essexboy80
asked on
Domain Issue
Hi,
We just had an issue with a domain controller that holds the following roles :
PDC, RID Pool Manager
Our domain level is Windows 2000 Native
We have got 2 Sites
Site 1
2 x Win 2003 R2 Domain Controllers
1 x Win 2008 R2 Domain Controller
Site 2
2 x Win 2008 R2 Domain Controllers
When the server in question locked up (2003 R2 DC) it brought the entire network down.
So my question is why, and how can I prevent this.
Also should I raise my domain level?
Thanks
Paul
We just had an issue with a domain controller that holds the following roles :
PDC, RID Pool Manager
Our domain level is Windows 2000 Native
We have got 2 Sites
Site 1
2 x Win 2003 R2 Domain Controllers
1 x Win 2008 R2 Domain Controller
Site 2
2 x Win 2008 R2 Domain Controllers
When the server in question locked up (2003 R2 DC) it brought the entire network down.
So my question is why, and how can I prevent this.
Also should I raise my domain level?
Thanks
Paul
ASKER
Thanks will take a look, but should the lock up have caused the entire network to lock up until it is restarted? If so what is the point of multiple DC
I am not sure how your network is setup but I would also make sure your DNS is setup correctly. That would be the likely cause of a network lockup.
The PDC emulator is mainly tasked with password changes, authenication, etc.
The PDC emulator is mainly tasked with password changes, authenication, etc.
ASKER
Do you have a link for DNS best setup, so I can make sure I am good.
Window servrer 2003 r2 DC holds domain wide FSMO roles in your environement.
WHen you say windwo server 2003 R2 locked up entire network goes down..What does this means?
Locked up in the sence computer is locked ? or it is crashed?
what is the error client systems are facing ?
In normal secnario , even if DC holding FSMO roles goes down , still client system should logon to the network without any issue atleast for some time....
Please explains more in detail
Regards,
_Prashant_
WHen you say windwo server 2003 R2 locked up entire network goes down..What does this means?
Locked up in the sence computer is locked ? or it is crashed?
what is the error client systems are facing ?
In normal secnario , even if DC holding FSMO roles goes down , still client system should logon to the network without any issue atleast for some time....
Please explains more in detail
Regards,
_Prashant_
ASKER
Hi,
When I say locked up, the server was still online but somthing happens to the Active Directory side of things.
All of my clients machines lock up if they try to access network drive (i have some on the DC that went wrong).
But surely this shouldnt happen.
Paul
When I say locked up, the server was still online but somthing happens to the Active Directory side of things.
All of my clients machines lock up if they try to access network drive (i have some on the DC that went wrong).
But surely this shouldnt happen.
Paul
Can you please run Dcdiag /q and repadmin /replsum on the problematic DC and post the results here.
Also what is the error message on client system when they try to access the network share drive.
I would recommend you to run ipconfing /all on client system and problemetic DC and post the results here.
Regards,
_Prashant_
Also what is the error message on client system when they try to access the network share drive.
I would recommend you to run ipconfing /all on client system and problemetic DC and post the results here.
Regards,
_Prashant_
ASKER
Prashant,
I am going to post these shortly
I am going to post these shortly
ASKER
Hi,
DCDIAG /Q didnt display anything.
Here is REPADMIN /REPLSUM
Replication Summary Start Time: 2012-04-19 13:56:26
Beginning data collection for replication summary, this may take awhile:
.............
Source DC largest delta fails/total %% error
BLUNT 58m:43s 0 / 15 0
DC01 05m:00s 0 / 10 0
DC01-DR 58m:43s 0 / 5 0
DC01-GSY 11m:09s 0 / 15 0
DC01-GSY-DR 02h:59m:41s 0 / 5 0
DC02 59m:41s 0 / 25 0
DC02-DR 59m:03s 0 / 15 0
DC03 14m:41s 0 / 20 0
ODEYGSY 02h:59m:41s 0 / 10 0
PHILBY 11m:09s 0 / 15 0
Destination DC largest delta fails/total %% error
BLUNT 11m:09s 0 / 15 0
DC01 02h:59m:42s 0 / 20 0
DC01-DR 59m:04s 0 / 10 0
DC01-GSY 05m:55s 0 / 10 0
DC01-GSY-DR 09m:42s 0 / 15 0
DC02 01m:01s 0 / 10 0
DC02-DR 58m:45s 0 / 15 0
DC03 05m:02s 0 / 15 0
ODEYGSY 05m:11s 0 / 10 0
PHILBY 05m:28s 0 / 15 0
Basically it just locks the client machines up until the DC in question is restarted.
The only thing that worked was Outlook.
Paul
DCDIAG /Q didnt display anything.
Here is REPADMIN /REPLSUM
Replication Summary Start Time: 2012-04-19 13:56:26
Beginning data collection for replication summary, this may take awhile:
.............
