MARS822
asked on
DC NetBIOS name impacting Group Policy
I'm having a problem with a recently promoted W2K Adv. server. Details are as follows:
Host name = EIT-AD1 (note the hyphen)
Domain = EITNY.INT
This machine was DCPROMO'd as the first server in the domain/tree/forest. AD was installed in pre-W2K compatibility mode. This is the only server in the domain.
On reboot following the DCPROMO the Application log was full of Error # 1000, source=UsrEnv and Error # 1001, source=SceCli. When I try to load a Group Policy I get the following error:
"Domain Controller not found for EITNY.INT
The Domain Controller for Group Policy operations is not available. You may cancel this operation for this session or retry using one of the following domain controller choices..."
Trying any of the three options presented fails with the following error:
"Group Policy error
Failed to find a domain controller. There may be a policy that prevents you from selecting another domain controller.
Details: A duplicate name exists on the network"
I ran DCDIAG.exe against the machine and found the following:
NetLogons
Starting test: Advertising
Warning: DsGetDcName returned information for \\eitad1.eitny.int, when we were trying to reach EIT-AD1.
Server is not responding or is not considered suitable.
So my thought is that in bringing the machine up in Pre-W2K compatibility mode the hyphen was removed from the host name, causing the share for the GP files to be lost. This seems to be supported by the following details from the 1001 errors in the App log:
Security policy cannot be propagated. Cannot access the template. Error code = 3.
\\eitny.int\sysvol\eitny.i nt\Policie s\{31B2F34 0-016D-11D 2-945F-00C 04FB984F9} \Machine\M icrosoft\W indows NT\SecEdit\GptTmpl.inf.
I've checked the file system and the directories & files are present and correct. As you'll note above, AD is looking for the hostname that does not have the hyphen.
So, what to do? Due to the project schedule this domain is in production, so I don't have the luxury of blowing everything away and starting over. I've thought about bringing up another DC in the domain, DCPROMO'ing the affected machine down, renaming it minus the hyphen, and bringing it back up, but I'm afraid the same problem might be propogated to the second domain controller. I imagine there is some way to manually edit the error out of AD, but I think that is beyond what I'm capable of. Any thoughts on how to resolve this?
TIA
Michael
Host name = EIT-AD1 (note the hyphen)
Domain = EITNY.INT
This machine was DCPROMO'd as the first server in the domain/tree/forest. AD was installed in pre-W2K compatibility mode. This is the only server in the domain.
On reboot following the DCPROMO the Application log was full of Error # 1000, source=UsrEnv and Error # 1001, source=SceCli. When I try to load a Group Policy I get the following error:
"Domain Controller not found for EITNY.INT
The Domain Controller for Group Policy operations is not available. You may cancel this operation for this session or retry using one of the following domain controller choices..."
Trying any of the three options presented fails with the following error:
"Group Policy error
Failed to find a domain controller. There may be a policy that prevents you from selecting another domain controller.
Details: A duplicate name exists on the network"
I ran DCDIAG.exe against the machine and found the following:
NetLogons
Starting test: Advertising
Warning: DsGetDcName returned information for \\eitad1.eitny.int, when we were trying to reach EIT-AD1.
Server is not responding or is not considered suitable.
So my thought is that in bringing the machine up in Pre-W2K compatibility mode the hyphen was removed from the host name, causing the share for the GP files to be lost. This seems to be supported by the following details from the 1001 errors in the App log:
Security policy cannot be propagated. Cannot access the template. Error code = 3.
\\eitny.int\sysvol\eitny.i
I've checked the file system and the directories & files are present and correct. As you'll note above, AD is looking for the hostname that does not have the hyphen.
So, what to do? Due to the project schedule this domain is in production, so I don't have the luxury of blowing everything away and starting over. I've thought about bringing up another DC in the domain, DCPROMO'ing the affected machine down, renaming it minus the hyphen, and bringing it back up, but I'm afraid the same problem might be propogated to the second domain controller. I imagine there is some way to manually edit the error out of AD, but I think that is beyond what I'm capable of. Any thoughts on how to resolve this?
TIA
Michael
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I will leave a recommendation in the Cleanup topic area that this question is to:
Points split between MSGeek, SysExpert and Netman66
Please leave any comments here within the next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
Paul
EE Cleanup Volunteer