# Server 2003/Active Directory Missing Sites Container in AD



## disisit (Aug 9, 2011)

All right, guys. I have a weird one for you. I have two domain controllers at a client of mine and I am upgrading them to exchange 2010. I attempt to install Exchange 2010 and am met with the following error when checking prerequisites. 

Setup encountered a problem while validating the state of Active Directory: Could not find any Global Catalog in forest

No global catalog? That's weird.

I'll just make one.

Nope.

When I go into AD sites and services, guess what's missing:

Sites.

Help?











I don't use Windows DCs as a general rules. Samba/Open LDAP for me. So if I'm missing something simple, please forgive me for wasting your time. Here is a paste of my dcdiag and netdiag. Sorry for not using pastebin but it seems to be down right now.


```
C:\Documents and Settings\admin>dcdiag /c

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: BediasBranch\FSBB-SPDC
      Starting test: Connectivity
         ......................... FSBB-SPDC passed test Connectivity

Doing primary tests

   Testing server: BediasBranch\FSBB-SPDC
      Starting test: Replications
         REPLICATION-RECEIVED LATENCY WARNING
         FSBB-SPDC:  Current time is 2011-08-08 23:04:36.
            DC=ForestDnsZones,DC=fsbb,DC=local
               Last replication recieved from FSBB-SNETCHECKK at 2007-11-01 11:5
6:26.
               WARNING:  This latency is over the Tombstone Lifetime of 60 days!

            DC=DomainDnsZones,DC=fsbb,DC=local
               Last replication recieved from FSBB-SNETCHECKK at 2007-11-01 11:5
6:26.
               WARNING:  This latency is over the Tombstone Lifetime of 60 days!

            CN=Schema,CN=Configuration,DC=fsbb,DC=local
               Last replication recieved from FSBB-SNETCHECKK at 2007-11-01 11:5
6:26.
               WARNING:  This latency is over the Tombstone Lifetime of 60 days!

            CN=Configuration,DC=fsbb,DC=local
               Last replication recieved from FSBB-SNETCHECKK at 2007-11-01 11:5
6:26.
               WARNING:  This latency is over the Tombstone Lifetime of 60 days!

            DC=fsbb,DC=local
               Last replication recieved from FSBB-SNETCHECKK at 2007-11-01 12:2
5:56.
               WARNING:  This latency is over the Tombstone Lifetime of 60 days!

         ......................... FSBB-SPDC passed test Replications
      Starting test: Topology
         ......................... FSBB-SPDC passed test Topology
      Starting test: CutoffServers
         ......................... FSBB-SPDC passed test CutoffServers
      Starting test: NCSecDesc
         ......................... FSBB-SPDC passed test NCSecDesc
      Starting test: NetLogons
         Unable to connect to the NETLOGON share! (\\FSBB-SPDC\netlogon)
         [FSBB-SPDC] An net use or LsaPolicy operation failed with error 1203, N
o network provider accepted the given network path..
         ......................... FSBB-SPDC failed test NetLogons
      Starting test: Advertising
         Warning: DsGetDcName returned information for \\FSBK-SPDC.fsbb.local, w
hen we were trying to reach FSBB-SPDC.
         Server is not responding or is not considered suitable.
         Warning: FSBB-SPDC is not advertising as a global catalog.
         Check that server finished GC promotion.
         Check the event log on server that enough source replicas for the GC ar
e available.
         ......................... FSBB-SPDC failed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... FSBB-SPDC passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... FSBB-SPDC passed test RidManager
      Starting test: MachineAccount
         ......................... FSBB-SPDC passed test MachineAccount
      Starting test: Services
         ......................... FSBB-SPDC passed test Services
      Starting test: OutboundSecureChannels
         ** Did not run Outbound Secure Channels test
         because /testdomain: was not entered
         ......................... FSBB-SPDC passed test OutboundSecureChannels
      Starting test: ObjectsReplicated
         ......................... FSBB-SPDC passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... FSBB-SPDC passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... FSBB-SPDC failed test frsevent
      Starting test: kccevent
         ......................... FSBB-SPDC passed test kccevent
      Starting test: systemlog
         ......................... FSBB-SPDC passed test systemlog
      Starting test: VerifyReplicas
         ......................... FSBB-SPDC passed test VerifyReplicas
      Starting test: VerifyReferences
         ......................... FSBB-SPDC passed test VerifyReferences
      Starting test: VerifyEnterpriseReferences
         ......................... FSBB-SPDC passed test VerifyEnterpriseReferen
ces
      Starting test: CheckSecurityError
         No KDC found for domain fsbb.local in site BediasBranch (1355, NULL)
         [FSBB-SPDC] Unable to contact a KDC for the destination domain in it's
own site.  This means either there are no available KDC's for this domain in the
 site, *including* the destination DC itself, or we're having network or packet
fragmentation issues connecting to it.  We'll check packet fragmentation connect
ion to the destination DC, make recommendations, and continue.
          Warning:  The maximum non-fragmentable UDP transfer unit is 1492.
         This isn't a sufficient size for operation if any DC's in the enterpris
e are Win2k SP3 or earlier.
         Solution:  Either install at least W2K SP4 or better, or configure the
network to allow non-fragmented UDP packets of at least 2008 bytes.
         [FSBB-SPDC] No security related replication errors were found on this D
C!  To target the connection to a specific source DC use /ReplSource:<DC>.
         ......................... FSBB-SPDC passed test CheckSecurityError

DNS Tests are running and not hung. Please wait a few minutes...

   Running partition tests on : TAPI3Directory
      Starting test: CrossRefValidation
         ......................... TAPI3Directory passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... TAPI3Directory passed test CheckSDRefDom

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : fsbb
      Starting test: CrossRefValidation
         ......................... fsbb passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... fsbb passed test CheckSDRefDom

   Running enterprise tests on : fsbb.local
      Starting test: Intersite
         ......................... fsbb.local passed test Intersite
      Starting test: FsmoCheck
         Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
         A Global Catalog Server could not be located - All GC's are down.
         ......................... fsbb.local failed test FsmoCheck
      Starting test: DNS
         Test results for domain controllers:

            DC: fsbb-spdc.fsbb.local
            Domain: fsbb.local


               TEST: Basic (Basc)
                  Warning: adapter [00000010] VMware Accelerated AMD PCNet Adapt
er has invalid DNS server: 10.50.3.254 (<name unavailable>)

               TEST: Forwarders/Root hints (Forw)
                  Error: Forwarders list has invalid forwarder: 10.50.3.254 (<na
me unavailable>)

               TEST: Records registration (RReg)
                  Network Adapter [00000010] VMware Accelerated AMD PCNet Adapte
r:
                     Error: Missing A record at DNS server 10.50.3.254 :
                     fsbb-spdc.fsbb.local

                     Error: Missing CNAME record at DNS server 10.50.3.254 :
                     6e57c8aa-cf0e-4ac8-8c0e-39d8e7373414._msdcs.fsbb.local

                     Error: Missing DC SRV record at DNS server 10.50.3.254 :
                     _ldap._tcp.dc._msdcs.fsbb.local

                     Error: Missing GC SRV record at DNS server 10.50.3.254 :
                     _ldap._tcp.gc._msdcs.fsbb.local

                     Error: Missing PDC SRV record at DNS server 10.50.3.254 :
                     _ldap._tcp.pdc._msdcs.fsbb.local

               Error: Record registrations cannot be found for all the network a
dapters

         Summary of test results for DNS servers used by the above domain contro
llers:

            DNS server: 10.50.3.254 (<name unavailable>)
               2 test failures on this DNS server
               Name resolution is not functional. _ldap._tcp.fsbb.local. failed
on the DNS server 10.50.3.254

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
               ________________________________________________________________
            Domain: fsbb.local
               fsbb-spdc                    PASS WARN PASS PASS PASS FAIL n/a

         ......................... fsbb.local failed test DNS
```


```
KB982214
        KB982381-IE8
        KB982632-IE8
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection 4

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : fsbb-spdc
        IP Address . . . . . . . . : 10.50.3.200
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 10.50.3.254
        Dns Servers. . . . . . . . : 10.50.3.200
                                     10.50.3.254


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Failed
            \Device\NetBT_Tcpip_{C08100A3-8DBF-4348-A2E0-5090A0397288}
        [FATAL] At least one of your NetBT names is not registered properly.
                You have a potential name conflict.
                Please check that the machine name is unique.
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Failed
    [WARNING] Ths system volume has not been completely replicated to the local
machine. This machine is not working properly as a DC.


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{C08100A3-8DBF-4348-A2E0-5090A0397288}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Failed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '10.50.3.200'
 and other DCs also have some of the names registered.
    [WARNING] The DNS entries for this DC are not registered correctly on DNS se
rver '10.50.3.254'. Please wait for 30 minutes for DNS server replication.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{C08100A3-8DBF-4348-A2E0-5090A0397288}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{C08100A3-8DBF-4348-A2E0-5090A0397288}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Failed
        Failed to enumerate DCs by using the browser. [ERROR_NETNAME_DELETED]


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
    [WARNING] Failed to query SPN registration on DC 'fsbb-snetcheckk.fsbb.local
'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully
```


