Added 2nd AD box, but when take 1st down to test, cant auth users
Donald J. Lindstrom
Have a 2003 AD based network.
Added a 2008 server as AD after doing ususal adprep, forest prep, etc. to
2003 domain
Installed DNS and added this new DNS server as a secondary source to all of
the workstations and member servers. The two DC's reference other (with
themselves as primary) for DNS. Verified new server has GC role and
replication of AD working between AD boxes...
So then started testing. If I take the 2003 AD box down, users cannot
authenticate to network via 2nd 2008 AD box through my terminal server or
attach to exchange server via outlook in a already existing terminal server
session when 2003 AD down.
Big assumption on my part here that I would not have to reboot terminal
servers if the AD box went down.
At first suspected a DNS issue - I found a thread where they (technet) tell
you check DNS SRV records. Did this but no issues found....
http://technet.microsoft.com/en-us/library/cc780036.aspx
TIA
Don
Isaac Oben [MCITP:EA, MCSE]
Hello Donald,
Does your W2K8 DC have a primary or Secondary DNS zone? Perform and paste a
dcdiag /v. I am thinking might not be advertising as a Domain Controller.
Isaac
"Donald J. Lindstrom" <DonaldJL...@discussions.microsoft.com> wrote in
message news:AE9DF0B9-40BB-4C37...@microsoft.com...
Meinolf Weber [MVP-DS]
Please post an unedited ipconfig /all form both DC's and a problem client,
that we can verify the configuration. What kind of DNS zones do you use,
AD integrated? Exchange requires an up and running Global catalog server
configured under the Recipient update service in the ESM.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Paul Bergson [MVP-DS]
network configured to point to both dns servers.
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.
"Donald J. Lindstrom" <DonaldJL...@discussions.microsoft.com> wrote in
message news:AE9DF0B9-40BB-4C37...@microsoft.com...
Jorge Silva
-Check that you have Global catalog (at least for exchange and outlook
clients).
-Check that under DNS gc "folder" you have the records for those GCs.
Additionally check that all DCs are listed in DNS Zone and by guid under
_msdcs.xxxx zone.
-You should also have at least one DNS server available, and the
clients/and/servers should have that additional(s) DNS servers configured
under their NIC properties.
-Before testing, make sure that the new DC has DNS service installed and the
DNS zones for your domain, additionally check replication status and run
dcdiag for diagnostics. If you are having problems with replication or
outdated information, point the preferred DNS under NIC of the new DC to the
existing DC (assuming that the existing DC has DNS for your AD domain).
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MVP Directory Services
"Donald J. Lindstrom" <DonaldJL...@discussions.microsoft.com> wrote in
message news:AE9DF0B9-40BB-4C37...@microsoft.com...
Donald J. Lindstrom
dcdiag /v output at the beginning here. I am going to muddle through this but
if anyone has a quick answer.....
**** FOLLOWING WAS DONE ON THE WINDOWS 2008 AD BOX ****
>dcdiag /v
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine SQLSERVER, is a Directory Server.
Home Server = SQLSERVER
* Connecting to directory service on server SQLSERVER.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling
ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=medcomsol,DC=l
ocal,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site
Settings,CN=Default-First-Site,CN=S
ites,CN=Configuration,DC=medcomsol,DC=local
Getting ISTG and options for the site
* Identifying all servers.
Calling
ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=medcomsol,DC=l
ocal,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS
Settings,CN=SBSERVER,CN=Servers,CN
=Default-First-Site,CN=Sites,CN=Configuration,DC=medcomsol,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS
Settings,CN=SQLSERVER,CN=Servers,C
N=Default-First-Site,CN=Sites,CN=Configuration,DC=medcomsol,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site\SQLSERVER
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... SQLSERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site\SQLSERVER
Starting test: Advertising
Warning: DsGetDcName returned information for
\\SBSERVER.medcomsol.local, when we were trying to reach SQLSERVER.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... SQLSERVER failed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may
cause
Group Policy problems.
An Warning Event occurred. EventID: 0x800034C4
Time Generated: 03/10/2009 11:10:07
Event String:
The File Replication Service is having trouble enabling
replication
from SBSERVER.medcomsol.local to SQLSERVER for c:\windows\sysvol\domain
using th
e DNS name SBSERVER.medcomsol.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name
SBSERVER.medcomsol.l
ocal from this computer.
[2] FRS is not running on SBSERVER.medcomsol.local.
[3] The topology information in the Active Directory Domain
Service
s for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After
the p
roblem is fixed you will see another event log message indicating that the
conne
ction has been established.
An Warning Event occurred. EventID: 0x800034C4
Time Generated: 03/10/2009 11:17:09
Event String:
The File Replication Service is having trouble enabling
replication
from SBSERVER to SQLSERVER for c:\windows\sysvol\domain using the DNS name
SBSER
VER.medcomsol.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name
SBSERVER.medcomsol.l
ocal from this computer.
