RE: I just inherited a Windows 2k3 domain filled with NETLOGON err

Tech-Archive recommends: Speed Up your PC by fixing your registry

I agree. We do need to add another DC, but buying anything is difficult when
you work for the government. I am going to give the system restore a shot.
Thanks.

"Manny Borges" wrote:

> You need another dc. There is no ifs ands or buts about it. get a cheapo
> desktop and make it a dc, then you can proceed. if you have 80 locations, you
> should generally have 80 dcs. i know some would disagree with me, but I have
> just had too many issues when I have broken that rule.
>
> "indelljo" wrote:
>
> > Actually, we don't have other DC's. The domain was originally setup for
> > Exchange. The DCs are the exchange servers, that is why they are clustered.
> > We have only recently added the PCs. Things were set up strangley here. Can
> > I assume that without other functioning DC's the new items can't be
> > recovered? Is there another way it can be done?
> >
> > "Manny Borges" wrote:
> >
> > > Clustered DCs. Interesting. Not a wise expenditure of resources usually, but
> > > interesting. I have found that with AD its easier to get more DCS and simply
> > > design a correct site topology than to get something that is incredibly
> > > powerful. A new proliant with 2 2.4s and four GB of ram and a nice NIC team
> > > doesn't even blink at servicing 20k users. By all means cluster web front
> > > ends, databases over 8GB, and other heavy hit resources. But IMHO clustering
> > > domin controllers is a usually unneeded.
> > >
> > > But thats beside the point.
> > >
> > > The answer to your question, no, the new objects will not be lost. When
> > > syncroization occurs ( I am assuming you have more DCS) then the objects will
> > > be added to the restored dc and the previously deleted objects that have had
> > > thier sequence numbers updated will untombstone the objects from your current
> > > AD.
> > >
> > > "indelljo" wrote:
> > >
> > > > They are in the same OU, but we have added several objects since we started
> > > > getting the errors. Won't a restore wipe out the new additions? Also, our
> > > > DC's are in a cluster. How would this effect restore? I am new to managing
> > > > a domain, so I appreciate the help.
> > > >
> > > > "Manny Borges" wrote:
> > > >
> > > > > One domain right? Why would you need to send anyone out?
> > > > >
> > > > > In any case, do an authoritative restore of the AD from a system state back
> > > > > up that still has the acounts. If they are all in one OU then you job is
> > > > > pretty straight foward. If not then a little more involved.
> > > > >
> > > > > Reboot into ad resore mode, restore a system state back up from "good" time"
> > > > > and use the ntdsutil to mark those sequence numbers up.
> > > > >
> > > > > "indelljo" wrote:
> > > > >
> > > > > > Errors include:
> > > > > >
> > > > > > Evevt ID 5805
> > > > > > The session setup from the computer computername failed to authenticate. The
> > > > > > following error occurred:
> > > > > > Access is denied.
> > > > > >
> > > > > > Event ID 5719
> > > > > > This computer was not able to set up a secure session with a domain
> > > > > > controller in domain domainname due to the following:
> > > > > > There are currently no logon servers available to service the logon request.
> > > > > > This may lead to authentication problems. Make sure that this computer is
> > > > > > connected to the network. If the problem persists, please contact your domain
> > > > > > administrator.
> > > > > >
> > > > > > Event ID 5723
> > > > > > The session setup from computer 'computername' failed because the security
> > > > > > database does not contain a trust account 'computername$' referenced by the
> > > > > > specified computer.
> > > > > >
> > > > > > We have 30+ PC's that just dropped off the domain, their accounts are no
> > > > > > longer in ADU&C without anyone deleting them. Is there anything I can do
> > > > > > besides sending people out (we have 80 locations) to readd them to the domain?
.

Relevant Pages

  • Re: removal of one of my AD-Integrated DNS servers
    ... I am not sure if this is the correct spot for this post. ... am concerned about complications in performing an full system restore ... My thought was to wipe the upgraded DCs clean and install 2003 ... Both upgraded systems are running Active Directory Integrated DNS as ...
    (microsoft.public.win2000.dns)
  • Re: Bandwidth use between two Exchange Servers
    ... between the Exchange servers with this scenario is just mail traffic. ... DCs generate alot of traffic as well. ... Microsoft Windows MVP - Active Directory ...
    (microsoft.public.exchange2000.admin)
  • Verifying Exchange connectivity?
    ... Look for the Outlook icon next to the clock ... >1) Test Global Catalog response times? ... >I've run perfmon on all of our DCs and Exchange servers. ... On the DCs I've seen no abnormal CPU times or LSASS ...
    (microsoft.public.exchange2000.active.directory.integration)
  • Re: Verifying Exchange connectivity?
    ... > No emails please. ... >> 1) Test Global Catalog response times? ... >> I've run perfmon on all of our DCs and Exchange servers. ... On the DCs ...
    (microsoft.public.exchange2000.active.directory.integration)
  • FE/BE
    ... I am in the midst of configuring a FE to my exchange BE. ... two W2K DCs with GC and two exchange servers (E2K on ... point of of entry for the BE exchange servers. ...
    (microsoft.public.exchange.misc)