Solved

Communication Failure on Windows 2000 Network between servers and servers and work stations.

Posted on 2004-09-30
11
226 Views
Last Modified: 2010-03-18
I am working on a Windows 2000 Network that has 3 windows 2000 servers and 20 windows 2000 workstations.  The servers 1, 2, and 3 are not all communicating.  Server 1 can not communicate to servers 2 and 3.  Servers 2 and 3 can communicate with each other.  Both DNS and WINS are running on server 1.  On server 1 itself is listed as the primary DNS and primary WINS.  On server 2 and 3 the IP address of server 1 is listed for the primary DNS and primary WINS.  You can ping all servers from all other servers.  I have verified the above settings.  I have verified the server service is running.  I am not sure what the next step should be.  The OS is fully patched.

Other symptoms to this problem is that some of the workstations appear to login and authenticate to server 1 and some to server 2 or 3.  This is noted becuase some users can log in and gain access to the resources on server 1 and some can gain access to the resources on server 2 and 3.  This seems to be machine based not user based.  I have checked the workstation to make sure the host file does not have entries relevant to this network.  The host file does contain two entries that helps a software program Reflections connect to a remote system accross a point to point connection to another company.  Things to note:  1.  If servers 2 and 3 are shutdown and you attempt to login you get a message that their is no domain controller.  2.  If server 1 is shutdown and you try to login you get a message that the computer account is invalid.  3.  If all 3 servers are running then the computers seem to split themselves between 1 and 2 & 3.

I have not been able to find a pattern to this problem except that it seems to center around the communication between the servers.
0
Comment
Question by:ctunks
  • 6
  • 5
11 Comments
 
LVL 18

Expert Comment

by:crissand
ID: 12199999
All servers are domain controllers? I guess the answer is yes. From the information you provided I see server 1 beeing the global catalog.

I don't know what exactly is the problem. The logon authentication from different domain controller is ok, and that shows that the servers comunicate very well.

For diagnosing deeper, I have to know something more:

Are all the servers in the same network? Are all in the same site? Are all domain controllers? Are all workstations in the same network? Do you run dhcp? If yes, what is the scope? Are workstations joined to the domain? The user accounts are in the domain, or local?

0
 

Author Comment

by:ctunks
ID: 12200109
Are all the servers in the same network? ...Yes
Are all in the same site?...Yes
Are all domain controllers?...Yes (but how would I be sure?)
Are all the workstations in the same network?...Yes
Do you run dhcp?...No.  All Ip's are static.
Are workstations joined to the domain?...Yes (they all have machine accounts)
The user accounts are in the doman?...Yes (the only local accounts on the PC's is Administrator for local diagnostic access; all users log in using the user name and specifying the domain.)

Thanks for the help.

0
 
LVL 18

Expert Comment

by:crissand
ID: 12200185
Are all domain controllers?...Yes (but how would I be sure?)
Active directory users and computer/Domain controllers OU.
0
 

Author Comment

by:ctunks
ID: 12200630
Yes they are all listed in the Domain Controllers OU.

Thanks
0
 
LVL 18

Expert Comment

by:crissand
ID: 12200704
Now, can you explain what do you mean by users gain access to resources on one server or another? My guess is that the access to shares is administrator's tasks.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:ctunks
ID: 12201180
Ok.  Plus I have a new update Sorry!
Server 1 has all 3 servers listed in the Domain Controllers OU
Server 2 does not have a Domain Controllers OU
Server 3 has all 3 servers listed in the Domain Controllers OU
Both Servers 1 and 3 have a server (we will call it 4) listed. This is a server that has not been connected to the network for over 1 year.

Users accessing resources?

I have 2 workstations located next to each other.  If I have different users log into these computers.  One user will be able to access all the network shares on server 1 and not server 2 and 3.  The other user will login and see all the network shares on server 2 and 3 and not on server 1.  If they switch work stations and login they get the same.  If the work stations are rebooted a number of times the work stations will switch what they see back and forth but it is alway in the pattern of what ever can see 1 can not see 2 and 3 and what ever can see 2 and 3 can not see 1.

Thanks.
0
 
LVL 18

Expert Comment

by:crissand
ID: 12201390
The problem seems to be in active directory information not replicating between servers. As administrator, delete the server number 4, from server 1, using active directory.

Then go to Active directory sites and services and force a replication between servers, from server 1 to the others.
0
 

Author Comment

by:ctunks
ID: 12202737
In attempting to delete Server 4 this is the message I am getting:

"The DSA object cannot be deleted".

Have I missed a step?

0
 

Author Comment

by:ctunks
ID: 12203772
When deleting server 4; I could not delete the server from Active Directory Computers and Users.  When I went into Active DIrectory Sites and Services I found the name of a server 5 (another old server that has not been in the building for over 1 year.)  I then deleted server 5 but there was no record of server 4.  Server 4 remains listed in the Active Directory as a PDC. (note error above)

When I went to Active Directory Sites and Services I received the following error messages.  I was logged in to server 1.

When I selected Replicate now for Server 3:

The following error occurred during the attempt to synchronize the domain controllers:  Access is denied.

WHen I selected Replicate now for Server 2:

The following error occurred during the attempt to synchronize the domain controllers:  The naming context is in the process of being removed or is not replicated from the specified server
0
 
LVL 18

Accepted Solution

by:
crissand earned 500 total points
ID: 12225991
These are no good news. Looks like the old server no 4 was the PDC emulator and it was removed without transfering it's role to another server.

Go to server 1 and force it to be pdc emulator. Run ntdsutil. Roles/connections/connect to server server1/quit/seize PDC/quit. This is the sequence of commands.

But now I recommend to see the situations of fsmo roles. Use netdom and type

netdom query fsmo.

The lsit of roles must be like:

Schema owner      
Domain role owner
PDC role
RID pool manager
Infrastructure owner

If one role is assigned to a offline server, you must seize it's role to one of the existing servers.

If you don't use netdom download and use dumpfsmos.cmd from microsoft: http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/dumpfsmos-o.asp

I hope the relationship within the domain will then be fixed.
0
 

Author Comment

by:ctunks
ID: 12396005
Thank you for your help.
0

Featured Post

Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

Join & Write a Comment

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This video discusses moving either the default database or any database to a new volume.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now