Solved

Active Directory and Bind Issues

Posted on 2007-12-05
7
432 Views
Last Modified: 2012-05-05
I have two Active Directory Server, who were working off a Bind DNS Server Ver 9.2. Recently we had to redo one of the Active Directory servers, with change in IP etc and Change in name. After this it seems that outlook does not seem to send request to the second directory controller and all the client around 2500 seen to connect to only one active directory server. I think it is a bind related issue. Please advise as to what i should start looking for.
0
Comment
Question by:hctdwc
  • 4
  • 3
7 Comments
 
LVL 13

Expert Comment

by:Kini pradeep
Comment Utility
check whether the Dc is also a Global catalog server.
If the Dc is also a GC, you could enter the SRV record for the GC on the Bind server.
refer to: http://www.microsoft.com/technet/archive/interopmigration/linux/mvc/cfgbind.mspx?mfr=true
Hope it helps,
0
 

Author Comment

by:hctdwc
Comment Utility
Hi,  Thanks for the quick reply. where should this entry go on the DNS gc._msdcs.ad.mydom.com  SRV  0 0 3268 dc1.ad.mydom.com. Should this go under _msdcs or _sites.

 
0
 
LVL 13

Expert Comment

by:Kini pradeep
Comment Utility
The GC recoed should Ideally go under sites ---> site name ---> -Tcp.
Not sure about Bind, never used Unix based DNS servers.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:hctdwc
Comment Utility
Thanks again. I have enabled both my DC's to be GC's.  I can see the entry on the _sites files on DNS. Any more tips. Please
0
 
LVL 13

Accepted Solution

by:
Kini pradeep earned 125 total points
Comment Utility
The other things i can think of is
1. check whether the GC role is advertised.
run Dcdiag /v >dcdiag.txt
open the dcdiag.txt and check whether its advertising as a GC.
nltest /dsgetdc: servername.domainname.com/gc
see if it returns the GC flag.
nltset and Dcdiag are part of the windows 2003 support tools.
0
 

Author Comment

by:hctdwc
Comment Utility
please find DCDIAG results, i thought it looked good.

Domain Controller Diagnosis

Performing initial setup:
   * Verifying that the local machine ads1, is a DC.
   * Connecting to directory service on server ads1.
   * Collecting site info.
   * Identifying all servers.
   * Identifying all NC cross-refs.
   * Found 3 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\ADS1
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         ......................... ADS1 passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\ADS1
      Starting test: Replications
         * Replications Check
         * Replication Latency Check
            CN=Schema,CN=Configuration,DC=xx,DC=xx,DC=xx,DC=xx
               Latency information for 23 entries in the vector were ignored.
                  23 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Configuration,DC=xxx,DC=xxx,DC=xxx,DC=xxx
               Latency information for 23 entries in the vector were ignored.
                  23 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=xxx,DC=xxx,DC=xxx,DC=xxx
               Latency information for 23 entries in the vector were ignored.
                  23 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
         ......................... ADS1 passed test Replications
      Test omitted by user request: Topology
      Test omitted by user request: CutoffServers
      Starting test: NCSecDesc
         * Security Permissions check for all NC's on DC ADS1.
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=xxx,DC=xxx,DC=xxx,DC=xxx
            (Schema,Version 2)
         * Security Permissions Check for
           CN=Configuration,DC=xxx,DC=xxx,DC=xxx,DC=xxx
            (Configuration,Version 2)
         * Security Permissions Check for
           DC=xxx,DC=xxx,DC=xxx,DC=xxx
            (Domain,Version 2)
         ......................... ADS1 passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         Verified share \\ADS1\netlogon
         Verified share \\ADS1\sysvol
         ......................... ADS1 passed test NetLogons
      Starting test: Advertising
         The DC ADS1 is advertising itself as a DC and having a DS.
         The DC ADS1 is advertising as an LDAP server
         The DC ADS1 is advertising as having a writeable directory
         The DC ADS1 is advertising as a Key Distribution Center
         The DC ADS1 is advertising as a time server
         The DS ADS1 is advertising as a GC.
         ......................... ADS1 passed test Advertising
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=ADS1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xxx,DC=xxx,DC=xxx,DC=xxx
         Role Domain Owner = CN=NTDS Settings,CN=ADS1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xxx,DC=xxx,DC=xxx,DC=xxx
         Role PDC Owner = CN=NTDS Settings,CN=ADS1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xxx,DC=xxx,DC=xxx,DC=xxx
         Role Rid Owner = CN=NTDS Settings,CN=ADS1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xxx,DC=xxx,DC=xxx,DC=xxx
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=ADS1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xxx,DC=xxx,DC=xxx,DC=xxx
         ......................... ADS1 passed test KnowsOfRoleHolders
      Starting test: RidManager
         * Available RID Pool for the Domain is 42600 to 1073741823
         * ads1.xxx.xxx.xxx.xxx is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 41600 to 42099
         * rIDPreviousAllocationPool is 41600 to 42099
         * rIDNextRID: 41712
         ......................... ADS1 passed test RidManager
      Starting test: MachineAccount
         Checking machine account for DC ADS1 on DC ADS1.
         * SPN found :LDAP/ads1.xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx
         * SPN found :LDAP/ads1.xxx.xxx.xxx.xxx
         * SPN found :LDAP/ADS1
         * SPN found :LDAP/ads1.xxx.xxx.xxx.xxx/DWC
         * SPN found :LDAP/f9fabf0f-e075-49dc-98e4-9ce0402a2be1._msdcs.xxx.xxx.xxx.xxx
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/f9fabf0f-e075-49dc-98e4-9ce0402a2be1/xxx.xxx.xxx.xxx
         * SPN found :HOST/ads1.xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx
         * SPN found :HOST/ads1.xxx.xxx.xxx.xxx
         * SPN found :HOST/ADS1
         * SPN found :HOST/ads1.xxx.xxx.xxx.xxx/DWC
         * SPN found :GC/ads1.xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx
         ......................... ADS1 passed test MachineAccount
      Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... ADS1 passed test Services
      Test omitted by user request: OutboundSecureChannels
      Starting test: ObjectsReplicated
         ADS1 is in domain DC=xxx,DC=xxx,DC=xxx,DC=xxx
         Checking for CN=ADS1,OU=Domain Controllers,DC=xxx,DC=xxx,DC=xxx,DC=xxx in domain DC=xxx,DC=xxx,DC=xxx,DC=xxx on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=ADS1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xxx,DC=xxx,DC=xxx,DC=xxx in domain CN=Configuration,DC=xxx,DC=xxx,DC=xxx,DC=xxx on 1 servers
            Object is up-to-date on all servers.
         ......................... ADS1 passed test ObjectsReplicated
      Starting test: frssysvol
         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... ADS1 passed test frssysvol
      Starting test: frsevent
         * The File Replication Service Event log test
         ......................... ADS1 passed test frsevent
      Starting test: kccevent
         * The KCC Event log test
         Found no KCC errors in Directory Service Event log in the last 15 minutes.
         ......................... ADS1 passed test kccevent

