• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 317
  • Last Modified:

Windows 2003 AD and DC Errors - Need some help!

Hello All.

I have a very long winded situation here so let me just start by saying that I am new to the company as Network Administrator.
Currently staffed are another Desktop Admin, and IT Manager - There is absolutely no communication in this team.

We have the following implementation:
Head Office is ServerDC and ServerDC1 - both 2003  Running Exchange 2007.
ServerDC is the Operations,RID, Schema Master, DHCP, DNS etc.
Also we have DFS running for data availability and replication

We have 10 Remote site locations which do not have their own internet connection. They connect via an MPLS and out to the internet.

Problem:
Yesterday out of the blue, no on can access file shares:  The "fileserver" which is the host of the namespace locks up.  I did the necessary testing then decided to reboot the server. Once the server restarted, NO One could get any of the mapped drives, or DFS data.
The file server was giving errors in Event Viewer that the local drive G and H have been deleted or disabled.
While im looking into this, one of my co-workers reboots ServerDC.  
After that reboot, no one could log in!!
I found that on ServerDC1 the NETLOGIN service was stuck "starting".  Once i restarted it everything was back online.
BUT now I have all sorts of errors:

1. User machines showing up in DC event logs - Security Database rejected

2. Autoenrollment from all Site office Domain Controllers

3. Warnings about FRS not being able to resolve DNS names.

4. The DNS server encountered an invalid domain name in a packet from x.x.x.x.
I decided to run the command Set Logonserver to see what server a few users are authenticating against.  Its a split - either DC or DC1  is this normal??

5. The session setup from computer 'username' failed because the security database does not contain a trust account 'user$' referenced by the specified computer.  


Thank god Exchange was not at all interrupted or errors!
This is a mess!
0
camoIT
Asked:
camoIT
1 Solution
 
g000seCommented:
Hi,

Did you run a dcdiag already?  If so, can you share your findings?  Tx

Check your DNS server and the event logs.  What are you findings there?
0
 
camoITAuthor Commented:
DCDIAG
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\WINDOWS\system32>dcdiag

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: HeadOffice\ServerDC
      Starting test: Connectivity
         ......................... ServerDC passed test Connectivity

Doing primary tests

   Testing server: HeadOffice\ServerDC
      Starting test: Replications
         ......................... ServerDC passed test Replications
      Starting test: NCSecDesc
         ......................... ServerDC passed test NCSecDesc
      Starting test: NetLogons
         ......................... ServerDC passed test NetLogons
      Starting test: Advertising
         .........................  ServeDC passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... ServerDC passed test KnowsOfRoleHolders
      Starting test: RidManager
         .........................  ServerDC passed test RidManager
      Starting test: MachineAccount
         .........................  ServeDC passed test MachineAccount
      Starting test: Services
         .........................  ServeDC passed test Services
      Starting test: ObjectsReplicated
         .........................  ServeDC passed test ObjectsReplicated
      Starting test: frssysvol
         .........................  ServeDC passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         .........................  ServeDC failed test frsevent
      Starting test: kccevent
         .........................  ServeDC passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x40011006
            Time Generated: 04/23/2010   14:22:03
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 04/23/2010   14:36:06
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 04/23/2010   14:36:07
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 04/23/2010   14:36:08
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 04/23/2010   14:36:08
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x40011006
            Time Generated: 04/23/2010   14:51:42
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 04/23/2010   14:58:11
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 04/23/2010   14:58:13
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 04/23/2010   14:58:15
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 04/23/2010   14:58:15
            (Event String could not be retrieved)
         .........................  ServeDC failed test systemlog
      Starting test: VerifyReferences
         .........................  ServeDC passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : "our domain"
      Starting test: CrossRefValidation
         ......................... Our domain passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Our Domain passed test CheckSDRefDom

   Running enterprise tests on : ourdomain.com
      Starting test: Intersite
         ......................... ourdomain.com passed test Intersite
      Starting test: FsmoCheck
         ......................... ourdomain.com passed test FsmoCheck


DNS Event Logs

The DNS server timed out attempting an Active Directory service operation on DC=28,DC=X.0.10.in-addr.arpa,cn=MicrosoftDNS,DC=DomainDnsZones,DC=ourdomain,DC=com.  Check Active Directory to see that it is functioning properly. The event data contains the error.

The DNS server timed out attempting an Active Directory service operation on DC=APIKEnew,DC=ourdomain.com,cn=MicrosoftDNS,cn=System,DC ourdomain,DC=com.  Check Active Directory to see that it is functioning properly. The event data contains the error.

The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.

0
 
onktCommented:

You can do the upgrade without any problems. I did it to on my system. You can visit this website for more information:
http://osxdaily.com/2009/08/28/mac-os-x-106-snow-leopard-upgrade-works-on-tiger-104-machines/
Your performance will not be effected in any way, i have the same configuration and i find my system booting en working faster then before.

Hope this helps

Onkt
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
ry_berkCommented:
I dont see how your information helped at all onkt.

Looks like its a problem with DNS initially which is affecting AD.
0
 
eridzoneCommented:
check your DC's event log i.e. security log whether it is full
0
 
ARK-DSCommented:
Hello,

Ofcourse it can be a DNS issue so, first check the DNS events and check DNS configuration.

I would like to know one more thing. Have you looked into the matter with Local Drives on File Server?
It may be a mixed/multiple issue situation. How many replica members are replicating DFS replicas? (Apart from FileServer).

Copy DFSUTIL from any DC having resource kit to any client machine having issues with DFS access (while G and H drives are disconnected on FileServer).
 
Then run these commands on client machine:

DFSUTIL /PURGEMUPCACHE
DFSUTIL /SPCFLUSH
DFSUTIL /PKTFLUSH

this will clear the cache of DFS from client machine and it will ask the clinet machines to poll AD again to look for a replica member.

Do report any DNS errors.

Regards,

Arun.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now