Make sure the DNs settings on the Server are correct in the up properties. If one of your servers or dc's is looking at wrong dns then you will have a problem. I
Separately I had a similar problem in late April when I applied a security patch from MS. It fubared the tcpip stack with connection issues. It was fixed in June. Jim Katoe WW Directory Services Manager GroupM 917 520 0119 ----- Original Message ----- From: ActiveDir-owner Sent: 07/29/2005 04:42 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Urgh... troubleshooting.... Anything in the event logs? Is it possible that it was messed up by a virus, see odd processes running? Maybe try a root kit revealer. Were patches recently applied? Is the clock in sync with the other DCs? Thanks, JD -----Original Message----- From: vex [mailto:[EMAIL PROTECTED] Sent: Friday, July 29, 2005 3:15 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Urgh... troubleshooting.... Greetings, I've been a lurker here for quite some time and have had a relatively quiet AD until recently. We have a small network with 2K servers and a mix of 2K and XP2 workstations. Until recently, everything was find. Then Something Happened. I'm not sure what started the ball rolling, but it's certainly rolling now. I have one server that is listed in the AD and DNS as a DC, but it won't replicate AD either direction. I've spent a couple of hours doing some web surfing and initial troubleshooting, but I've had less than stellar success. (at one point in time it was working fine, since I have a lot of older AD information on the problem server) I've run DnsLint and all the DNS entries look good. When I do a 'net view \\servername' from the DC that does not have up to date AD information, I get a message back, "access denied", and a corresponding entry in the security log about a failure audit of the server I'm attempting to view. But when I do the same thing and use an IP address instead of a server name, the net view information displays. Another symptom is printer connections and drive mapping. If I'm at the server with the out of date AD information, I'm getting an 'access denied' message when attempting to connect to a network printer or map a network drive. All of the steps outlined above work fine when initiated from any of the other servers. It's almost like the server with the out of date AD information is allowing access, but the rest of the servers in the organization won't let *that* particular server have access to any domain related "stuff", such as printers and network shares. I can't even run dcpromo and remove AD from the affected server because it asks for some sort of authorization from other DC's located in the organization, but the other DC's won't allow it to access information. I'm assuming it's trying to tell the other DC's to remove any pertinent entries from the AD in regards to the server that's attempting to have it's AD removed.... Does anyone have any links to places I can continue to search for troubleshooting information? --Brett List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
