Solved

Domain Issue

Posted on 2012-04-13
16
185 Views
Last Modified: 2012-08-19
Hi,

We just had an issue with a domain controller that holds the following roles :

PDC, RID Pool Manager

Our domain level is Windows 2000 Native

We have got 2 Sites

Site 1

2 x Win 2003 R2 Domain Controllers
1 x Win 2008 R2 Domain Controller

Site 2

2 x Win 2008 R2 Domain Controllers

When the server in question locked up (2003 R2 DC) it brought the entire network down.

So my question is why, and how can I prevent this.

Also should I raise my domain level?

Thanks

Paul
0
Comment
Question by:essexboy80
  • 9
  • 4
  • 3
16 Comments
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 37843162
The PDC emulator about your most crucial domain controller. Losing it is never a good thing.

If you haven't, read this:

http://www.windowsnetworking.com/articles_tutorials/Managing-Active-Directory-FSMO-Roles.html

You can upgrade your domain if all of your domain controllers are 2008. You shouldn't notice any problems with upgrading.
0
 
LVL 1

Author Comment

by:essexboy80
ID: 37843185
Thanks will take a look, but should the lock up have caused the entire network to lock up until it is restarted? If so what is the point of multiple DC
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 37843226
I am not sure how your network is setup but I would also make sure your DNS is setup correctly. That would be the likely cause of a network lockup.

The PDC emulator is mainly tasked with password changes, authenication, etc.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 1

Author Comment

by:essexboy80
ID: 37843288
Do you have a link for DNS best setup, so I can make sure I am good.
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 37843312
0
 
LVL 10

Expert Comment

by:Prashant Girennavar
ID: 37845572
Window servrer 2003 r2 DC holds domain wide FSMO roles in your environement.

WHen you say windwo server 2003 R2 locked up entire network goes down..What does this means?

Locked up in the sence computer is locked ? or it is crashed?

what is the error client systems are facing ?

In normal secnario , even if DC holding FSMO roles goes down , still client system should logon to the network without any issue atleast for some time....

Please explains more in detail

Regards,

_Prashant_
0
 
LVL 1

Author Comment

by:essexboy80
ID: 37846904
Hi,

When I say locked up, the server was still online but somthing happens to the Active Directory side of things.

All of my clients machines lock up if they try to access network drive (i have some on the DC that went wrong).

But surely this shouldnt happen.

Paul
0
 
LVL 10

Expert Comment

by:Prashant Girennavar
ID: 37850015
Can you please run Dcdiag /q and repadmin /replsum on the problematic DC and post the results here.

Also what is the error message on client system when they try to access the network share drive.

I would recommend you to run ipconfing /all on client system and problemetic DC and post the results here.

Regards,

_Prashant_
0
 
LVL 1

Author Comment

by:essexboy80
ID: 37865569
Prashant,

I am going to post these shortly
0
 
LVL 1

Author Comment

by:essexboy80
ID: 37865588
Hi,

DCDIAG /Q didnt display anything.

Here is REPADMIN /REPLSUM


Replication Summary Start Time: 2012-04-19 13:56:26

Beginning data collection for replication summary, this may take awhile:
  .............


Source DC           largest delta  fails/total  %%  error
 BLUNT                     58m:43s    0 /  15    0
 DC01                      05m:00s    0 /  10    0
 DC01-DR                   58m:43s    0 /   5    0
 DC01-GSY                  11m:09s    0 /  15    0
 DC01-GSY-DR           02h:59m:41s    0 /   5    0
 DC02                      59m:41s    0 /  25    0
 DC02-DR                   59m:03s    0 /  15    0
 DC03                      14m:41s    0 /  20    0
 ODEYGSY               02h:59m:41s    0 /  10    0
 PHILBY                    11m:09s    0 /  15    0


Destination DC    largest delta    fails/total  %%  error
 BLUNT                     11m:09s    0 /  15    0
 DC01                  02h:59m:42s    0 /  20    0
 DC01-DR                   59m:04s    0 /  10    0
 DC01-GSY                  05m:55s    0 /  10    0
 DC01-GSY-DR               09m:42s    0 /  15    0
 DC02                      01m:01s    0 /  10    0
 DC02-DR                   58m:45s    0 /  15    0
 DC03                      05m:02s    0 /  15    0
 ODEYGSY                   05m:11s    0 /  10    0
 PHILBY                    05m:28s    0 /  15    0

Basically it just locks the client machines up until the DC in question is restarted.

The only thing that worked was Outlook.

Paul
0
 
LVL 10

Expert Comment

by:Prashant Girennavar
ID: 37869323
Ok.
When you say lock , I assume on client system you are able to use only Outlook. None of the Internet or intranet sites will work. AM I Right?

Can you please post Ipconfig /all of your one of client system and from your DOmain controloler?

Regards,

_Prashant_
0
 
LVL 1

Author Comment

by:essexboy80
ID: 37880496
Hi Prashant,

That is 100% right yes, here is from one pc and one of my DC (the one in question)

CLIENT PC


C:\Users\pauls>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : XXX-lonpc52
   Primary Dns Suffix  . . . . . . . : XXX.XXX.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : XXX.XXX.com

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) 82578DM Gigabit Network Connecti
on
   Physical Address. . . . . . . . . : D8-D3-85-7F-83-76
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.80.4(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.254.0
   Default Gateway . . . . . . . . . : 192.168.80.5
   DNS Servers . . . . . . . . . . . : 192.168.88.1
                                       192.168.88.2
   NetBIOS over Tcpip. . . . . . . . : Enabled

DC IN QUESTION

C:\WINDOWS\Profiles\Administrator.XXX>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : philby
   Primary Dns Suffix  . . . . . . . : XXX.XXX.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : XXX.XXX.com

Ethernet adapter HP TEAM:

   Connection-specific DNS Suffix  . : XXX.XXX.com
   Description . . . . . . . . . . . : HP Network Team #1
   Physical Address. . . . . . . . . : 00-19-BB-D0-C2-06
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.100.111
   Subnet Mask . . . . . . . . . . . : 255.255.252.0
   Default Gateway . . . . . . . . . : 192.168.100.5
   DNS Servers . . . . . . . . . . . : 192.168.100.111
                                       192.168.100.112
0
 
LVL 10

Expert Comment

by:Prashant Girennavar
ID: 37880966
Ipconfig results seems to be fine on DC and on Client sytems.

It seems to me routing problem.

Run Tracert <Website address> and check where the packets are getting dropped.

Also I request you to use Wireshark tool to monitor the network packet drops on client system.

Seems you need your company network engineer help here.

Regards,

_Prashant_
0
 
LVL 1

Author Comment

by:essexboy80
ID: 37911444
I will run wireshark
0
 
LVL 1

Accepted Solution

by:
essexboy80 earned 0 total points
ID: 38292324
This was resolved by upgrading all my domain controllers to 2008r2
0
 
LVL 1

Author Closing Comment

by:essexboy80
ID: 38309055
Resolved
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question