Solved

Windows Server 2003 AD Domain Site Unable to Locate PDCe

Posted on 2010-08-20
8
412 Views
Last Modified: 2012-05-10
Hi,
I have a single forest/domain with two sites. DC1(all FSMO roles) and DC2(GC) are in Site A(subnet 10.x.x.x) located in LA and DC3(GC) is Site B(subnet 172.x.x.x) located in Austin. The link from Site A to B is using IP as the transport. DC1 & 2 events are clean and systems are fully functional. DC3 DNS, AD & Sysvol replication has been tested and working properly, however in the event logs there are the following:
*Event ID 36 W32Time – The time service has not synchronized…(how do you sync a server in a different site and also in a different time zone?
*Event ID 5719 Netlogon – Not able to set up a secure session with a DC…
*Event ID 3096 Netlogon – The PDC for this domain could not be located…
*Event ID 3019 MRxSmb – The redirector failed to determine the connection type

Also, running dcdiag on the DC3 reports that it cannot find the PDC in the domain.

Anyone?
Thanks,

muffin
0
Comment
Question by:Jeffrey
8 Comments
 
LVL 9

Expert Comment

by:vanbarsoun
Comment Utility
Sounds like either a DNS issue on GC3 or perhaps a firewall blocking communication between sites A and B.
0
 
LVL 2

Expert Comment

by:hydrokid
Comment Utility
1) Ensure all FW off
2) Point the DNS server for DC3 to the PDC DNS
3) do a nltest /v and dcdiag /v /fix for more information
4) ensure sites & service are properly setup
0
 

Author Comment

by:Jeffrey
Comment Utility
I have verified that all of the appropriate network ports are open between DC's and Sites. Today I also got an Event ID 8003 "Master Browser Election..." on DC3 because another system reported that it thinks it's the Master Browser. Is that normal?
I ran the dcdiag as suggested even though I stated in my original post that I had done so and got the same results. PDC not found. I'm not sure of the nltest /v settings needed. Im not sure what I'm looking for with this test.
Any other suggestions?
Thanks
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 22

Expert Comment

by:65td
Comment Utility
I would configure DC3 to use an external NTP server.
Is DC1 using an external NTP source?

http://support.microsoft.com/kb/216734/

0
 

Author Comment

by:Jeffrey
Comment Utility
Hi, thanks for your response. DC1 is using an exerternal source and the rest of the domain is supposed to look to it for time. So, I shouild set DC3 to use an external source and the rest of that subnet will look to it for time?
0
 
LVL 4

Accepted Solution

by:
Malajlo earned 500 total points
Comment Utility
disable external ntp sources on all servers except on one dc (pdc).
restart netlogon service in all other servers that appear to be master browser (there is ms tool, search for it, I used it last week to solve mbrx or something).
for different timezones, check regional settings. But servers communicate in utc...).
next, your server must point to propper dns. use ipconfig /all to check.
secure channels points to misconfigured dns.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Recently Microsoft released a brand new function called CONCAT. It's supposed to replace its predecessor CONCATENATE. But how does it work? And what's new? In this article, we take a closer look at all of this - we even included an exercise file for…
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now