DC not processing logon requests

[jared]

We have AD with 2 DCs, namely G1 and G2. G1 is a global
catalog and has all 5 FSMO roles
(RID,PDC,Infrastructure,Domain Naming and Schema
Master).

We have some user profiles which are stored on G1 (it was
looking into these that brought me to where I am now). I
wanted to put in some resilience by replicating the
profiles to G2, so that if one DC went down the other
could handle authentication and profiles. However, I
have a problem.

G2 is currently processing all client authentication
requests, i.e. all users (when logging on) are getting G2
as %logonserver%. If I switch off G2, no users can log
in, I get the following error:

"No Windows NT or Windows 2000 Domain Controller is
available for domain BLAH. The following error occurred:
There are currently no logon servers available to service
the logon request."

I thought that G1 would handle these as it does, after
all, have more roles than G2. I need to be able to turn
off G2 and get G1 to handle log-ins. I do not
understand why it is not processing these requests and
what can I look into to sort it out??

I thought it may be a DNS issue (maybe..) but after some
work I cannot find anything wrong with our dns setup.
All clients can resolve, ping G1 with no issues.

I'm not an expert so may have overlooked something
simple, but I really do need to look into why its not
servicing logon requests. Most clients are DHCP. DCs
are defined in DHCP.

Any help appreciated, even if its just some good docs on
domain controllers...thx

 

[Chriss3]

En sure DNS and Global Catalog is redundant.

Make the "G2" Domain Controller to hold this roles as well.
http://www.microsoft.com/windows2000/en/server/help/msmq_inst_set_gc.htm

Active Directory is depend on DNS and will not work with out DNS.
http://www.microsoft.com/technet/pr...irectory/maintain/opsguide/part1/adogd10.mspx

You may have a look at the Knowledge Base article "Global Catalog Server
Requirement for User and Computer Logon"
http://support.microsoft.com/?kbid=216970

 

[Yor Suiris]

You might want to rethink your structure. Although "I" have not got all the
bugs outa my AD, I have found some no no's in regard to putting every thing
on one server. Such as:

NOTE: Do not put the Infrastructure Master (IM) role on the same domain
controller as the global catalog server. If the Infrastructure Master runs
on a global catalog server it will stop updating object information because
it does not contain any references to objects that it does not hold. This is
because a global catalog server holds a partial replica of every object in
the forest.

Which was on
http://support.microsoft.com/default.aspx?scid=kb;en-us;255504&Product=win2000

Also if you're running Exchange on a DC there were a few conflicts with the
AD roles, which I'm sorry to say I can't remember

 

[ptwilliams]

The GC and Infrastructure problem only applies with multiple domains, where
there are non GC DCs.

In a single domain, you should make all your DCs GCs. There's also no
reason not to make *all* DCs GCs if your WAN links are fast and/ or cheap.

With only 2 DCs make both GCs. Also make both DCs AD Integrated DNS servers
and have *both* DNS servers in the DNS settings of all clients.


Paul.
_______________________