Source DC largest delta fails/total %% error
BLUNT 58m:43s 0 / 15 0
DC01 05m:00s 0 / 10 0
DC01-DR 58m:43s 0 / 5 0
DC01-GSY 11m:09s 0 / 15 0
DC01-GSY-DR 02h:59m:41s 0 / 5 0
DC02 59m:41s 0 / 25 0
DC02-DR 59m:03s 0 / 15 0
DC03 14m:41s 0 / 20 0
ODEYGSY 02h:59m:41s 0 / 10 0
PHILBY 11m:09s 0 / 15 0
Destination DC largest delta fails/total %% error
BLUNT 11m:09s 0 / 15 0
DC01 02h:59m:42s 0 / 20 0
DC01-DR 59m:04s 0 / 10 0
DC01-GSY 05m:55s 0 / 10 0
DC01-GSY-DR 09m:42s 0 / 15 0
DC02 01m:01s 0 / 10 0
DC02-DR 58m:45s 0 / 15 0
DC03 05m:02s 0 / 15 0
ODEYGSY 05m:11s 0 / 10 0
PHILBY 05m:28s 0 / 15 0
Basically it just locks the client machines up until the DC in question is restarted.
The only thing that worked was Outlook.
Paul
Ok.
When you say lock , I assume on client system you are able to use only Outlook. None of the Internet or intranet sites will work. AM I Right?
Can you please post Ipconfig /all of your one of client system and from your DOmain controloler?
Regards,
_Prashant_
When you say lock , I assume on client system you are able to use only Outlook. None of the Internet or intranet sites will work. AM I Right?
Can you please post Ipconfig /all of your one of client system and from your DOmain controloler?
Regards,
_Prashant_
ASKER
Hi Prashant,
That is 100% right yes, here is from one pc and one of my DC (the one in question)
CLIENT PC
C:\Users\pauls>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : XXX-lonpc52
Primary Dns Suffix . . . . . . . : XXX.XXX.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : XXX.XXX.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82578DM Gigabit Network Connecti
on
Physical Address. . . . . . . . . : D8-D3-85-7F-83-76
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.80.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Default Gateway . . . . . . . . . : 192.168.80.5
DNS Servers . . . . . . . . . . . : 192.168.88.1
192.168.88.2
NetBIOS over Tcpip. . . . . . . . : Enabled
DC IN QUESTION
C:\WINDOWS\Profiles\Admini strator.XX X>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : philby
Primary Dns Suffix . . . . . . . : XXX.XXX.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : XXX.XXX.com
Ethernet adapter HP TEAM:
Connection-specific DNS Suffix . : XXX.XXX.com
Description . . . . . . . . . . . : HP Network Team #1
Physical Address. . . . . . . . . : 00-19-BB-D0-C2-06
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.100.111
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 192.168.100.5
DNS Servers . . . . . . . . . . . : 192.168.100.111
192.168.100.112
That is 100% right yes, here is from one pc and one of my DC (the one in question)
CLIENT PC
C:\Users\pauls>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : XXX-lonpc52
Primary Dns Suffix . . . . . . . : XXX.XXX.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : XXX.XXX.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82578DM Gigabit Network Connecti
on
Physical Address. . . . . . . . . : D8-D3-85-7F-83-76
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.80.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Default Gateway . . . . . . . . . : 192.168.80.5
DNS Servers . . . . . . . . . . . : 192.168.88.1
192.168.88.2
NetBIOS over Tcpip. . . . . . . . : Enabled
DC IN QUESTION
C:\WINDOWS\Profiles\Admini
Windows IP Configuration
Host Name . . . . . . . . . . . . : philby
Primary Dns Suffix . . . . . . . : XXX.XXX.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : XXX.XXX.com
Ethernet adapter HP TEAM:
Connection-specific DNS Suffix . : XXX.XXX.com
Description . . . . . . . . . . . : HP Network Team #1
Physical Address. . . . . . . . . : 00-19-BB-D0-C2-06
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.100.111
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 192.168.100.5
DNS Servers . . . . . . . . . . . : 192.168.100.111
192.168.100.112
Ipconfig results seems to be fine on DC and on Client sytems.
It seems to me routing problem.
Run Tracert <Website address> and check where the packets are getting dropped.
Also I request you to use Wireshark tool to monitor the network packet drops on client system.
Seems you need your company network engineer help here.
Regards,
_Prashant_
It seems to me routing problem.
Run Tracert <Website address> and check where the packets are getting dropped.
Also I request you to use Wireshark tool to monitor the network packet drops on client system.
Seems you need your company network engineer help here.
Regards,
_Prashant_
ASKER
I will run wireshark
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Resolved
If you haven't, read this:
http://www.windowsnetworking.com/articles_tutorials/Managing-Active-Directory-FSMO-Roles.html
You can upgrade your domain if all of your domain controllers are 2008. You shouldn't notice any problems with upgrading.