Re: DC Temporarily Off-line, Remaining DC Struggling

Hi Rebecca,

Thanks for the update and apologies for not responding to the newsgroup
sooner.

I'm not in a position to test your suggestions yet, but I will be before the
month is out. I'm confident that we're close to resolving the problem now.

Things have certainly moved along significantly since I first encountered
the issue - thanks for everyone's help, especially Rebecca, and I hope that
you'll continue to help when I post again with my results to Rebecca's
suggestions later this month.

Regards,

Richard Tubb.
www.netlinktrading.co.uk

""Rebecca Chen [MSFT]"" <v-rebc@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:u27w%2316gFHA.940@xxxxxxxxxxxxxxxxxxxxxxxx
> Hi Richard,
>
> Thanks for the update!
>
> According to your description, this issue does not occur if you create a
> new user account after the win2k server turn off. This phoneme leading me
> suspects this issue is related to the account and roaming profile. On
> other
> hand, I have found the KCC replication error in the MPSreport. I would
> like to confirm the following information:
>
> Please make sure all user accounts are replicated to win2k3 DC.
> 1. Since you are using roaming profile, I assume the original roaming
> profiles are stored to the old win2k DC rather than the new DC. Have you
> changed the roaming profile path to the new win2k3DC and copy all the
> roaming profile to the win23k share folder?
> 2. Do you specify the roaming profile or local profile when creating a new
> account on win2k3 DC? Does this issue only occurs if the user account uses
> the roaming profile?
> 3. Disable the roaming profile for the problematic account and use the
> local profile to logon to the win2k3 server (turn off win2k server first),
> does this issue occur? You may use the following steps to change the
> profile:
> On the win2k3 DC, key in "dsa.msc" in Run box to bring up the ADUC, open
> the properties of an problematic user account, switch to Profile tab to
> clear the profile path. Make sure you logon to the machine to use the
> local
> profile. For existing profile created on the XP client, you can open the
> Properties of My Computer, switch to Advanced tab, click Setting button
> under User profiles and click Change Type button to change the roaming
> profile to local profile. Are you able to reproduce this issue.
>
> 4. On the DNS server, open the DNS console and change the win2k3.com zone
> to primary zone instead of AD-intergraed zone by clearing "store the zone
> in active directory". Please send me the
> c:\windows\system32\dns\win2k3dom.dns file for research.
>
> 5. Refer to the following article to enable useenv log on a XP client, use
> the problematic account to logon to win2k3 DC, and then use a good account
> to logon to the win2k3 DC. sending me the userenv log for research and let
> me know which one is the problematic account and which is the good one.
>
> Enable Logging for Core Group Policy
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Opera
> tions/b7baac12-26c2-4271-bb39-f60764432247.mspx
>
> All the info above helps us to determine to determine the root cause.
>
> I look forward to your reply.
>
> Best regards,
>
> Rebecca Chen
>
> MCSE2000 MCDBA CCNA
>
>
> Microsoft Online Partner Support
> Get Secure! - www.microsoft.com/security
>
> =====================================================
>
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
>
> =====================================================
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
> --------------------
>>From: "Richard Tubb" <richard@xxxxxxxxxxxxxxxxxxxx>
>>References: <OXurd6NgFHA.1044@xxxxxxxxxxxxxxxxxxxx>
> <Ti7T7PUgFHA.3240@xxxxxxxxxxxxxxxxxxxxx>
> <u20y0cUgFHA.3108@xxxxxxxxxxxxxxxxxxxx>
> <ubcZo7ZgFHA.460@xxxxxxxxxxxxxxxxxxxx>
> <eD7DLMagFHA.1432@xxxxxxxxxxxxxxxxxxxx>
> <bmujaAigFHA.1336@xxxxxxxxxxxxxxxxxxxxx>
> <e4ztkhjgFHA.3088@xxxxxxxxxxxxxxxxxxxx>
> <OBa7hwmgFHA.2156@xxxxxxxxxxxxxxxxxxxx>
> <OWfViStgFHA.3164@xxxxxxxxxxxxxxxxxxxx>
> <DO5MRLugFHA.3936@xxxxxxxxxxxxxxxxxxxxx>
>>Subject: Re: DC Temporarily Off-line, Remaining DC Struggling
>>Date: Thu, 7 Jul 2005 14:54:22 +0100
>>Lines: 140
>>X-Priority: 3
>>X-MSMail-Priority: Normal
>>X-Newsreader: Microsoft Outlook Express 6.00.2800.1106
>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
>>Message-ID: <uxVCjtvgFHA.1148@xxxxxxxxxxxxxxxxxxxx>
>>Newsgroups: microsoft.public.windows.server.active_directory
>>NNTP-Posting-Host: brokerassistance.co.uk 62.173.74.14
>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
>>Xref: TK2MSFTNGXA01.phx.gbl
> microsoft.public.windows.server.active_directory:31669
>>X-Tomcat-NG: microsoft.public.windows.server.active_directory
>>
>>Hi,
>>
>>As per my post in response to Paul's query, I can now see the Svr records
>>both through nslookup tests and by browsing to the _msdcs sub-domain in
>>the
