Prob w/2 DCs

  • Thread starter Thread starter RP
  • Start date Start date
R

RP

I am looking at a problem for a new client. There are two
servers running W2K and about 8 workstations, also W2k.
About 10 days ago, for no apparent reason, the users
started having trouble with shares. My observation is
this: DNS on some workstations was set to the ISP
servers, not the internal DNS server on DC1. DC1 had DNS
set to itself, and DC2 was set to use DC1. Even though
DC1 & DC2 were set properly, I was not able to initiate
replication of the AD, receiving the msg: "The following
error ocurred during the attempt to connectthe domain
controllers: The target principal name is incorrect." The
names seem fine, and I can browse DC1 from DC2 et vice
versa. However, I get some anomalous results when
browsing from workstations. Some WSs see everything
without problems, others can't open one of their brethren
and DC2 (no mapping possible) and the error message
mentions a problem with the account. This seems to be an
AD problem as I can't get both servers to authenticate
with each other.

Are there some suggestions out there that could help?

Rich
 
It would seem that you're not using AD-Integrated DNS. I would first switch to that if there is no compelling reason not to

Also, where do your clients get their IP configs from? I would hope that your're running DHCP. If you are running DHCP, this is the only place that your clients could get their IP config from, unless you have manually set these addresses on individual clients. Visit each PC, ensure that there are not manual entries under TCP/IP. Set your DHCP server to give out the internal DNS IP address, tell your internal DNS server to use the External DNS (ISP) as a forwarder.
 
You are correct in assuming there may be static IPs
involved. The WSs are static, but even the ones with the
proper DNS config are having difficulty seeing both DCs.
I will probably change everything over to DHCP; this is
the way I found this network and have to work out of the
jam from here. I have already setup the forwarders on
DC1 and that all seems to be working fine. I will also
check to see that DNS is AD-integrated. Could that alone
be sufficient to allow the two DCs to replicate?
-----Original Message-----
It would seem that you're not using AD-Integrated DNS.
Click to expand...
I would first switch to that if there is no compelling
reason not to.
Also, where do your clients get their IP configs from?
Click to expand...
I would hope that your're running DHCP. If you are
running DHCP, this is the only place that your clients
could get their IP config from, unless you have manually
set these addresses on individual clients. Visit each
PC, ensure that there are not manual entries under
TCP/IP. Set your DHCP server to give out the internal
DNS IP address, tell your internal DNS server to use the
External DNS (ISP) as a forwarder.
 
RP,

I would suggest that you do a couple of things so that you can have a clear
picture of what is going on.

First, I would install the Support Tools on the two DCs. You can find the
Support Tools in three locations: on the WIN2000 Server CD in the Support |
Tools folder, on the WIN2000 Service Pack CD in the Support | Tools folder
and on the MS website. I would hope that all servers are at the same SP
level. Whatever that level is ( ex, SP4 ) I would use the Support Tools
from that SP CD.

I would then run dcdiag and netdiag. You would probably want to redirect
the output to a .txt file so enter 'dcdiag > c:\dcdiag.txt' at the command
prompt. Again, this is to give you an overall view as to the health of the
DCs. This is not specifically going to resolve your current issue.

Please note that there are some very nice MS Tools that have recently come
out that will do a very nice job of collecting a whole slew of information
for you at one shot. I do not have a link for you at this moment but if you
need one just ask....

Secondly, I would install and run dnslint. This will give you a better idea
of what is going on with DNS on your DCs. You can find dnslint on the MS
Website. Again, this is not necessarily going to resolve your current
issue. Please see the following MSKB Article for the download and
information:

http://support.microsoft.com/default.aspx?scid=kb;en-us;321045&Product=win2000

When speaking of DNS let's not overlook the most basic DNS Tool: nslookup.

I would ensure that all of your WIN2000 / WINXP clients are using DNS
Configuration Settings that are pointing ONLY to your internal DNS
Server(s). Anything other than that and you will experience 'weirdness'....

Now, to your specific issue:

How are the clients getting to the shares? Meaning, is there a logon script
that is mapping these network drives? Is the format 'net use X:
\\servername\sharename'? What happens if you try the IP Address of the
server on which the share(s) reside(s)? So, the format would be 'net use X:
\\192.168.1.10\sharename'? Also, are you getting and EventIDs?

Can you ping the DCs from each workstation? via NetBIOS name? via IP
Address? via FQDN?

HTH,

Cary
 
Back
Top