Re: SBS2003 + tombstoned WIN2K DC

jdr.smith@xxxxxxxxxx wrote:
On 3 Oct, 16:42, "kj [SBS MVP]" <KevinJ....@xxxxxxxxxxxxxxxxxx> wrote:
jdr.sm...@xxxxxxxxxx wrote:
If I ping domain.local I get a response from the IP of the
tombstoned DC not the SBS2003.

Jim.

Time to break out the AD tools (DCDiag, Netdiag) and see what's up.

dcdiag /c / v
and
netdiag

from both servers and post if needed.

SBS2003 DCDIAG servername changed to XYZ etc etc >

Domain Controller Diagnosis

Testing server: Default-First-Site-Name\XYZ-SERVER
The last success occurred at 2006-10-22 15:56:20.
16941 failures have occurred since the last success.
Last replication recieved from WIN2K at 2006-10-22
15:56:20.
WARNING: This latency is over the Tombstone Lifetime
of 60 days!
Warning: DsGetDcName returned information for \
\WIN2K.XYZGB.local, when we were trying to reach XYZ-SERVER.
KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2609 to 1073741823
* XYZ-server.XYZGB.local is the RID Master
* Warning :There is less than 0% available RIDs in the
current pool

END....

Any ideas ?

Well your DC's haven't been fully replicating in over a year. You've likely
got some work to do.

First you'll need to demote the 2nd DC (NOT the SBS server), repromote (if
you want to continue with 2 DCs), and verify replication is *100%* before
proceeding.

Next, you'll have to cleanup all the leftover problems from having two out
of sync copies of AD for so long. You likely will have computer accounts
that have changed password with one DC that never replicated to the SBS
server. These computers will need to be rejoined (probably not necessary to
use /connectcomputer if the computer shows up in the SBS server.

You'll probably have issues with user accounts and stale passwords and/or
other attributes that have changed over the last year.

Probably other things as well.

Lesson of the story, if you are going to run more than 1 DC (especially true
in SBS) you must verify replication at least once a month. (A clean run of
dcdiag is the best bet, but repadmin can also be used)




Jim.

--
/kj


.

Relevant Pages

  • Re: Windows 2003 Help
    ... Connecting to directory service on server tgcs001. ... The replication generated an error: ... Error Record 1, ProcessID is 1588 (DcDiag) ... established connection failed because connected host has failed to respond. ...
    (microsoft.public.windows.server.general)
  • Cant find DC after running DCPROMO
    ... I have a windows 2000 server with two NIC's. ... Netdiag and dcdiag disagree. ... List of NetBt transports currently configured: ...
    (microsoft.public.windows.server.active_directory)
  • Re: Windows 2000 Server Replication Problem
    ... I don't know what your settings are but providing the info I requested can ... min.All other thing i can do other than replication. ... Run dcdiag, netdiag and repadmin in verbose mode. ... I am having windows server 2000 Replication problem as follows ...
    (microsoft.public.win2000.active_directory)
  • Re: Windows 2000 Server Replication Problem
    ... Just because you can ping a remote site doesn't mean that you can ... If you don't have the support tools installed, install them from your server ... Run dcdiag, netdiag and repadmin in verbose mode. ... I am having windows server 2000 Replication problem as follows ...
    (microsoft.public.win2000.active_directory)
  • Re: Login issues for Active Directory Users. Unsure of root cause
    ... Run dcdiag, netdiag and repadmin in verbose mode. ... the PCs or Server. ... Directory/Shared folders for the roaming profiles permissions nixed? ...
    (microsoft.public.windows.server.active_directory)