?
Solved

Windows Server 2003 AD Domain Site Unable to Locate PDCe

Posted on 2010-08-20
8
Medium Priority
?
420 Views
Last Modified: 2012-05-10
Hi,
I have a single forest/domain with two sites. DC1(all FSMO roles) and DC2(GC) are in Site A(subnet 10.x.x.x) located in LA and DC3(GC) is Site B(subnet 172.x.x.x) located in Austin. The link from Site A to B is using IP as the transport. DC1 & 2 events are clean and systems are fully functional. DC3 DNS, AD & Sysvol replication has been tested and working properly, however in the event logs there are the following:
*Event ID 36 W32Time – The time service has not synchronized…(how do you sync a server in a different site and also in a different time zone?
*Event ID 5719 Netlogon – Not able to set up a secure session with a DC…
*Event ID 3096 Netlogon – The PDC for this domain could not be located…
*Event ID 3019 MRxSmb – The redirector failed to determine the connection type

Also, running dcdiag on the DC3 reports that it cannot find the PDC in the domain.

Anyone?
Thanks,

muffin
0
Comment
Question by:Jeffrey
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 9

Expert Comment

by:vanbarsoun
ID: 33489789
Sounds like either a DNS issue on GC3 or perhaps a firewall blocking communication between sites A and B.
0
 
LVL 2

Expert Comment

by:hydrokid
ID: 33490208
1) Ensure all FW off
2) Point the DNS server for DC3 to the PDC DNS
3) do a nltest /v and dcdiag /v /fix for more information
4) ensure sites & service are properly setup
0
 

Author Comment

by:Jeffrey
ID: 33516479
I have verified that all of the appropriate network ports are open between DC's and Sites. Today I also got an Event ID 8003 "Master Browser Election..." on DC3 because another system reported that it thinks it's the Master Browser. Is that normal?
I ran the dcdiag as suggested even though I stated in my original post that I had done so and got the same results. PDC not found. I'm not sure of the nltest /v settings needed. Im not sure what I'm looking for with this test.
Any other suggestions?
Thanks
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 22

Expert Comment

by:65td
ID: 33600793
I would configure DC3 to use an external NTP server.
Is DC1 using an external NTP source?

http://support.microsoft.com/kb/216734/

0
 

Author Comment

by:Jeffrey
ID: 33600933
Hi, thanks for your response. DC1 is using an exerternal source and the rest of the domain is supposed to look to it for time. So, I shouild set DC3 to use an external source and the rest of that subnet will look to it for time?
0
 
LVL 4

Accepted Solution

by:
Malajlo earned 2000 total points
ID: 33604587
disable external ntp sources on all servers except on one dc (pdc).
restart netlogon service in all other servers that appear to be master browser (there is ms tool, search for it, I used it last week to solve mbrx or something).
for different timezones, check regional settings. But servers communicate in utc...).
next, your server must point to propper dns. use ipconfig /all to check.
secure channels points to misconfigured dns.
0

Featured Post

Are You Using the Best Web Development Editor?

The worlds of web hosting and web development are constantly evolving. Every year we see design trends change, coding standards adapt and new frameworks/CMS created. With such a quick pace of change it’s easy to get lost trying to keep up.

See if your editor made the list.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Let's recap what we learned from yesterday's Skyport Systems webinar.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question