Problems with DNS and AD

I have set up two win2000 servers.  

192.168.0.1 server1 - Master DC
192.168.0.2 server2 - DC

I installed AD on both and DNS on both.  When both servers are running together, Active Directory tools take an extremely long time to initialise on Server1, and any operations take an equally long time to run. eg. double clicking on user to view properties.  Server2 AD tools seem fine.  When I run server1 only, AD tools are fine.  If I run both and then shut down server2 then AD tools take a long time to initialise but once initialised work fine until you stop using them for about a minute or so and then it takes a minute or two to come back online.

I thought this might be a problem with DNS.  I created the reverse lookup zones on both DNS servers.  This made no difference.

I would appreciate any help.

Regards

Andrew
LVL 1
a_j_halpinAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

XPerimentCommented:
How did you set up FSMO roles? By saying that server1 is Master DC you mean that it is the PDC Emulator? Any of them is a GC(Global Catalog)? From where is the DNS zone loaded: Active Directory and registry, registry or file?

As a suggestion: try seizing the FSMO role "Infrastructure Master" to server2.
0
BaddogCommented:
What network cards (NIC) are you using? Are you using a Hub or a Switch to connect the two servers?
Are both servers members of te same domain? Remember, in AD, all servers are equal and the AD database is replicated to the fellow DCs. If you installed the second DC properly, any changes made to DC1 will be replicated to DC2 including the DNS. Sounds like you may have improperly configured DC2.



BDog
0
a_j_halpinAuthor Commented:
both servers are in the same domain. lets call it domain.local for now. server1 was installed as the first DC so I presume it has all the FSMO roles.  the GC is on server1.  DNS is directory integrated. NICs are HP Netserver NIC's.  Nothing wrong with any network operations other than AD tools and performing operations on AD from server1.  Servers are replicating AD data correctly.

regards,

Andrew
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

XPerimentCommented:
Microsot recommendes that if more than 2 DC's are in a domain, the Infrastructure Master should not be on the GC(http://support.microsoft.com/default.aspx?scid=kb;EN-US;223346); therefore my initial suggestion remains. Beside that, you could run dcdiag.exe and netdiag.exe against your servers and see if they give you any clues regarding misconfiguration.
0
dePoPoCommented:
if you installed dns server on both, remove one of them, and point the second server to the dns of the first.

having two dns servers as primary for the same zone is not possible.
0
a_j_halpinAuthor Commented:
dePoPo,

i removed the DNS server from server2.  still no joy.  

xperiment, microsoft does not recommend you move the IM role from the GC server if you are in a single domain environment. see article Q223346 on technet.

I notice that when i ping an FQDN from server1 it takes ages to resolve, but if I ping a netbios name its fine.  This only enforces my belief that it is definitly a DNS problem.  I removed the DNS forward lookup zone and recreated it.  still no good.

Anyone any other ideas?

Regards

andrew
0
CleanupPingCommented:
a_j_halpin:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
juliancrawfordCommented:
No comment has been added lately, so it's time to clean up this TA.
I will leave the following recommendation for this question in the Cleanup topic area:

PAQ with points refunded

Please leave any comments here within the next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Julian Crawford
EE Cleanup Volunteer
0
Computer101Commented:
PAQed, with points refunded (495)

Computer101
E-E Admin
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.