pepps11976
asked on
Domain Controller Issues
Hi All i have Two windows server 2003 domain controllers DC1 and DC2, DC1 is the first Domain Controller in the domain.
I created a logon script to create a few Network drives for when users logon, and i have found issue where the drives do not always map, they may have to logon and logoff a couple of times before it will work when i looked in the event log of DC1 i found the following
Event Type: Error
Event Source: NTDS Replication
Event Category: DS RPC Client
Event ID: 2087
Date: 01/02/2012
Time: 03:22:25
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: DC1
Description:
Active Directory could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources.
Source domain controller:
dc2
Failing DNS host name:
9dba6de4-2325-477f-8e68-cb
NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour period, even if more than 10 failures occur. To log all individual failure events, set the following diagnostics registry value to 1:
Registry Path:
HKLM\System\CurrentControl
User Action:
1) If the source domain controller is no longer functioning or its operating system has been reinstalled with a different computer name or NTDSDSA object GUID, remove the source domain controller's metadata with ntdsutil.exe, using the steps outlined in MSKB article 216498.
2) Confirm that the source domain controller is running Active directory and is accessible on the network by typing "net view \\<source DC name>" or "ping <source DC name>".
3) Verify that the source domain controller is using a valid DNS server for DNS services, and that the source domain controller's host record and CNAME record are correctly registered, using the DNS Enhanced version of DCDIAG.EXE available on http://www.microsoft.com/dns
dcdiag /test:dns
4) Verify that that this destination domain controller is using a valid DNS server for DNS services, by running the DNS Enhanced version of DCDIAG.EXE command on the console of the destination domain controller, as follows:
dcdiag /test:dns
5) For further analysis of DNS error failures see KB 824449:
http://support.microsoft.com/?kbid=824449
Additional Data
Error value:
11004 The requested name is valid, but no data of the requested type was found.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
could this be part of the problem or does anybody have any other idears
John
I created a logon script to create a few Network drives for when users logon, and i have found issue where the drives do not always map, they may have to logon and logoff a couple of times before it will work when i looked in the event log of DC1 i found the following
Event Type: Error
Event Source: NTDS Replication
Event Category: DS RPC Client
Event ID: 2087
Date: 01/02/2012
Time: 03:22:25
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: DC1
Description:
Active Directory could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources.
Source domain controller:
dc2
Failing DNS host name:
9dba6de4-2325-477f-8e68-cb
NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour period, even if more than 10 failures occur. To log all individual failure events, set the following diagnostics registry value to 1:
Registry Path:
HKLM\System\CurrentControl
User Action:
1) If the source domain controller is no longer functioning or its operating system has been reinstalled with a different computer name or NTDSDSA object GUID, remove the source domain controller's metadata with ntdsutil.exe, using the steps outlined in MSKB article 216498.
2) Confirm that the source domain controller is running Active directory and is accessible on the network by typing "net view \\<source DC name>" or "ping <source DC name>".
3) Verify that the source domain controller is using a valid DNS server for DNS services, and that the source domain controller's host record and CNAME record are correctly registered, using the DNS Enhanced version of DCDIAG.EXE available on http://www.microsoft.com/dns
dcdiag /test:dns
4) Verify that that this destination domain controller is using a valid DNS server for DNS services, by running the DNS Enhanced version of DCDIAG.EXE command on the console of the destination domain controller, as follows:
dcdiag /test:dns
5) For further analysis of DNS error failures see KB 824449:
http://support.microsoft.com/?kbid=824449
Additional Data
Error value:
11004 The requested name is valid, but no data of the requested type was found.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
could this be part of the problem or does anybody have any other idears
John
ASKER
Ok the Pcs that are having the issue are using the domain controller as there DNS and the Domain Controller is using 127.0.0.1 as its DNS
here is the script that i am using
net use z: /delete
net use y: /delete
net use p: /delete
net use x: /delete
net use n: /delete
net use o: /delete
net use z: \\10.0.0.17\Data\OperaII
net use o: \\10.0.0.17\Data\OperaII\Q
net use y: \\10.0.0.17\Data
John
here is the script that i am using
net use z: /delete
net use y: /delete
net use p: /delete
net use x: /delete
net use n: /delete
net use o: /delete
net use z: \\10.0.0.17\Data\OperaII
net use o: \\10.0.0.17\Data\OperaII\Q
net use y: \\10.0.0.17\Data
John
Interesting....
interface bindings in DNS server console?
It bind to all interfaces or just to the assigned IP address? it binds to 127.0.0.1?
interface bindings in DNS server console?
It bind to all interfaces or just to the assigned IP address? it binds to 127.0.0.1?
ASKER
Sorry could you just explain exactly what you need me to check i am still quite new to all this :)
John
John
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok In DNS if i right click on the server and click properties on the Interfaces Tab i have Listen on All IP Addresses selected
Can you confirm that either the DC is using itself as DNS in the NIC properties? (the right way to manage a DC/DNS server to point somewhere with DNS is to add forwarders in the DNS server management console or to edit root hints always in DNSMGMT.msc).
Can you share the relevant part of the script with us? (i suggest to use net use <Letter>: /DELETE before each mapping command, to clear the situation before moving forward)
HTH.
Bye!