silcom
asked on
Domain Controller.
Hi,
We have Active Directory Domain Controller installed on Windows Server 2008R2 in our office with domain name jbboda.local, where hostname JBBDC-1 IP 172.16.0.2 is primary domain controller and hostname JBBDC-2 IP 172.16.0.27 is the backup domain controller. Few days ago our primary DC i.e. JBBDC-1 went down due to hardware failure. To restore the Domain Services we had Seizing FSMO Roles and tried to do Metadata cleanup through command prompt but we did not found broken JBBDC-1 in the list. To clear the metadata we had deleted JBBDC-1 from Active Directory Users and Computer > Domain Controllers list, Active Directory Sites and Services and DNS entry related to JBBDC-1 with the help of GUI.
To test the Seizing FSMO Roles is completed successfully we had used nltest /dclist:jbboda.local and netdom query fsmo
Output: nltest /dclist:jbboda.local
Get list of DCs in domain 'jbboda.local' from '\\JBBDC-2.jbboda.local'.
JBBDC-2.jbboda.local [PDC] [DS] Site: Site1
The command completed successfully
Output: netdom query fsmo
Schema master JBBDC-2.jbboda.local
Domain naming master JBBDC-2.jbboda.local
PDC JBBDC-2.jbboda.local
RID pool manager JBBDC-2.jbboda.local
Infrastructure master JBBDC-2.jbboda.local
The command completed successfully.
We had logged in with local administrator and changed the primary DNS IP 172.16.0.27 and used command ipconfig /flushDNS in all client system.
After completion of the above process we tried to login with the domain users, but still users are not able to login to domain as it is taking very long time in Applying Windows Settings, Applying Group Policy around 15 to 20min.
When we assign the DC1 IP 172.16.0.2 to the new PDC as alias IP, domain users are able to login properly but some time some policies are not getting applied, we need to run gpupdate /fore to apply the policy.
Can anyone help us how to resolve the above said issue.
--
Ronak Sheth
System Administrator
Silcom Solutions Pvt. Ltd.
We have Active Directory Domain Controller installed on Windows Server 2008R2 in our office with domain name jbboda.local, where hostname JBBDC-1 IP 172.16.0.2 is primary domain controller and hostname JBBDC-2 IP 172.16.0.27 is the backup domain controller. Few days ago our primary DC i.e. JBBDC-1 went down due to hardware failure. To restore the Domain Services we had Seizing FSMO Roles and tried to do Metadata cleanup through command prompt but we did not found broken JBBDC-1 in the list. To clear the metadata we had deleted JBBDC-1 from Active Directory Users and Computer > Domain Controllers list, Active Directory Sites and Services and DNS entry related to JBBDC-1 with the help of GUI.
To test the Seizing FSMO Roles is completed successfully we had used nltest /dclist:jbboda.local and netdom query fsmo
Output: nltest /dclist:jbboda.local
Get list of DCs in domain 'jbboda.local' from '\\JBBDC-2.jbboda.local'.
JBBDC-2.jbboda.local [PDC] [DS] Site: Site1
The command completed successfully
Output: netdom query fsmo
Schema master JBBDC-2.jbboda.local
Domain naming master JBBDC-2.jbboda.local
PDC JBBDC-2.jbboda.local
RID pool manager JBBDC-2.jbboda.local
Infrastructure master JBBDC-2.jbboda.local
The command completed successfully.
We had logged in with local administrator and changed the primary DNS IP 172.16.0.27 and used command ipconfig /flushDNS in all client system.
After completion of the above process we tried to login with the domain users, but still users are not able to login to domain as it is taking very long time in Applying Windows Settings, Applying Group Policy around 15 to 20min.
When we assign the DC1 IP 172.16.0.2 to the new PDC as alias IP, domain users are able to login properly but some time some policies are not getting applied, we need to run gpupdate /fore to apply the policy.
Can anyone help us how to resolve the above said issue.
--
Ronak Sheth
System Administrator
Silcom Solutions Pvt. Ltd.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi,
I have cross verified there is no SRV records in DNS server also pleas find dcdiag logs as attached.
Still some policy are not getting applied to some computer.
--
Ronak Sheth
dcdiag.txt
I have cross verified there is no SRV records in DNS server also pleas find dcdiag logs as attached.
Still some policy are not getting applied to some computer.
--
Ronak Sheth
dcdiag.txt
The dcdiag output indicates that health of DC is good but in system log there are errors reported which need to be fix.One thing to look is this error A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data.
It seems that DC IP address is assigned to some other workstation/Server.This will cause name resolution issue,etc.
It seems that DC IP address is assigned to some other workstation/Server.This will cause name resolution issue,etc.
ASKER
Hi,
how do i identify which is the duplicate name in the network as per the dcdiad logs i have executed the command nbtstat -n and the Output is as below
Local Area Connection:
Node IpAddress: [172.16.0.27] Scope Id: []
NetBIOS Local Name Table
Name Type Status
-------------------------- ---------- ---------
JBBDC-2 <00> UNIQUE Registered
JBBODA <00> GROUP Registered
JBBODA <1C> GROUP Registered
JBBDC-2 <20> UNIQUE Registered
JBBODA <1B> UNIQUE Registered
JBBODA <1E> GROUP Registered
JBBODA <1D> UNIQUE Registered
..__MSBROWSE__.<01> GROUP Registered
I have also verified event log it stats the same "A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state." with the Event ID: 4319.
how do i identify which is the duplicate name in the network as per the dcdiad logs i have executed the command nbtstat -n and the Output is as below
Local Area Connection:
Node IpAddress: [172.16.0.27] Scope Id: []
NetBIOS Local Name Table
Name Type Status
--------------------------
JBBDC-2 <00> UNIQUE Registered
JBBODA <00> GROUP Registered
JBBODA <1C> GROUP Registered
JBBDC-2 <20> UNIQUE Registered
JBBODA <1B> UNIQUE Registered
JBBODA <1E> GROUP Registered
JBBODA <1D> UNIQUE Registered
..__MSBROWSE__.<01> GROUP Registered
I have also verified event log it stats the same "A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state." with the Event ID: 4319.
Ensure that client dns setting is pointing to online DC and there is no public ip address added as DNS setting.http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/