[2] FRS is not running on SBSERVER.medcomsol.local.
[3] The topology information in the Active Directory Domain
Service
s for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After
the p
roblem is fixed you will see another event log message indicating that the
conne
ction has been established.
......................... SQLSERVER passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... SQLSERVER passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
The registry lookup failed to determine the state of the SYSVOL. The
error returned was 0x0 "The operation completed successfully.".
Check the FRS event log to see if the SYSVOL has successfully been
shared.
......................... SQLSERVER passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15
min
utes.
......................... SQLSERVER passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=SBSERVER,CN=Servers,CN=Default-
First-Site,CN=Sites,CN=Configuration,DC=medcomsol,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=SBSERVER,CN=Servers,CN=Default-
First-Site,CN=Sites,CN=Configuration,DC=medcomsol,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=SBSERVER,CN=Servers,CN=Default-Fir
st-Site,CN=Sites,CN=Configuration,DC=medcomsol,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=SBSERVER,CN=Servers,CN=Default-Fir
st-Site,CN=Sites,CN=Configuration,DC=medcomsol,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=SBSERVER,CN=Serv
ers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=medcomsol,DC=local
......................... SQLSERVER passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC SQLSERVER on DC SQLSERVER.
* SPN found :LDAP/SQLSERVER.medcomsol.local/medcomsol.local
* SPN found :LDAP/SQLSERVER.medcomsol.local
* SPN found :LDAP/SQLSERVER
* SPN found :LDAP/SQLSERVER.medcomsol.local/MEDCOMSOL
* SPN found
:LDAP/e5804bb8-5cbb-4836-9956-9457ee032e58._msdcs.medcomsol
.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/e5804bb8-5cbb-4836-99
56-9457ee032e58/medcomsol.local
* SPN found :HOST/SQLSERVER.medcomsol.local/medcomsol.local
* SPN found :HOST/SQLSERVER.medcomsol.local
* SPN found :HOST/SQLSERVER
* SPN found :HOST/SQLSERVER.medcomsol.local/MEDCOMSOL
* SPN found :GC/SQLSERVER.medcomsol.local/medcomsol.local
......................... SQLSERVER passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC SQLSERVER.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for
DC=ForestDnsZones,DC=medcomsol,DC=local
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=medcomsol,DC=local
* Security Permissions Check for
DC=DomainDnsZones,DC=medcomsol,DC=local
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=medcomsol,DC=local
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=medcomsol,DC=local
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=medcomsol,DC=local
(Configuration,Version 3)
* Security Permissions Check for
DC=medcomsol,DC=local
(Domain,Version 3)
......................... SQLSERVER failed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Unable to connect to the NETLOGON share! (\\SQLSERVER\netlogon)
[SQLSERVER] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... SQLSERVER failed test NetLogons
Starting test: ObjectsReplicated
SQLSERVER is in domain DC=medcomsol,DC=local
Checking for CN=SQLSERVER,OU=Domain
Controllers,DC=medcomsol,DC=local i
n domain DC=medcomsol,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=SQLSERVER,CN=Servers,CN=Default-First-
Site,CN=Sites,CN=Configuration,DC=medcomsol,DC=local in domain
CN=Configuration,
DC=medcomsol,DC=local on 1 servers
Object is up-to-date on all servers.
......................... SQLSERVER passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
* Replication Site Latency Check
......................... SQLSERVER passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 2105 to 1073741823
* SBSERVER.medcomsol.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1605 to 2104
* rIDPreviousAllocationPool is 1605 to 2104
* rIDNextRID: 1620
......................... SQLSERVER passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SQLSERVER passed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... SQLSERVER passed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=SQLSERVER,OU=Domain Controllers,DC=medcomsol,DC=local and backlink
on
CN=SQLSERVER,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration
,DC=medcomsol,DC=local
are correct.
The system object reference (serverReferenceBL)
CN=SQLSERVER,CN=Domain System Volume (SYSVOL share),CN=File
Replication
Service,CN=System,DC=medcomsol,DC=local
and backlink on
CN=NTDS
Settings,CN=SQLSERVER,CN=Servers,CN=Default-First-Site,CN=Sites
,CN=Configuration,DC=medcomsol,DC=local
are correct.
......................... SQLSERVER passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Running partition tests on : medcomsol
Starting test: CheckSDRefDom
......................... medcomsol passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... medcomsol passed test CrossRefValidation
Running enterprise tests on : medcomsol.local
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\SBSERVER.medcomsol.local
Locator Flags: 0xe00001fd
PDC Name: \\SBSERVER.medcomsol.local
Locator Flags: 0xe00001fd
Time Server Name: \\SBSERVER.medcomsol.local
Locator Flags: 0xe00001fd
Preferred Time Server Name: \\SBSERVER.medcomsol.local
Locator Flags: 0xe00001fd
KDC Name: \\SBSERVER.medcomsol.local
Locator Flags: 0xe00001fd
......................... medcomsol.local passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site, this site is outside the scope
provided by the command line arguments provided.
