Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 486
  • Last Modified:

*slow* (10 minutes!) server statup up

Hi

I have two Windows 2003 SP1 servers, that seem to work fine together but if I need to shut them down, booting them back up together takes nearly ten minutes!

Rebooting either one whilst the other is powered on is fine.

These are both domain controllers and Terminal Servers.

Network config is...

Server 1
ts1.pjtifzpatrick.local
IP: 192.168.1.211
SUBNET: 255.255.255.0
GATEWAY: 192.168.1.254
DNS: 192.168.1.211
DNS: 192.168.1.212

Server 2
ts2.pjtifzpatrick.local
IP: 192.168.1.212
SUBNET: 255.255.255.0
GATEWAY: 192.168.1.254
DNS: 192.168.1.212
DNS: 192.168.1.211

I get the following errors in my event log...

--------------------------------------------------------------------------------
Event Type:      Error
Event Source:      NTDS Replication
Event Category:      DS RPC Client
Event ID:      2087
Date:            12/04/2005
Time:            14:53:18
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      TS1
Description:
Active Directory could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources.
 
Source domain controller:
 ts2
Failing DNS host name:
 44c5d7a0-3efd-4bbd-9051-b2988caf3049._msdcs.pjfitzpatrick.local
 
NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour period, even if more than 10 failures occur.  To log all individual failure events, set the following diagnostics registry value to 1:
 
Registry Path:
HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client
 
User Action:
 
 1) If the source domain controller is no longer functioning or its operating system has been reinstalled with a different computer name or NTDSDSA object GUID, remove the source domain controller's metadata with ntdsutil.exe, using the steps outlined in MSKB article 216498.
 
 2) Confirm that the source domain controller is running Active directory and is accessible on the network by typing "net view \\<source DC name>" or "ping <source DC name>".
 
 3) Verify that the source domain controller is using a valid DNS server for DNS services, and that the source domain controller's host record and CNAME record are correctly registered, using the DNS Enhanced version of DCDIAG.EXE available on http://www.microsoft.com/dns 
 
  dcdiag /test:dns
 
 4) Verify that that this destination domain controller is using a valid DNS server for DNS services, by running the DNS Enhanced version of DCDIAG.EXE command on the console of the destination domain controller, as follows:
 
  dcdiag /test:dns
 
 5) For further analysis of DNS error failures see KB 824449:
   http://support.microsoft.com/?kbid=824449
 
Additional Data
Error value:
 11004 The requested name is valid, but no data of the requested type was found.


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

--------------------------------------------------------------------------------
Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4004
Date:            12/04/2005
Time:            07:35:11
User:            N/A
Computer:      TS2
Description:
The DNS server was unable to complete directory service enumeration of zone ..  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00               *#..    
--------------------------------------------------------------------------------


This is really bothering me, any information much appreciated.

Thanks




Gareth
0
localgareth
Asked:
localgareth
  • 3
  • 2
1 Solution
 
localgarethAuthor Commented:
I have this too :-S


--------------------------------------------------------------------------------
Event Type:      Warning
Event Source:      NTDS Replication
Event Category:      Replication
Event ID:      2092
Date:            12/04/2005
Time:            15:51:46
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      TS1
Description:

This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role.
 
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
 
FSMO Role: CN=Schema,CN=Configuration,DC=pjfitzpatrick,DC=local
 
User Action:
 
1. Initial synchronization is the first early replications done by a system as it is starting. A failure to initially synchronize may explain why a FSMO role cannot be validated. This process is explained in KB article 305476.
2. This server has one or more replication partners, and replication is failing for all of these partners. Use the command repadmin /showrepl to display the replication errors.  Correct the error in question. For example there maybe problems with IP connectivity, DNS name resolution, or security authentication that are preventing successful replication.
3. In the rare event that all replication partners being down is an expected occurance, perhaps because of maintenance or a disaster recovery, you can force the role to be validated. This can be done by using NTDSUTIL.EXE to seize the role to the same server. This may be done using the steps provided in KB articles 255504 and 324801 on http://support.microsoft.com.
 
The following operations may be impacted:
Schema: You will no longer be able to modify the schema for this forest.
Domain Naming: You will no longer be able to add or remove domains from this forest.
PDC: You will no longer be able to perform primary domain controller operations, such as Group Policy updates and password resets for non-Active Directory accounts.
RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups.
Infrastructure: Cross-domain name references, such as universal group memberships, will not be updated properly if their target object is moved or renamed.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 
vtsincCommented:
Sounds like a service startup timing issue.  Maybe try setting the netlogon service to depend on the DNS service.  Failing that, also try setting the server to point to itself as primary DNS, and the other as secondary.

Hope this helps...\
Mike
0
 
localgarethAuthor Commented:
Hi Mike

I'll try setting some dependancies for the services starting.

In Server 1 TCP/IP properties of the network card, the first DNS entry is already its LAN ip address, with Server 2 IP address as a secondary.

In Server 2 TCP/IP properties of the network card, the first DNS entry is already its LAN ip address, with Server 1 IP address as a secondary.

Is this correct? I have another post about DFS and file replication and someone said my TCP/IP config on NIC's is in correct.....  http://www.experts-exchange.com/Storage/Q_21386227.html


Thanks




Gareth



0
 
vtsincCommented:
Gareth,

That looks fine (DNS-wise).  I have seen the dependencies issue quite a bit - if I can dig up a past article on this I'll post it.
0
 
vtsincCommented:
Here's a pretty good article related to the startup dependencies.

http://www.petri.co.il/delay_services_in_windows_2000_xp_2003.htm

Mike
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now