+ Post New Thread
Results 1 to 15 of 15
Windows Server 2000/2003 Thread, Windows Server 2003 problem in Technical; Hi, I have 2 windows server 2003 DC's on our domain. One of them is DNS, DHCP too. I have ...
  1. #1
    denon101's Avatar
    Join Date
    Jul 2008
    Location
    Stuck in the server room......
    Posts
    395
    Thank Post
    54
    Thanked 37 Times in 35 Posts
    Rep Power
    21

    Windows Server 2003 problem

    Hi,

    I have 2 windows server 2003 DC's on our domain. One of them is DNS, DHCP too. I have been having problems logging on using our windows xp clients. This would be when applying computer settings or just after. The logon will just hang there, no matter how long you leave it. I have enabled verbose logging and it would seem it is hanging when applying a gpo.

    I have also looked on google and it would seem that the problem is active directory or dns based. I have looked in DNS and everything seems fine (well as far as I can see) This leaves me with an active directory problem. I have been getting some replication errors now and then too.

    This afternoon I ran netdiag, dcdiag on both DC's. I have found this, one of the DC's is perfectly fine. The other comes up with a problem when you run dcdiag.

    Here is a example of the logs from both servers.

    Working DC

    (C) Copyright 1985-2003 Microsoft Corp.

    C:\Documents and Settings\admin>
    C:\Documents and Settings\admin>cd\

    C:\>dcdiag /v

    Domain Controller Diagnosis

    Performing initial setup:
    * Verifying that the local machine mmserver, is a DC.
    * Connecting to directory service on server mmserver.
    * Collecting site info.
    * Identifying all servers.
    * Identifying all NC cross-refs.
    * Found 2 DC(s). Testing 1 of them.
    Done gathering initial info.

    Doing initial required tests

    Testing server: Default-First-Site-Name\MMSERVER
    Starting test: Connectivity
    * Active Directory LDAP Services Check
    * Active Directory RPC Services Check
    ......................... MMSERVER passed test Connectivity

    DC with problem


    Domain Controller Diagnosis

    Performing initial setup:
    * Verifying that the local machine MMSERVER-1, is a DC.
    * Connecting to directory service on server MMSERVER-1.
    * Collecting site info.
    * Identifying all servers.
    * Identifying all NC cross-refs.
    * Found 2 DC(s). Testing 1 of them.
    Done gathering initial info.

    Doing initial required tests

    Testing server: Default-First-Site-Name\MMSERVER-1
    Starting test: Connectivity
    * Active Directory LDAP Services Check
    The host 0d3fd039-dc0f-4a37-bdef-9f568eceefc3._msdcs.monkseatonmiddle.n-tyneside.sch.uk could not be resolved to an
    IP address. Check the DNS server, DHCP, server name, etc
    Although the Guid DNS name (0d3fd039-dc0f-4a37-bdef-9f568eceefc3._msdcs.monkseatonmiddle.n-tyneside.sch.uk)
    couldn't be resolved, the server name
    (MMSERVER-1.monkseatonmiddle.n-tyneside.sch.uk) resolved to the IP
    address (10.171.52.201) and was pingable. Check that the IP address is registered correctly with the DNS server.
    ......................... MMSERVER-1 failed test Connectivity

    Doing primary tests

    Testing server: Default-First-Site-Name\MMSERVER-1
    Skipping all tests, because server MMSERVER-1 is
    not responding to directory service requests
    Test omitted by user request: Topology
    Test omitted by user request: CutoffServers
    Test omitted by user request: OutboundSecureChannels
    Test omitted by user request: VerifyReplicas
    Test omitted by user request: VerifyEnterpriseReferences
    Test omitted by user request: CheckSecurityError

    After this all of the logs are the same.

    From this it would seem DC 2 has a Active Directory or DNS problem. I have tried pinging the problem DC with ip and machine name. Both results return the correct ip and machine name. This would suggest to me that DNS is fine, so the problem is Active Directory.

    But the problem is I am not sure what the problem is and where to start...

    CAN SOMEONE HELP!!


  2. #2
    Diello's Avatar
    Join Date
    Jun 2005
    Location
    Kent, England
    Posts
    1,063
    Thank Post
    112
    Thanked 228 Times in 128 Posts
    Rep Power
    74
    You didn't happen to have a previous DC called MMSERVER-1 by any chance did you?

    If so, sound like you didn't properly demote that DC via dcpromo before implementing the new DC.

    Also try "netdiag /fix"
    Last edited by Diello; 20th January 2009 at 08:58 PM.

