Active Directory Domain Controller Access and Replication Problems

[Guest]

We have a pair of redundant Windows 2000 Servers both running as Domain Controllers in the same domain. The machines have been replicating and running together for over 6 months however they were recently shipped OS, and only one was running by itself for some weeks. Now the machines will not sync the AD. Domain login is possible to either server from workstations in the domain, but the servers cannot see each other and only the server that provided the login is visible from the workstations.

The passwords are identical and unchanged and both servers login ok on the domain. The Domain Controller entries look ok on both servers from the AD Users and Computers Console, and nslookup seems to work fine. The remote management consoles can be opened, but any attempt to view files or open shared folders results in Error 5 Access is denied. The system event log is reporting incorrectly signed time stamps from the other controller. It seems to be a machine level authentication problem - any ideas?

We have run a number of the Server Support Utilities, but have nothing conclusive yet..

 

[Chriss3]

What dose the output of the follow command line based tool gives you with
the syntax below:

repadmin /showreps /v

Sync the time between the controllers.

--
Regards
Christoffer Andersson

No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips

We have a pair of redundant Windows 2000 Servers both running as Domain

Controllers in the same domain. The machines have been replicating and
running together for over 6 months however they were recently shipped OS,
and only one was running by itself for some weeks. Now the machines will not
sync the AD. Domain login is possible to either server from workstations in
the domain, but the servers cannot see each other and only the server that
provided the login is visible from the workstations.

The passwords are identical and unchanged and both servers login ok on the

domain. The Domain Controller entries look ok on both servers from the AD
Users and Computers Console, and nslookup seems to work fine. The remote
management consoles can be opened, but any attempt to view files or open
shared folders results in Error 5 Access is denied. The system event log is
reporting incorrectly signed time stamps from the other controller. It seems
to be a machine level authentication problem - any ideas??

 

[Guest]

Thanks Chri

Found relevant technotes last night, 216393 and 260575, I used the netdom command to reset the Domain password, and the controllers are now talking again. The issue is that peer controllers must not be left disconnected for long or this problem will occur.

 

[Chriss3]

30 days if may mind is with me=)

--
Regards
Christoffer Andersson

No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips

Thanks Chris

Found relevant technotes last night, 216393 and 260575, I used the netdom

command to reset the Domain password, and the controllers are now talking
again. The issue is that peer controllers must not be left disconnected for
long or this problem will occur.

 

[Jimmy Andersson [MVP]]

30 days is absolutely correct.

Regards,
/Jimmy