help on active directory 2000, dns, w32time, logon

[wael elsayid aly]

hi all
i have a big problem keep happening and i was able to solve it but right now
i can't
i have one active dicrectory (site) let call it (mydomain.org) this domain
is control by GC, PDC, ...
1- this is SERVER2.MYDOMAIN.ORG (windows2000 server SP4) have DNS, WINS,
IIS, with static ip 10.1.1.3
and two BDC those are:
2- MAIL.MYDOMAIN.ORG (windows2000 server SP4) ACT AS EXCHANGE 2003 MAIL
SERVER AND DC, WITH WINS, DNS with static ip 10.1.1.2
3- SERVER1.MYDOMAIN.ORG (windows 2000 server SP4) ACT AS DC, HAVE DNS, WINS
with static ip 10.1.1.60

the problem happen with EXCHANGE 2003 (MTA, INFORMATION STORE) can not start
(took a long time as event log show) this is on mail.mydoman.org server
after that i saw an event log on the GC server in my case
SERVER2.MYDOMAIN.ORG related with this W32TIME, LOGIN, and i cant remember
the rest now
but the replica from mail to server2 and server1

and problem with dns on server2 tell that mail server have problem

and in domain console in domain controller show server1, server2, mail and
in mail server properties till that this is a server or workstation (not a
domain controller like server2 or server1)
i try to reset the computer account password on mail server with netdom
reset password so i close kebose service at this computer and reboot it ,
when it boot i notice that the exchange server work (all it's service are
starting and it work fine) i try to reset the password and on the server2
give my ann error that the addministrator password is not reset due to
hardware failure as hard disk !!!!!!!!!!!!
and complain with some thing related with w32time and but on the mail server
till me that the command was success (netdom)
so when i restart the server mail.mydomain.org again and start kebose
service and reboot it the exchange did not start and the mail is not act as
DC and again no replica is happen between it and both server2, server1
so what can i do??????
is it dns problem as DCdiag say? or w32time and kebose ticket as event log
say
by the way dns is like this
on server2 my GC(PDC) 10.1.1.3, and the external ISP , 10.1.1.2, 10.1.1.60
om mail (DC) is 10.1.1.3 , 10.1.1.2, 10.1.1.60, then my external ISP
on server1 is (10.1.1.3, 10.1.1.2, 10.1.1.60 , then my external ISP
and my wins are like the above
10.1.1.3 , 10.1.12 , 10.1.1.60
and this was working so the past 3 yeas
and no i do not have a backup my backup cd's was lost

your's
wael

 

[Herb Martin]

hi all
i have a big problem keep happening and i was able to solve it but right
now i can't
i have one active dicrectory (site) let call it (mydomain.org) this domain
is control by GC, PDC, ...
1- this is SERVER2.MYDOMAIN.ORG (windows2000 server SP4) have DNS, WINS,
IIS, with static ip 10.1.1.3
and two BDC those are:

Only NT has "BDCs" -- are these all Win2000? If so they are
ALL DCs.

2- MAIL.MYDOMAIN.ORG (windows2000 server SP4) ACT AS EXCHANGE 2003 MAIL
SERVER AND DC, WITH WINS, DNS with static ip 10.1.1.2

In a single domain forest, all DCs should be GCs and probably
(in your case) run DNS and WINS too.

A Site is a techical term in AD; it is neither a domain nor a physical
location, but you usually create sites to repreresent each such
location.

Many/most people will suggest you avoid making an Exchange
server a DC.

3- SERVER1.MYDOMAIN.ORG (windows 2000 server SP4) ACT AS DC, HAVE DNS,
WINS with static ip 10.1.1.60

the problem happen with EXCHANGE 2003 (MTA, INFORMATION STORE) can not
start (took a long time as event log show) this is on mail.mydoman.org
server
after that i saw an event log on the GC server in my case
SERVER2.MYDOMAIN.ORG related with this W32TIME, LOGIN, and i cant remember
the rest now but the replica from mail to server2 and server1

You aren't going to get help as easily unless you can report
the error messages.

If you saw something about TIME and LOGIN there is a pretty
good chance you are failing to AUTHENTICATE due to time
being more than 5 minutes (default) out of sync -- Kerberos
expects time to be close.

Watch out for computers (DCs especially) with the WRONG
TIME ZONE -- when you set them to have time "look right"
they will be off by an hour or several hours.

GMT or UNIVERSAL time is actually used, not what you "see"
when checking time -- it is adjusted for the time zone internally.

and problem with dns on server2 tell that mail server have problem

and in domain console in domain controller show server1, server2, mail and
in mail server properties till that this is a server or workstation (not a
domain controller like server2 or server1)

Did it every show correctly?

Every DC should (must?) be able to pass a full DCDiag with NO
WARN or FAIL messages.

i try to reset the computer account password on mail server with netdom
reset password so i close kebose service at this computer and reboot it
, when it boot i notice that the exchange server work (all it's service
are starting and it work fine) i try to reset the password and on the
server2 give my ann error that the addministrator password is not reset
due to hardware failure as hard disk !!!!!!!!!!!!

Have you checked for disk errors? Event log and Chkdsk at a minimum?

and complain with some thing related with w32time and but on the mail
server till me that the command was success (netdom)
so when i restart the server mail.mydomain.org again and start kebose
service and reboot it the exchange did not start and the mail is not act
as DC and again no replica is happen between it and both server2, server1
so what can i do??????
is it dns problem as DCdiag say? or w32time and kebose ticket as event
log say by the way dns is like this

Well, most Authentication problems are DNS issues really but you do
seem to have a Kerberos/Time issue which is more unusually but just
as big a problem.