?
Solved

Need a little info on a Domain Controller Time Server Issue.

Posted on 2008-10-05
6
Medium Priority
?
481 Views
Last Modified: 2012-05-05
Hello to all.

Need a little info on a domain controller issue I had this morning. I had my 2003 Domain controller go off line today. I went in and rebooted it and she came back up. "Thank God"

I have two sites connected with a wirless bridge, and a Domain Controller at each site. I also have an exchange server at the same site as the Primary DC.

The Main DC went off line, Email failed as a result of this I am not sure why. Both DC are DNS servers, I would have expected it to pick up of the other DC.

The Errors in the Event Log point to the Microsoft Time Server not being able to be reached, Since then I added another Outside Time server and resynched, All seems fine.

Is it possible that the DC would have locked or froze or Active Driectrory failed because of the time server issue. I see the logs on the other Domain Controller or mentioning that replication failed as the domain controler was unavailable.

Is there a way to verify my new time server is good, is it possible to add a second.

Please input.   Thanks Guys!
0
Comment
Question by:tcmadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
6 Comments
 

Author Comment

by:tcmadmin
ID: 22646726
Also one other thing, I would have expected email to function properly as it should have been using the other DC for authentication and DNS. The other DC is on a seperate subnet, but it is routed peroperly.

The error in the event log is as follows.

Event Type:      Error
Event Source:      CertSvc
Event Category:      None
Event ID:      44
Date:            10/5/2008
Time:            10:39:08 AM
User:            N/A
Computer:      PSB01
Description:
The "Windows default" Policy Module "Initialize" method returned an error. The specified domain either does not exist or could not be contacted. The returned status code is 0x8007054b (1355).  The Active Directory containing the Certification Authority could not be contacted.


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Is it p-ossible to have the certificate authority to be on 2 domain controlers so exchange will stay up if one of them goes down?

Thanks
0
 
LVL 8

Expert Comment

by:mikainz
ID: 22647838
Exchange Server relies on having a Global catalog server beeing online.
Can verify that both DC are global catalog server.
You can check thin in the MMC snap in "Active Directory sites and services"
Right click on the "NTDS settings" object of the server object.
0
 

Author Comment

by:tcmadmin
ID: 22649015
Thank you for the fast response, I did check to see if they where both set as global catalog servers and they both are. Could it have anythting to do with replication time, I have them set to replicate every hour as per default.
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 6

Expert Comment

by:JimsZ
ID: 22649163
should not be anything to do with replication times.  

Sounds like only the main domain controller is the certificate authority & the secondary is not allowed to verify certs.


I would definately say this is a certificate issue & not so much as a time or replication issue!
0
 

Author Comment

by:tcmadmin
ID: 22658164
if you have two domain controllers in two sepertate sites, what is best practice for setting the roles for them, should some roles be moved to the secondary domain controller.

Both are set as Global Catologs?

Thanks
0
 

Accepted Solution

by:
tcmadmin earned 0 total points
ID: 22764008
I am still not sure how to confirm, Is there a way to set exchange to fail over to another domain controler in a seperate site if the primary fails. Ahould roles be split up after adding the second DC?
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question