expertblr
asked on
Active Directory - Issues
Hi,
We have couple of AD Issues.. Like we do have Additional Domain Controller in our location windows 2003 server with SP1 and clients Win XP SP2.
Here by i am list out the issues..
1) Unable to join to domain.
2) Inbetween network resources will be unavalaible ( Event id 40961).
3) User cant change the Windows Password ( Error Message: You have no permission to change the password).
4) Taking long time for login to the windows.
5) If users lock the system and try to login after some time, they wont be able to login. (Error Message: User not found).
Like this daily we are facing one or the other issue. For resloving this we are installing this patch
Windows XP KB-885887-x86-ENU.exe on the pc's in which we are facing these issues..
After installing this patch everything works fine and after 2 days again the problem persists.
For couple of above mentioned issues we need to disjoin and rejoin the pc's to domain.
But is there any permanent solution for this....
Pls let me know.
We have couple of AD Issues.. Like we do have Additional Domain Controller in our location windows 2003 server with SP1 and clients Win XP SP2.
Here by i am list out the issues..
1) Unable to join to domain.
2) Inbetween network resources will be unavalaible ( Event id 40961).
3) User cant change the Windows Password ( Error Message: You have no permission to change the password).
4) Taking long time for login to the windows.
5) If users lock the system and try to login after some time, they wont be able to login. (Error Message: User not found).
Like this daily we are facing one or the other issue. For resloving this we are installing this patch
Windows XP KB-885887-x86-ENU.exe on the pc's in which we are facing these issues..
After installing this patch everything works fine and after 2 days again the problem persists.
For couple of above mentioned issues we need to disjoin and rejoin the pc's to domain.
But is there any permanent solution for this....
Pls let me know.
Last Comment
If your client is pointing to the right internal DNS server ,then on the server run the command "netdom query FSMO" (without quotes).
This command runs if support toools are installed on the server.
if after running this query you see that its your server is mentioned as the FSMO server then move to step2.
Step2:
Run Netdiag and dcdiag on server and look for DNS errors in it.Paste the errors here if the dns is a error in netdiag.
Step3:
Also look if is there any time difference between the DC and the client,if the time and zones are different then the above issues can happen.
This command runs if support toools are installed on the server.
if after running this query you see that its your server is mentioned as the FSMO server then move to step2.
Step2:
Run Netdiag and dcdiag on server and look for DNS errors in it.Paste the errors here if the dns is a error in netdiag.
Step3:
Also look if is there any time difference between the DC and the client,if the time and zones are different then the above issues can happen.
ASKER
Hi,
I think DNS wont be a issue, but i am not sure.
I did netdom query FSMO it successfullly finish showing all the roles, but my additional domain controller name was not mentioned in that.
and i cant run netdiag..
In dcdiag i found errors...
Testing server: IN-ABN\INABNAD01
Starting test: Replications
[Replications Check,INABNAD01] DsReplicaGetInfoW(PENDING_
d with error 8453,
Replication access was denied..
......................... INABNAD01 failed test Replications
There is no time difference between AD and clients..
I think DNS wont be a issue, but i am not sure.
I did netdom query FSMO it successfullly finish showing all the roles, but my additional domain controller name was not mentioned in that.
and i cant run netdiag..
In dcdiag i found errors...
Testing server: IN-ABN\INABNAD01
Starting test: Replications
[Replications Check,INABNAD01] DsReplicaGetInfoW(PENDING_
d with error 8453,
Replication access was denied..
......................... INABNAD01 failed test Replications
There is no time difference between AD and clients..
I think DNS wont be a issue, but i am not sure.
That's why I asked you to post the information... the fiailed DCDIAG could be because of misconfigured DNS as well. 90% of problems like you experience are caused by misconfigured DNS. Is there a reason you didn't bother posting the information I requested?
That's why I asked you to post the information... the fiailed DCDIAG could be because of misconfigured DNS as well. 90% of problems like you experience are caused by misconfigured DNS. Is there a reason you didn't bother posting the information I requested?
ASKER
Yes,
I cant run the netdiag as it will take time and central team may ask why?????
Or might be the Primary DNS which i am pointing, that DNS server might be having some problem right???? How to check in that any way or should i have to run the same commands on the Primary and Secondary DNS Servers which i have assigned to my PC's
I cant run the netdiag as it will take time and central team may ask why?????
Or might be the Primary DNS which i am pointing, that DNS server might be having some problem right???? How to check in that any way or should i have to run the same commands on the Primary and Secondary DNS Servers which i have assigned to my PC's
This seems to be a replication issue,cause could be misconfigured DNS or tombstoned DC(a dc which has not replicated since 60 days may be switched off or down for any reason)
http://support.microsoft.com/kb/329860
Run Netdiag and DCdiag on both the server and paste the FAILED ones and use replmon and check the replication between the 2 servers.
Thanks
http://support.microsoft.com/kb/329860
Run Netdiag and DCdiag on both the server and paste the FAILED ones and use replmon and check the replication between the 2 servers.
Thanks
ASKER
hi,
I did both the things and i am not seeing any errors
In my laptop i saw that dnsserver.exe process is running (more than 2 or 3) i got a patch for the same Winxp KB 917953. After installing i have not faced any such prolem, but still let me wait for one or 2 days and i will confirm.
Thanks
I did both the things and i am not seeing any errors
In my laptop i saw that dnsserver.exe process is running (more than 2 or 3) i got a patch for the same Winxp KB 917953. After installing i have not faced any such prolem, but still let me wait for one or 2 days and i will confirm.
Thanks
I know for some reason you don't want to listen to me... but if you did, MAYBE, this could be solved quickly. Post your DNS settings on the server and from a workstation - run IPCONFIG /ALL and post the information here.
ASKER
workstation
Primary DNS 10.212.20.5
Secondary DSN 10.212.3.6
Server
10.145.24.30
Its a private ip address.
Primary DNS 10.212.20.5
Secondary DSN 10.212.3.6
Server
10.145.24.30
Its a private ip address.
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
So you mean to say that we have give our Additional DC server ip address the DNS for the workstations right.
Active Directory
Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.
86K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
2. This can be caused by incorrect DNS settings.
3. Haven't seen this... but I would suggest the cause is incorrect DNS settings.
4. This can be caused by incorrect DNS settings OR large roaming profiles.
5. This sounds like it would be caused by incorrect DNS settings.
So... what are your DNS settings? Run IPCONFIG /ALL on the server AND on at least one problem workstation and copy and paste the results here.
In short, your TCP/IP configured DNS settings should ONLY point to the Windows server running DNS. DO NOT point to any other DNS servers, even as secondary systems. For more information, see www2.lwcomputing.com/tips/