......................... medcomsol.local passed test Intersite
**** FOLLOWING WAS DONE ON THE WINDOWS 2008 AD BOX ****
>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : SQLSERVER
Primary Dns Suffix . . . . . . . : medcomsol.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : medcomsol.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE
(NDIS
VBD Client)
Physical Address. . . . . . . . . : 00-21-9B-8C-1D-94
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.88.87.8(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.88.87.1
DNS Servers . . . . . . . . . . . : 10.88.87.8
10.88.87.2
127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 12:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . :
isatap.{ED7DF954-C1A0-4486-AD27-ED877EEB5
098}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
**** FOLLOWING WAS DONE ON THE WINDOWS 2003 AD BOX ****
>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : SBSERVER
Primary Dns Suffix . . . . . . . : medcomsol.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : medcomsol.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-14-22-14-E0-20
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.88.87.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.88.87.1
DNS Servers . . . . . . . . . . . : 10.88.87.2
10.88.87.8
**** FOLLOWING WAS DONE ON A TERMINAL SERVER
WHERE PROBLEMS ARE NOTED ****
>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : termsvr3
Primary Dns Suffix . . . . . . . : medcomsol.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : medcomsol.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE
(NDIS
VBD Client)
Physical Address. . . . . . . . . : 00-22-19-85-2F-06
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.88.87.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.88.87.1
DNS Servers . . . . . . . . . . . : 10.88.87.2
10.88.87.8
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . :
isatap.{25249BD0-A2D9-4BD4-A2EC-EF526ABBD
626}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Donald J. Lindstrom
Don
Isaac Oben [MCITP:EA, MCSE]
Hello Donald,
On the w2k8 box, change the dns configuration to point to 10.88.87.2 as the
pri. dns server, do an ipconfig /registerdns and restart the dns service and
this should fix the issue. (Give it sometime to replicate accross) If issue
not resolved do a netdiag /fix and a dcdiag /fix. Your w2k8 DC have not
completed sysvol initialization and it is not advertising yet as a domain
controller because it is looking for dns resolution from itself instead of
from the w2k3 DC which is fully functional.
Isaac
"Donald J. Lindstrom" <DonaldJL...@discussions.microsoft.com> wrote in
message news:E64AC807-4756-449B...@microsoft.com...
Donald J. Lindstrom
Don
Donald J. Lindstrom
meant the order of specified dns servers in the network adapter's tcpip
properties on the server 2008 dc. After that waited a good 30 minutes. Still
do not see the sysvol share on the new server 2008 dc.
When I run dcdiag /fix here is the result I get:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = SQLSERVER
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site\SQLSERVER
Starting test: Connectivity
......................... SQLSERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site\SQLSERVER
Starting test: Advertising
Warning: DsGetDcName returned information for
\\SBSERVER.medcomsol.local, when we were trying to reach SQLSERVER.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... SQLSERVER failed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may
cause
Group Policy problems.
......................... SQLSERVER passed test FrsEvent
Starting test: DFSREvent
......................... SQLSERVER passed test DFSREvent
Starting test: SysVolCheck
......................... SQLSERVER passed test SysVolCheck
Starting test: KccEvent
......................... SQLSERVER passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... SQLSERVER passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... SQLSERVER passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=medcomsol,DC=local
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=medcomsol,DC=local
......................... SQLSERVER failed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\SQLSERVER\netlogon)
[SQLSERVER] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... SQLSERVER failed test NetLogons
Starting test: ObjectsReplicated
......................... SQLSERVER passed test ObjectsReplicated
Starting test: Replications
......................... SQLSERVER passed test Replications
Starting test: RidManager
......................... SQLSERVER passed test RidManager
Starting test: Services
......................... SQLSERVER passed test Services
Starting test: SystemLog
......................... SQLSERVER passed test SystemLog
Starting test: VerifyReferences
......................... SQLSERVER passed test VerifyReferences
Starting test: LocatorCheck
......................... medcomsol.local passed test LocatorCheck
Starting test: Intersite
......................... medcomsol.local passed test Intersite
Also when I do a net share command, the sysvol share is in fact missing....
BTW, evidently from what I can find on the net, netdiag is not part of
server 2008...
Any more ideas ?
TIA, Don
Isaac Oben [MCITP,MCSE]
I am still thinking it is a dns related issue. can you do a dcdiag /test:dns
and post result.
--
Isaac Oben [MCTIP:EA, MCSE]
"Donald J. Lindstrom" <DonaldJL...@discussions.microsoft.com> wrote in
message news:71BCD28F-7A2A-4A99...@microsoft.com...
