Two DC's - one seemingly not functioning properly

[Gilead]

Hi All,

I have a 50 workstation network on a Windows 2000 mixed mode domain
and recently decided to add a second Domain Controller (DC2) becuse
the original is getting older. A few months ago I ran DCPROMO on a
2000 member server, made it a DNS server and made it a global catalog.
Durning some maintenance yesterday I noticed that with the original
DC1 offline users could not establish Terminal Sevrer RDP connections
and integrated IIS web authentication was also unavailable.

The logon error was: Logon Message - The specified domain either does
not exist or could not be contacted.

I used Replication Monitor and verifed that replication is error free
between the two DC's. I also checked DNS and all the records "seem" to
be in order. But I am not exactly sure of all required DNS entries
(SVC records?) for Domain Controllers.

Does anyone have any suggestions on where to begin searching to fix
this problem.

Thanks in advance,

Jon

 

[Myweb]

Hello Gilead,

Did you also reconfigure the clienst DNS settings for the second DNS server?

Best regards

Myweb
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.

 

[Paul Bergson [MVP-DS]]

Run diagnostics against your Active Directory domain.

If you don't have the tools installed, install them from your server install
disk.
d:\support\tools\setup.exe

Run dcdiag, netdiag and repadmin in verbose mode.
-> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log (On each dc)
-> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt

**Note: Using the /E switch in dcdiag will run diagnostics against ALL dc's
in the forest. If you have significant numbers of DC's this test could
generate significant detail and take a long time. You also want to take
into account slow links to dc's will also add to the testing time.

If you download a gui script I wrote it should be simple to set and run
(DCDiag and NetDiag). It also has the option to run individual tests
without having to learn all the switch options. The details will be output
in notepad text files that pop up automagically.

The script is located in the download section on my website at
http://www.pbbergs.com

Just select both dcdiag and netdiag make sure verbose is set. (Leave the
default settings for dcdiag as set when selected)

When complete search for fail, error and warning messages.


--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[jhalscott]

I have a couple of things to check Jon, which have mostly been stated
here i.e. DCDiag and NetDiag on the DC itself. I however would check
first for DNS related issues, primarily as you suspected, the SRV
records and a few other items. In the DNS MMC snap-in check the
following:

1. Under the Forward Lookup Zone, look for the proper NS records,
which is usually each DC since they often are also used for DNS
servers, but there may be others (name server records).
2. Under _tcp look for 4 SRV records, one each for _gc, _ldap,
_kpasswd, and _kerberos for each DC (this assumes all DCs hold theses
roles. Not all DCs are GCs).
3. Under _udp look for 2 SRV records, one each for _kpasswd and
_kerberos for each DC.
4. Under each site and then _tcp, look for one each for _gc, _kerberos
and _ldap for each DC.
5. If using DHCP in Windows, make sure you set the options for the
proper DNS Server and verify this on the clients after a ipconfig /
refresh (may also help to run ipconfig /flushdns).

Jaime Halscott
Lead Systems Engineer
ScriptLogic Corporation
http://www.scriptlogic.com