Julian, At what point do your users get hung up on login? Can you browse the network from your PDC?
-----Original Message----- From: Dean Wells [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 11, 2001 9:59 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD problems. Please help !! I'm afraid that's not quite right, the GC is only required for authentication in a multi-domain forest irrespective of the domain modes. HTH Dean -- Dean Wells MSEtechnology * Tel: +1 (954) 501-4307 * Email: [EMAIL PROTECTED] http://msetechnology.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ian Moran Sent: Tuesday, December 11, 2001 6:56 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD problems. Please help !! If a Global Catalog server (GC) is un-available users will not be able to logon. By default the first DC is a GC - your second DC wont be. Ian Moran Konnexion Ltd > -----Original Message----- > From: Julian Lyndon-Smith [mailto:[EMAIL PROTECTED]] > Sent: 11 December 2001 14:53 > To: '[EMAIL PROTECTED]' > Subject: [ActiveDir] AD problems. Please help !! > > > We are tearing our hair out at this moment. Please help a man > staring into the depths of insanity. > > We have a Win2K SP2 server (MachineA) running AD in native > mode, as the only domain controller on the network. > > We have added another Win2K SP2 server (MachineB) to the > network, and ran dcpromo on it successfully to join it as a > domain controller. > > Under AD Users and Computers, the machines show up as domain > controllers. > > All the DNS entries seem ok - we have both machines running > DNS integrated with the AD. > > All is fine. Users can log on. However. > > 1) If we turn off MachineA no one can logon to the network > 2) If we try & dcpromo MachineA to be just a member server, > then we get the error message about "no domain controller is > available" > > We think that it is something to do with SYSVOL and NETLOGON > but cannot find the solution. The FRS service is running on > both machines. > > We have tried everything that we could find on the web. > > We have run dcdiag and netdiag on both machines with the > following results: > > ###### MachineA DCDiag ######## > > DC Diagnosis > > Performing initial setup: > Done gathering initial info. > > Doing initial non skippeable tests > > Testing server: Default-First-Site-Name\MachineA > Starting test: Connectivity > ......................... MachineA passed test Connectivity > > Doing primary tests > > Testing server: Default-First-Site-Name\MachineA > Starting test: Replications > ......................... MachineA passed test Replications > Starting test: NCSecDesc > ......................... MachineA passed test NCSecDesc > Starting test: NetLogons > ......................... MachineA passed test NetLogons > Starting test: Advertising > ......................... MachineA passed test Advertising > Starting test: KnowsOfRoleHolders > ......................... MachineA passed test > KnowsOfRoleHolders > Starting test: RidManager > ......................... MachineA passed test RidManager > Starting test: MachineAccount > * MachineA is not trusted for account delegation > ......................... MachineA failed test MachineAccount > Starting test: Services > ......................... MachineA passed test Services > Starting test: ObjectsReplicated > ......................... MachineA passed test > ObjectsReplicated > Starting test: frssysvol > Error: No record of File Replication System, SYSVOL started. > The Active Directory may be prevented from starting. > There are errors after the SYSVOL has been shared. > The SYSVOL can prevent the AD from starting. > ......................... MachineA passed test frssysvol > Starting test: kccevent > ......................... MachineA passed test kccevent > Starting test: systemlog > ......................... MachineA passed test systemlog > > Running enterprise tests on : OurDomain.com > Starting test: Intersite > ......................... OurDomain.com passed test Intersite > Starting test: FsmoCheck > ......................... OurDomain.com passed test FsmoCheck > > ###### MachineB DCDiag ######## > > DC Diagnosis > > Performing initial setup: > Done gathering initial info. > > Doing initial non skippeable tests > > Testing