Given that error I would dcpromo the box down and re-promote it. Also figure out what's wrong with the i/o subsystem.
Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 > -----Original Message----- > From: Bill Humphries [mailto:nt...@hedgedigger.com] > Sent: Friday, March 12, 2010 10:56 AM > To: NT System Admin Issues > Subject: oh my aching DC... > > (sorry about the long winded email) > Hi all, > > I'm hoping for a little insight here so I can avoid another evening like last > night. > > Client has main office with PDC and a second DC. One satellite office with > one DC. The PDC and the backup both have DNS installed. At 6pm > authentication to anything at the main site started failing. I could not log > on > to either DC in the office with admin user. I could not log onto TS with my > user account. Remote office is a timezone behind and still working...I > received calls that everyone lost connection to exchange server at main > office. > > Authentication from remote DC continued to function. > > Rebooted both DCs at main office and AD authentication resumed and dcdiag > came back clean. Looking at logs I see what happened, but don't know why it > was so catastrophic. > > It looks like the PDC's F drive, which is a fiber connected raid array, > hiccuped > for some reason and was unavailable for about one minute. > First error in directory services log is: > > /NTDS (544) NTDSA: An attempt to write to the file "F:\NTDS\edb.log" at > offset 10049536 (0x0000000000995800) for 512 (0x00000200) bytes failed after > 23 seconds with system error 2 (0x00000002): "The system cannot find the > file specified. "./ > > At this point, the DC stopped acting as a DC and began rejecting all > authentication requests until a reboot was initiated. I don't understand a > couple of things. First, I was actually surprised that there is NTDS folder > on > the F drive. This is the file server and I certainly wouldn't want it on the > same > partition as the company file shares. There is also a NTDS folder on the > C:/windows and I see this in the logs this morning, which I would assume > means it is using this partition for NTDS: > / > NTDS (544) NTDSA: Online defragmentation has completed a full pass on > database 'C:\WINDOWS\NTDS\ntds.dit'/. > > Can anyone help me understand why it would exist on both drives and if it is > on both drives, why would this hiccup bring the network to its knees? > > My other huge issue is why did my secondary DC not start authenticating. I > couldn't even log onto it during the down time and it has AD and DNS running > on it. There are no errors in the DS log viewer on this server during the > downtime, but there are many replication errors logged on the Primary DC > related to the backup DC trying to replicate to the Primary while the Primary > was non responsive. > > Thanks for any help, guys. > > Bill > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~