  3. #3
    denon101's Avatar
    Join Date
    Jul 2008
    Location
    Stuck in the server room......
    Posts
    395
    Thank Post
    54
    Thanked 37 Times in 35 Posts
    Rep Power
    21
    The answer to your question is no, we did not have a previous DC called MMSERVER-1. We used to have a win2k server DC called MMSERVER.

    I have also tried the netdiag /fix and I get an error similar to the error from dcdiag.

  4. #4

    Join Date
    Sep 2006
    Location
    Essex
    Posts
    777
    Thank Post
    1
    Thanked 31 Times in 29 Posts
    Rep Power
    23
    Which server is hosting DNS?

    Any DNS messages in the system event log on that server?

    You may need to delete your DNS forward lookup zone, re-create it, then restart the net logon and DNS services if netdiag /fix dosn't work.

  5. #5
    denon101's Avatar
    Join Date
    Jul 2008
    Location
    Stuck in the server room......
    Posts
    395
    Thank Post
    54
    Thanked 37 Times in 35 Posts
    Rep Power
    21
    Server with the problem is hosting DNS. I can't remember if there are any errors in the DNS logs. Will check tomorrow.

    Right, recreating DNS. I never thought about that. It would be a bit drastic. But it might be the answer.

    Any other ideas guys?

  6. #6
    denon101's Avatar
    Join Date
    Jul 2008
    Location
    Stuck in the server room......
    Posts
    395
    Thank Post
    54
    Thanked 37 Times in 35 Posts
    Rep Power
    21
    have looked in the error logs and there are no entries under dns. So anyone have any ideas?

  7. #7

    Join Date
    Apr 2007
    Location
    Christchurch
    Posts
    420
    Thank Post
    41
    Thanked 64 Times in 62 Posts
    Rep Power
    25
    Would it be worth disabling all of your GPO's and see if the problem goes away? If it does then you could re-enable them one by one untill the problem re-occurs ...

  8. #8
    Diello's Avatar
    Join Date
    Jun 2005
    Location
    Kent, England
    Posts
    1,063
    Thank Post
    112
    Thanked 228 Times in 128 Posts
    Rep Power
    74
    Have you tried demoting the offending DC via dcpromo, then re-promoting?

  9. #9
    denon101's Avatar
    Join Date
    Jul 2008
    Location
    Stuck in the server room......
    Posts
    395
    Thank Post
    54
    Thanked 37 Times in 35 Posts
    Rep Power
    21
    I shall have a look at those ideas.

    I have run netdiag /fix on the offending dc and have these results

    AutoConfiguration results. . . . . . : Passed

    Default gateway test . . . : Passed

    NetBT name test. . . . . . : Passed
    [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.

    WINS service test. . . . . : Skipped
    There are no WINS servers configured for this interface.


    Global results:


    Domain membership test . . . . . . : Passed


    NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
    NetBT_Tcpip_{BA4C864E-02B0-489F-93B6-2704B61AF4C9}
    1 NetBt transport currently configured.


    Autonet address test . . . . . . . : Passed


    IP loopback ping test. . . . . . . : Passed


    Default gateway test . . . . . . . : Passed


    NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.


    Winsock test . . . . . . . . . . . : Passed


    DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '10.171.52.201' and other DCs also have some of the names registered.


    Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
    NetBT_Tcpip_{BA4C864E-02B0-489F-93B6-2704B61AF4C9}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
    NetBT_Tcpip_{BA4C864E-02B0-489F-93B6-2704B61AF4C9}
    The browser is bound to 1 NetBt transport.


    DC discovery test. . . . . . . . . : Passed


    DC list test . . . . . . . . . . . : Passed


    Trust relationship test. . . . . . : Skipped


    Kerberos test. . . . . . . . . . . : Passed


    LDAP test. . . . . . . . . . . . . : Passed
    [WARNING] Failed to query SPN registration on DC 'mmserver.monkseatonmiddle.n-tyneside.sch.uk'.


    Bindings test. . . . . . . . . . . : Passed


    WAN configuration test . . . . . . : Skipped
    No active remote access connections.


    Modem diagnostics test . . . . . . : Passed

    IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information

  10. #10
    denon101's Avatar
    Join Date
    Jul 2008
    Location
    Stuck in the server room......
    Posts
    395
    Thank Post
    54
    Thanked 37 Times in 35 Posts
    Rep Power
    21
    I am going to try demoting the DC and repromoting it and see what happens. I will then have a go at rebuilding the DNS.

    If I delete the DNS and recreate it, will I have to populate the DNS entries manually? or what. As this is our only DNS server.

    I would like all of the information about this before I start the process. I don't want to get caught out at any point.

