DC NetBIOS name impacting Group Policy
Posted on 2003-03-03
I'm having a problem with a recently promoted W2K Adv. server. Details are as follows:
Host name = EIT-AD1 (note the hyphen)
Domain = EITNY.INT
This machine was DCPROMO'd as the first server in the domain/tree/forest. AD was installed in pre-W2K compatibility mode. This is the only server in the domain.
On reboot following the DCPROMO the Application log was full of Error # 1000, source=UsrEnv and Error # 1001, source=SceCli. When I try to load a Group Policy I get the following error:
"Domain Controller not found for EITNY.INT
The Domain Controller for Group Policy operations is not available. You may cancel this operation for this session or retry using one of the following domain controller choices..."
Trying any of the three options presented fails with the following error:
"Group Policy error
Failed to find a domain controller. There may be a policy that prevents you from selecting another domain controller.
Details: A duplicate name exists on the network"
I ran DCDIAG.exe against the machine and found the following:
Starting test: Advertising
Warning: DsGetDcName returned information for \\eitad1.eitny.int, when we were trying to reach EIT-AD1.
Server is not responding or is not considered suitable.
So my thought is that in bringing the machine up in Pre-W2K compatibility mode the hyphen was removed from the host name, causing the share for the GP files to be lost. This seems to be supported by the following details from the 1001 errors in the App log:
Security policy cannot be propagated. Cannot access the template. Error code = 3.
I've checked the file system and the directories & files are present and correct. As you'll note above, AD is looking for the hostname that does not have the hyphen.
So, what to do? Due to the project schedule this domain is in production, so I don't have the luxury of blowing everything away and starting over. I've thought about bringing up another DC in the domain, DCPROMO'ing the affected machine down, renaming it minus the hyphen, and bringing it back up, but I'm afraid the same problem might be propogated to the second domain controller. I imagine there is some way to manually edit the error out of AD, but I think that is beyond what I'm capable of. Any thoughts on how to resolve this?