amlydiate
asked on
Second server not trusted by Domain Controller since DC replacement
Hi All,
I have a client with 2 servers. 1 is a Windows Server 2003 server just running an Oracle Database. The second server is a brand new 2008SBS server which is the only DC. This 2008 Server is a replacement for their old server which went bang a few months ago.
Since I replaced the DC we have had all-sorts of problems getting clients connected to the Oracle Server. I've just logged onto the Oracle Server and have noticed the following 2 events in the log:
The Security System detected an authentication error for the server DNS/DOMAINSERVER.COMPANY.L
The computer was not able to set up a secure session with a domain controller in domain DOMAINNAME due to the following:
There are currently no logon servers available to service the logon request. This may lead to authentication problems.
Now bear in mind that when I replaced the domain controller I haven't done anything on the Oracle server to tell it about the new set up (apart from adding it to the domain) as I wasn't entirely sure what to do. I'm pretty sure this is a trust/permissions issue but I'm still rather new at this and wanted to ask what basics I need to do so that domain users have the appropriate access to everything on the Oracle Server.
Many thanks
Adam
I have a client with 2 servers. 1 is a Windows Server 2003 server just running an Oracle Database. The second server is a brand new 2008SBS server which is the only DC. This 2008 Server is a replacement for their old server which went bang a few months ago.
Since I replaced the DC we have had all-sorts of problems getting clients connected to the Oracle Server. I've just logged onto the Oracle Server and have noticed the following 2 events in the log:
The Security System detected an authentication error for the server DNS/DOMAINSERVER.COMPANY.L
The computer was not able to set up a secure session with a domain controller in domain DOMAINNAME due to the following:
There are currently no logon servers available to service the logon request. This may lead to authentication problems.
Now bear in mind that when I replaced the domain controller I haven't done anything on the Oracle server to tell it about the new set up (apart from adding it to the domain) as I wasn't entirely sure what to do. I'm pretty sure this is a trust/permissions issue but I'm still rather new at this and wanted to ask what basics I need to do so that domain users have the appropriate access to everything on the Oracle Server.
Many thanks
Adam
ASKER
Hi,
We only have one NIC enabled. When I go to the adapter properties and click on the DNS tab it has an entry in the DNS server addresses box which is the Ip address of the DC. The Register this connection's addresses in DNS box is ticked and the Use this connection's DNS suffix in DNS registration is not ticked.
If I click on Advanced on the adapter settings (to get to the bit with IP Settings, DNS, WINS and Options Tabs and look at Ip Settings I've got 2 IP addresses in the Ip Addresses box:
192.168.16.4.......255.255
192.168.15.3.......255.255
Could that second IP address in the list be causing problems as it's in the wrong subnet?
(Sorry I'm not really up to speed with subnets e.t.c. so grasping at straws.)
I can confirm that I cannot browse the DC by name from the Database server and the same problem the other way round.
Thanks
Adam
We only have one NIC enabled. When I go to the adapter properties and click on the DNS tab it has an entry in the DNS server addresses box which is the Ip address of the DC. The Register this connection's addresses in DNS box is ticked and the Use this connection's DNS suffix in DNS registration is not ticked.
If I click on Advanced on the adapter settings (to get to the bit with IP Settings, DNS, WINS and Options Tabs and look at Ip Settings I've got 2 IP addresses in the Ip Addresses box:
192.168.16.4.......255.255
192.168.15.3.......255.255
Could that second IP address in the list be causing problems as it's in the wrong subnet?
(Sorry I'm not really up to speed with subnets e.t.c. so grasping at straws.)
I can confirm that I cannot browse the DC by name from the Database server and the same problem the other way round.
Thanks
Adam
Are either of those IP addresses correct for the new DC?
Definitely check those two IP's. If the second one is in the wrong subnet then remove it (you should the IP of the new DC as the only one).
Also what records do you have in DNS under <domain>, _msdcs, dc, _tcp?
Also what records do you have in DNS under <domain>, _msdcs, dc, _tcp?
ASKER
HI All,
The .16.4 address is the DC. No idea where the other one came from. Is it o.k. to remove the other one?
Also just checked and the DNS role of this particular servfer is not installed. Again because nothing changed on the database server, it was the DC we changed I assumed there wouldn't be anything glaringly wrong with the database server. Do we need to have DNS installed on it?
Please excuse my ignorance and I really appreciate your help so far.
The .16.4 address is the DC. No idea where the other one came from. Is it o.k. to remove the other one?
Also just checked and the DNS role of this particular servfer is not installed. Again because nothing changed on the database server, it was the DC we changed I assumed there wouldn't be anything glaringly wrong with the database server. Do we need to have DNS installed on it?
Please excuse my ignorance and I really appreciate your help so far.
You don't need to install DNS on the database server.
And I think it is safe to remove that IP (xxx.xxx.16.4) from the adapter settings. Make a note of it and monitor.
And I think it is safe to remove that IP (xxx.xxx.16.4) from the adapter settings. Make a note of it and monitor.
ASKER
OK have removed the second IP address. I also noted that Netbios had been turned off on the database server, I've turned that on and I can now ping the database by both name and IP address from client machines but I cannot view shares. When I try to open the dbserver using \\db-server in the run line I get "\\db-server is not accessible. You might not have permission to use this network resource. There are currently no logon servers available to service the logon request.
From the database server can you run ipconfig/ registerdns and give it 15 minutes. Then from the client try and access the share using the IP (\\xxx.xxx.xxx.xxx\) then the nodename.
ASKER
Thanks for the suggestion, have just done this and will report back after 15 minutes
ASKER
I;'ve spotted a lot of the following errors in the log recently: Don't know if it's relevant
Error 1053 Windows cannot determine the user or computer name. (Access is denied. ). Group Policy processing aborted.
Error 1053 Windows cannot determine the user or computer name. (Access is denied. ). Group Policy processing aborted.
ASKER
OK a bit of progress but still not working. I can browse and read files shared on the DC from the database server, however I still can't do the important thing which is browse shares on the database server from the DC or domain clients. The db server is visible from the dc server if you view the whole network but if you double click on it you get an error saying: DBServer is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I was thinking that but whoever setup the server is long gone and I'm afraid if I did that I wouldn't know the local password. Is there a way of resetting the local password or creating a new local user account from the server while part of the domain?
ASKER
Thank you, that did the trick!
Do you have 'Do not register in DNS' selected on the interface? Also do you have one or two NIC's installed on the 2003 Server?