[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 241
  • Last Modified:

Windows 2003 DC cant login if old Windows 2000 DNS is down

Hi all,
Having a frustrating problem with one Windows 2000 DC and two Windows 2003 DC's.

If the Windows 2000 DC is down and I reboot my Windows 2003 DC's both DC's hang at "preparing network connections". After I boot the Windows 2000 DC up, both Windows 2003 DC's start. The FSMO roles have already been moved to one of the Windows 2003 boxes.

I've run dcdiag and netdiag and both have passed my server. I've found that if I shutdown the 2003 DC's and stop the DNS service on the Windows 2000 box that they hang at "preparing network connectons". I get LSASRV 40960 errors in my event log.

Have tried disabling KDC used netdom to reset machine password and then restarted the KDC (and rebooted server). Also given network services full access to the following registry keys.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip

I have multiple network cards on the servers. On the 2003 servers I have disabled the addition NIC's and confirmed that the machine is pointing to its own DNS via nslookup.

Completely stuck as I want to remove the Windows 2000 DC from the domain.

0
the1stknight
Asked:
the1stknight
  • 3
1 Solution
 
the1stknightAuthor Commented:
Think its solved ... although I don't understand why, I set the primary DNS to 127.0.0.1
It logged in while the old server was down. Anyone know why this might be ... very confused.
0
 
arnoldCommented:
What was the DNS pointing to before the change, the win2k IP?
If all servers use the win2k as DNS server, AD which is integrated with DNS, will start misbehaving if it can not reach a DNS server. Often the recommendation is on the current DC to use the other DC as primary and its own IP as secondary DNS entry
0
 
kaos_theoryCommented:
Often the recommendation is on the current DC to use the other DC as primary and its own IP as secondary DNS entry

concur
0
 
the1stknightAuthor Commented:
It was pointing to itself as the primary (192.168.0.10) and the other dns as the secondary (192.168.0.6). I'll try switching them around as I need to make the same changes to the second 2003 server. It's also possible that the 127.0.0.1 in conjunction with everything else I've done might have been necessary to make it work. If simply adding 127.0.0.1 doesn't resolve the issues on the second server I'll know that its something more involved.

If the secondary DNS is available it always works (The Windows 2000 box). Will do further testing now.
0
 
the1stknightAuthor Commented:
Resolved on second system now. Order I needed to take to fix things (possibly all steps are not necessary):

1. Changed Primary IP to 127.0.0.1
2. Disabled KDC, reset machine password via netdom, restarted KDC
3. Gave network service access to -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip
4. HKLM\System\CurrentControlSet\Services\NTDS\Parameters. Add a new DWORD value named Repl Perform Initial Synchronizations, with a decimal value of 0. Evidently, this keeps AD and DNS from querying each other at the same time after startup.

Will monitor this during the week and make sure no hiccups occur now that I've left Windows 2000 offline. Thanks for the input si far :)
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now