Re: Site Question
- From: "Ulf B. Simon-Weidner [MVP]" <nospam2-ulf@xxxxxxxxxxxxxxxxxx>
- Date: Fri, 28 Oct 2005 04:30:03 -0700
Hello Wolfgang,
check all the entries in DNS, maybe a server is advertising himself for the
other site as well. Also make sure that sites and services are configured
correctly. The mechanism for detecting DCs is usually very reliable, but it
might - especially after implementing a new DC/Site - that one DC is
advertising himself for the same sites as the other DC.
--
Gruesse - Sincerely,
Ulf B. Simon-Weidner
Blog: http://msmvps.com/ulfbsimonweidner
"Wolfgang Scholz" wrote:
> then i am stuck here. i checked the policy files on the sysvol shares of the
> dc´s and they are exactly the same. same size and same modification date. i
> checked also the time on the dc´s and they are absolutely in sync. i think i
> have to open a support call at microsoft regarding this issue.
>
> thanks
>
> wolfgang
>
> "Paul Hinsberg" <paulhins(antispam)@comcast.net> schrieb im Newsbeitrag
> news:E6D7F20D-F91B-4DD0-98F7-24658270EF78@xxxxxxxxxxxxxxxx
> > That would be the expected behavior. I would suspect that the GPO and
> > replication must be current as well as the time properly synchronized
> > between
> > the DCs, otherwise the GPO may be acquired from another server consider
> > more
> > up to date.
> > --
> > Paul Hinsberg
> >
> >
> > "Wolfgang Scholz" wrote:
> >
> >> i solved the problem with dcdiag. the problem was the version of
> >> dcdiag.exe.
> >> when i use the version of the support tools for 2003 sp1 every test is
> >> passed now.
> >> regarding my problem with the sites, if i get you right than it would be
> >> normal behavior for the client getting the computer policies from a dc of
> >> the same site as the client ?
> >>
> >> regards
> >>
> >> wolfgang
> >>
> >>
> >> "Wolfgang Scholz" <Wolfgang.Scholz@xxxxxxx> schrieb im Newsbeitrag
> >> news:OJLlT2u2FHA.3300@xxxxxxxxxxxxxxxxxxxxxxx
> >> > hi ulf and paul,
> >> >
> >> > thanks for the quick reply. i checked the dns and here everything is
> >> > OK. i
> >> > can resolve the dc´s forward and reverse and the servers are
> >> > advertising
> >> > themselves in the zone. where i have a problem is with dcdiag. when i
> >> > run
> >> > dcdiag i get the following errors:
> >> >
> >> > Performing initial setup:
> >> > [m-s-dc02] Directory Binding Error -2146892976:
> >> > The system detected a possible attempt to compromise security.
> >> > Please
> >> > ensure that you can contact the server that authenticated you.
> >> > This may limit some of the tests that can be performed.
> >> > Done gathering initial info.
> >> >
> >> > Doing initial required tests
> >> >
> >> > Testing server: Muenchen\M-S-DC02
> >> > Starting test: Connectivity
> >> > [M-S-DC02] DsBindWithSpnEx() failed with error -2146892976,
> >> > The system detected a possible attempt to compromise security.
> >> > Please ensure that you can contact the server that authenticated you..
> >> > ......................... M-S-DC02 failed test Connectivity
> >> >
> >> > the rest of the tests is fine. my dc´s are windows 2003 with sp1. i
> >> > found
> >> > an article at microsoft (
> >> > http://support.microsoft.com/kb/898060/en-us )
> >> > regarding a problem but reinstalling that hotfix does not help.
> >> >
> >> > regards and thanks
> >> >
> >> > wolfgang
> >> >
> >> > "Ulf B. Simon-Weidner [MVP]" <nospam2-ulf@xxxxxxxxxxxxxxxxxx> schrieb
> >> > im
> >> > Newsbeitrag news:DDB451E7-BE53-42FE-BAFE-E85E62589A6B@xxxxxxxxxxxxxxxx
> >> >> Hi Wolfgang,
> >> >>
> >> >> apart from the suggestions from Paul, make sure that both servers
> >> >> advertise
> >> >> themselves in DNS in the zone yourdomain.com with a (same as above)
> >> >> record
> >> >> pointing to both servers.
> >> >>
> >> >> --
> >> >> Gruesse - Sincerely,
> >> >>
> >> >> Ulf B. Simon-Weidner
> >> >> Blog: http://msmvps.com/ulfbsimonweidner
> >> >>
> >> >>
> >> >> "Wolfgang Scholz" wrote:
> >> >>
> >> >>> Hi everybody,
> >> >>>
> >> >>> i have an issue with Sites i don´t understand but maybe somebody here
> >> >>> can
> >> >>> shed a light on this. We have let´s say 2 Sites here, Site A with a
> >> >>> Domain
> >> >>> Controller A and Site B with a Domain Controller B. Client A is in
> >> >>> the
> >> >>> Subnet Range of Site A. When i boot Client A and check with Ethereal
> >> >>> whats
> >> >>> going on i see something surprising. After the NBNS Registration
> >> >>> Packets
> >> >>> i
> >> >>> see a DNS Query for
> >> >>> SRV_ldap.tcp.SiteA._sites.dc._msdcs.global.fjh.com .
> >> >>> So
> >> >>> far so good, but later when the Client is getting the Computer Policy
> >> >>> i
> >> >>> see
> >> >>> in Ethereal that the Client gets this from Domain Controller B in
> >> >>> Site
> >> >>> B.
> >> >>> This is not what i expected. I expected the Client getting all the
> >> >>> sysvol
> >> >>> Stuff from Domain Controller A in Site A. Is this behavior normal or
> >> >>> is
> >> >>> maybe something misconfigured ? The logon of a User is authenticated
> >> >>> by
> >> >>> the
> >> >>> Domaincontroller A in Site A. I checked the Configuration of the
> >> >>> Sites
> >> >>> an
> >> >>> the Domain Controllers are in the correct Sites.
> >> >>>
> >> >>> Thanks for the Help
> >> >>>
> >> >>> regards
> >> >>>
> >> >>> Wolfgang
> >> >>>
> >> >>>
> >> >>>
> >> >
> >> >
> >>
> >>
> >>
>
>
>
.
- Follow-Ups:
- Re: Site Question
- From: Wolfgang Scholz
- Re: Site Question
- References:
- Re: Site Question
- From: Paul Hinsberg
- Re: Site Question
- From: Wolfgang Scholz
- Re: Site Question
- Prev by Date: RE: Redundant DC's ?
- Next by Date: Re: Problems Importing AD LDIFDE
- Previous by thread: Re: Site Question
- Next by thread: Re: Site Question
- Index(es):
Relevant Pages
|
Loading
