Link to home
Start Free TrialLog in
Avatar of daxa78
daxa78

asked on

Active Directory Question... + hangs at Applying computer settings

Ok, here is the scenario.
I administer a server that has windows 2003 and ad installed the one and only DC.
A few months ago the computer "crashed" (networking stopped working, could boot the computer with no prob)  and i had to repair it using the Windows CD, and everything was working great again. The problem now is that the computer has gotten to the point where it takes 5 hours to boot (taken about 3 months).

When the server is up and running everthing works great but if i try to access the network connections the server freezes and i have to reboot (users are able to access files though).

What i will try now is to disable the onboad network card and install a new one.......  agreee/disagree input?

If that dont work i will uninstall the AD and install it again.. And create the users with exact same username and password.

Will the users than be able to connect to the server without having to join the domain again ?

I do not have a "good"  backup of the system state and therefore i cannot use directory repair mode.... or?

Thank you all...

 

Avatar of NJComputerNetworks
NJComputerNetworks
Flag of United States of America image

Check you DNS settings.  All clients and server should point to the Wiundows DC's IP address for DNS.

i.e.

server name: ServerWin2K3
IP: 10.10.10.5
Subnet: 255.255.255.0
Gateway: 10.10.10.1
DNS: 10.10.10.5

Client name : Client1
IP: 10.10.10.12
Subnet: 255.255.255.0
Gateway: 10.10.10.1
DNS: 10.10.10.5

Avatar of daxa78
daxa78

ASKER

Im aware of that and thats the clue i know 4 a fact using ipconfig that the ip to the isp provider is listed as dns server...

I honestly do not think it is a dns question since it has been like that 4 2 years running now.....

But im unable to change the ip settings..  But im changing the card now.

Yeah...must be setup like this:

i.e.

server name: ServerWin2K3
IP: 10.10.10.5
Subnet: 255.255.255.0
Gateway: 10.10.10.1
DNS: 10.10.10.5   <-- the DC server must be pointed ONLY to an internal DNS server so it can write AD information to DNS

Client name : Client1
IP: 10.10.10.12
Subnet: 255.255.255.0
Gateway: 10.10.10.1
DNS: 10.10.10.5  <-- clients must ONLY be pointed to internal Windows DNS server (not ISP) so that they can find AD information.

Once, you set the DNS internally, your problems will go away.
Avatar of daxa78

ASKER

The server and the clients all have the server as their first dns server.....

I could understand the concern if the isp dns server was listed as first dns server. But since that is not the case i would assume that the clients and the server probes the first dns server first or am i wrong?

I does not explain why it hangs when i try to access the network card and change the ip
hold up,, the ISP's dns server shouldn't be listed ANYWHERE on your network (other than on your DNS server as a forwarder)---follow NJ's advice, it is good advice and the setup recommended by MS.  There is no need what-so-ever to have your ISP's dns server listed there.... all that will do is screw up AD, which you are finding out.

Avatar of daxa78

ASKER

I have no intention of not following NJ's advice. I just asked a basic question i hope i did not offend anybody.
 
no problem..

>>I does not explain why it hangs when i try to access the network card and change the ip
what hangs exacly, that is the first time you mention hanging when you are actually changing the IP.
Avatar of daxa78

ASKER

The compuer just freezes. I click on start then controlpanel then if i try to click on network connections the computer just freezes up totally..

Still waiting for the computer to boot so that i can install the drivers and setup with the correct ip settings and see how it functions then..

Anybody got anything on this one?

What if i uninstall the AD and install it again.. And create the users with exact same username and password.

Will the users than be able to connect to the server without having to join the domain again ?
"What if i uninstall the AD and install it again.. And create the users with exact same username and password.
Will the users than be able to connect to the server without having to join the domain again ? "

Answer = No

all computer accounts will need to be re-joined to the domain...even though the domain looks the same...technically it is a NEW different domain.


NJ is right on that one,,, the SID (Security IDs) will be different and nobody will be able to log in.

the computer locking thing is a workstation issue anyway, so doing anything in/to AD will have no effect on it.
does it do that when you are logged on as a local administrator?  if so that proves it is a workstation issue.
Avatar of daxa78

ASKER

it was a long shoot :-)

So since I do not have a "good"  backup of the system state and therefore i cannot use directory repair mode either.... or?

Avatar of daxa78

ASKER

oki so im left with formating the server ?
Avatar of daxa78

ASKER

windows installer wont start so i can not install a new nic
i might have misunderstood,,,, i was under the impression we were talking about a workstation,,,, are you having problems logging into the Domain Controller itself?  is it your only DC?
Avatar of daxa78

ASKER

Oki ic
Nope it is a server. Now i have been able to install a new network adapter and im now restarting the server with only
it self as the dns server like u, njc and ms said and i will edit the dhcp scope so that the users only has the server as dns server. Crossing my fingers here fellas.. I would hate to have to reinstall the server...

Sorry if you think im posting to much here..
Avatar of daxa78

ASKER

The server is still at "applying computer settings" it has now been over 45 minutes....

