Solved

One domain controller does not see the other.

Posted on 2008-10-23
8
704 Views
Last Modified: 2012-05-05
I have 2 domain controllers, DC0 and DC1.

DC0 shows only itself  in Active Directory. Also DC0 shows that it is has the RID, PDC and Infrastructure roles in AD.

DC0 is getting the error...  

Event ID: 22
The time provider NtpServer encountered an error while digitally signing the  NTP response for peer 192.168.1.12:123.  NtpServer cannot provide secure (signed) time to the client and will ignore the request. The error was: The specified user does not exist. (0x80070525)



DC1 shows both domain controllers in AD. DC1 also thinks it has the Infrastructure role.

DC1 is getting the error....
Event ID:
Time Provider NtpClient: The response received from domain controller dc0l has a bad signature. The response may have been tampered with and will be ignored.


I have a user that I can not join to the domain. I forget the exact error at the moment but was something to do with "allocating a relative identifier".

What would be the best plan of action to fix the problem. If I demoted DC1 and re promoted it again would that fix the issues? Would I loose any data in AD or loose my permissions on the shared folders on DC1?
If I demote DC1 will I be able to promote it back to a domain controller, even though I have a computer I can't join.


Any suggestions to help me on my way would help.
0
Comment
Question by:Biofilminc
  • 5
  • 2
8 Comments
 
LVL 23

Expert Comment

by:bhanukir7
ID: 22786923
Hi,

are both the DCs at the same location or at different locations. Is the subnet the same. Are there any network related issues or any firewalls between the DCs

bhanu
0
 
LVL 18

Expert Comment

by:Americom
ID: 22787168
There is no problem demote and promote a DC.
Before you do that, you may want to verify the DNS is configured probably. As long as there's no firewall in between these two DCs, the first thing you need to check is DNS.
Assuming you are using Windows DNS and Active Directory Integrated Zone(ADIZ), you want to have DNS services installed on both DCs. Make sure you have Name Server(NS) shows both DCs in the DNS. Make sure both Host records appears DNS forward zone. Make sure the Reverse Zone also configured. If you don't see one DC, just install DNS on the missing DC and configure it the same way as the other DC. If they are configured properly, then both DNS will replicate any record you create in one DNS to the other DNS. But the host and Name Server record must present first. If not, you can manually register it with IPCONFIG or simply restart the NetLogon Services on your DCs.
0
 

Author Comment

by:Biofilminc
ID: 22787182
I have the windows firewall disabled on both. Both are in same server room on 192.168.1.x network.

I can connect to DC1 from DC0 using \\dc1

and I can connect to DC0 from DC1 using \\dc0
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:Biofilminc
ID: 22787259
Both domain controllers have DNS but appear to be configured differently, or at least have different data.
dc0.JPG
dc1.JPG
0
 
LVL 18

Expert Comment

by:Americom
ID: 22788693
Actually they look the same, at lest on the high level. My guess is if your domain name is Bioxxx.local then they both look the same. If you click on this zone, they the content of this zone should be the same from both DC0 and DC1 if it's actually the same and working. What's bothers me is the _msdcs.Bioxxx.local zone which should not be in parallel of Bioxxx.local as it already contain _msdcs under it. You may want to double check on the _msdcs.Bioxxx.local and see how is it configured, I'm hoping it is just manually created or replicated from somewhere. What is needed to be equal is the content of the forward zone Bioxxx.local and everything underneath. Make sure you have both Nameserver and host record there of your DC0 and DC1. You can verify if the replication is working both simply create a dumy host record in Dc0 and see if DC1 will get it replcated.
0
 

Author Comment

by:Biofilminc
ID: 22821944
I've been sick and had to put this problem on hold. I will do what Americom says shortly.
0
 

Author Comment

by:Biofilminc
ID: 22831319
If I create a record in either server it is not replicated.  And DC1 has 71 records under biofilminc.local and DC0 has 70.
0
 

Accepted Solution

by:
Biofilminc earned 0 total points
ID: 25713072
I had to reformat them
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An article on effective troubleshooting
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question