Re: Number of GC servers
- From: "Adrian Marsh (NNTP)" <marsh_removeme_@xxxxxxxxxx>
- Date: Thu, 27 Apr 2006 15:49:50 +0100
Hi Hutch,
DNS is handled by corporate (non-microsoft) servers. I think these are
OK, as I've had major problems in the past, and have run every test
conceivable against them.
I found the GC tickbox, and then I've also added all the GC DNS entries
into the DNS servers for the new GC. I'm not quite sure how to test it
though.
I've rebooted both GCs (independently, 20 mins apart). But I still get
problems with the accounts.. For example:
If I logon to cmpq02,cmpq04, as "labserver" (a generic account, that is
part of the local Administrators group, set by GPO) via Terminal
Services, then I get told I told have that "You do not have access to
this logon session". If I logon at the console, I can login, but I
cannot shutdown the server. Its as though the user has lost the admin
rights.
On dell04, and cmpq06 however, I can login as labserver ok via TS, and
have no problems executing reboots. I see nothing in cmpq02/04s event
logs about netlogon.
I'm completely bemused as to what is causing it. I need a way to check
the status of the "labserver" userid within the GPO - I was thinking of
re-creating the account, but I'm not sure of the knock-on this might have.
A.
Hutch wrote:
There is one negative to have multiple GC's in the same location, and that is.
replication traffic. However, I have 2 GC's in my main office, and have not
noticed anything major. I sleep better knowing that my GC is backed up,
especially since we did some custom schema modifications.
To make the other DC a GC...DO NOT dcpromo. Go to Active Directory Sites &
Services, select the DC you want to make a Global Catalog..go to it's NTDS
settings, right click, properties, put a check mark in Global Catalog. Once
there, it will automatically replicate with your other DC.
As for your other errors...that does sound like a DNS problem. When you do
a nslookup and type the name of your domain controller, what response do you
get??
I am also assuming your other DC has DNS running as well??
"Adrian Marsh (NNTP)" wrote:
Ok... that sounds good, as my main GC is now giving some strange errors
after a controlled power-down last night, and I've several client
(server class) machines that are giving very strange behaviours:
- Users that were admins before, now don't get admin rights
- Accessing the domain via "\\domain" no longer works internally (but
DNS is all ok)
DCDIAG checks out as all ok, but I now get the below message in the GCs
event log:
So - next question - how do I make my second DC a GC as well
(DCpromo??). I guess I need to update DNS (its a private/controlled
non-MS DNS system), and add A records for the new gc. What else should
I add? Does the original GC need to be 100% operational first ?
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 27/04/2006
Time: 11:50:58
User: NT AUTHORITY\SYSTEM
Computer: SWOCMPQ01
Description:
Windows cannot access the file gpt.ini for GPO The file must be present
at the location <>. (). Group Policy processing aborted.
Serkan Varoglu wrote:
All GC
- Follow-Ups:
- Re: Number of GC servers
- From: Hutch
- Re: Number of GC servers
- References:
- Number of GC servers
- From: Adrian Marsh (NNTP)
- Re: Number of GC servers
- From: Adrian Marsh (NNTP)
- Number of GC servers
- Prev by Date: Re: Net time
- Next by Date: Re: RID Master Problem
- Previous by thread: Re: Number of GC servers
- Next by thread: Re: Number of GC servers
- Index(es):
Relevant Pages
|
