Ryedog
asked on
Application login to disconnected child domain Windows 2000 sp4
I have an application that uses Windows 2000 domain user accounts to login. The domain accounts were in a child domain that is no longer connected to the parent domain. And the primary domain controller of the child domain went up in smoke, so the back up dc from the child domain is the only dc for the application to validate it's users, but no users can logon to the application. The application server and the dc are connected to each other through a switch, are on the same subnet and the same domain. they ping each other as well as resolve dns. I am missing something but I don't know what. PLEASE help.
ASKER
No I hadn't asserted the remaining dc as master. I just now resurected the primary dc for the child domain but still have the same problem. Both dc's and the application server see each other via ping.
I changed the subnet they are on, put them in a separate vlan and tagged the port (HP) on the core L3 switch to separate from a possible conflicting similar forest/domain. Still same problem. any ideas ?
I changed the subnet they are on, put them in a separate vlan and tagged the port (HP) on the core L3 switch to separate from a possible conflicting similar forest/domain. Still same problem. any ideas ?
run dcdiag. Check the DNS zone for the domain to make sure that the IP changes propagated within the zone.
What ever your application server is you need to check its pointing to healthy dns server which is available. Because application reach to dc for authentication using srv records in dns & if it doesn't reach to dns only it will not able to locate DC.
When you say you changed IP of dc,have you check new IP change for old ip is reflected in DNS,did you restart dns,netlogon services & ran ipconfig /flushdns & ipconfig /register dns followed by dcdiag /fix
Did you link the new subnet with the site in the AD sites & services.
Run
netdomain query fsmo
dcdiag /v
dcdiag /test:DNS
Check what the report comes out & post.
Have you follow the below link for IP change.
http://technet.microsoft.com/en-us/library/cc758579%28WS.10%29.aspx
When you say you changed IP of dc,have you check new IP change for old ip is reflected in DNS,did you restart dns,netlogon services & ran ipconfig /flushdns & ipconfig /register dns followed by dcdiag /fix
Did you link the new subnet with the site in the AD sites & services.
Run
netdomain query fsmo
dcdiag /v
dcdiag /test:DNS
Check what the report comes out & post.
Have you follow the below link for IP change.
http://technet.microsoft.com/en-us/library/cc758579%28WS.10%29.aspx
ASKER
The following is the netdom and dcdiag /v results. The dcdiag that is loaded would not do /test:dns.
I ran /test:registerindns and the results came back with no problems.
C:\>netdom query fsmo
Schema owner cvidc8.cvi.com
Domain role owner cvidc8.cvi.com
PDC role cvibif.acres.cvi.com
RID pool manager cvibif.acres.cvi.com
Infrastructure owner cvibif.acres.cvi.com
The command completed successfully.
Performing initial setup:
* Verifying that the local machine cvibif, is a DC.
* Connecting to directory service on server cvibif.
* Collecting site info.
* Identifying all servers.
* Found 6 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\CV IBIF
Starting test: Connectivity
* Active Directory LDAP Services Check
58b7734a-db00-4b2e-a8fb-84 74deb54b65 ._msdcs.cv i.com's server GUID DNS
ame could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(58b7734a-db00-4b2e-a8fb-8 474deb54b6 5._msdcs.c vi.com) couldn't be
resolved, the server name (cvibif.acres.cvi.com) resolved to the IP
address (192.168.101.15) and was pingable. Check that the IP address
is registered correctly with the DNS server.
......................... CVIBIF failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\CV IBIF
Skipping all tests, because server CVIBIF is
not responding to directory service requests
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Test omitted by user request: OutboundSecureChannels
Running enterprise tests on : cvi.com
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... cvi.com passed test Intersite
Starting test: FsmoCheck
GC Name: \\cvibif.acres.cvi.com
Locator Flags: 0xe00001fd
PDC Name: \\cvibif.acres.cvi.com
Locator Flags: 0xe00001fd
Time Server Name: \\cvibif.acres.cvi.com
Locator Flags: 0xe00001fd
Preferred Time Server Name: \\cvibif.acres.cvi.com
Locator Flags: 0xe00001fd
KDC Name: \\cvibif.acres.cvi.com
Locator Flags: 0xe00001fd
......................... cvi.com passed test FsmoCheck
Thank you for your help with this
I ran /test:registerindns and the results came back with no problems.
C:\>netdom query fsmo
Schema owner cvidc8.cvi.com
Domain role owner cvidc8.cvi.com
PDC role cvibif.acres.cvi.com
RID pool manager cvibif.acres.cvi.com
Infrastructure owner cvibif.acres.cvi.com
The command completed successfully.
Performing initial setup:
* Verifying that the local machine cvibif, is a DC.
* Connecting to directory service on server cvibif.
* Collecting site info.
* Identifying all servers.
* Found 6 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\CV
Starting test: Connectivity
* Active Directory LDAP Services Check
58b7734a-db00-4b2e-a8fb-84
ame could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(58b7734a-db00-4b2e-a8fb-8
resolved, the server name (cvibif.acres.cvi.com) resolved to the IP
address (192.168.101.15) and was pingable. Check that the IP address
is registered correctly with the DNS server.
......................... CVIBIF failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\CV
Skipping all tests, because server CVIBIF is
not responding to directory service requests
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Test omitted by user request: OutboundSecureChannels
Running enterprise tests on : cvi.com
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... cvi.com passed test Intersite
Starting test: FsmoCheck
GC Name: \\cvibif.acres.cvi.com
Locator Flags: 0xe00001fd
PDC Name: \\cvibif.acres.cvi.com
Locator Flags: 0xe00001fd
Time Server Name: \\cvibif.acres.cvi.com
Locator Flags: 0xe00001fd
Preferred Time Server Name: \\cvibif.acres.cvi.com
Locator Flags: 0xe00001fd
KDC Name: \\cvibif.acres.cvi.com
Locator Flags: 0xe00001fd
......................... cvi.com passed test FsmoCheck
Thank you for your help with this
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
here is the requested dcdiag.txt. dcdiag.txt
The attach test is not complete, post the complete result.
GUID is not reolving for nay dc.
58b7734a-db00-4b2e-a8fb-84 74deb54b65 ._msdcs.cv i.com's server GUID DNS name could not be resolved.
Do as i said above create manually for all dc.
There is error server is not responding to directory service requests for all your domain controller this is because, they are not able to register their records in dns. Create the cname & see to it dns passess all the test.
GUID is not reolving for nay dc.
58b7734a-db00-4b2e-a8fb-84
Do as i said above create manually for all dc.
There is error server is not responding to directory service requests for all your domain controller this is because, they are not able to register their records in dns. Create the cname & see to it dns passess all the test.
ASKER
I did add cvibif to the acres dns as you asked i believe. All dns records show the corect ip as far as i can tell. Is AD corrupt ?
Again run same dcdiag /v /c /d /e /s:acres.cvi.com >c:\dcdiag.txt optput & let see if everything has been ok now.
ASKER
I attached a screenshot of the _msdcs in dns. I added the record that is there. do I need to add something else? Sorry if this is a stupid question. I'm not a dns expert. dns.pdf
Is the application server uses the DNS on this DC or are they using another server for DNS?