AD Cluster Broke?

[Willard]

We have 2 2000 AD servers setup in a cluster that was
setup by another administrator (no longer working with
company). Server A we can access. Server B we cannot
access (says access denied). When trying to logon to
console of Server B, the only domain that shows up as
available is the AD domain -> not any of the trusted
domains and it doesn't allow us to log on locally (says
username or password is incorrect). Taking a look at the
DNS config of Server A, the DNS settings were pointing to
Server B (who's DNS is no longer responding and doesn't
appear to be running - no listening on port 53). Server A
is also running DNS - so in order to manage the AD
domain, I repointed the DNS settings on Server A to
itself. I am now able to manage AD domain from Server A,
but still cannot log on to Server B. It looks like Server
B can't find the AD domain. Any suggestions on where to
fix this issue on Server B?

Thanks.

 

[David Adner]

First of, are you certain they were clustered? Like, both are running
Windows 2000 Advanced Serve (not just standard Server) and the Microsoft
Cluster Service was installed and configured? Both servers would also
need to be connected to a shared disk subsystem (either shared SCSI or
fibre disks). I ask because DC's aren't typically clustered.

Second, what errors do you see in ServerA's Event Logs regarding
ServerB?

And third, just in case, do you happen to know the DS Restore Password
for ServerB? This password would have been assigned when the server was
promoted to be a DC. It may have been changed afterwards, too, but the
point is it may not necessarily be the same password as the Domain's
Administrator account.

 

[Willard]

They are running Advanced Server and clustered. Cluster
manager just shows Server A so Im not sure if it was
fully configured, and Server A cannot resolve the FQD of
Server B via DNS. Unfortuneatly, I do not know the DS
Restore password. In the Directory Service event log of
Server A I see the following message:

The attempt to establish a replication link with
parameters

Partition: CN=Schema,CN=Configuration,DC=MyDomain
Source DSA DN: CN=NTDS
Settings,CN=ServerB,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=MyDomain
Source DSA Address: 9df5f967-1221-4441-8541-
1139b813ce76._msdcs.MyDomain
Inter-site Transport (if any):

failed with the following status:

The DSA operation is unable to proceed because of a DNS
lookup failure.

The record data is the status code. This operation will
be retried.

Thanks.