webitect said:
Hi again,
Thanks for the help. Now I think I have a problem, I have DC's side by side
one of them doesn't handle logons.
Then it is either BROKEN or not really a DC.
Fix it.
The server that is handling logons is the
"backup one, where all the misc files and stuff are on.
In Win2000+ there are no backup domain controllers, only
DCs.
The App server
does not which I was hoping it would. I know this because the "backup"
server for some reason restarts every other night or soemthing like that and
nobody can log in,
That's wrong too.
And of course this.
So I have to tell them to either
turn it on or if it's on, I have to log into the server. I don't understand
why that might be. Any advice?
Yes, almost all replication and authentication problems
in Win2000+ Domains are really DNS problems.
You should have DNS server running on both of these
machines.
Let's run DCDiag on every DC and send the output to
a text file, then search that file for FAIL, ERROR, WARN
and either fix or report the errors.
Double check your DNS against the followin if you still
have errors...
DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
Restart NetLogon on any DC if you change any of the above that
affects a DC and/or use:
nltest /dsregdns /server
C-ServerNameGoesHere
Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.
