Solved

Application login to disconnected child domain Windows 2000 sp4

Posted on 2010-11-13
12
313 Views
Last Modified: 2012-05-10
I have an application that uses Windows 2000 domain user accounts to login. The domain accounts were in a child domain that is no longer connected to the parent domain. And the primary domain controller of the child domain went up in smoke, so the back up dc from the child domain is the only dc for the application to validate it's users, but no users can logon to the application. The application server and the dc are connected to each other through a switch, are on the same subnet and the same domain. they ping each other as well as resolve dns. I am missing something but I don't know what. PLEASE help.
0
Comment
Question by:Ryedog
  • 5
  • 4
  • 3
12 Comments
 
LVL 76

Expert Comment

by:arnold
ID: 34129516
Did you assert that the remaining DC is now the master using ntdsutil?
Is the application server uses the DNS on this DC or are they using another server for DNS?
0
 

Author Comment

by:Ryedog
ID: 34129804
No I hadn't asserted the remaining dc as master.  I just now resurected the primary dc for the child domain but still have the same problem. Both dc's and the application server see each other via ping.
I changed the subnet they are on, put them in a separate vlan and tagged the port (HP) on the core L3 switch to separate from a possible conflicting similar forest/domain.  Still same problem. any ideas ?
0
 
LVL 76

Expert Comment

by:arnold
ID: 34129907
run dcdiag. Check the DNS zone for the domain to make sure that the IP changes propagated within the zone.
0
 
LVL 24

Expert Comment

by:Awinish
ID: 34130695
What ever your application server is you need to check its pointing to healthy dns server which is available. Because application reach to dc for authentication using srv records in dns & if it doesn't reach to dns only it will not able to locate DC.

When you say you changed IP of dc,have you check new IP change for old ip is reflected in DNS,did you restart dns,netlogon services & ran ipconfig /flushdns & ipconfig /register dns followed by dcdiag /fix

Did you link the new subnet with the site in the AD sites & services.
Run
netdomain query fsmo
dcdiag /v
dcdiag /test:DNS

Check what the report comes out & post.

Have you follow the below link for IP change.
http://technet.microsoft.com/en-us/library/cc758579%28WS.10%29.aspx
0
 

Author Comment

by:Ryedog
ID: 34133389
The following is the netdom and dcdiag /v results. The dcdiag that is loaded would not do /test:dns.
I ran /test:registerindns and the results came back with no problems.

C:\>netdom query fsmo
Schema owner                cvidc8.cvi.com
Domain role owner           cvidc8.cvi.com
PDC role                    cvibif.acres.cvi.com
RID pool manager            cvibif.acres.cvi.com
Infrastructure owner        cvibif.acres.cvi.com
The command completed successfully.


Performing initial setup:
   * Verifying that the local machine cvibif, is a DC.
   * Connecting to directory service on server cvibif.
   * Collecting site info.
   * Identifying all servers.
   * Found 6 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\CVIBIF
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         58b7734a-db00-4b2e-a8fb-8474deb54b65._msdcs.cvi.com's server GUID DNS
ame could not be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name
         (58b7734a-db00-4b2e-a8fb-8474deb54b65._msdcs.cvi.com) couldn't be
         resolved, the server name (cvibif.acres.cvi.com) resolved to the IP
         address (192.168.101.15) and was pingable.  Check that the IP address
         is registered correctly with the DNS server.
         ......................... CVIBIF failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\CVIBIF
      Skipping all tests, because server CVIBIF is
      not responding to directory service requests
      Test omitted by user request: Topology
      Test omitted by user request: CutoffServers
      Test omitted by user request: OutboundSecureChannels

   Running enterprise tests on : cvi.com
      Starting test: Intersite
         Skipping site Default-First-Site-Name, this site is outside the scope
         provided by the command line arguments provided.
         ......................... cvi.com passed test Intersite
      Starting test: FsmoCheck
         GC Name: \\cvibif.acres.cvi.com
         Locator Flags: 0xe00001fd
         PDC Name: \\cvibif.acres.cvi.com
         Locator Flags: 0xe00001fd
         Time Server Name: \\cvibif.acres.cvi.com
         Locator Flags: 0xe00001fd
         Preferred Time Server Name: \\cvibif.acres.cvi.com
         Locator Flags: 0xe00001fd
         KDC Name: \\cvibif.acres.cvi.com
         Locator Flags: 0xe00001fd
         ......................... cvi.com passed test FsmoCheck

Thank you for your help with this
0
 
LVL 76

Accepted Solution

by:
arnold earned 250 total points
ID: 34133802
Check the DNS zone for the child domain and make sure CVIBIF has an A record with the correct IP.  Delete the wrong one.  Update the SOA as far as the IP on which etc.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 24

Assisted Solution

by:Awinish
Awinish earned 250 total points
ID: 34133891
In Dcdiag the GUID (58b7734a-db00-4b2e-a8fb-8474deb54b65) of one of the dc is not resolving & you need to create cname in _msdcs folder in dns. Don't look for msdcs folder outside as its my setting used for delegation.

I think the GUID refer to dc cvibif, you need to create a CNAME records in dns, right click in _msdcs folder & create alias name, if its not there.

Also, run ipconfig /flushdns & ipconfig /registerdns
As arnold, said create a host record for your dc & use nslookup to resolve host to ip & vice versa.
I have attached the screenshot where you can see how to find GUID & where to create a cname record.

Run below & attach the file,don't post the file as it will only increase the page,making blind to important results.

dcdiag /v /c /d /e /s:acres.cvi.com >c:\dcdiag.txt
 GUI
DNS
0
 

Author Comment

by:Ryedog
ID: 34140546
here is the requested dcdiag.txt. dcdiag.txt
0
 
LVL 24

Expert Comment

by:Awinish
ID: 34142075
The attach test is not complete, post the complete result.

GUID is not reolving for nay dc.

58b7734a-db00-4b2e-a8fb-8474deb54b65._msdcs.cvi.com's server GUID DNS name could not be resolved.

Do as i said above create manually for all dc.

There is error server is not responding to directory service requests for all your domain controller this is because, they are not able to register their records in dns. Create the cname & see to it dns passess all the test.


   



0
 

Author Comment

by:Ryedog
ID: 34142707
I did add cvibif to the acres dns as you asked i believe. All dns records show the corect ip as far as i can tell. Is AD corrupt ?
0
 
LVL 24

Expert Comment

by:Awinish
ID: 34142726
Again run same dcdiag /v /c /d /e /s:acres.cvi.com >c:\dcdiag.txt  optput & let see if everything has been ok now.
0
 

Author Comment

by:Ryedog
ID: 34155959
I attached a screenshot of the _msdcs in dns. I added the record that is there. do I need to add something else? Sorry if this is a stupid question. I'm not a dns expert.  dns.pdf
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Many admins will agree: WSUS is is a nice invention but using it on the client side when updating a newly installed computer is still time consuming as you have to do several reboots and furthermore, the procedure of installing updates, rebooting an…
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now