server: Default-First-Site-Name\MachineB > Starting test: Connectivity > ......................... MachineB passed test Connectivity > > Doing primary tests > > Testing server: Default-First-Site-Name\MachineB > Starting test: Replications > ......................... MachineB passed test Replications > Starting test: NCSecDesc > ......................... MachineB passed test NCSecDesc > Starting test: NetLogons > ......................... MachineB passed test NetLogons > Starting test: Advertising > Warning: DsGetDcName returned information for > \\MachineA.OurDomain.com, when we were trying to reach MachineB. > Server is not responding or is not considered suitable. > ......................... MachineB failed test Advertising > Starting test: KnowsOfRoleHolders > ......................... MachineB passed test > KnowsOfRoleHolders > Starting test: RidManager > ......................... MachineB passed test RidManager > Starting test: MachineAccount > ......................... MachineB passed test MachineAccount > Starting test: Services > Could not open SMTPSVC Service on > [MachineB]:failed with 1060: Win32 Error 1060 > ......................... MachineB failed test Services > Starting test: ObjectsReplicated > ......................... MachineB passed test > ObjectsReplicated > Starting test: frssysvol > Error: No record of File Replication System, SYSVOL started. > The Active Directory may be prevented from starting. > ......................... MachineB passed test frssysvol > Starting test: kccevent > ......................... MachineB passed test kccevent > Starting test: systemlog > ......................... MachineB passed test systemlog > > Running enterprise tests on : OurDomain.com > Starting test: Intersite > ......................... OurDomain.com passed test Intersite > Starting test: FsmoCheck > ......................... OurDomain.com passed test FsmoCheck > > ###### MachineA NetDiag ######## > > ..................................... > > Computer Name: MachineA > DNS Host Name: MachineA.OurDomain.com > System info : Windows 2000 Server (Build 2195) > Processor : x86 Family 5 Model 8 Stepping 12, AuthenticAMD > List of installed hotfixes : > Q147222 > > > Netcard queries test . . . . . . . : Passed > [WARNING] The net card 'Eicon DIVA 2.01 S/T (USB)' may > not be working because it has not received any packets. > > > > Per interface results: > > Adapter : Local Area Connection 2 > > Netcard queries test . . . : Passed > > Host Name. . . . . . . . . : MachineA.OurDomain.com > IP Address . . . . . . . . : 192.168.10.2 > Subnet Mask. . . . . . . . : 255.255.255.0 > Default Gateway. . . . . . : 192.168.10.109 > Dns Servers. . . . . . . . : 127.0.0.1 > > > AutoConfiguration results. . . . . . : Passed > > Default gateway test . . . : Passed > > NetBT name test. . . . . . : Passed > > WINS service test. . . . . : Skipped > There are no WINS servers configured for this interface. > > > Global results: > > > Domain membership test . . . . . . : Passed > > > NetBT transports test. . . . . . . : Passed > List of NetBt transports currently configured: > NetBT_Tcpip_{8BAAB444-9BDC-4B87-8249-2F5647FB4B3F} > 1 NetBt transport currently configured. > > > Autonet address test . . . . . . . : Passed > > > IP loopback ping test. . . . . . . : Passed > > > Default gateway test . . . . . . . : Passed > > > NetBT name test. . . . . . . . . . : Passed > > > Winsock test . . . . . . . . . . . : Passed > > > DNS test . . . . . . . . . . . . . : Passed > PASS - All the DNS entries for DC are registered on DNS > server '127.0.0.1' and other DCs also have some of the names > registered. > > > Redir and Browser test . . . . . . : Passed > List of NetBt transports currently bound to the Redir > NetBT_Tcpip_{8BAAB444-9BDC-4B87-8249-2F5647FB4B3F} > The redir is bound to 1 NetBt transport. > > List of NetBt transports currently bound to the browser > NetBT_Tcpip_{8BAAB444-9BDC-4B87-8249-2F5647FB4B3F} > The browser is bound to 1 NetBt transport. > > > DC discovery test. . . . . . . . . : Passed > > > DC list test . . . . . . . . . . . : Passed > > > Trust relationship test. . . . . . : Skipped > > > Kerberos test. . . . . . . . . . . : Passed > > > LDAP test. . . . . . . . . . . . . : Passed > > > Bindings