Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 332
  • Last Modified:

Authentication fails when turning of a Domain Controller with no fsmo roles

Hi I was wondering if you could help.

I am trying to take a ghost image of one of my domain controllers (1 of 5) which has no fsmo roles and is no longer a Global Catalog server. I thought because it has no roles and is not a GC. My users would be able to authenticate against AD and use Outlook Web App.

The only things I can think of is that users shared profile and home directories are on that server. Would that matter?

My question is can I take that server down for upgrading without users being affected?

Thanks in Advanced.
0
RMGS
Asked:
RMGS
  • 2
  • 2
1 Solution
 
Krzysztof PytkoActive Directory EngineerCommented:
If you are sure that it is not GC and FSMO holder, ensure that at least one GC and DNS server is available. Please, check if any DHCP configuration or static configuration for DNS don't rely on that DC which you want to shut down. Then everything would be fine.

Before DC shut down, run on it

dcdiag /v

and review output to check if there is no errors. If so, then fixed them first

Regards,
Krzysztof
0
 
RMGSAuthor Commented:
Krzysztof,

I have run the command and it did come up with the following errors:

Warning: DC1 is not advertising as a time server.
......................... DC1 failed test Advertising
Starting test: frsevent
   * The File Replication Service Event log test
   There are warning or error events within the last 24 hours after the
   SYSVOL has been shared.  Failing SYSVOL replication problems may cause
   Group Policy problems.
   An Warning Event occured.  EventID: 0x800034C4
      Time Generated: 02/23/2011   09:12:21
      (Event String could not be retrieved)
   ......................... DC1 failed test frsevent
Starting test: systemlog
   * The System Event log test
   An Error Event occured.  EventID: 0x00000457
      Time Generated: 02/23/2011   14:25:33
      (Event String could not be retrieved)
   An Error Event occured.  EventID: 0x00000457
      Time Generated: 02/23/2011   14:25:34
      (Event String could not be retrieved)
   An Error Event occured.  EventID: 0x00000457
      Time Generated: 02/23/2011   14:25:34
      (Event String could not be retrieved)
   An Error Event occured.  EventID: 0x00000457
      Time Generated: 02/23/2011   14:25:36
      (Event String could not be retrieved)
   ......................... DC1 failed test systemlog

I believe the above errors are just notifications and not very big issues but I still cannot shutdown the server without disruptions to my users.

Do you have any other suggestions?
0
 
Krzysztof PytkoActive Directory EngineerCommented:
How did you configure DNS list on your DCs? And what DNS IPs are you issuing in DHCP scope option no 006 ?
Could you post here also

ipconfig /all
from DC to be shut down, any other DC and one client OS. please?

Krzysztof
0
 
RMGSAuthor Commented:
The reason why users could not authenticate is because:-

1. User profiles were kept on that DC
2. Also DC was a DNS server.

Once I moved profiles and added another DNS server. All was fine.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now