+ Post New Thread
Results 1 to 7 of 7
Windows Thread, Big Problems with Clients contacting DCs in Technical; Having rather large problems across the whole school, any advice would be really helpful here: Background Our old network included ...
  1. #1
    Crispin's Avatar
    Join Date
    Dec 2008
    Location
    Essex
    Posts
    361
    Thank Post
    76
    Thanked 28 Times in 25 Posts
    Rep Power
    21

    Big Problems with Clients contacting DCs

    Having rather large problems across the whole school, any advice would be really helpful here:

    Background

    Our old network included 4 Server2000 DC's and some other member servers. We have moved over to a completely new network with xenserver running on three physical servers connected to a SAN.

    We updated the schema, dcpromo'd a 2008 r2 VM, moved over FSMO roles, and then demoted the 4 old 2000 boxes to member servers.

    We then added another r2 DC so we are now left with DC1 with all FSMO roles, DNS and DHCP, and DC2with DNS. Both are GCs.

    Problems

    Now connecting clients to the domain has been a nightmare. Lots of "No (DOMAIN) Available" messages on logon.

    Some PCs are showing in the event log the following events:

    Event 1054

    Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
    Event 4356

    The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{6295DF2D-35EE-11D1-8707-00C04FD93327}. CoGetObject returned HRESULT 8000401A.
    Logon times are nowhere near acceptable at the moment, clients can sometimes take 45 seconds or longer to logon, other times they'll logon as expected within 15-25 seconds.

    Things I've checked

    I have run DCDIAG on the first DC and all tests have passed with exception to its ability to read Event logs (due to not creating hole in firewall).

    Checked DNS entries in both DNS servers and they both appear to be replicating properly. All SRV records for the DC's appear to also be correct.

    When I gpresult a machine after logging in, unless I have previously forced a gpupdate, it will show one of the old DC's as its source for applying policy which is odd. If I do run a gpupdate, then it connects to one of the new DC's and pulls the correct policies.

    Also, on the clients i have logged into local administrator, flushed the dns cache, and can succesfully resolve DC1, and DC2s names still through nslookup.

    It appears that pulling the machines completely from the domain and rejoining them seems to help but we are still experiencing massively increased logon times.
    Even after being completely removed from the domain and re-added, clients are still sticking at 'Applying User Settings' for a good 30-45seconds occasionally more...

    If anyone is able to shed any light to why this might be happening, and what to check Id be most appreciative!
    Last edited by Crispin; 11th September 2009 at 12:08 PM.

  2. #2

    Join Date
    May 2009
    Location
    Darlo
    Posts
    70
    Thank Post
    0
    Thanked 12 Times in 7 Posts
    Rep Power
    14
    Did you rebuild your pc's (ie format / re-image) as clients for the new domain, or just disjoin & re-join?

    The 'Applying User Settings' time can depend alot on how you have set up user profiles.

  3. #3

    Join Date
    Sep 2009
    Posts
    17
    Thank Post
    0
    Thanked 3 Times in 3 Posts
    Rep Power
    11
    Sounds like it's still trying to connect to the old servers first, and getting bumped up the list until it finally reaches a DC -- timeouts on the old servers are increasing your login times as it's searching the for DC?

  4. #4
    IanT's Avatar
    Join Date
    Aug 2008
    Location
    @ the back of my server racks farting.....
    Posts
    1,893
    Thank Post
    2
    Thanked 118 Times in 109 Posts
    Rep Power
    60
    Double check sites and services make sure the old servers have gone

  5. #5
    tonyd's Avatar
    Join Date
    Mar 2006
    Location
    Kent (Sometimes), UK
    Posts
    163
    Thank Post
    17
    Thanked 42 Times in 31 Posts
    Rep Power
    25
    Check your DHCP is issuing the IPs of your new DNS servers, you do not mention swapping IPs of old servers to the new...

  6. #6
    tarquel's Avatar
    Join Date
    Jun 2005
    Location
    Powys, Mid-Wales, UK
    Posts
    1,740
    Thank Post
    13
    Thanked 45 Times in 35 Posts
    Rep Power
    30
    Adsiedit Overview: Active Directory

    (built in when your install the domain services role in 2008 i think - or something like that - fire a mmc console up and you should be able to find and add it )

    Worth a look if you're careful to check some of the config.

    Nath.

  7. #7
    Crispin's Avatar
    Join Date
    Dec 2008
    Location
    Essex
    Posts
    361
    Thank Post
    76
    Thanked 28 Times in 25 Posts
    Rep Power
    21
    Quote Originally Posted by Bertie_Dellend View Post
    Did you rebuild your pc's (ie format / re-image) as clients for the new domain, or just disjoin & re-join?
    It's not a new domain, therefore it shouldn't require rejoining to the domain. Although new images would have been nice, the stability of the network would have meant WDS would not have been viable.

    Double check sites and services make sure the old servers have gone
    Checked that. They're definitely gone!

    Check your DHCP is issuing the IPs of your new DNS servers, you do not mention swapping IPs of old servers to the new...
    Yeh thats configured properly.


    Turns out I made some progress on this;

    It appears there were a couple of problems. First off. The second DC had 127.0.0.1 as its Primary DNS and 10.0.9.2 as its Secondary. That was obviously wrong, but what we stupidly didn't notice is that ipv6 was turned on, and it was looping back to that address.

    Also, after correctly configuring the second DC we ran /flushdns /registerdns and then DCDIAG /fix. No errors returned still.

    Secondly, WINS. We've installed WINS on our Pri DC to make sure that wasn't the problem.

    Lastly, the few remaining local profiles that were left on the clients after delprofing them during summer were caching some of the old server information which was causing problems. Deleting the local profiles cleared up a lot of the problems relating to those users. ie. the 'supervisor' profile that was left on the machines as we used it as logon for delprofing.

    Roaming appdata has caused a few problems as well with applications looking for the old servers.

    Hopefully, the worst is over.

    Now...onto ConfigMgr 2007. The fun begins!
    Last edited by Crispin; 15th September 2009 at 11:25 PM.



SHARE:
+ Post New Thread

Similar Threads

  1. HP thin clients and USB problems
    By DaveA in forum Thin Client and Virtual Machines
    Replies: 5
    Last Post: 29th March 2009, 10:01 AM
  2. Replies: 0
    Last Post: 19th September 2008, 12:22 PM
  3. Thin clients - Big delay
    By dryhammer in forum Thin Client and Virtual Machines
    Replies: 5
    Last Post: 6th May 2008, 10:35 AM
  4. Replies: 3
    Last Post: 11th March 2008, 01:28 PM
  5. Big server problems. Any ideas?
    By boomam in forum Wireless Networks
    Replies: 12
    Last Post: 18th February 2008, 05:26 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •