Re: No DC in Active Directory
- From: Preston <Preston@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 1 Aug 2007 13:40:00 -0700
Yet - Very weird indeed. The DCdiag passed everything but the event log
review which showed I had errors within the last 24 hours. Everything else
passed on both DCs. When i open ADUC on DC2 and connect to DC1 or DC2, it
shows the objects. When I do the same thing on DC2, it doesn't show objects
in either DC! or DC2. So, DC2 can see objects in both DCs, but DC1 cannot
see objects in either. Things seem to be working, but this is very strange.
The securiey settings appear to be the same on both. Thanks, any other ideas?
Preston
"Harj" wrote:
On Aug 1, 1:40 pm, Preston <Pres...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:.
Harj, I took my chances and did your suggestions just now without incident.
I still show no computers or DCs in AD Computers and Users on Srvr1 and they
all show up on Srvr2. Srvr2 can still get to internet and resolve DNS as
does Srvr1. Srvr2 has been getting DSN errors for some time, probably caused
by the outside numbers being present. Any other suggestions why the DCs
don't show up on Srvr1? Thanks
"Harj" wrote:
On Aug 1, 12:00 pm, Preston <Pres...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Thanks for respons.
Only two of them are DCs. The third is a member server hosting Exchange
Server 2007. The primary DC points to itself as the DNS. The second server
points to an outside DNS server1st, itself second, and the primary third (I
have no idea why). My concern with your suggestion is that the primary DC is
the one that does not show any computers or DCs in AD computers and users,
but the second one shows both. They both show up as GCs in both servers. I
will try your suggestions, thanks.
My next question is whether it is safe to perform these functions during
working hours with users logged onto the servers or is this something that
will require a system restart and knock everyon off? Thanks again for help.
Awaiting reply.
Preston
"Harj" wrote:
On Aug 1, 1:06 am, Preston <Pres...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
I have 3 servers of which the newest is an Exchange Server 2007 running on
Windows 2003 x64 Server. The other two are Windows 2003 Server 2003 w/SP1.
I just installed the Exchange Server. Prior to that, things seemed to be ok.
However, the first server (Srvr1) now shows no DCs in the Active Directory
when I go to AD users and computers. Also, no computers show up in that
display either. On Srvr2 which is in a different city connected via a
SonicWall VPN, both servers, DCs and computers show up in the AD users and
computers display. When I restart Srvr1, I get the following message: Net
Service Configuration. The specified service does not exist as an installed
service. The even log has two items of interest. They are below. Any help
is appreciated.
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13509
Date: 7/30/2007
Time: 3:00:21 PM
User: N/A
Computer: NSRSRVR1
Description:
The File Replication Service has enabled replication from NSRSRVR2 to
NSRSRVR1 for c:\windows\sysvol\domain after repeated retries.
and
Event Type: Error
Event Source: NTDS Replication
Event Category: DS RPC Client
Event ID: 2087
Date: 7/29/2007
Time: 7:58:23 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: NSRSRVR1
Description:
Active Directory could not resolve the following DNS host name of the source
domain controller to an IP address. This error prevents additions, deletions
and changes in Active Directory from replicating between one or more domain
controllers in the forest. Security groups, group policy, users and computers
and their passwords will be inconsistent between domain controllers until
this error is resolved, potentially affecting logon authentication and access
to network resources.
Source domain controller:
nsrsrvr2
Failing DNS host name:
569aeef5-961f-4b7c-b524-b908d6402b77._msdcs.nsrnet.local
NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour
period, even if more than 10 failures occur. To log all individual failure
events, set the following diagnostics registry value to 1:
Registry Path:
HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client
User Action:
1) If the source domain controller is no longer functioning or its
operating system has been reinstalled with a different computer name or
NTDSDSA object GUID, remove the source domain controller's metadata with
ntdsutil.exe, using the steps outlined in MSKB article 216498.
2) Confirm that the source domain controller is running Active directory
and is accessible on the network by typing "net view \\<source DC name>" or
"ping <source DC name>".
3) Verify that the source domain controller is using a valid DNS server for
DNS services, and that the source domain controller's host record and CNAME
record are correctly registered, using the DNS Enhanced version of DCDIAG.EXE
available onhttp://www.microsoft.com/dns
dcdiag /test:dns
4) Verify that that this destination domain controller is using a valid DNS
server for DNS services, by running the DNS Enhanced version of DCDIAG.EXE
command on the console of the destination domain controller, as follows:
dcdiag /test:dns
5) For further analysis of DNS error failures see KB 824449:
http://support.microsoft.com/?kbid=824449
Additional Data
Error value:
11004 The requested name is valid, but no data of the requested type was
found.
Hi,
Where are the three DC's pointed to for DNS?
Event 13509 is no biggie as it states it has finally enabled
replication. We would just want to find out why it takes time between
the 13508 and the 13509.
Three DC's I would point all of them to the PDC for primary and
themselfs for secondary. Flush and reregister dns and restart the net
logon service on all of them.
Verify they are all Global Catalog servers also
Good Luck
Harj Singh
Power Your Active Directory Investment
www.specopssoft.com-Hide quoted text -
- Show quoted text -
Hi,
Well there is not reboot required and I have done changes like this
many of times in a live environement but better safe than sorry.
As long as the rest of the clients are pointed to an authoritative DNS
server for your domain they should not be affected
I am not sure how your "second" DC is functioning correctly pointed to
an outside DNS server..weird.
I would change it to point to the primary and itself for secondary.
Remember this does not require a reboot but will require to run the
following
ipconfig /flushdns & ipconfig /registerdns & net stop netlogon & net
start netlogon.
Good Luck
Harj Singh
Power Your Active Directory Investment
www.specopssoft.com- Hide quoted text -
- Show quoted text -
Hi,
Very weird indeed. Do we get any errors on DC1?
Please run Dcdiag /v on DC1 and pipe it out to a file.
Look for any errors within the Dcdiag log.
You can also run an netdiag /v and look for errors.
If you open up ADUC on DC2 and right click Active Directory Users and
Computers up top, connect to DC1, can you see any objects?
How about doing it the other way, open ADUC on DC1 and connect to DC2.
Are the permissions the same from both domain controllers when you
rightclick your domain, properties, security within ADUC?
Good Luck
Harj Singh
Power Your Active Directory Investment
www.specopssoft.com
- References:
- No DC in Active Directory
- From: Preston
- Re: No DC in Active Directory
- From: Harj
- Re: No DC in Active Directory
- From: Preston
- Re: No DC in Active Directory
- From: Harj
- Re: No DC in Active Directory
- From: Preston
- Re: No DC in Active Directory
- From: Harj
- No DC in Active Directory
- Prev by Date: Re: Login Script
- Next by Date: Re: Maximum length of user names?
- Previous by thread: Re: No DC in Active Directory
- Next by thread: Re: Windows Startup Problems
- Index(es):
Relevant Pages
|
