Can't Logon when "BDC" is down

[Jason]

I am having a wierd issue where my workstations can't logon when my BDC
is offline, even though the server that remains online is the RID
Master, PDC, and Infrastructure Master. DHCP is also running on this
server, and won't lease addresses either, so obviously something is wrong.

Can somebody point me in the right direction for starting to
troubleshoot this problem? I'm new to AD and just getting my feet wet.

Thanks,
Jason

 

[Cary Shultz [A.D. MVP]]

Jason,

Welcome to the wonderful world of Windows 2000 Active Directory! It is a
huge beast that is going to take some time to learn. You will become very
frustrated at times! And this is a good thing! That means that you are
digging deeper and deeper into the belly of the beast! Or, it might also
mean that you are encountering something that you just do not know! Enter
the newsgroups. We have all been there and will gladly help you.

Anyway, to your question.

To address the 'roles' that you mentioned. There are actually five of them:
the Schema Master, the Domain Naming Master, the PDC Emulator, the RID
Master and the Infrastructure Master. The first two mentioned are
Forest-wide roles and the last three mentioned are Domain-wide roles. I am
going to assume ( yep! going to do what you are not supposed to do ) that
you have only one domain? This would be called a single domain (tree)
forest! That is, the forest ( the big kahuna in the Active Directory
world ) is comprised of only one tree that consists of only one domain. Or,
are you in a child domain and have, thus, only the three 'domain-wide'
roles?

Is the first Domain Controller [ the one that is up when your 'BDC' is
down - these terms do not really exist anymore in the WIN2000 jargon, they
are more WINNT 4.0 terms but we all know what you mean ( which is a very
general statement and which can often lead to assumptions and completely
incorrect suggestions )] also a Global Catalog Server? I am assuming that
the 'BDC' is a Global Catalog Server as well.

Let's look at DNS. I am assuming that DNS is running on both Domain
Controllers? Is this the case? If not, on which Domain Controller is DNS
running? You will find that a healthy DNS is absolutely paramount to a
healthy Active Directory. So much is dependent upon the records found
within DNS, especially the SRV records.

Let's look at DHCP. Within DHCP you can configure 'Options'. These options
give the client additional information. So, in addition be receiving the IP
Address lease the client will also receive the router IP Address, the DNS
Server(s) Address(es), etc. Assuming that both Domain Controllers are
indeed running DNS do the clients get both IP Addresses?

Let's start with this!

HTH,

Cary

 

[Jason]

Hi Cary,

I have one forest, ca.xxx.com, and within the forest, 2 child domains
(xxpick.ca.ryder.com, and xxston.ca.ryder.com). The 2 DC's in question
are the top level DC's.

The "PDC" is sr29.ca.xxx.com and the "BDC" is mbubdc01.ca.xxx.com.

SR29 is running DHCP, configured to give the clients the DNS addresses
of both DC's.

NSLOOKUP on each DNS server yields proper results when each DC is
queried. You do mention SRV records, and I must admit, I'm a little
lost there.

As for whether the PDC is a GCS, I'm not sure how to find this out,
perhaps a little guidance here is in order.

Thanks for the help Cary,

Jason

Jason,

Welcome to the wonderful world of Windows 2000 Active Directory! It is a
huge beast that is going to take some time to learn. You will become very
frustrated at times! And this is a good thing! That means that you are
digging deeper and deeper into the belly of the beast! Or, it might also
mean that you are encountering something that you just do not know! Enter
the newsgroups. We have all been there and will gladly help you.

Anyway, to your question.

To address the 'roles' that you mentioned. There are actually five of them:
the Schema Master, the Domain Naming Master, the PDC Emulator, the RID
Master and the Infrastructure Master. The first two mentioned are
Forest-wide roles and the last three mentioned are Domain-wide roles. I am
going to assume ( yep! going to do what you are not supposed to do ) that
you have only one domain? This would be called a single domain (tree)
forest! That is, the forest ( the big kahuna in the Active Directory
world ) is comprised of only one tree that consists of only one domain. Or,
are you in a child domain and have, thus, only the three 'domain-wide'
roles?

Is the first Domain Controller [ the one that is up when your 'BDC' is
down - these terms do not really exist anymore in the WIN2000 jargon, they
are more WINNT 4.0 terms but we all know what you mean ( which is a very
general statement and which can often lead to assumptions and completely
incorrect suggestions )] also a Global Catalog Server? I am assuming that
the 'BDC' is a Global Catalog Server as well.

Let's look at DNS. I am assuming that DNS is running on both Domain
Controllers? Is this the case? If not, on which Domain Controller is DNS
running? You will find that a healthy DNS is absolutely paramount to a
healthy Active Directory. So much is dependent upon the records found
within DNS, especially the SRV records.

Let's look at DHCP. Within DHCP you can configure 'Options'. These options
give the client additional information. So, in addition be receiving the IP
Address lease the client will also receive the router IP Address, the DNS
Server(s) Address(es), etc. Assuming that both Domain Controllers are
indeed running DNS do the clients get both IP Addresses?

Let's start with this!

HTH,

Cary

I am having a wierd issue where my workstations can't logon when my BDC
is offline, even though the server that remains online is the RID
Master, PDC, and Infrastructure Master. DHCP is also running on this
server, and won't lease addresses either, so obviously something is wrong.

