Problem on AD ( Urgent )

[SEAN]

Dear,

I Have three 2000 server one have do DCpromo , one is member server
And it have some Problem on my GDC , And I have do nltest
/sc_change_pwd:example.com

After do it And Reboot , It need A long time to log in , Around Four Hrs,
After log in , I find other DC can't access to this server ,

For example When I click AD Computer & User ,
it occur msg box " Naming information cannot be located because The taget
principal name is incorrect,

Also, Some Services need domain Account can't Start reson by access - denied
,,,

So, Any one know Why , and Is it the Reson I using the command nltest
/sc_change_pwd:example.com

Hop any one can help me

Regards,

Sean

 

[Ace Fekay [MVP]]

In

Dear,

I Have three 2000 server one have do DCpromo , one is member server
And it have some Problem on my GDC , And I have do nltest
/sc_change_pwd:example.com

After do it And Reboot , It need A long time to log in , Around Four
Hrs, After log in , I find other DC can't access to this server ,

For example When I click AD Computer & User ,
it occur msg box " Naming information cannot be located because The
taget principal name is incorrect,

Also, Some Services need domain Account can't Start reson by access -
denied ,,,

So, Any one know Why , and Is it the Reson I using the command nltest
/sc_change_pwd:example.com

Hop any one can help me

Regards,

Sean

My first thought is this is a classic DNS issue. Is you have your ISP's DNS
addresses in your IP properties, this will ALWAYS cause this behavior and
numerous other errors.

Let;s do this:

1. Remove any ISP or any other external (such as your router's IP) out of
ALL your internal machines' IP properties.

2. Just leave the internal DNS only.

3. To achieve efficient Internet resolution, configure a forwarder. If the
Forwarding option is grayed out, delete the Root zone, refresh the console,
and try again. If not sure how, this article will show you these steps:
http://support.microsoft.com/?id=300202


Now this is assuming that:

1. Your AD DNS Domain name is not a single label name. ("DOMAIN" rather than
the required "domain.com") and that SP4 is installed.

2. That you already have Dynamic Updates set to yes in the zone properties
(in DNS).

3. The Primary DNS Suffix is set to the domain name.

4. No other significant errors are in the logs. If they are, please post the
Event ID #s please.



If not sure of any of these items (besides the forwarding how-to),
*please*post:

1. UNEDITED ipconfig /all of both DCs and one client.
2. The name of your AD DNS domain name (as it shows in your ADUC console)
3. What service pack level these machines are on.

Thanks and hope this all helps.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Buz [MSFT]]

You may also want to verify the health of your Domain Controllers

298143 How to Verify an Active Directory Installation
http://support.microsoft.com/?id=298143

Incorrect DNS configuration would be the most common cause of group policy
and replication failures:

237675 Setting Up the Domain Name System for Active Directory
http://support.microsoft.com/?id=237675

A netdiag and dcdiag (in the Support Tools directory on the Windows 2000 Cd)
from both domain controllers may give you some clues as well.

Buz Brodin
MCSE NT4 / Win2K
Microsoft Enterprise Domain Support

Get Secure! - www.microsoft.com/security

This posting is provided "as is" with no warranties and confers no rights.

Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.

"Ace Fekay [MVP]"