Solved

One domain controller does not see the other.

Posted on 2008-10-23
8
705 Views
Last Modified: 2012-05-05
I have 2 domain controllers, DC0 and DC1.

DC0 shows only itself  in Active Directory. Also DC0 shows that it is has the RID, PDC and Infrastructure roles in AD.

DC0 is getting the error...  

Event ID: 22
The time provider NtpServer encountered an error while digitally signing the  NTP response for peer 192.168.1.12:123.  NtpServer cannot provide secure (signed) time to the client and will ignore the request. The error was: The specified user does not exist. (0x80070525)



DC1 shows both domain controllers in AD. DC1 also thinks it has the Infrastructure role.

DC1 is getting the error....
Event ID:
Time Provider NtpClient: The response received from domain controller dc0l has a bad signature. The response may have been tampered with and will be ignored.


I have a user that I can not join to the domain. I forget the exact error at the moment but was something to do with "allocating a relative identifier".

What would be the best plan of action to fix the problem. If I demoted DC1 and re promoted it again would that fix the issues? Would I loose any data in AD or loose my permissions on the shared folders on DC1?
If I demote DC1 will I be able to promote it back to a domain controller, even though I have a computer I can't join.


Any suggestions to help me on my way would help.
0
Comment
Question by:Biofilminc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
8 Comments
 
LVL 23

Expert Comment

by:bhanukir7
ID: 22786923
Hi,

are both the DCs at the same location or at different locations. Is the subnet the same. Are there any network related issues or any firewalls between the DCs

bhanu
0
 
LVL 18

Expert Comment

by:Americom
ID: 22787168
There is no problem demote and promote a DC.
Before you do that, you may want to verify the DNS is configured probably. As long as there's no firewall in between these two DCs, the first thing you need to check is DNS.
Assuming you are using Windows DNS and Active Directory Integrated Zone(ADIZ), you want to have DNS services installed on both DCs. Make sure you have Name Server(NS) shows both DCs in the DNS. Make sure both Host records appears DNS forward zone. Make sure the Reverse Zone also configured. If you don't see one DC, just install DNS on the missing DC and configure it the same way as the other DC. If they are configured properly, then both DNS will replicate any record you create in one DNS to the other DNS. But the host and Name Server record must present first. If not, you can manually register it with IPCONFIG or simply restart the NetLogon Services on your DCs.
0
 

Author Comment

by:Biofilminc
ID: 22787182
I have the windows firewall disabled on both. Both are in same server room on 192.168.1.x network.

I can connect to DC1 from DC0 using \\dc1

and I can connect to DC0 from DC1 using \\dc0
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 

Author Comment

by:Biofilminc
ID: 22787259
Both domain controllers have DNS but appear to be configured differently, or at least have different data.
dc0.JPG
dc1.JPG
0
 
LVL 18

Expert Comment

by:Americom
ID: 22788693
Actually they look the same, at lest on the high level. My guess is if your domain name is Bioxxx.local then they both look the same. If you click on this zone, they the content of this zone should be the same from both DC0 and DC1 if it's actually the same and working. What's bothers me is the _msdcs.Bioxxx.local zone which should not be in parallel of Bioxxx.local as it already contain _msdcs under it. You may want to double check on the _msdcs.Bioxxx.local and see how is it configured, I'm hoping it is just manually created or replicated from somewhere. What is needed to be equal is the content of the forward zone Bioxxx.local and everything underneath. Make sure you have both Nameserver and host record there of your DC0 and DC1. You can verify if the replication is working both simply create a dumy host record in Dc0 and see if DC1 will get it replcated.
0
 

Author Comment

by:Biofilminc
ID: 22821944
I've been sick and had to put this problem on hold. I will do what Americom says shortly.
0
 

Author Comment

by:Biofilminc
ID: 22831319
If I create a record in either server it is not replicated.  And DC1 has 71 records under biofilminc.local and DC0 has 70.
0
 

Accepted Solution

by:
Biofilminc earned 0 total points
ID: 25713072
I had to reformat them
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question