I've got a win 2003 server running a TFS server, and a Win 2008 server acting as a PDC.
A few days ago, I changed my DHCP and DNS server (which used to be the win 2008 server) to a Cisco Router. Since then, I've not been able to log in on my TFS server, which keeps complaining that my domain doesn't exists.
I've run dcdiag from my local Admin account to debug :
dcdiag /v /s:MYPDC /u:MYDOMAIN\Brann /p:*
Which returned me this error:
* Active Directory LDAP Services Check
The host 95cb8ce0-ecb1-43e3-87aa-e4ce74fe6._msdcs.MYDOMAIN could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
......................... MYPDC failed test Connectivity
I changed my DHCP server to use MYPDC as the primary DNS server again, and this error stopped appearing
I restarted the server, confident that the issue was solved, but now I'm getting this :
Starting test: VerifyReferences
Some objects relating to the DC IDS-SERVER have problems:
[1] Problem: Missing Expected Value
Base Object: CN=MYPDC,OU=Domain Controllers,DC=MYDOMAIN
Base Object Description: "DC Account Object"
Value Object Attribute Name: frsComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
......................... IDS-SERVER failed test VerifyReferences
I've tried troubleshooting File Replication service as suggested in Q312862, but I'm stuck at the beginning :
C:\Documents and Settings\Administrator>ntfrsutl ds TFS
ERROR - Cannot bind w/authentication to computer, TFS; 000006d9 (1753)
ERROR - Cannot bind w/o authentication to computer, TFS; 000006d9 (1753)
ERROR - Cannot RPC to computer, TFS; 000006d9 (1753)
C:\Documents and Settings\Administrator>ntfrsutl ds MYPDC
ERROR - Cannot RPC to computer, MYPDC; 000006d2 (1746)
Any ideas on what to try next? Btw, other Vista computers on this domain can login just fine.
Just a thought ...
Did you move all of your service records (SRV) when you switched to the new DNS server? Active Directory really needs those records to operate. Without the SRV records you have no way of telling clients where your LDAP and Kerberos servers are (which is your PDC/GC).
Oh ... and was your TFS using DHCP?
Active Directory rides DNS, and works best/most completely when the AD server is the DNS server for the domain members.
For some reason, using an alternative DNS server results in some requests not being passed through to the AD server, resulting in incomplete functionality.
An obvious test perhaps, but if you fire up a command prompt on the 2003 server and type nslookup does it display something like:
and if you now type:
does it correctly resolve the PDC name?
JR
Edit: It looks as if DNS is OK or at least your 2k3 server is correctly using mypdc as the DNS server. Presumably you're logging into the 2k3 server as a local account if the domain account doesn't work. When you're logged in, if you open a command prompt and type:
(obviously replace "mydomain" by your domain name) and then feed in the domain administrator password, does this work?
Also is there anything relevant in the Security log on mypdc?
For the record, I eventually left/rejoined the domain and it solved the problem.
I wanted to avoid this solution because my TFS server was a certification authority, thus preventing any domain/name change on it without messing with the installation, but in most scenario it shouldn't be a problem