ncomper
asked on
Domain wide DNS issues
All,
We have recently upgraded our network and have been having constant problems since with DNS and replication.
We started with a 2003 DC running DHCP, DNS and all FSMO roles. We have built a VM 2008 DC, upgraded the forest schema and transferred all FSMO roles to this new 2008 DC. DNS has been setup and configured on this server as an AD Primary.
The 2003 DC is still online but not contactable as i have disabled the NIC until happy to dcpromo and decom from the domain.
This morning we had an issue with a VIP logging on and his profile not loading. The admin account would not show his profile on the local laptop at all in any root. Renaming his profile and logging on again only gave him a temp account. He has no roaming profile configured. We quickly realized that connection to the file server (where his user data is stored) was contactable by rdp, ping to ip and hostname but browsing to it did not show the shared folders.
Therefore i rebooted the main DC and all other servers there after. I gave his laptop a static IP outside the DHCP scope and rebooted. This resolved the issue with the missing profile, but doesn't explain what happened in the first place. I believe this is something to with the DNS issues we are having but cant see what I'm missing.
We have recently upgraded our network and have been having constant problems since with DNS and replication.
We started with a 2003 DC running DHCP, DNS and all FSMO roles. We have built a VM 2008 DC, upgraded the forest schema and transferred all FSMO roles to this new 2008 DC. DNS has been setup and configured on this server as an AD Primary.
The 2003 DC is still online but not contactable as i have disabled the NIC until happy to dcpromo and decom from the domain.
This morning we had an issue with a VIP logging on and his profile not loading. The admin account would not show his profile on the local laptop at all in any root. Renaming his profile and logging on again only gave him a temp account. He has no roaming profile configured. We quickly realized that connection to the file server (where his user data is stored) was contactable by rdp, ping to ip and hostname but browsing to it did not show the shared folders.
Therefore i rebooted the main DC and all other servers there after. I gave his laptop a static IP outside the DHCP scope and rebooted. This resolved the issue with the missing profile, but doesn't explain what happened in the first place. I believe this is something to with the DNS issues we are having but cant see what I'm missing.
ASKER
I have double checked the 2008 DC and it is a GC. The origional 2003 DC within Sites and Services is also still showing as a GC, would it be worth removing this role to aviod confusion?
Thanks
Thanks
Hi again,
No need to remove the GC role. Let it like this on both DCs.
Check time synchronization with command "W32TM /MONITOR" on each DC and look at the offset.
DCs in an Active Directory domain must be time synchronized and offset must be less than 5 seconds. In normal situation, if time synchronization works well you should see an offset les than one second.
No need to remove the GC role. Let it like this on both DCs.
Check time synchronization with command "W32TM /MONITOR" on each DC and look at the offset.
DCs in an Active Directory domain must be time synchronized and offset must be less than 5 seconds. In normal situation, if time synchronization works well you should see an offset les than one second.
ASKER
For your Ref:
SBDC01 = New 2008 DC (active)
Schdc03 = Remote site DC (active)
Schsbs2003 = Old 2003 DC (NIC disabled)
Results posted below:
C:\Windows\system32>w32tm /monitor
schsbs2003.Scheldebouw.loc al[10.0.0. 1:123]:
ICMP: error IP_REQ_TIMED_OUT - no response in 1000m
NTP: error ERROR_TIMEOUT - no response from server
schdc03.Scheldebouw.local[ 10.30.0.2: 123]:
ICMP: 10ms delay
NTP: -0.0104486s offset from SBDC01.Scheldebouw.loc
RefID: SBDC01.Scheldebouw.local [10.0.0.211]
Stratum: 2
SBDC01.Scheldebouw.local *** PDC ***[[fe80::5905:cd56:2
ICMP: 0ms delay
NTP: +0.0000000s offset from SBDC01.Scheldebouw.loc
RefID: 'LOCL' [0x4C434F4C]
Stratum: 1
Warning:
Reverse name resolution is best effort. It may not be
correct since RefID field in time packets differs acros
NTP implementations and may not be using IP addresses.
SBDC01 = New 2008 DC (active)
Schdc03 = Remote site DC (active)
Schsbs2003 = Old 2003 DC (NIC disabled)
Results posted below:
C:\Windows\system32>w32tm /monitor
schsbs2003.Scheldebouw.loc
ICMP: error IP_REQ_TIMED_OUT - no response in 1000m
NTP: error ERROR_TIMEOUT - no response from server
schdc03.Scheldebouw.local[
ICMP: 10ms delay
NTP: -0.0104486s offset from SBDC01.Scheldebouw.loc
RefID: SBDC01.Scheldebouw.local [10.0.0.211]
Stratum: 2
SBDC01.Scheldebouw.local *** PDC ***[[fe80::5905:cd56:2
ICMP: 0ms delay
NTP: +0.0000000s offset from SBDC01.Scheldebouw.loc
RefID: 'LOCL' [0x4C434F4C]
Stratum: 1
Warning:
Reverse name resolution is best effort. It may not be
correct since RefID field in time packets differs acros
NTP implementations and may not be using IP addresses.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If DHCP is still on your old server and you disabled the NIC then you won't be able to contact a DHCP server at all...unless you set that up on the new 2008 server.
This would explain why a static IP address worked.
Is that the case?
This would explain why a static IP address worked.
Is that the case?
Did you give the GC (Global Catalog) function to your new 2008 DC ?
Clients need to contact a GC to authenticate in the domain. If you forgot to give the GC function to your new DC and shut down the old DC your users are not authenticated in the domain. They probably can opn their Windows desktop by the way of the credentials cache that exists in Windows but they can not reach any network ressource...
Does the problem appear for any user or only this one ?
Have a good day