McGuire,
You need to install the Support Tools in order for the utilities that Jordan
suggests to be available. You can find the Support Tools on both the
WIN2000 Server CD as well as the WIN2000 Service Pack CD in the Support |
Tools folder. I would use the Service Pack CD.
Then run the tools. I might suggest that you run 'dcdiag /v
c:\dcdiag01.txt' on your first DC and 'dcdiag /v >c:\dcdiag02.txt' on your
second DC. The '/v' switch is telling the utility to run in verbose mode -
which will give you a lot of nice information - and the ' >c:\dcdiag01.txt'
is redirecting the output to a text file called 'dcdiag01.txt' which will be
located in c:\ on the machine where it is being run. If you leave off the
c:\dcdiag01.txt then you will have the results in the dos command window.
Makes it rather difficult to search for ERROR, FAIL and WARN....which you
should do.
Then do the same with netdiag.
Running repadmin /showreps will show you all of the connection objects on
the Domain Controllers. Since you stated that you are a newbie I will give
a very brief summary of how this works. Let's assume that you have just two
DCs: DC01 and DC02. There are three Naming Contexts - or Directory
Partitions - that are replicated in AD: the Schema NC, the Configuration NC
and the Domain NC. The first two NCs are replicated to each and every DC in
the entire Forest. The Domain NC is replicated to each and every DC in its
domain. So, as an example - let's say that you have yourdomain.com which
has the two DCs. You have a single domain tree in a single forest. Really
simple. All three of the above mentioned NCs will replicate between DC01
and DC02. Please note that AD creates incoming connection objects for the
replication to take place. The first word in that phrase is important.
They are INCOMING. AD must create a separate connection object for each NC.
AD must also create these incoming connection objects for each replication
partner that a DC might have. So, what this means is that you would have
six incoming connection objects for the AD to replicate between DC01 and
DC02: three coming from DC02 to DC01 ( one for each of the three NCs ) and
three coming from DC01 to DC02 ( again, one for each of the three NCs ).
This is naturally a bit more involved ( like, how are the incoming
connection objects created and managed - the KCC would be your friend there.
And it has a friend called the IST Generator ). I wanted to give you the
basics so that you can understand how AD replication works ( big picture ).
Poorly configured DNS is also a huge contributor to AD related problems (
conversely, set up properly it is a huge contributor to a smooth running AD
environment ). You need to make sure that your clients are pointing to your
internal DNS servers and that any external DNS Servers ( such as your ISP )
show up only on the Forwarders Tab in your DNS MMC ( assuming that you are
running WIN2000 DNS ). This will cause all sorts of fun and educational
situations.....
Do you have the four subfolders ( _msdcs, _sites, _tcp,
_udp ) and are they populated in your Forward Lookup Zone in your DNS MMC?
If not, you might consider running netdiag /fix as this will most often
resolve this ( as will typing 'net stop netlogon', then 'ipconfig /flushdns'
followed by 'ipconfig /registerdns' and finally 'net start netlogon' ).
You also need to make sure that you are using the UNC ( Universal naming
Convention ) path to the particular .msi file. I would bet you that
everything that you have set up is just fine and dandy BUT you used a mapped
network drive!!!!! Let's say that the .msi file is located on DC01 in a
folder called ADOBE which is located in the shared folder called SOFTWARE.
When you created the GPO you needed to use \\dc01\software\adobe\file.msi to
point to the .msi file and NOT x:\software\adobe\file.msi as this will never
work.
I am going to stop now as this is getting quite long-winded!
HTH,
Cary