Donald J. Lindstrom
with IPV6 - NOte I have IPV6 disabled (unchecked) in the server 2008
adapter's TCPIP properties - could this be it? I have found some links that
say you have to get into the registry to totally delete IPV6 ? What do you
think ?
TIA, Don
***************************
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = SQLSERVER
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site\SQLSERVER
Starting test: Connectivity
......................... SQLSERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site\SQLSERVER
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
ERROR: NO DNS servers for IPV6 stack was found
......................... SQLSERVER passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : medcomsol
Running enterprise tests on : medcomsol.local
Starting test: DNS
Test results for domain controllers:
DC: SQLSERVER.medcomsol.local
Domain: medcomsol.local
TEST: Basic (Basc)
Warning: The AAAA record for this DC was not found
TEST: Records registration (RReg)
Network Adapter
[00000006] Broadcom BCM5708C NetXtreme II GigE (NDIS VBD
Clien
t):
Warning:
Missing AAAA record at DNS server 10.88.87.2:
SQLSERVER.medcomsol.local
Warning:
Missing AAAA record at DNS server 10.88.87.2:
gc._msdcs.medcomsol.local
Warning:
Missing AAAA record at DNS server 10.88.87.8:
SQLSERVER.medcomsol.local
Warning:
Missing AAAA record at DNS server 10.88.87.8:
gc._msdcs.medcomsol.local
Warning:
Missing AAAA record at DNS server 10.88.87.8:
SQLSERVER.medcomsol.local
Warning:
Missing AAAA record at DNS server 10.88.87.8:
gc._msdcs.medcomsol.local
Warning: Record Registrations not found in some network
adapters
SQLSERVER PASS WARN PASS PASS PASS WARN n/a
......................... medcomsol.local passed test DNS
Paul Bergson [MVP-DS]
only be running one nic only.
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.
"Donald J. Lindstrom" <DonaldJL...@discussions.microsoft.com> wrote in
message news:9C0164B4-A2E4-4675...@microsoft.com...
Donald J. Lindstrom
adapters, and yes the second one is not connected and is in fact disabled in
network (connection) properties ? Any other ideas ?
Paul Bergson [MVP-DS]
If you don't have the support tools installed, install them from your server
install disk.
d:\support\tools\setup.exe
Run dcdiag, netdiag and repadmin in verbose mode.
-> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log (On each dc)
-> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt
-> dnslint /ad /s "ip address of your dc"
**Note: Using the /E switch in dcdiag will run diagnostics against ALL dc's
in the forest. If you have significant numbers of DC's this test could
generate significant detail and take a long time. You also want to take into
account slow links to dc's will also add to the testing time.
If you download a gui script I wrote it should be simple to set and run
(DCDiag and NetDiag). It also has the option to run individual tests without
having to learn all the switch options. The details will be output in
notepad text files that pop up automagically.
The script is located on my website at
http://www.pbbergs.com/windows/downloads.htm
Just select both dcdiag and netdiag make sure verbose is set. (Leave the
default settings for dcdiag as set when selected)
When complete search for fail, error and warning messages.
Description and download for dnslint
http://support.microsoft.com/kb/321045
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.
"Donald J. Lindstrom" <DonaldJL...@discussions.microsoft.com> wrote in
message news:26388180-C39F-4880...@microsoft.com...
Isaac Oben [MCITP,MCSE]
We are just going to do more troubleshooting options. This is to see if both
DCs have access\communicate to each other.
On both dc try to manually map to each other both by ip address and netbios
and fqdn name.
\\sbserver
\\sqlserver
etc
Let us know if there are any errors etc
--
Isaac Oben [MCTIP:EA, MCSE]
"Donald J. Lindstrom" <DonaldJL...@discussions.microsoft.com> wrote in
message news:26388180-C39F-4880...@microsoft.com...
Donald J. Lindstrom
Donald J. Lindstrom
Thanks to everyone of you who took the time to point me down the right
paths. I realize its been a couple weeks, and I apologize for the late
response given all of your help but I did want to let everyone know what the
outcome was. It turned out my primary ADC, the first server 2003, was in a
frs journal wrap condition.
http://support.microsoft.com/kb/292438
I ran the procedure using the registry change burflag=d4 option on my first
adc (2003 box). This resolved the journal wrap condition and then my server
2008 almost instantly had its sysvol shares advertised ! Further testing
netted good results - when the server2003 was turned off, my terminal server
sessions worked as well as exchange connnectivity via the 2nd ADC
(server2008)
Thanks Again everyone !
Isaac Oben [MCITP:EA, MCSE]
Good to hear problem is resolved and thanks for sharing your findings..
Isaac
"Donald J. Lindstrom" <DonaldJL...@discussions.microsoft.com> wrote in
message news:1175D860-02FB-498E...@microsoft.com...