    Many Thanks

  11. #11
    denon101's Avatar
    Join Date
    Jul 2008
    Location
    Stuck in the server room......
    Posts
    395
    Thank Post
    54
    Thanked 37 Times in 35 Posts
    Rep Power
    21
    Problems still exist even after plenty of fiddling, I am now in the position of either demoting the dc and then repromoting. Also looking at dns. I have to admit I do not know a huge amount about DNS.

    Also in my post above if I delete and recreate dns will the entries be repopulated or will I have to do that manually?

    I have redone DCDIAG and NETDIAG /fix. They report no problems. So I am not sure where to start. I have been looking around the net and the general consensus that the problem is DNS based.

    Any ideas?

  12. #12
    Fuzzz's Avatar
    Join Date
    Nov 2008
    Location
    Netherlands
    Posts
    120
    Thank Post
    57
    Thanked 10 Times in 9 Posts
    Rep Power
    13

    Messenger Service

    Is your messenger-service running?

    (Have a look at http://blogs.mcbsys.com/mark/?tag=/netdiag)

  13. #13
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,434
    Thank Post
    10
    Thanked 489 Times in 429 Posts
    Rep Power
    111
    I would not promote/demote, it's a bad idea to promote a server (as in the same install) that was already demoted from the domain. The issue seems to be around having some old or incorrect SPNs for DCs.

    What are the two current server names? What were any relevant previous server names? Also look in sites and services to make sure there are only replications and references to current servers, although I would only look for now, don't delete anything.

    Run an ipconfig /registerdns on both DCs to make sure they have registered their details properly with DNS.

  14. #14
    denon101's Avatar
    Join Date
    Jul 2008
    Location
    Stuck in the server room......
    Posts
    395
    Thank Post
    54
    Thanked 37 Times in 35 Posts
    Rep Power
    21
    Ok,

    The two current server names are mmserver & mmserver-1. The previous server was a 2k server called mmserver. The server with the problem and hosting DHCP and DNS is mmserver-1.

    I looked in sites and services and there are only 2 connections. 1 for each server listed above. I ran the ipconfig /registerdns as you said on each DC and the DC with the problems gave this error in the DNS event log 6702

    Event Type: Error
    Event Source: DNS
    Event Category: None
    Event ID: 6702
    Date: 02/02/2009
    Time: 13:26:21
    User: N/A
    Computer: MMSERVER-1
    Description:
    DNS server has updated its own host (A) records. In order to ensure that its DS-integrated peer DNS servers are able to replicate with this server, an attempt was made to update them with the new records through dynamic update. An error was encountered during this update, the record data is the error code.

    If this DNS server does not have any DS-integrated peers, then this error
    should be ignored.

    If this DNS server's Active Directory replication partners do not have the correct IP address(es) for this server, they will be unable to replicate with it.

    To ensure proper replication:
    1) Find this server's Active Directory replication partners that run the DNS server.
    2) Open DnsManager and connect in turn to each of the replication partners.
    3) On each server, check the host (A record) registration for THIS server.
    4) Delete any A records that do NOT correspond to IP addresses of this server.
    5) If there are no A records for this server, add at least one A record corresponding to an address on this server, that the replication partner can contact. (In other words, if there multiple IP addresses for this DNS server, add at least one that is on the same network as the Active Directory DNS server you are updating.)
    6) Note, that is not necessary to update EVERY replication partner. It is only necessary that the records are fixed up on enough replication partners so that every server that replicates with this server will receive (through replication) the new data.

  15. #15
    denon101's Avatar
    Join Date
    Jul 2008
    Location
    Stuck in the server room......
    Posts
    395
    Thank Post
    54
    Thanked 37 Times in 35 Posts
    Rep Power
    21
    Well I am afraid I think I might have to be defeated on this and call in some help from my LEA.

    I am just stuck!

SHARE:
+ Post New Thread

Similar Threads

  1. Windows Server 2003 Installaion Problem
    By faisalpandu in forum Windows Server 2000/2003
    Replies: 4
    Last Post: 25th October 2008, 11:38 PM
  2. Install Windows Server 2003 admin pack on Windows Vista
    By FN-GM in forum Wiki Announcements
    Replies: 0
    Last Post: 27th March 2008, 04:19 PM
  3. Windows Server 2003 - time server settings
    By CESIL in forum Windows
    Replies: 4
    Last Post: 22nd November 2007, 11:24 AM
  4. Replies: 5
    Last Post: 5th July 2007, 11:43 PM
  5. Windows Server 2003 File Server Resource Manager
    By mrforgetful in forum Windows
    Replies: 1
    Last Post: 17th June 2007, 01:51 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •