Domain Issue

The PDC emulator about your most crucial domain controller. Losing it is never a good thing.

If you haven't, read this:

http://www.windowsnetworking.com/articles_tutorials/Managing-Active-Directory-FSMO-Roles.html

You can upgrade your domain if all of your domain controllers are 2008. You shouldn't notice any problems with upgrading.

Thanks will take a look, but should the lock up have caused the entire network to lock up until it is restarted? If so what is the point of multiple DC

I am not sure how your network is setup but I would also make sure your DNS is setup correctly. That would be the likely cause of a network lockup.

The PDC emulator is mainly tasked with password changes, authenication, etc.

Do you have a link for DNS best setup, so I can make sure I am good.

http://technet.microsoft.com/en-us/library/cc816603(v=ws.10).aspx

Window servrer 2003 r2 DC holds domain wide FSMO roles in your environement.

WHen you say windwo server 2003 R2 locked up entire network goes down..What does this means?

Locked up in the sence computer is locked ? or it is crashed?

what is the error client systems are facing ?

In normal secnario , even if DC holding FSMO roles goes down , still client system should logon to the network without any issue atleast for some time....

Please explains more in detail

Regards,

_Prashant_

Hi,

When I say locked up, the server was still online but somthing happens to the Active Directory side of things.

All of my clients machines lock up if they try to access network drive (i have some on the DC that went wrong).

But surely this shouldnt happen.

Paul

Can you please run Dcdiag /q and repadmin /replsum on the problematic DC and post the results here.

Also what is the error message on client system when they try to access the network share drive.

I would recommend you to run ipconfing /all on client system and problemetic DC and post the results here.

Regards,

_Prashant_

Prashant,

I am going to post these shortly

Hi,

DCDIAG /Q didnt display anything.

Here is REPADMIN /REPLSUM


Replication Summary Start Time: 2012-04-19 13:56:26

Beginning data collection for replication summary, this may take awhile:
  .............


Source DC           largest delta  fails/total  %%  error
 BLUNT                     58m:43s    0 /  15    0
 DC01                      05m:00s    0 /  10    0
 DC01-DR                   58m:43s    0 /   5    0
 DC01-GSY                  11m:09s    0 /  15    0
 DC01-GSY-DR           02h:59m:41s    0 /   5    0
 DC02                      59m:41s    0 /  25    0
 DC02-DR                   59m:03s    0 /  15    0
 DC03                      14m:41s    0 /  20    0
 ODEYGSY               02h:59m:41s    0 /  10    0
 PHILBY                    11m:09s    0 /  15    0


Destination DC    largest delta    fails/total  %%  error
 BLUNT                     11m:09s    0 /  15    0
 DC01                  02h:59m:42s    0 /  20    0
 DC01-DR                   59m:04s    0 /  10    0
 DC01-GSY                  05m:55s    0 /  10    0
 DC01-GSY-DR               09m:42s    0 /  15    0
 DC02                      01m:01s    0 /  10    0
 DC02-DR                   58m:45s    0 /  15    0
 DC03                      05m:02s    0 /  15    0
 ODEYGSY                   05m:11s    0 /  10    0
 PHILBY                    05m:28s    0 /  15    0

Basically it just locks the client machines up until the DC in question is restarted.

The only thing that worked was Outlook.

Paul

Ok.
When you say lock , I assume on client system you are able to use only Outlook. None of the Internet or intranet sites will work. AM I Right?

Can you please post Ipconfig /all of your one of client system and from your DOmain controloler?

Regards,

_Prashant_

Hi Prashant,

That is 100% right yes, here is from one pc and one of my DC (the one in question)

CLIENT PC


C:\Users\pauls>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : XXX-lonpc52
   Primary Dns Suffix  . . . . . . . : XXX.XXX.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : XXX.XXX.com

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) 82578DM Gigabit Network Connecti
on
   Physical Address. . . . . . . . . : D8-D3-85-7F-83-76
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.80.4(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.254.0
   Default Gateway . . . . . . . . . : 192.168.80.5
   DNS Servers . . . . . . . . . . . : 192.168.88.1
                                       192.168.88.2
   NetBIOS over Tcpip. . . . . . . . : Enabled

DC IN QUESTION

C:\WINDOWS\Profiles\Administrator.XXX>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : philby
   Primary Dns Suffix  . . . . . . . : XXX.XXX.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : XXX.XXX.com

Ethernet adapter HP TEAM:

   Connection-specific DNS Suffix  . : XXX.XXX.com
   Description . . . . . . . . . . . : HP Network Team #1
   Physical Address. . . . . . . . . : 00-19-BB-D0-C2-06
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.100.111
   Subnet Mask . . . . . . . . . . . : 255.255.252.0
   Default Gateway . . . . . . . . . : 192.168.100.5
   DNS Servers . . . . . . . . . . . : 192.168.100.111
                                       192.168.100.112

Ipconfig results seems to be fine on DC and on Client sytems.

It seems to me routing problem.

Run Tracert <Website address> and check where the packets are getting dropped.

Also I request you to use Wireshark tool to monitor the network packet drops on client system.

Seems you need your company network engineer help here.

Regards,

_Prashant_

I will run wireshark

Resolved