 Test omitted by user request: VerifyReplicas
      Starting test: VerifyReferences
         The system object reference (serverReference)

         CN=ADS1,OU=Domain Controllers,DC=xxx,DC=xxx,DC=xxx,DC=xxx and backlink

         on

         CN=ADS1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xxx,DC=xxx,DC=xxx,DC=xxx

         are correct.
         The system object reference (frsComputerReferenceBL)

         CN=ADS1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=xxx,DC=xxx,DC=xxx,DC=xxx

         and backlink on

         CN=ADS1,OU=Domain Controllers,DC=xxx,DC=xxx,DC=xxx,DC=xxx are correct.
         The system object reference (serverReferenceBL)

         CN=ADS1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=xxx,DC=xxx,DC=xxx,DC=xxx

         and backlink on

         CN=NTDS Settings,CN=ADS1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xxx,DC=xxx,DC=xxx,DC=xxx

         are correct.
         ......................... ADS1 passed test VerifyReferences
      Test omitted by user request: VerifyEnterpriseReferences
      Test omitted by user request: CheckSecurityError
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : dwc
      Starting test: CrossRefValidation
         ......................... dwc passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... dwc passed test CheckSDRefDom
   
   Running enterprise tests on : xxx.xxx.xxx.xxx
      Starting test: Intersite
         Skipping site Default-First-Site-Name, this site is outside the scope

         provided by the command line arguments provided.
         ......................... xxx.xxx.xxx.xxx passed test Intersite
      Starting test: FsmoCheck
         GC Name: \\ads1.xxx.xxx.xxx.xxx
         Locator Flags: 0xe00003fd
         PDC Name: \\ads1.xxx.xxx.xxx.xxx
         Locator Flags: 0xe00003fd
         Time Server Name: \\ads1.xxx.xxx.xxx.xxx
         Locator Flags: 0xe00003fd
         Preferred Time Server Name: \\ads1.xxx.xxx.xxx.xxx
         Locator Flags: 0xe00003fd
         KDC Name: \\ads1.xxx.xxx.xxx.xxx
         Locator Flags: 0xe00003fd
         ......................... xxx.xxx.xxx.xxx passed test FsmoCheck
      Test omitted by user request: DNS
      Test omitted by user request: DNS
0
 

Author Closing Comment

by:hctdwc
Comment Utility
thanks for this
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

I'm sure that every Windows systems administrator has written, or at least used, a batch or VBS login script at some point in their career, whether it is to map network drives, install printers, or set some user preferences.  No more! With Window…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now