Problem : Active Directory was unable to establish a connection with the global catalog
I have 2 DCs and I set both of them GC. Everything was working until I disabled GC on both DCs. Now, I cannot logon user anymore. I enabled GCs on both DCs again, but it doesn’t help. I have been wating for more than an hour and I also restarted Netlogon service. Here is the message I got in event viewer:
Active Directory was unable to establish a connection with the global catalog.
Additional Data
Error value:
1355 The specified domain either does not exist or could not be contacted.
Internal ID:
3200cf3
————————————————————————————–
DCDIAG test error run on SRV-2
—————————————————————————————
Starting test: Advertising
Warning: SRV-2 has not finished promoting to be a GC.
Check the event log for domains that cannot be replicated.
Warning: SRV-2 is not advertising as a global catalog.
Check that server finished GC promotion.
Check the event log on server that enough source replicas for the GC ar
e available.
……………………. SRV-2 failed test Advertising
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
……………………. SRV-2 failed test frsevent
Starting test: kccevent
An Error Event occured. EventID: 0xC0000466
Time Generated: 11/24/2009 15:28:13
(Event String could not be retrieved)
……………………. SRV-2 failed test kccevent
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located – All GC’s are down.
……………………. okayama-montreal.local failed test FsmoCheck
Solution: Active Directory was unable to establish a connection with the global catalog
You have some tombstoned domain controllers (DC3child and DC2). That’s why the GC can’t finish.
The GC holds a partial reference to every object in every domain in a forest. When a DC becomes tombstoned other DC’s will not replicate with it because it holds old outdated data. A object or DC becomes tombstoned if you delete the object or a DC has not replicated within the tombstoned lifetime (180 days in your domain) .
When you removed all your GC’s then you lose all the references. After promoting it to a GC again it must use FRS to replicate and build up the GC “database”. But when you got tombstoned DC’s this replication will not occur.
If DC3child and DC2 are the only DC in your child domain, these childs are lost. Your parent domain stills sees them but denies to replicate with them so they needs to be removed.
You need to run “dcpromo /forceremoval” on DC3child and DC2. Then do a metadata cleanup on a healty DC in your parent domain.