----------



## Wand3r3r (Sep 17, 2010)

Wow.

No replication since 2007-11-01 . Guess no one maintains these servers?

Where is FSBB-SNETCHECKK? Appears it maybe the FSMO/GC holder?

gateway listed as dns in both ipconfig and dns? Crazy. Don't list the gateway as a dns server.


----------



## disisit (Aug 9, 2011)

FSBB Netcheck is no longer online. I suppose I should remove it from the list of Domains entirely. The gateway is a secondary DNS. It's a firewall that has it's own DNS server.

If you're quite finished addressing the obvious, feel free to assist me with the problem at hand.


----------



## NetwrkEngineer (Aug 7, 2011)

Yea I have seen firewalls like that with built-in dns servers. Kinda handy at times. Have you looked in the logs to see if there has been any changes... not trying to state the obvious just always a first step of mine and maybe yours to wasn't sure.


----------



## Wand3r3r (Sep 17, 2010)

There is nothing obvioius in this setup. If you want help its best not to cope an attitude with someone trying to help you.

That "firewall" dns server failed the test so perhaps at some point you might want to address that like in how its getting its information. Odds are what its pointed to is no longer valid.

You mention two DCs. Where/what is the other? Have you checked what AD looks like from there?

What is clear now is the missing DC is what contained everything, fsmo roles and GC according to the reports.

This means your AD is corrupt. You can't just remove a DC. Proper way is to dcpromo it down so the AD data is clean. You have to run the procedure to clean up the metadata.
Delete Failed DCs from Active Directory

Question comes down to what should you do first. Or even if this is recoverable.

I would start by seizing the fsmo roles. Then do the metadata cleanup. 

But first lets figure out what is up with the 2nd DC.

And how did this become your responsiblity if you were to just do the exchange upgrade? Where is their IT staff?


----------

