• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 784
  • Last Modified:

SBs box detecting another SBS box and shutting services down.

SBS 2003 server detects another SBS server and throws a paddy, but there isnt another SBS server on the network.
Does anyone know how it detects other SBS servers and how i can replicate it so I can locate the 'other SBS server' myself?

Details:
SBS 2003, SP2. Single NIC, All FMSO roles, DHCP, DNS.
192.168.1.x / 24 network behind a Netgear internet router.

Eventid 1011:
Multiple domain controllers running Windows Server 2003 for Small Business Server have been detected in your domain. To prevent this computer from shutting down in the future, you must remove all but one of these from the domain.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
Steve
Asked:
Steve
  • 2
1 Solution
 
ormerodrutterCommented:
Have you or anyone in some point in the past tried to add a SBS into the network?

In your case you will need to use Ntdsutil to remove orphan DC. Make sure you remove the right one.

http://www.pcreview.co.uk/forums/manually-removing-orphaned-child-domain-and-dc-issue-t2371308.html
http://support.microsoft.com/kb/555846
0
 
Cliff GaliherCommented:
The error is a generic one actually generated by the licensing service. All it *really* means (despite what it says) is taht your server is no longer in licensing compliance. This usually means that one of the required roles (FSMO, GC) were transferred or lost from the SBS server. your standard AD tools )DCdiag, SBS BPA) will help you find out which role(s) are missing and resolve the situation.

-Cliff
0
 
SteveAuthor Commented:
as advised above there is and never has been another SBS on the network, and ALL FMSO roles were present and correct. Thanks for the help though.

After a bit of digging and testing I've worked it out.
It seems that the SBS checks any domains listed in it's DNS cache to see if it has any competition on the network.
This is quite clever as it means that if two systems reside on the same network and make even a single reference to each other it will be listed i the DNS cache and will be checked. On checking it will see ports open and be able to work out who the PDC is. If it's behind a router (eg on the internet) these ports will be closed and the server is happy it cannot see the other server.

In this case, some idiot had run Spybot on the server and had not been aware this adds a HUGE number of domains to the HOSTS file and points them all to 127.0.01.

While this is a basic way of stopping users/malware from accessing the sites, it also mean the server did it's usual checks on these domains listed in it's cache and ended up seeing itself, thinking it had competition and throwing a paddy..... (Proof that computers really are dumb...)

Deleted entries from hosts file and cleared cache and all is now fine. No other SBS boxes have been seen and the server is behaving itself again...Yey!
0
 
SteveAuthor Commented:
Expert's comments were just reiterating items already advised in the original question.
Located the issue myself and may as well leave in knowledge base for others who may have the same issue.
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now