>>DNS console.
>>
>>We have tried powering off the win2k server and login through the single
>>win2k3 DC for users now seems more responsive. However it's certainly not
> as
>>fast as logon's through the win2k server. Interestingly, after a creating
>>a
>>new user specifically to test with this login, there were no issues with
>>login speed. The delay only appears to happen with existing login
>>accounts.
>>Being able to logon in a reasonable amount of time is a great step in the
>>right direction though - so thanks to all who have helped thus far!
>>
>>On a side-note - I've not been able to use NetDiag in any of my tests as
>>when run on a Win2k3 or XP machine it produces an error saying "The
>>procedure entry point DnsGetPrimaryDomainName_UTF8 could not be located in
>>the dynamic link library DNSAPI.dll". I believe this is because I'm
>>running
>>a Windows 2000 version of NetDiag.
>>
>>However, I've installed the Windows 2003 Resource Kit but can't find
> NetDiag
>>installed with these tools, despite the fact it is publicised as being a
>>part of the Resource Kit on the MS web-site.
>>
>>Does anyone know a download link for the 2003/XP version of NetDiag?
>>
>>Regards,
>>
>>Richard Tubb.
>>www.netlinktrading.co.uk
>>
>>
>>""Rebecca Chen [MSFT]"" <v-rebc@xxxxxxxxxxxxxxxxxxxx> wrote in message
>>news:DO5MRLugFHA.3936@xxxxxxxxxxxxxxxxxxxxxxxx
>>> Hi Richard,
>>>
>>> Based on your reply, this issue is related to the DNS since it seems
> there
>>> is no Svr record, the client cannot log to the domain without srv
>>> record.
>>> Please help me gather the futhur information:
>>>
>>> 1. On win2k3 server, please run the command:
>>> Netdiag > c:\netdiag.txt
>>> Dcdiag > c:\dcdiag.txt
>>>
>>> 2. Download the MPSRPT_NETWORK.EXE and run it on win2k3 DC:
>>> Microsoft Product Support's Reporting Tools
>>>
>>http://www.microsoft.com/downloads/details.aspx?familyid=cebf3c7c-7ca5-408f
> -
>>> 88b7-f9c79b7306c0&displaylang=en
>>>
>>> 3. Examing _msdcs subdomain, are you able to find the Srv record? If
>>> not,
>>> please go ahead to rebuild the _msdcs subdomain as I have suggested
>>before.
>>>
>>> If the issue persists, please send the MPSreport, netdiag and dcdiag to
>>> v-rebc@xxxxxxxxxxxxx for research.
>>>
>>> I look forward to your reply.
>>>
>>> Best regards,
>>>
>>> Rebecca Chen
>>>
>>> MCSE2000 MCDBA CCNA
>>>
>>>
>>> Microsoft Online Partner Support
>>> Get Secure! - www.microsoft.com/security
>>>
>>> =====================================================
>>>
>>> When responding to posts, please "Reply to Group" via your newsreader so
>>> that others may learn and benefit from your issue.
>>>
>>> =====================================================
>>> This posting is provided "AS IS" with no warranties, and confers no
>>rights.
>>>
>>> --------------------
>>> >From: "Richard Tubb" <richard@xxxxxxxxxxxxxxxxxxxx>
>>> >References: <OXurd6NgFHA.1044@xxxxxxxxxxxxxxxxxxxx>
>>> <Ti7T7PUgFHA.3240@xxxxxxxxxxxxxxxxxxxxx>
>>> <u20y0cUgFHA.3108@xxxxxxxxxxxxxxxxxxxx>
>>> <ubcZo7ZgFHA.460@xxxxxxxxxxxxxxxxxxxx>
>>> <eD7DLMagFHA.1432@xxxxxxxxxxxxxxxxxxxx>
>>> <bmujaAigFHA.1336@xxxxxxxxxxxxxxxxxxxxx>
>>> <e4ztkhjgFHA.3088@xxxxxxxxxxxxxxxxxxxx>
>>> <OBa7hwmgFHA.2156@xxxxxxxxxxxxxxxxxxxx>
>>> >Subject: Re: DC Temporarily Off-line, Remaining DC Struggling
>>> >Date: Thu, 7 Jul 2005 10:16:58 +0100
>>> >Lines: 33
>>> >X-Priority: 3
>>> >X-MSMail-Priority: Normal
>>> >X-Newsreader: Microsoft Outlook Express 6.00.2800.1106
>>> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
>>> >Message-ID: <OWfViStgFHA.3164@xxxxxxxxxxxxxxxxxxxx>
>>> >Newsgroups: microsoft.public.windows.server.active_directory
>>> >NNTP-Posting-Host: brokerassistance.co.uk 62.173.74.14
>>> >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
>>> >Xref: TK2MSFTNGXA01.phx.gbl
>>> microsoft.public.windows.server.active_directory:31641
>>> >X-Tomcat-NG: microsoft.public.windows.server.active_directory
>>> >
>>> >Hi Paul,
>>> >
>>> >Thanks for the update.
>>> >
>>> >I've tried typing "type=srv" but nslookup immediately responds with
>>> >***ourdomain.co.uk can't find type=srv: Non-existent domain ".
>>> >
>>> >Typing "_ldap._tcp.dc._msdcs.ourdomain.co.uk" in immediately afterwards
>>> >provides the same type of error.
>>> >
>>> >I'm not familiar with this method of using nslookup - so if I'm doing
>>> >anything wrong please let me know.
>>> >
>>> >Regards,
>>> >
>>> >Richard Tubb.
>>> >www.netlinktrading.co.uk
>>> >
>>> >"Paul Williams [MVP]" <ptw2001@xxxxxxxxxxx> wrote in message
>>> >news:OBa7hwmgFHA.2156@xxxxxxxxxxxxxxxxxxxxxxx
>>> >> That SRV query won't work. You'll need to try this:
>>> >>
>>> >> type=srv
>>> >> _ldap._tcp.dc._msdcs.domain-name.co.uk
>>> >>
>>> >> --
>>> >> Paul Williams
>>> >> Microsoft MVP - Windows Server - Directory Services
>>> >> http://www.msresource.net | http://forums.msresource.net
>>> >>
>>> >>
>>> >
>>> >
>>> >
>>>
>>
>>
>>
>


.

Loading