question

AshishSingh-2241 avatar image
0 Votes"
AshishSingh-2241 asked DSPatrick answered

Domain controller cannot contact the domain

I have a domain with few domain controllers. I'm having issue with one specific domain controller. Whenever I try to search for a user to select one, I get error saying, "Windows cannot process the object with the name "Domain User" because of following error: The specified domain either does not exist or could not be contacted."

windows-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered DSPatrick edited

Sounds like problematic DNS. I'd check the domain controllers all have own static ip address, plus other DC ip address, plus loopback (127.0.0.1) listed for DNS and no others such as router or public DNS

--please don't forget to Accept as answer if the reply is helpful--


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FanFan-MSFT avatar image
0 Votes"
FanFan-MSFT answered

Hi,

For troubleshooting, please confirm the following information:
Did you do any changes recently?
Confirm if there are any errors in the output of the following commands:
ipconfig /all > C:\dc.txt make sure the DNS server was configured correctly.
Dcdiag /v >c:\dcdiag1.log
Repadmin /showrepl >C:\repl.txt
Repadmin /showreps * 
Repadmin /syncall /APeD

Best Regards,

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Just checking if there's any progress or updates?

--please don't forget to Accept as answer if the reply is helpful--


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AshishSingh-2241 avatar image
0 Votes"
AshishSingh-2241 answered

Hi, all domain controllers have static IP addresses. Primary DNS is configured remote domain controller and secondary with local.


C:\Windows\system32>Repadmin /showreps *
LDAP error 81 (Server Down) Win32 Err 58.98057-rep-sync.txt


[1]: /answers/storage/attachments/98066-dc.txt

[2]: /answers/storage/attachments/97999-repl.txt

[3]: /answers/storage/attachments/98084-dcdiag1.log


dc.txt (4.1 KiB)
repl.txt (2.1 KiB)
dcdiag1.log (20.1 KiB)
rep-sync.txt (10.7 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AshishSingh-2241 avatar image
0 Votes"
AshishSingh-2241 answered

I just found out this issue might be there with other domain controllers as well.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

The domain controller PM-AB-RS-SVR01 is multi-homed. Multihoming will always cause no end to grief for active directory domain DNS. Better to move the roles requiring the other network adapters to another member server.

--please don't forget to Accept as answer if the reply is helpful--





5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AshishSingh-2241 avatar image
0 Votes"
AshishSingh-2241 answered

HI @DSPatrick , thanks for your suggestion. I am aware of the issue with this setup. I inherited it and sort of stuck with it as we don't have any more resources to re-allocate the roles. This was working fine so far (at least few years). I can login using the domain account, no problem. But only when I try to select the domain user, I'm getting this error - e.g. when selecting user to run a service. Do you think this might be due to bad actor as we suspect there was a breach in the domain recently? In response, I have disabled interactive login on this specific user account and enabled auditing.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Do you think this might be due to bad actor as we suspect there was a breach in the domain recently? In response, I have disabled interactive login on this specific user account and enabled auditing

I have no reason to suspect this. The main problem right now is the multihoming. The domain controller will remain unstable as long as this condition exists. There's no other option right now other than to correct this problem and move on to next. The error you mentioned is typical of this arrangement. ("The specified domain either does not exist or could not be contacted")

--please don't forget to Accept as answer if the reply is helpful--











5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AshishSingh-2241 avatar image
0 Votes"
AshishSingh-2241 answered FanFan-MSFT commented

I think the issue was with disabling interactive login on the account.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

What's the result if you enable the interactive login on the account?
If there are any progress, welcome to share here!
Best Regards,

0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered

Just checking if there's any progress or updates?

--please don't forget to Accept as answer if the reply is helpful--



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.