Solved

Domain Issue

Posted on 2012-04-13
16
186 Views
Last Modified: 2012-08-19
Hi,

We just had an issue with a domain controller that holds the following roles :

PDC, RID Pool Manager

Our domain level is Windows 2000 Native

We have got 2 Sites

Site 1

2 x Win 2003 R2 Domain Controllers
1 x Win 2008 R2 Domain Controller

Site 2

2 x Win 2008 R2 Domain Controllers

When the server in question locked up (2003 R2 DC) it brought the entire network down.

So my question is why, and how can I prevent this.

Also should I raise my domain level?

Thanks

Paul
0
Comment
Question by:essexboy80
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 4
  • 3
16 Comments
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 37843162
The PDC emulator about your most crucial domain controller. Losing it is never a good thing.

If you haven't, read this:

http://www.windowsnetworking.com/articles_tutorials/Managing-Active-Directory-FSMO-Roles.html

You can upgrade your domain if all of your domain controllers are 2008. You shouldn't notice any problems with upgrading.
0
 
LVL 1

Author Comment

by:essexboy80
ID: 37843185
Thanks will take a look, but should the lock up have caused the entire network to lock up until it is restarted? If so what is the point of multiple DC
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 37843226
I am not sure how your network is setup but I would also make sure your DNS is setup correctly. That would be the likely cause of a network lockup.

The PDC emulator is mainly tasked with password changes, authenication, etc.
0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 
LVL 1

Author Comment

by:essexboy80
ID: 37843288
Do you have a link for DNS best setup, so I can make sure I am good.
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 37843312
0
 
LVL 10

Expert Comment

by:Prashant Girennavar
ID: 37845572
Window servrer 2003 r2 DC holds domain wide FSMO roles in your environement.

WHen you say windwo server 2003 R2 locked up entire network goes down..What does this means?

Locked up in the sence computer is locked ? or it is crashed?

what is the error client systems are facing ?

In normal secnario , even if DC holding FSMO roles goes down , still client system should logon to the network without any issue atleast for some time....

Please explains more in detail

Regards,

_Prashant_
0
 
LVL 1

Author Comment

by:essexboy80
ID: 37846904
Hi,

When I say locked up, the server was still online but somthing happens to the Active Directory side of things.

All of my clients machines lock up if they try to access network drive (i have some on the DC that went wrong).

But surely this shouldnt happen.

Paul
0
 
LVL 10

Expert Comment

by:Prashant Girennavar
ID: 37850015
Can you please run Dcdiag /q and repadmin /replsum on the problematic DC and post the results here.

Also what is the error message on client system when they try to access the network share drive.

I would recommend you to run ipconfing /all on client system and problemetic DC and post the results here.

Regards,

_Prashant_
0
 
LVL 1

Author Comment

by:essexboy80
ID: 37865569
Prashant,

I am going to post these shortly
0
 
LVL 1

Author Comment

by:essexboy80
ID: 37865588
Hi,

DCDIAG /Q didnt display anything.

Here is REPADMIN /REPLSUM


Replication Summary Start Time: 2012-04-19 13:56:26

Beginning data collection for replication summary, this may take awhile:
  .............


Source DC           largest delta  fails/total  %%  error
 BLUNT                     58m:43s    0 /  15    0
 DC01                      05m:00s    0 /  10    0
 DC01-DR                   58m:43s    0 /   5    0
 DC01-GSY                  11m:09s    0 /  15    0
 DC01-GSY-DR           02h:59m:41s    0 /   5    0
 DC02                      59m:41s    0 /  25    0
 DC02-DR                   59m:03s    0 /  15    0
 DC03                      14m:41s    0 /  20    0
 ODEYGSY               02h:59m:41s    0 /  10    0
 PHILBY                    11m:09s    0 /  15    0


Destination DC    largest delta    fails/total  %%  error
 BLUNT                     11m:09s    0 /  15    0
 DC01                  02h:59m:42s    0 /  20    0
 DC01-DR                   59m:04s    0 /  10    0
 DC01-GSY                  05m:55s    0 /  10    0
 DC01-GSY-DR               09m:42s    0 /  15    0
 DC02                      01m:01s    0 /  10    0
 DC02-DR                   58m:45s    0 /  15    0
 DC03                      05m:02s    0 /  15    0
 ODEYGSY                   05m:11s    0 /  10    0
 PHILBY                    05m:28s    0 /  15    0

Basically it just locks the client machines up until the DC in question is restarted.

The only thing that worked was Outlook.

Paul
0
 
LVL 10

Expert Comment

by:Prashant Girennavar
ID: 37869323
Ok.
When you say lock , I assume on client system you are able to use only Outlook. None of the Internet or intranet sites will work. AM I Right?

Can you please post Ipconfig /all of your one of client system and from your DOmain controloler?

Regards,

_Prashant_
0
 
LVL 1

Author Comment

by:essexboy80
ID: 37880496
Hi Prashant,

That is 100% right yes, here is from one pc and one of my DC (the one in question)

CLIENT PC


C:\Users\pauls>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : XXX-lonpc52
   Primary Dns Suffix  . . . . . . . : XXX.XXX.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : XXX.XXX.com

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) 82578DM Gigabit Network Connecti
on
   Physical Address. . . . . . . . . : D8-D3-85-7F-83-76
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.80.4(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.254.0
   Default Gateway . . . . . . . . . : 192.168.80.5
   DNS Servers . . . . . . . . . . . : 192.168.88.1
                                       192.168.88.2
   NetBIOS over Tcpip. . . . . . . . : Enabled

DC IN QUESTION

C:\WINDOWS\Profiles\Administrator.XXX>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : philby
   Primary Dns Suffix  . . . . . . . : XXX.XXX.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : XXX.XXX.com

Ethernet adapter HP TEAM:

   Connection-specific DNS Suffix  . : XXX.XXX.com
   Description . . . . . . . . . . . : HP Network Team #1
   Physical Address. . . . . . . . . : 00-19-BB-D0-C2-06
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.100.111
   Subnet Mask . . . . . . . . . . . : 255.255.252.0
   Default Gateway . . . . . . . . . : 192.168.100.5
   DNS Servers . . . . . . . . . . . : 192.168.100.111
                                       192.168.100.112
0
 
LVL 10

Expert Comment

by:Prashant Girennavar
ID: 37880966
Ipconfig results seems to be fine on DC and on Client sytems.

It seems to me routing problem.

Run Tracert <Website address> and check where the packets are getting dropped.

Also I request you to use Wireshark tool to monitor the network packet drops on client system.

Seems you need your company network engineer help here.

Regards,

_Prashant_
0
 
LVL 1

Author Comment

by:essexboy80
ID: 37911444
I will run wireshark
0
 
LVL 1

Accepted Solution

by:
essexboy80 earned 0 total points
ID: 38292324
This was resolved by upgrading all my domain controllers to 2008r2
0
 
LVL 1

Author Closing Comment

by:essexboy80
ID: 38309055
Resolved
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question