Can somebody point me in the right direction for starting to
troubleshoot this problem? I'm new to AD and just getting my feet wet.

Thanks,
Jason

 

[Chriss3 [MVP]]

When you waiting for Cary's complete answer.
I can help find out whatever a Domain Controller is set to be a Global
Catalog Server or not.

Use the Active Directory Sites and Services snap-in, in the Administrative
Tools folder. Expand the Sites until you locate the server that you wish to
check whatever it is a Global Catalog or not. Right-click the NTDS Settings
icon, under the server, and press Properties. On the General tab, check the
Global Catalog box. If it's checked the Domain Controller is a Global
Catalog.

--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips

Hi Cary,

I have one forest, ca.xxx.com, and within the forest, 2 child domains
(xxpick.ca.ryder.com, and xxston.ca.ryder.com). The 2 DC's in question
are the top level DC's.

The "PDC" is sr29.ca.xxx.com and the "BDC" is mbubdc01.ca.xxx.com.

SR29 is running DHCP, configured to give the clients the DNS addresses of
both DC's.

NSLOOKUP on each DNS server yields proper results when each DC is queried.
You do mention SRV records, and I must admit, I'm a little lost there.

As for whether the PDC is a GCS, I'm not sure how to find this out,
perhaps a little guidance here is in order.

Thanks for the help Cary,

Jason

Jason,

Welcome to the wonderful world of Windows 2000 Active Directory! It is a
huge beast that is going to take some time to learn. You will become
very
frustrated at times! And this is a good thing! That means that you are
digging deeper and deeper into the belly of the beast! Or, it might also
mean that you are encountering something that you just do not know!
Enter
the newsgroups. We have all been there and will gladly help you.

Anyway, to your question.

To address the 'roles' that you mentioned. There are actually five of
them:
the Schema Master, the Domain Naming Master, the PDC Emulator, the RID
Master and the Infrastructure Master. The first two mentioned are
Forest-wide roles and the last three mentioned are Domain-wide roles. I
am
going to assume ( yep! going to do what you are not supposed to do )
that
you have only one domain? This would be called a single domain (tree)
forest! That is, the forest ( the big kahuna in the Active Directory
world ) is comprised of only one tree that consists of only one domain.
Or,
are you in a child domain and have, thus, only the three 'domain-wide'
roles?

Is the first Domain Controller [ the one that is up when your 'BDC' is
down - these terms do not really exist anymore in the WIN2000 jargon,
they
are more WINNT 4.0 terms but we all know what you mean ( which is a very
general statement and which can often lead to assumptions and completely
incorrect suggestions )] also a Global Catalog Server? I am assuming
that
the 'BDC' is a Global Catalog Server as well.

Let's look at DNS. I am assuming that DNS is running on both Domain
Controllers? Is this the case? If not, on which Domain Controller is
DNS
running? You will find that a healthy DNS is absolutely paramount to a
healthy Active Directory. So much is dependent upon the records found
within DNS, especially the SRV records.

Let's look at DHCP. Within DHCP you can configure 'Options'. These
options
give the client additional information. So, in addition be receiving the
IP
Address lease the client will also receive the router IP Address, the DNS
Server(s) Address(es), etc. Assuming that both Domain Controllers are
indeed running DNS do the clients get both IP Addresses?

Let's start with this!

HTH,

Cary

I am having a wierd issue where my workstations can't logon when my BDC
is offline, even though the server that remains online is the RID
Master, PDC, and Infrastructure Master. DHCP is also running on this
server, and won't lease addresses either, so obviously something is
wrong.

Can somebody point me in the right direction for starting to
troubleshoot this problem? I'm new to AD and just getting my feet wet.

Thanks,
Jason

 

[Jason]

There was no check mark, so I have checked it to make it a GCS.

Thanks for the reply.

Jason

 

[Cary Shultz [A.D. MVP]]

Jason,

First off a big Thank you to Chriss for giving Jason the How To on the
Global Catalog Server.

And, Jason, please reboot the server - at a convenient time - after checking
that check box! I think that your problems will now be gone. It sounds
like you have a lot of things going correctly. That is good to hear.

Now, to your other question ( about the SRV records ). This is an
important part of Windows 2000 Active Directory. You will hear that you can
use any DNS ( Microsoft, Bind, whatever ) so long as that DNS supports
Dynamic Updates and SRV Records. SRV records are what clients (
essentially, all computers in your Microsoft world ) use to find 'services'.

If you open up the DNS MMC you will see that you have a Forward Lookup Zone
and possibly a Reverse Lookup Zone. We are interested in the Forward Lookup
Zone ( or FLZ ). If you click on 'yourdomain.com' you will see the usual A
records and the like. However, there are four sub-folders ( _msdcs, _sites,
_udp and _tcp ). If you navigate through them you will find that they do
not have any A records in there, but they do have a bunch of SRV records.
These are very important.

If you want, I will gladly send you an e-mail on a regular basis with some
'homework' type assignments so that you will be able to have a bit of a
guided hand in learning all this 'AD stuff'. There is a lot to it. I
really enjoy helping people learn this. I wish that I had someone helping
me back when I was first learning AD ( well, I did - the newsgroup! ).

HTH,

Cary