Active Directory shuts down??

[Alfonso]

It´s been a few days since I have observed that I get a
message from Windows telling me it cannot open Active
Directory because the server is not operational. After
that, DNS server stops responding (as it is integrated in
Active Directory), Veritas Backup program can´t make
backups and the Application Registry in the Event Viewer
floods with events with ID 1000 and origin in UserEnv,
saying that Windows cannot determine the computer´s name
or user...

If I reboot the server, everything seems to be working
good but fails in a few hours time.

Any suggestions on why this is happening and how I can
solve this situation?

Best regards,
Alfonso

 

[Cary Shultz [A.D. MVP]]

Alfonso,

I might make sure that you have a good antivirus scan ( possibly try
http://housecall.trendmicro.com - it will take a long time probably so do it
after hours ) and possibly install the Support Tools from the WIN2000
Service Pack CD or the microsoft web site and run dcdiag /e /c /v and
netdiag /v for starters.

Also, have you taken a look at http://www.eventid.net for some possible
solutions to the 1000 errors?

Hope that this is a good starting point for you!

Cary


It´s been a few days since I have observed that I get a
message from Windows telling me it cannot open Active
Directory because the server is not operational. After
that, DNS server stops responding (as it is integrated in
Active Directory), Veritas Backup program can´t make
backups and the Application Registry in the Event Viewer
floods with events with ID 1000 and origin in UserEnv,
saying that Windows cannot determine the computer´s name
or user...

If I reboot the server, everything seems to be working
good but fails in a few hours time.

Any suggestions on why this is happening and how I can
solve this situation?

Best regards,
Alfonso

 

[Enkidu]

It´s been a few days since I have observed that I get a
message from Windows telling me it cannot open Active
Directory because the server is not operational. After
that, DNS server stops responding (as it is integrated in
Active Directory), Veritas Backup program can´t make
backups and the Application Registry in the Event Viewer
floods with events with ID 1000 and origin in UserEnv,
saying that Windows cannot determine the computer´s name
or user...

If I reboot the server, everything seems to be working
good but fails in a few hours time.

Any suggestions on why this is happening and how I can
solve this situation?

Does your server have a static address?

Cheers,

Cliff

 

[Alfonso]

Yes, the server has a static IP adress.

I´ll try to run dcdiag to see what problems it relates on
the DC.

I´ve seing some events in the Event Viewer regarding
errors on DNS operations. May it have something to do
with the problem?

Best regards,
Alfonso

-----Original Message-----

 

[Enkidu]

Do the properties on the NIC for DNS point only to itself on the
server? Do the properties on the NIC on the client point only to the
server for DNS? Is this server the only DC or are there others?

Cheers,

Cliff

Yes, the server has a static IP adress.

I´ll try to run dcdiag to see what problems it relates on
the DC.

I´ve seing some events in the Event Viewer regarding
errors on DNS operations. May it have something to do
with the problem?

Best regards,
Alfonso

 

[Alfonso]

This server is the only DC and both thee server and the
clients have the server´s IP as first DNS server
(effectivly, the DC is the DNS server).

All of them also point to the ISP addresses in DNS
configuration for Internet access purposes.

Best regards,
Alfonso

-----Original Message-----

Do the properties on the NIC for DNS point only to itself on the
server? Do the properties on the NIC on the client point only to the
server for DNS? Is this server the only DC or are there others?

Cheers,

Cliff

 

[ptwilliams]

"All of them also point to the ISP addresses in DNS configuration for
Internet access purposes"

This is bad. Don't do this. Either allow your internal DNS server to
resolve external names through it's root hints, or configure a forwarder in
DNS (unless you have a proxy and want to do external resolution that way).

--

Paul Williams
_________________________________________
http://www.msresource.net - Under construction, but coming soon...


Join us in our new forums!
http://forums.msresource.net
_________________________________________


This server is the only DC and both thee server and the
clients have the server´s IP as first DNS server
(effectivly, the DC is the DNS server).

All of them also point to the ISP addresses in DNS
configuration for Internet access purposes.

Best regards,
Alfonso

-----Original Message-----

Do the properties on the NIC for DNS point only to itself on the
server? Do the properties on the NIC on the client point only to the
server for DNS? Is this server the only DC or are there others?

Cheers,

Cliff

 

[Enkidu]

Hi Alfonso,

As Paul says, this may be your problem. This is a common
misconfiguration. All clients (and the server when it needs to resolve
an address for itself - in other words when it acts as a client.)
should *only* query the DNS on the server for addresses, both internal
and external. It is the DNS server's job to refer on the requests from
the clients to the outside world through the forwarders option in the
DNS console.

The reason is the way that the clients work. When you define two
addresses in a clients DNS settings, it *always* uses the first entry
first. If the first DNS responds, it *never* uses the second. If the
first DNS server is the internal one, and it is queried for an
external address it may return a "not found" or a "timeout" from a
server that it has queried, but the important point is that it returns
a response, even if it is a *negative* response. The second server
(the ISP one) is never used.

If however the server *doesn't* return a response for some reason,
then the second server is used. Windows 2000 will also promote this
server to the first server and demotes the second. Bingo! Whereas
before you could see the internal network, but not the external
network, now you can see ontly the external network, since you are now
using the ISP's server.

The configuration that works is the one I suggested above - configure
all clients' NIC's DNS entries to be the internal DNS server(s). This
also includes the server itself which can act as a client, for example
when you use a browser to visit WindowsUpdate. Use the DNS console to
configure forwarders, so that requests from clients get passed out to
the ISP's DNS servers.

Cheers,

Cliff

{MVP Directory Services}

This server is the only DC and both thee server and the
clients have the server´s IP as first DNS server
(effectivly, the DC is the DNS server).

All of them also point to the ISP addresses in DNS
configuration for Internet access purposes.

Best regards,
Alfonso