Users cannot log on if Windows 2000 PDC off line

M

Mike Honeycutt

I have a network of about 90 Windows XP systems. The servers are all
Windows 2000 SP4. 2 of the servers are domain controllers and global
catalogs. There is only one site with servers, but multiple locations.
2 servers which are member servers only. The domain is running in
Native Mode. If Server1 (which holds all the roles) goes off line
users cannot log in - Server2 is also a DC and is up and functioning
fine.

Replication works great between the 2 - if I drop a file in
\SYSVOL\domain\scripts on either server - it will show up on the other
immediately.

All of the stations use Server1 for primary DNS and Server2 for
secondary DNS, so obviously DNS is running and functional on both.

However, when like to day we were running Windows updates, Server1 was
being rebooted as users arrived. They could not log in - the error
received was not Domain not found, etc, etc. but it replied as you had
typed the password wrong.

The only thing I've found that is questionable is that Server2 points
to itself for DNS, not Server1. Is this correct or should I point each
domain controller to itself?

Any thoughts or direction would be much appreciated.
 
G

Guest

You may want to check Active Directory replication. SYSVOL replication is not
the same. Use replmon to check the domain controllers for any errors. Replmon
is included with the Support Tools on the Windows 2000 Server CD.

Most cases, similar to yours, have something to do with a DNS problem. Check
over DNS. Make sure it appears to be running on both servers and clients can
resolve to either server. You can use nslookup and dnsdiag to test DNS.
Verify that the SRV records (kerberos, ldap, kpasswd) are registered properly
for both domain controllers. If you restart the Net Logon service, the domain
controller will register those records.
 
G

Guest

To answer the DNS quesiton - it is usually better if the Domain Controllers
all register with a single domain controller (Primary DNS) like server1 in
your description. Then for secondary DNS they can point to themselves. This
allows all records to be udated on one server and then propogated throughout
the enterprise. Boot up of a domain controller seems to work better in this
way.

You should run DCDIAG.exe from the Windows Support Tools on your domain
controllers. Run it on each of the domain controllers and review the output.
This should help point you in the right direction whether it is directory
replication, dns, or network.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Slow Logons and Can't open files 0
help on active directory 2000, dns, w32time, logon 1
Active Directory and DNS errors 11
FRS Replication problems 2
FSMO (Domain Naming and Schema owner) 4
AD Repl problem with two servers 2
The account is not authorized to log in from this station 2
NtFRS errors 2

Top