Re: 2nd DC causing problems.

From: Cary Shultz [A.D. MVP] (cwshultz_at_mvps.org)
Date: 08/24/04

Next message: Ben Winzenz [Exchange MVP]: "Re: Windows 2003 Standard and Exchange 2003 Standard"
Previous message: Cary Shultz [A.D. MVP]: "Re: Change AD account password from a workgroup PC"
In reply to: Bob Z.: "2nd DC causing problems."
Next in thread: Bob Z.: "Re: 2nd DC causing problems."
Reply: Bob Z.: "Re: 2nd DC causing problems."
Messages sorted by: [ date ] [ thread ]

Date: Tue, 24 Aug 2004 11:03:29 -0400

Bob,

is the second DC also a DNS Server? also a GC?

I think that the 3034 errors can also be found when you are mapping a
networked drive on the machine which houses the shared folders. So, if you
log on as Administrator to DC01 and the Administrator account has logon.bat
associated with it and all of your shared folders are on DC01 (
\\dc01\software, \\dc01\utilities, \\dc01\private, \\dc01\public,
\\dc01\departments, etc ) then you will notice the 3034 errors. Was not
aware that this would also be a time synch issue. Have you checked to make
sure that all machines are within 5 minutes of the DC that holds the role of
the PDC Emulator? By default, five minutes is the magic number. This,
however, can be changed by GPO ( but probably should not be ).

Just to make sure that all of the FSMO Roles are available you can run -
from a command prompt without the quotes - 'netdom query fsmo' on each of
your domain controllers. Check to make sure that both of them agree on who
holds what roles.

Also, as I am sure that you found out, the userenv 1000 errors can be a
million things! Can you post the entire message?

I know that you said that all is well in DNS land but do you have all four
of the subfolders ( _msdcs, _tcp, _udp and _sites ) in your FLZ? Do they
all have the appropriate entries? If dcdiag comes up fine then this is
probably the case. With which switches did you do dcdiag? I like to use
dcdiag /c /verbose....

I would also look at the client computers. Run - again from the command
prompt without the quotes - 'set l' on the pcs. Do you notice any patterns?
Also, do an ipconfig /all on the computers that work and on those that do
not work ( not all of them, just a couple in the beginning ). Let's just
make sure that they are getting the correct IP Address lease information ( I
am making the assumption that you are using DHCP ). If you are setting this
information up manually then you might want to consider using DHCP. Fix
your gaze on the information for the DNS Servers. This information needs to
be your internal DNS Server IP Address(es), not your ISP DNS Server IP
Address(es).

HTH,

Cary

"Bob Z." <anonymous@discussions.microsoft.com> wrote in message
news:c5de01c489e0$af5417a0$a601280a@phx.gbl...
> I installed a domain controller in our environment, that
> up until this point just had 1 PDC.
>
> After the new DC is on for a day, roughly, users will
> begin to have domain login problems. No errors in the
> event viewer on the PDC. On the newly installed DC, I
> get "userenv 1000" in the app. log, and "mrxsmb 3034" in
> the system log.
>
> FYI - dcpromo ran without any errors when I initially set
> up this DC. I've also ran "dcdiag" and receive no errors -
> all looks good. Plus network connectivity & DNS appear
> fine.
>
> All of the tests/diags I run come up okay. The two event
> errors I mentioned above are the only trace of a problem.
>
> Maybe there are some rights that the 2nd DC needs that it
> doesn't have? Not sure. I did trace the "mrxsmb 3034" and
> see that the dword/data points to a time server issue.
> I just can't see how that's the case. Our PDC synchs from
> an external time source, and the DC synchs to it. I
> checked both servers and they have the identical time down
> to the second. I printed out microsoft's white paper on
> the "time service" and compared it to my setup. All seems
> to be in place.
>
> If anybody has any leads or ideas, please send them!
>
> I've never had this problem bringing up a second DC. No
> problems if I turn off my new DC....but if I boot it up,
> people will have login problems shortly afterwards...
>
> -thanks,
> Bob
>

Next message: Ben Winzenz [Exchange MVP]: "Re: Windows 2003 Standard and Exchange 2003 Standard"
Previous message: Cary Shultz [A.D. MVP]: "Re: Change AD account password from a workgroup PC"
In reply to: Bob Z.: "2nd DC causing problems."
Next in thread: Bob Z.: "Re: 2nd DC causing problems."
Reply: Bob Z.: "Re: 2nd DC causing problems."
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Windows 2003 server DNS problems
... you would disconnect the BDC not the PDC from the network. ... > server was promoted as a PDC and the original PDC was promoted to a BDC. ... The DNS server is setup as a forwarder and is pointing ...
(microsoft.public.windows.server.setup)
Re: Unable to create AD objects...
... Yes, sorry, I did mention them both a PDC and a BDC in that original thread. ... Performing upstream analysis. ... No delegations were found in this zone on this DNS server ... Matching DC SRV record found at DNS server ...
(microsoft.public.windows.server.active_directory)
Re: 2nd DC causing problems.
... The second DC is not a DNS server. ... The PDC holds all FSMO roles, runs DNS, DHCP, WINS. ...
(microsoft.public.win2000.active_directory)
Re: 2nd DC causing problems.
... > The PDC holds all FSMO roles, runs DNS, DHCP, WINS. ... > have had 1 PDC that hosts all the roles plus DNS, DHCP, ... >>is the second DC also a DNS Server? ...
(microsoft.public.win2000.active_directory)
Re: Promote DC
... The PDC is SBS 2003, the new installed is Windows 23003 standard. ... If the PDC is the primary DNS server for the network then ... >> the domain when installation. ...
(microsoft.public.windows.server.general)