Re: Site Question
- From: "Wolfgang Scholz" <Wolfgang.Scholz@xxxxxxx>
- Date: Sun, 30 Oct 2005 07:18:04 +0100
hi ulf,
that was exactly what happened. when i checked the _ldap and _kerberos
records of site A in the dns i saw also records from domain controller B. i
have absolutely no idea why and how this records came in. we created the
sites with the standard mmc snap in, not something special. the interesting
thing is, i deleted the sites with the "active directory sites and services"
.. i noticed that a deletion of a site with the snap in does not invoke a
deletion in the dns also. so i deleted the sites manually in the dns. after
the replication, the sites were completely gone. when i recreated the sites
all dns records got created correct. so now i have a site A with records
from domaincontroller A and a site B with records from domain controller B.
at least my sites are working now but i have no idea why they got created
wrong which makes me a little bit nervous. by the way i found a great
article from ms regarding this topic:
http://support.microsoft.com/kb/306602/en-us . do you know other articles or
whitepapers with a detailed description of sites and dns and when will be
what created in the zones ?
thanks for the help
regards
wolfgang
"Ulf B. Simon-Weidner [MVP]" <nospam2-ulf@xxxxxxxxxxxxxxxxxx> wrote in
message news:57339CAF-94EA-4016-A219-2E164200F0F3@xxxxxxxxxxxxxxxx
> Hello Wolfgang,
>
> check all the entries in DNS, maybe a server is advertising himself for
> the
> other site as well. Also make sure that sites and services are configured
> correctly. The mechanism for detecting DCs is usually very reliable, but
> it
> might - especially after implementing a new DC/Site - that one DC is
> advertising himself for the same sites as the other DC.
>
> --
> Gruesse - Sincerely,
>
> Ulf B. Simon-Weidner
> Blog: http://msmvps.com/ulfbsimonweidner
>
>
> "Wolfgang Scholz" wrote:
>
>> then i am stuck here. i checked the policy files on the sysvol shares of
>> the
>> dc´s and they are exactly the same. same size and same modification date.
>> i
>> checked also the time on the dc´s and they are absolutely in sync. i
>> think i
>> have to open a support call at microsoft regarding this issue.
>>
>> thanks
>>
>> wolfgang
>>
>> "Paul Hinsberg" <paulhins(antispam)@comcast.net> schrieb im Newsbeitrag
>> news:E6D7F20D-F91B-4DD0-98F7-24658270EF78@xxxxxxxxxxxxxxxx
>> > That would be the expected behavior. I would suspect that the GPO and
>> > replication must be current as well as the time properly synchronized
>> > between
>> > the DCs, otherwise the GPO may be acquired from another server consider
>> > more
>> > up to date.
>> > --
>> > Paul Hinsberg
>> >
>> >
>> > "Wolfgang Scholz" wrote:
>> >
>> >> i solved the problem with dcdiag. the problem was the version of
>> >> dcdiag.exe.
>> >> when i use the version of the support tools for 2003 sp1 every test is
>> >> passed now.
>> >> regarding my problem with the sites, if i get you right than it would
>> >> be
>> >> normal behavior for the client getting the computer policies from a dc
>> >> of
>> >> the same site as the client ?
>> >>
>> >> regards
>> >>
>> >> wolfgang
>> >>
>> >>
>> >> "Wolfgang Scholz" <Wolfgang.Scholz@xxxxxxx> schrieb im Newsbeitrag
>> >> news:OJLlT2u2FHA.3300@xxxxxxxxxxxxxxxxxxxxxxx
>> >> > hi ulf and paul,
>> >> >
>> >> > thanks for the quick reply. i checked the dns and here everything is
>> >> > OK. i
>> >> > can resolve the dc´s forward and reverse and the servers are
>> >> > advertising
>> >> > themselves in the zone. where i have a problem is with dcdiag. when
>> >> > i
>> >> > run
>> >> > dcdiag i get the following errors:
>> >> >
>> >> > Performing initial setup:
>> >> > [m-s-dc02] Directory Binding Error -2146892976:
>> >> > The system detected a possible attempt to compromise security.
>> >> > Please
>> >> > ensure that you can contact the server that authenticated you.
>> >> > This may limit some of the tests that can be performed.
>> >> > Done gathering initial info.
