Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 199
  • Last Modified:

Domain Issue

Hi,

We just had an issue with a domain controller that holds the following roles :

PDC, RID Pool Manager

Our domain level is Windows 2000 Native

We have got 2 Sites

Site 1

2 x Win 2003 R2 Domain Controllers
1 x Win 2008 R2 Domain Controller

Site 2

2 x Win 2008 R2 Domain Controllers

When the server in question locked up (2003 R2 DC) it brought the entire network down.

So my question is why, and how can I prevent this.

Also should I raise my domain level?

Thanks

Paul
0
essexboy80
Asked:
essexboy80
  • 9
  • 4
  • 3
1 Solution
 
Joseph MoodyBlogger and wearer of all hats.Commented:
The PDC emulator about your most crucial domain controller. Losing it is never a good thing.

If you haven't, read this:

http://www.windowsnetworking.com/articles_tutorials/Managing-Active-Directory-FSMO-Roles.html

You can upgrade your domain if all of your domain controllers are 2008. You shouldn't notice any problems with upgrading.
0
 
essexboy80Author Commented:
Thanks will take a look, but should the lock up have caused the entire network to lock up until it is restarted? If so what is the point of multiple DC
0
 
Joseph MoodyBlogger and wearer of all hats.Commented:
I am not sure how your network is setup but I would also make sure your DNS is setup correctly. That would be the likely cause of a network lockup.

The PDC emulator is mainly tasked with password changes, authenication, etc.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
essexboy80Author Commented:
Do you have a link for DNS best setup, so I can make sure I am good.
0
 
Joseph MoodyBlogger and wearer of all hats.Commented:
0
 
Prashant GirennavarCommented:
Window servrer 2003 r2 DC holds domain wide FSMO roles in your environement.

WHen you say windwo server 2003 R2 locked up entire network goes down..What does this means?

Locked up in the sence computer is locked ? or it is crashed?

what is the error client systems are facing ?

In normal secnario , even if DC holding FSMO roles goes down , still client system should logon to the network without any issue atleast for some time....

Please explains more in detail

Regards,

_Prashant_
0
 
essexboy80Author Commented:
Hi,

When I say locked up, the server was still online but somthing happens to the Active Directory side of things.

All of my clients machines lock up if they try to access network drive (i have some on the DC that went wrong).

But surely this shouldnt happen.

Paul
0
 
Prashant GirennavarCommented:
Can you please run Dcdiag /q and repadmin /replsum on the problematic DC and post the results here.

Also what is the error message on client system when they try to access the network share drive.

I would recommend you to run ipconfing /all on client system and problemetic DC and post the results here.

Regards,

_Prashant_
0
 
essexboy80Author Commented:
Prashant,

I am going to post these shortly
0
 
essexboy80Author Commented:
Hi,

DCDIAG /Q didnt display anything.

Here is REPADMIN /REPLSUM


Replication Summary Start Time: 2012-04-19 13:56:26

Beginning data collection for replication summary, this may take awhile:
  .............


Source DC           largest delta  fails/total  %%  error
 BLUNT                     58m:43s    0 /  15    0
 DC01                      05m:00s    0 /  10    0
 DC01-DR                   58m:43s    0 /   5    0
 DC01-GSY                  11m:09s    0 /  15    0
 DC01-GSY-DR           02h:59m:41s    0 /   5    0
 DC02                      59m:41s    0 /  25    0
 DC02-DR                   59m:03s    0 /  15    0
 DC03                      14m:41s    0 /  20    0
 ODEYGSY               02h:59m:41s    0 /  10    0
 PHILBY                    11m:09s    0 /  15    0


Destination DC    largest delta    fails/total  %%  error
 BLUNT                     11m:09s    0 /  15    0
 DC01                  02h:59m:42s    0 /  20    0
 DC01-DR                   59m:04s    0 /  10    0
 DC01-GSY                  05m:55s    0 /  10    0
 DC01-GSY-DR               09m:42s    0 /  15    0
 DC02                      01m:01s    0 /  10    0
 DC02-DR                   58m:45s    0 /  15    0
 DC03                      05m:02s    0 /  15    0
 ODEYGSY                   05m:11s    0 /  10    0
 PHILBY                    05m:28s    0 /  15    0

Basically it just locks the client machines up until the DC in question is restarted.

The only thing that worked was Outlook.

Paul
0
 
Prashant GirennavarCommented:
Ok.
When you say lock , I assume on client system you are able to use only Outlook. None of the Internet or intranet sites will work. AM I Right?

Can you please post Ipconfig /all of your one of client system and from your DOmain controloler?

Regards,

_Prashant_
0
 
essexboy80Author Commented:
Hi Prashant,

That is 100% right yes, here is from one pc and one of my DC (the one in question)

CLIENT PC


C:\Users\pauls>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : XXX-lonpc52
   Primary Dns Suffix  . . . . . . . : XXX.XXX.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : XXX.XXX.com

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) 82578DM Gigabit Network Connecti
on
   Physical Address. . . . . . . . . : D8-D3-85-7F-83-76
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.80.4(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.254.0
   Default Gateway . . . . . . . . . : 192.168.80.5
   DNS Servers . . . . . . . . . . . : 192.168.88.1
                                       192.168.88.2
   NetBIOS over Tcpip. . . . . . . . : Enabled

DC IN QUESTION

C:\WINDOWS\Profiles\Administrator.XXX>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : philby
   Primary Dns Suffix  . . . . . . . : XXX.XXX.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : XXX.XXX.com

Ethernet adapter HP TEAM:

   Connection-specific DNS Suffix  . : XXX.XXX.com
   Description . . . . . . . . . . . : HP Network Team #1
   Physical Address. . . . . . . . . : 00-19-BB-D0-C2-06
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.100.111
   Subnet Mask . . . . . . . . . . . : 255.255.252.0
   Default Gateway . . . . . . . . . : 192.168.100.5
   DNS Servers . . . . . . . . . . . : 192.168.100.111
                                       192.168.100.112
0
 
Prashant GirennavarCommented:
Ipconfig results seems to be fine on DC and on Client sytems.

It seems to me routing problem.

Run Tracert <Website address> and check where the packets are getting dropped.

Also I request you to use Wireshark tool to monitor the network packet drops on client system.

Seems you need your company network engineer help here.

Regards,

_Prashant_
0
 
essexboy80Author Commented:
I will run wireshark
0
 
essexboy80Author Commented:
This was resolved by upgrading all my domain controllers to 2008r2
0
 
essexboy80Author Commented:
Resolved
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 9
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now