Active Directory issue

  • Thread starter Thread starter cicain
  • Start date Start date
C

cicain

I am having problems with a Windows server 2003 BDC. It seems since a
couple days ago the AD shuts down stating it cannot connect to a DC and
is getting errors 1000 Userenv. The primary is on Windows 2000 with
Exchange 2000 and Symantec Backup exec. It works fine and is able to
get online. We recently added an Intranet member server running 2003 as
well that is part of the domain, which I am thinking of changing. The
strange part is when I restart everything is fine but after a few hours
it goes down and it is not able to get online, yet I am bale to ping
yahoo.com. It will not even bring up a page in IE with IP address. When
I try to run ipconfig it states that it has failed to intialize. Any
comments or suggestions would be great. Thanks.

Chris
 
I am having problems with a Windows server 2003 BDC.
Click to expand...

There is no such thing: 2000+ can only be an additional DC.
WinNT can be either a PDC or BDC.
It seems since a
couple days ago the AD shuts down stating it cannot connect to a DC and
is getting errors 1000 Userenv.
Click to expand...

What does this mean "the AD shuts down"? AD runs on the
DC; adding AD makes it a DC.

What specifically happens? What are the symptoms?
The primary is on Windows 2000 with
Exchange 2000 and Symantec Backup exec. It works fine and is able to
get online. We recently added an Intranet member server running 2003 as
well that is part of the domain, which I am thinking of changing.
Click to expand...

Adding a member server has NOTHING to do with the problem.

Most problems with AD replication or authenticaton are DNS
related.

Try DCDiag and NetDiag to see what errors are output.
(Save output to file and search for FAIL, WARN, ERROR and
you can post them here if you cannot fix them...)

Run on EVERY DC.
The
strange part is when I restart everything is fine but after a few hours
it goes down and it is not able to get online, yet I am bale to ping
yahoo.com. It will not even bring up a page in IE with IP address. When
I try to run ipconfig it states that it has failed to intialize. Any
comments or suggestions would be great. Thanks.
Click to expand...

Up to the last sentence it would have been likely that
you had both INTERNAL and EXTERNAL DNS servers
listed on your NIC->IP properties.

That last item makes it sound like the machine is sick.

My thought then might be to do a REPAIR install.
 
Either way our Windows 200 server is the Master browser and the first
DC in the domain. What I mean by Active Directory shutting down is on
our Windows 2003 server when we try to open it up it states that it is
unable to connect to a domain controller and nothing shows up. I will
try and report the logs I find with dcdiag and Netdiag.
 
Either way our Windows 200 server is the Master browser and the first
DC in the domain.
Click to expand...

As the first DC it is also (by default) the PDC Emulator
and so the Domain Master Browser, as well as a Master
Browser for it's own subnet.
What I mean by Active Directory shutting down is on
our Windows 2003 server when we try to open it up
Click to expand...

What "it"?
 
I also get an error stating "The print spooler was unable to connect to
your printer. This can be caused by your printer being turned off, the
cable being unplugged or being connected to a VPN, which will block
your access to your local network." Also, when this happens Active
Directory, and the internet go offline. I also noticed error 5719,
source netlogon appear, but eventid.net seems to be no help.
 
When we try to open Active Directory.
Click to expand...

Assuming you mean AD Users and Computers....

None of this has anything directly to do with the
Master Browser. NetBIOS is not your primary issue.

Your most likely problems are DNS related. (Unless
you have intermittent hardware problems, including
your cables.)

DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /server:DC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
 
Sounds more and more like you have general connectivity issues. Maybe a
corrupt TCP/IP stack or a failing NIC. Maybe a bad cable or switchport.
Maybe a Cisco switch configured for teaming (takes it 5 minutes or so to
kick in) or a spanning-tree issue. If you can ping yahoo.com but not your
other DC, then you may be unable to contact your local DNS server (which
should be the only one listed in properties). When you reslove your domain
name with nslookup, what is returned when it works? When it's not working?

....kurt
 
Back
Top