Peer domain controllers in AD?

[Guest]

Why is it when my 2 AD Server domain when my main server goes down (the first
one added to the domain), nobody and log in?.....I thought the second domain
controller was the peer..... and I have integrated DNS running... do i have
something configured wrong?

thanks

rob davis...

 

[Guest]

davisr65,

I am wondering what is the OS of the DCs and the functional level of domain
/ forest? Also what is the OS of the client computers?

If your DC2 was not properly promoted (ie SYSVOL is not shared) it is likely
not advertising as a DC. Also if you are in native mode and DC02 is not a
global catalog, you are bound to have problems, although clients should be
able to logon with cached credentials.

I would recommend that you run a DCDIAG /V on both DCs and look for
failures. Let me know if you have more data.

 

[Herb Martin]

Why is it when my 2 AD Server domain when my main server goes down (the first
one added to the domain), nobody and log in?.....I thought the second domain
controller was the peer..... and I have integrated DNS running... do i have
something configured wrong?

Usually it is one of these: The only GCC is going down in Native Mode OR
you have DNS issues.

With a single domain forest you should make all DCs into GCs.

Then double (triple) check your DNS. The vast majority of such problems
are really DNS issues.

DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /serverC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]

 

[Guest]

I ran dcdiag /V and the following errors showed when testing replication
"A recent replication attempt failed: from DC2 to DC1
The Replication generated an error (1722)
The RPC is Unavailable."

I assume i have to look at RPC on the servers...

 

[Jorge_de_Almeida_Pinto]

Why is it when my 2 AD Server domain when my main server goes
down (the first
one added to the domain), nobody and log in?.....I thought the
second domain
controller was the peer..... and I have integrated DNS
running... do i have
something configured wrong?

thanks

rob davis...

are both DCs also GCs? If not make ALL the DCs in your single domain
forest also GCs through sites and services or through repadmin

 

[Guest]

Herb, Today I lost all NTFS permissions on my SAN drive and had to run chkdsk
/f which did restore the data, but....shares had to be recreated manually...
since then, the GC went down... on this server.., so i reset another domain
controller to takeover as the GC... My question to you ......There can be
more than one Global catalog in a windows 2000 domain?......it thought that
only windows 2003 domain can have multiple GC's is this true let me
know...Please let me know

thank you all for your responses...

Why is it when my 2 AD Server domain when my main server goes down (the first
one added to the domain), nobody and log in?.....I thought the second domain
controller was the peer..... and I have integrated DNS running... do i have
something configured wrong?

Usually it is one of these: The only GCC is going down in Native Mode OR
you have DNS issues.

With a single domain forest you should make all DCs into GCs.

Then double (triple) check your DNS. The vast majority of such problems
are really DNS issues.

DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /serverC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

 

[Herb Martin]

Herb, Today I lost all NTFS permissions on my SAN drive and had to run chkdsk
/f which did restore the data, but....shares had to be recreated manually...
since then, the GC went down... on this server.., so i reset another domain
controller to takeover as the GC... My question to you ......There can be
more than one Global catalog in a windows 2000 domain?

Yes. In small forests (all those with one domain) all DCs should usually
be GCs.

......it thought that
only windows 2003 domain can have multiple GC's is this true let me
know...Please let me know

No, it is incorrect. You may have as many GCs are you wish.

The only caveats are that you should not use excessive GCs in a multiple
Domain Forest when the domains are LARGE, and you should not have
the Infrastructure master be a GC unless ALL DCs in that domain are GCs.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

thank you all for your responses...

Why is it when my 2 AD Server domain when my main server goes down

(the
first

one added to the domain), nobody and log in?.....I thought the second domain
controller was the peer..... and I have integrated DNS running... do

i
have

something configured wrong?

Usually it is one of these: The only GCC is going down in Native Mode OR
you have DNS issues.

With a single domain forest you should make all DCs into GCs.

Then double (triple) check your DNS. The vast majority of such problems
are really DNS issues.

DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /serverC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

 

[Guest]

Thanks for all the info to you all.... i did sucessfully made the second DC
a GC also, which fixed a couple problems... 1, my time servers was unable to
sync up, 2 replication seems to be working now between the servers...... As
to losing my Share permissions on all folders, and messing up ntfs
permissions, I suspect that it was from when i was attempting to fix my
NTFRS... which i followed the direction to a "T" as the event viewer
recommended step by step after running this fix , then I lost all of my
permission..... This had happended to me in the past were i lost my ntfs
permissions and i do recall, it was after working on ntfrs issues..... what
do you think?