>> >> >
>> >> > Doing initial required tests
>> >> >
>> >> > Testing server: Muenchen\M-S-DC02
>> >> > Starting test: Connectivity
>> >> > [M-S-DC02] DsBindWithSpnEx() failed with error -2146892976,
>> >> > The system detected a possible attempt to compromise
>> >> > security.
>> >> > Please ensure that you can contact the server that authenticated
>> >> > you..
>> >> > ......................... M-S-DC02 failed test Connectivity
>> >> >
>> >> > the rest of the tests is fine. my dc´s are windows 2003 with sp1. i
>> >> > found
>> >> > an article at microsoft (
>> >> > http://support.microsoft.com/kb/898060/en-us )
>> >> > regarding a problem but reinstalling that hotfix does not help.
>> >> >
>> >> > regards and thanks
>> >> >
>> >> > wolfgang
>> >> >
>> >> > "Ulf B. Simon-Weidner [MVP]" <nospam2-ulf@xxxxxxxxxxxxxxxxxx>
>> >> > schrieb
>> >> > im
>> >> > Newsbeitrag
>> >> > news:DDB451E7-BE53-42FE-BAFE-E85E62589A6B@xxxxxxxxxxxxxxxx
>> >> >> Hi Wolfgang,
>> >> >>
>> >> >> apart from the suggestions from Paul, make sure that both servers
>> >> >> advertise
>> >> >> themselves in DNS in the zone yourdomain.com with a (same as above)
>> >> >> record
>> >> >> pointing to both servers.
>> >> >>
>> >> >> --
>> >> >> Gruesse - Sincerely,
>> >> >>
>> >> >> Ulf B. Simon-Weidner
>> >> >> Blog: http://msmvps.com/ulfbsimonweidner
>> >> >>
>> >> >>
>> >> >> "Wolfgang Scholz" wrote:
>> >> >>
>> >> >>> Hi everybody,
>> >> >>>
>> >> >>> i have an issue with Sites i don´t understand but maybe somebody
>> >> >>> here
>> >> >>> can
>> >> >>> shed a light on this. We have let´s say 2 Sites here, Site A with
>> >> >>> a
>> >> >>> Domain
>> >> >>> Controller A and Site B with a Domain Controller B. Client A is in
>> >> >>> the
>> >> >>> Subnet Range of Site A. When i boot Client A and check with
>> >> >>> Ethereal
>> >> >>> whats
>> >> >>> going on i see something surprising. After the NBNS Registration
>> >> >>> Packets
>> >> >>> i
>> >> >>> see a DNS Query for
>> >> >>> SRV_ldap.tcp.SiteA._sites.dc._msdcs.global.fjh.com .
>> >> >>> So
>> >> >>> far so good, but later when the Client is getting the Computer
>> >> >>> Policy
>> >> >>> i
>> >> >>> see
>> >> >>> in Ethereal that the Client gets this from Domain Controller B in
>> >> >>> Site
>> >> >>> B.
>> >> >>> This is not what i expected. I expected the Client getting all the
>> >> >>> sysvol
>> >> >>> Stuff from Domain Controller A in Site A. Is this behavior normal
>> >> >>> or
>> >> >>> is
>> >> >>> maybe something misconfigured ? The logon of a User is
>> >> >>> authenticated
>> >> >>> by
>> >> >>> the
>> >> >>> Domaincontroller A in Site A. I checked the Configuration of the
>> >> >>> Sites
>> >> >>> an
>> >> >>> the Domain Controllers are in the correct Sites.
>> >> >>>
>> >> >>> Thanks for the Help
>> >> >>>
>> >> >>> regards
>> >> >>>
>> >> >>> Wolfgang
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >
>> >> >
>> >>
>> >>
>> >>
>>
>>
>>
.
- Follow-Ups:
- Re: Site Question
- From: Ulf B . Simon-Weidner [MVP]
- Re: Site Question
- References:
- Re: Site Question
- From: Paul Hinsberg
- Re: Site Question
- From: Wolfgang Scholz
- Re: Site Question
- From: Ulf B. Simon-Weidner [MVP]
- Re: Site Question
- Prev by Date: Re: Active directory ports..
- Next by Date: Shared Documents disappears after joining a domain!
- Previous by thread: Re: Site Question
- Next by thread: Re: Site Question
- Index(es):
Relevant Pages
|
