Service Dependencies

  • Thread starter Thread starter JJ
  • Start date Start date
J

JJ

In a Windows 2000 AD, I've got a couple of third-party services
running on member servers that need to run under a domain user account
so that the applications can access the network shares on other
machines.

Is it necessary to set up service dependencies for these services
which need to login at a DC? These services would more commonly run
under the local SYSTEM account if they didn't need network access, so
the vendors' setup programs install them with no service dependencies.

Or should this be unnecessary?

I'm having a problem where upon rebooting any of the member servers
these services which logon using a domain account will fail to start.
However, if I later go in, either from the consolr or via TS session,
I can start them manually (still using the service's designated domain
account).
 
This may be a network configuration issue. For example, if you're using
Cisco switches (or any switches, probably), you may need to have your
network folks configure the ports that the servers are attached to with
"spanningtree portfast enabled". Basically, when switch ports detect a
device, they go through a spanning tree algorithm to check for infinite
loops. Setting it to 'portfast enabled' tells it to use a trimmed down
and faster check. The problem is the servers will actually bootup and
try looking for network services before the ports are ready. This is
why you can manually start the services later. Also verify your
servers' NIC's and the switch ports are all hard coded to the network
speed and duplex (typically 10Mbps/Full, 100Mbps/Full, or 1Gbps/Full in
most environments).

If none of the above applies to your environment, then, well,
nevermind. :)
 
David,

YOU NAILED IT!

The servers are all connected to a Cisco 2950 switch, so I fired up
the Java web console and enabled portfast and fixed the switch port
and NIC speeds. Reboots now start up the services without a hitch.

I can't tell you how long I've chased this problem and generally
assumed it had something to do with Win2k AD/DNS. All of the servers
are multihomed and the Win2k domain is non-public, so figured that the
member servers might not be able to resolve the DC name for whatever
reason.

I can't thank you enough!

Jim
 
Performing network traces would have probably helped identify this,
too. It's a skill I personally need to improve myself, but any good
network/system admin should at least be able to perform basic traces.
With many of the products available, they even provide "experts" or tips
to help you along, so you don't have to be a network guru to take
advantage of it.

I'm glad I was able to help.
 
Back
Top