Domain controller problem

[Bruce]

I have a recently set up network as follows:

2 Server 2003 domain controllers, DCA and DCB. DCA was the first DC
installed, both are set as global catalog servers. Both run AD
integraded DNS, one runs DHCP, both run WINS.

1 Exchange server running Exchange 2003 / Server 2003 plus 1 front end
exchange server for web access & SMTP relay.

1 NT4 server acting as a file server. This was part of an old NT4
domain--there is still a domain trust between the new 2003 domain and
the NT4 domain, but all users log into the 2003 domain. They only use
that one server in the NT4 domain to access their user/department
shares.

DFS is installed with a domain root, root replica, and a dozen or so
shares. Shares are currently mapped to files on the old NT4
server--we're planning to move them to two new file servers in the
near future.

There is one subnet, about 75 users, a few printers, etc.

Here's the problem--I noticed the other day that if DCA is taken off
line, DFS stops working, nobody can connect to the Exchange server,
and though I haven't tested it I have a feeling no logons are bieng
processed and people are logging on with cached credentials. since the
front end OWA server stops processing logons. What's going
on--shouldn't the network function normally with only the second DC
running? I re-pointed everyone's DNS to DCB just in case it was some
DNS issue, but that didn't fix things. Any ideas would be
appreciated.

Thanks.

 

[Kurt]

First, is AD replication taking place? Are both domain controllers pointing
to themselves as the perferred DNS server and the other as the second? Are
both listed in DNS (forward and reverse zones)? How about WINS? (I assume
WINS is for the NT4 box, so that might not be an issue with authenticating
to the domain or exchange). What about the clients? Both DCs listed as DNS
servers (in your DHCP scope or server options)? I'd be willing to bet it has
something to do with DNS.

Those are the first things that come to mind. Let us know if that helps or
not.

....kurt

 

[Bruce]

Kurt--

Thanks for your response. I ran dcdiag and replication tests when I
installed the Exchange server a couple of weeks ago--I haven't checked
it since, but I'm having no problems with new accounts replicating
etc. Each DC points only to itself (127.0.0.1) as its DNS server.
All clients point to both DCs as DNS servers--it's assigned in the
DHCP scope, though I changed it for testing purposes to point only to
DCB (didn't seem to help). Both DCs are listed in DNS, also in the
DCs container. Each DC points to itself as WINS server--both are
running WINS, but I DON'T have WINS server addresses configured on the
clients because I'll be retiring the NT4 server very soon and they're
not having any trouble resolving it (everything's on the same subnet
so it's just resolving via broadcast). I think you're right--it has
something to do with name resolution, I'm just not sure what...

 

[Kurt]

I'd go with some really basic tools at first. Take the 1st DC offline and
use nslookup to see if the domain name correctly resolves to the only server
that is on line or if it is still resolving to the offline box ("ipconfig
/flushdns" first of course). Look in the DNS logs of both servers to spot
any inconsistencies (even if not errors). Also, time skews between clients
and the two DCs (shouldn't be a problem, but you never know). Also, clients
usually take much longer to logon using cached credentials if a network
connection is present than they do when a proper logon is processed so that
might be a quick clue. I know all this stuff is difficult in a production
environment ao I wish you luck!

....kurt

 

[bryce]

have you tried adding an additional recipient update service that
points to the additional DC/GC within the Exchange System manager.

 

[Bruce]

No, but things seem to be working now. I think I traced the DFS
problem to the fact that DFS needs the PDC emulator, and that went
offline with the server. Might have been some network issue that kept
the Outlook clients from re-connecting to the Exchange server. I'll
add the RUS pointing to the second DC just in case--I suppose it can't
hurt.