Re: Weird network failure/ duplicate machine name MYSTERY, 2003 AD

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance


"markm75" <markm75c@xxxxxxx> wrote in message
news:1169838806.208092.60920@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
We had a very weird thing happen yesterday...

First off our setup is like this.. I have two DCs.. both DCs have DCHP
and DNS installed (as backups to each other), though the DHCP is a
split, say .1 to .150 and .151 to .254 etc...

Ideally the two DHCP servers offering on the same subnet will PRECISELY
DUPLICATE the scope range of addresses and then use "exclusions" to
avoid distributing duplicate addresses -- this is done to eliminate #1
NAKking
#2's requests & renewals and vice versa.

Its 2003 Active Directory.. all 5 servers have static ips, while the
clients use DCHP.

Suddenly yesterday afternoon everything went haywire.. internet
connectivity was intermittent and died.. network access died.. lots of
local workstations couldnt get an ip (limitted connectivity errors)...

What did the IPConfig /all look like (during this time)?

I first checked that both DHCP instances were running and they were.

So then I decided just to give one of the DCs a reboot (the main one,
fileserver).. that didnt fix it..

So I then decided to reboot the secondary DC (in the past, for some
weird reason, access to network drives, but not ips.. would fail and
the only fix has been to reboot the other DC machine.. I think this one
is a replication error though)...

DNS Clients (including DCs) must also use STRICTLY the INTERNAL
DNS server (set) and not be using also the ISP or a firewall/gateway DNS
server which cannot find the internal records.

So the secondary DC reboot was no good.. I checked the logs in the Main
DC and there was this error:

DNS and GCs both ok?

The browser has received a server announcement indicating that the
computer DCMAIN is a master browser, but this computer is not a master
browser.

ANY Windows computer can become Master Browser, but if the PDC
(emulator) is on that subnet it should always win the election since it is
also Domain Master Browser unless it is down. Usually DCs win but that
is not a rule if they aren't available any machine can be Master Browser
(highest rank, lastest version, etc.)

This certainly was not the case.. I'm fairly certain it was the master
browser...

On the "secondary" DC, I found this in the event logs:

A duplicate name has been detected on the TCP network. The IP address
of the machine that sent the message is in the data. Use nbtstat -n in
a command window to see which name is in the Conflict state.

So I ran the command and found that an ip address ending in .47 was
showing the same computer name as the secondary server!

I was shocked to find after some research that this secondary ip
address, at least earlier that day, belonged to my second PC in my
office, which I hadnt touched in forever, but was on.. its machine name
was not the same as the secondary DC...

I shut this machine off, then rebooted both DCs again and all returned
to normal!

I'm at a loss as to how this could have happened.

Somebody or the DHCP server gave it that address.

On that secondary DC I did find this in the error log too:

MS DTC could not correctly process a DC Promotion/Demotion event. MS
DTC will continue to function and will use the existing security
settings. Error Specifics: %1

I had never tried to demote the secondary DC either.

There was this autoenrollment error too (Eventid 13):
Automatic certificate enrollment for local system failed to enroll for
one Domain Controller certificate (0x80070005). Access is denied.


At this point everything is still fine, though on the secondary I do
have these 2 messages:

Windows cannot query for the list of Group Policy objects. Check the
event log for possible messages previously logged by the policy engine
that describes the reason for this.

EventID 1030,

and

EventID 1058, windows cannot access the file gpt.ini in GPO etc.

I did find one article stating to do a reset on the winsock catalog and
reboot.. I tried this, havent rebooted to see if it clears the issue.

Perhaps this is related to my duplicate machine thing:

I am getting this from time to time:

The DHCP service encountered the following error while cleaning up the
database:
An error occurred while accessing the DHCP database. Look at the
DHCP server event log for more information on this error.

EventID 1010

As well as EventID 1016 and 1014.


If anyone knows of a reason as to how this may have happened that would
be great :)



.

Relevant Pages

  • Re: DC RAID Configuration
    ... DNS is kind of a case of you generally have to do it, but if I have a choice, I won't put that on DCs either, especially in larger orgs, I tend to prefer DNS on UNIX especially if I need to do a lot of delegation to other admins. ... Just for your info the DCs will all host DNS and most likely DHCP too. ... ship disks to remote geographic locations to keep the servers up. ...
    (microsoft.public.win2000.active_directory)
  • Re: What needs to be transfered to new Domain Controller
    ... I forgot to mention that this is one of our child domains, with 2 DCs running ... I am using AD-int DNS. ... Please describe first the roles your servers have now, DNS, DHCP, Exchange ...
    (microsoft.public.windows.server.general)
  • RE: Adding a new Windows 2003 DCs to existing Windows 2000 domain
    ... Our end goal is to migrate all our DCs to 2003 to take ... DNS sounds like it should be ok and I have used the DHCP backup and restore ... > you install AD-integrated DNS on 2k3, this process will auto replicate DNS ...
    (microsoft.public.windows.server.migration)
  • Re: PRIMARY DNS SERVER DOWN - NOW FRS BROKEN
    ... As a result, AD users/computers is different ... You had four DCs but only one had DNS installed? ... shutdown both at the same time, reboot them at least one hour apart from ...
    (microsoft.public.windows.server.dns)
  • Re: ubuntu 6.10: Problem with DNS configuration...
    ... the DNS I write ... nameserver 80.10.246.3 ... And after a reboot, ... DHCP always rewrites your resolv.conf unless you explicitly prevent it ...
    (Ubuntu)