and/or replicate with?I notice one other problem -- nltest also reports could not the same "specifieddomain does not exist" when attempting any of the secure channelcommand (sc_query, sc_reset, etc), so I assume this is related to theabove.Thanks,Steve Paul Williams [MVP] 2007-02-04 11:26:21 UTC PermalinkRaw Message If you fire up DOMAIN.MSC and look at the trusts tab, do you have either anincoming or outgoing could not query trust listed? If you do, this message pertains to thefact that the trust cannot be verified. If you're unaware of a trust, youcan delete the trustedDomain objects underneath the System container of yourdomain, using ADSIEDIT.MSC.--Paul WilliamsMicrosoft MVP - Windows Server - Directory Serviceshttp://www.msresource.net | http://forums.msresource.net Steve 2007-02-05 00:33:06 UTC PermalinkRaw Message Post by Paul Williams [MVP]If you fire up DOMAIN.MSC and look at the trusts tab, do you have either anincoming or outgoing trust listed? If you do, this message pertains to thefact that the trust cannot be verified. If you're unaware of a trust, youcan delete the trustedDomain objects underneath the System container of yourdomain, using ADSIEDIT.MSC.--Paul WilliamsMicrosoft MVP - Windows Server - Directory Serviceshttp://www.msresource.net | http://forums.msresource.netThere are no trusts in domain.msc so I think you answered my question-- the dcdiag OutboundSecureChannels test is testing for trusts thatexist b/t 2 domains? That "system can