We have two sites linked by a permanent VPN (using Cisco Pix firewalls). All traffic is allowed between the two sites over the VPN.
At Site1, we have a SBS2003 and an additional DC. No problems at that site.
At Site2, we want to add a DC. The server can join the domain fine, but on reboot and logon the server hangs for a long time on "Applying your personal settings". Removing the network cable allows the server to complete the logon, and can then be reconnected.
The server has a fixed IP and has its primary DNS set to be that of one of the servers in Site1 (have tried each one - same problem). Also set the WINS to point to the DC at Site1 that runs WINS, same problem.
I have run DCDIAG and NETDIAG on both DCs at Site1, all tests pass.
This seems to be a DNS error, but everything looks fine. Any help appreciated.
Additional error messages below - I'm pretty sure that they are all symptoms of the same problem though. Every few minutes, this error message pops up:
Naming information cannot be located because:
The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you.
Contact your system administrator to verify that your domain is properly configured and is currently online.
If we try to run DCPROMO, it gets so far then fails with:
The operation failed because:
CN=NTDS Settings,CN=DC03,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local on the remote domain controller DC02.DOMAIN.local. Ensure the provided network credentials have sufficient permissions.
"Could not find the domain controller for this domain."
There is also an error in the system log as follows (event ID 40960) which occurs after bootup:
The Security System detected an authentication error for the server cifs/serverho.FOCSA.local. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.