Where is McGyver when we need him :-)
ASKER CERTIFIED SOLUTION
Avatar of gsgi
gsgi
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of daxa78

ASKER

It has never been a problem before.... I do have a APC 700 though ;-) U seen it before ?
About 50 times since 7/27/05.  The certificate in the old java runtime expired.
Avatar of daxa78

ASKER

Nice im now at the client it is 1 o clock at night...Doing 1 jo  Pressing ctrl alt delete and writing the pw.. :-D It is now applying computer  running for the second time... since i logged on,  in an hour it is ready 4 use.
By then im a sleep. Hope you are right... Thanx Check in on it when i get back tomorrow..

Thanks so far.


A KB released from M$
http://www.kbalertz.com/redir.aspx?kbs=193591

Copied from my last post: -

This problem started because you reboot your server. After reboot the service with Java RunTime Components are re-initialized. If components expired then this will happen. Last week we have received many queries regarding this and trying to solve all the problems related to this.

The options are: -

_To upgrade to a latest version (7)
_To stop APC PBE service from services.msc snap-in.
_To uninstall PowerChute in Safe Mode.

Copied from my post: -

A number of questions have been posted for "Apply Computer Settings" and Services not running or hang and this is because of APC PBE agent was trying to start (relates to the UPS, which is no longer attached to the server). So please disable this service your server should work properly. We had a conversation with M$ guys and they said that they are going to put a patch and a KB desribing the fault, on their web site. Keep yourself updated with MS guys and recent news on it.

A note from FE: - (Thanks to him)

Here is the notice I received from my MS-MVP group on Thursday regarding this:  (sure is nice to be an MVP!)

Heads up about APC software and Servers stuck on applying computer settings
Posted on Thursday, July 28, 2005 4:52 PM
In order for PowerChute Business Edition to remain functional, users must
upgrade to any version of 7.x. Due to expiration of the Sun Java Runtime
Environment certificate, versions 6.x of PowerChute Business Edition will
cease to operate normally as of July 27, 2005. Failure to upgrade will
result in PowerChute Business Edition no longer providing monitoring and


************READ THIS CAREFULLY THIS SAYS THAT YOU DO NOT NEED TO RESTART THE COMPUTER*****************

After lengthy reasearch by an associate, here is the problem and the fix:

I researched the Microsoft and APC (and SUN) site and found the REAL cause of the problem.
Here it is:
1. Impact
The Java Cryptography Extension (JCE) 1.2.1 is an optional package for J2SE 1.2.x and 1.3.x that provides a framework and implementations for encryption, key generation, key agreement, and Message Authentication Code (MAC) algorithms. The digital certificate that was used to sign the JCE 1.2.1 jar files will expire on July 27, 2005, after which the product will no longer function.
2. Contributing Factors
This issue can occur in the following release:
Java Cryptography Extension (JCE) 1.2.1 (for J2SE 1.2.x and 1.3.x)
Notes:
JCE 1.2.1 is at "End of Service Life" (EOSL), and is no longer supported. JCE 1.2.1 was EOSL'ed in 2002 when JCE 1.2.2 was released.
The JCE that is integrated into J2SE 1.4 and later is not affected by this issue. This Sun Alert is specific to JCE 1.2.1, which is an optional package for use with J2SE 1.2.x. and 1.3.x (JCE 1.2.1 is not bundled with J2SE 1.2.x and 1.3.x).
3. Symptoms
After the expiration date, code calling into JCE 1.2.1 will fail with symptoms similar to the following:
   [xxxxxx@xxxxxx] 258 >java BlowfishKey
   Exception in thread "main" java.lang.ExceptionInInitializerError:
   java.lang.SecurityException: Cannot set up certs for trusted CAs
        at javax.crypto.b.<clinit>([DashoPro-V1.2-120198])
        at javax.crypto.KeyGenerator.getInstance([DashoPro-V1.2-120198])
Solution Summary Top
4. Relief/Workaround
There is no workaround. Please see the "Resolution" section below.
5. Resolution
This issue is addressed in the following releases:
Java Cryptography Extension (JCE) 1.2.2 (for J2SE 1.2.x and 1.3.x)
which is available at:
http://java.sun.com/products/jce/index-122.html
JCE in J2SE 1.4 and later
which is available at:
http://java.sun.com/j2se/1.4.2/download.html and http://java.sun.com/j2se/1.5.0/download.jsp

After downloading the patch, everything -Including Backup Exec - was back to normal.
 
Comment from SystmProg
Date: 08/03/2005 07:47PM LKT
 Your Comment  

>>>After downloading the patch, everything -Including Backup Exec - was back to normal.

Did you restart your computer after downloading the patch for this problem?

Thanks

Comment from beyondt
Date: 08/03/2005 10:31PM LKT
 Author Comment  

This was done my an associate of mine and he said that instead of installing the patch, he ran the update from the APC site. http://apc.com/index.cfm.  It updates PowerChute Business Edition 6.0 to 7.0.  He indicated that a reboot was not needed.

**********END THIS************

Thanks
SystmProg
Are you not getting any errors logged in  the event viewer?  It should be putting something there.
Avatar of daxa78

ASKER

The APC services was the sole reason thank you all for the input.

GSGI got it right :-)  Ohh Yes....