test. . . . . . . . . . . : Passed > > > WAN configuration test . . . . . . : Skipped > No active remote access connections. > > > Modem diagnostics test . . . . . . : Passed > > IP Security test . . . . . . . . . : Passed > IPSec policy service is active, but no policy is assigned. > > > The command completed successfully > ###### MachineB NetDiag ######## > > ...................................... > > Computer Name: MachineB > DNS Host Name: MachineB.OurDomain.com > System info : Windows 2000 Server (Build 2195) > Processor : x86 Family 6 Model 8 Stepping 10, GenuineIntel > List of installed hotfixes : > Q147222 > > > Netcard queries test . . . . . . . : Passed > [WARNING] The net card 'RAS Async Adapter' may not be > working because it has not received any packets. > > > > Per interface results: > > Adapter : Local Area Connection > > Netcard queries test . . . : Passed > > Host Name. . . . . . . . . : MachineB.OurDomain.com > IP Address . . . . . . . . : 192.168.10.6 > Subnet Mask. . . . . . . . : 255.255.255.0 > Default Gateway. . . . . . : 192.168.10.109 > Dns Servers. . . . . . . . : 127.0.0.1 > > > AutoConfiguration results. . . . . . : Passed > > Default gateway test . . . : Passed > > NetBT name test. . . . . . : Passed > > WINS service test. . . . . : Skipped > There are no WINS servers configured for this interface. > > Adapter : {33ED5761-2667-4254-B381-03ECF79157DA} > > Netcard queries test . . . : Passed > > Host Name. . . . . . . . . : MachineB > IP Address . . . . . . . . : 169.254.230.53 > Subnet Mask. . . . . . . . : 255.255.255.255 > Default Gateway. . . . . . : > Dns Servers. . . . . . . . : 127.0.0.1 > > > AutoConfiguration results. . . . . . : Passed > > Default gateway test . . . : Skipped > [WARNING] No gateways defined for this adapter. > > NetBT name test. . . . . . : Passed > [WARNING] At least one of the <00> 'WorkStation > Service', <03> 'Messenger Service', <20> 'WINS' names is missing. > No remote names have been found. > > WINS service test. . . . . : Skipped > There are no WINS servers configured for this interface. > > > Global results: > > > Domain membership test . . . . . . : Failed > [WARNING] Ths system volume has not been completely > replicated to the local machine. This machine is not working > properly as a DC. > > > NetBT transports test. . . . . . . : Passed > List of NetBt transports currently configured: > NetBT_Tcpip_{C03C0240-20EF-45DC-B733-3FE525AA9587} > NetBT_Tcpip_{33ED5761-2667-4254-B381-03ECF79157DA} > 2 NetBt transports currently configured. > > > Autonet address test . . . . . . . : Passed > > > IP loopback ping test. . . . . . . : Passed > > > Default gateway test . . . . . . . : Passed > > > NetBT name test. . . . . . . . . . : Passed > > > Winsock test . . . . . . . . . . . : Passed > > > DNS test . . . . . . . . . . . . . : Passed > PASS - All the DNS entries for DC are registered on DNS > server '127.0.0.1' and other DCs also have some of the names > registered. > > > Redir and Browser test . . . . . . : Passed > List of NetBt transports currently bound to the Redir > NetBT_Tcpip_{C03C0240-20EF-45DC-B733-3FE525AA9587} > NetBT_Tcpip_{33ED5761-2667-4254-B381-03ECF79157DA} > The redir is bound to 2 NetBt transports. > > List of NetBt transports currently bound to the browser > NetBT_Tcpip_{C03C0240-20EF-45DC-B733-3FE525AA9587} > NetBT_Tcpip_{33ED5761-2667-4254-B381-03ECF79157DA} > The browser is bound to 2 NetBt transports. > > > DC discovery test. . . . . . . . . : Passed > > > DC list test . . . . . . . . . . . : Passed > > > Trust relationship test. . . . . . : Passed > Secure channel for domain 'OURDOMAIN' is to > '\\MachineA.OurDomain.com'. > > > Kerberos test. . . . . . . . . > . . : Passed > > > LDAP test. . . . . . . . . . . . . : Passed > > > Bindings test. . . . . . . . . . . : Passed > > > WAN configuration test . . . . . . : Skipped > No active remote access connections. > > > Modem diagnostics test . . . . . . : Passed > > IP Security test . . . . . . . . . : Passed > IPSec policy service is active, but no policy is assigned. > > > The command completed successfully > > Regards, > > Julian. > > Julian Lyndon-Smith > IT Director > Dot R Limited > http://www.dotr.com > [EMAIL PROTECTED] > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/