Strange AD behavior - bad replication

Networking/Security Forums -> Exchange 2000 // 2003 // 2007 & Active Directory

Author: RadioActiveLamb PostPosted: Sat Mar 12, 2011 6:37 pm    Post subject: Strange AD behavior - bad replication
    ----
I have two DCs:

Lou & Ewe

Lou has been around a long time. In-fact, it started as an NT4.0 PDC, and eventually upgraded to 2000 and 2003. Each time, the functional level of the AD has been upgraded to match the OS, through the years, it has had several replication partners that have come 'n gone.

Lou is now 2003 R2, and has a Ewe as its matching replication partner. There's been some weirdness, regarding replication, DNS and DHCP that I can't quite nail-down.

The first strange thing is this: I can open the DNS MMC on Lou, add both servers and I can manage them just fine. If I log-on to Ewe with the same "administrator" account and do the same thing, I can manage the DNS, BUT, if I click on the Event Viewer in the snap-in for Lou, I get the "Unable to connect to the computer "lou", The error was: Access denied. I also found that if I shut-off both servers and boot-up Ewe first, I cannot log-in because it says there are no AD servers to authenticate. Strange... Ewe is a DC, and its IP address is specified as one of the DNS servers in the network setting. Also, Ewe runs all the FSMOs in the domain. Fine... I boot-up Lou, and now I can authenticate.

Another strange thing happened in the DNS logs this morning. Ewe thinks that my wifi access point is a domain controller!


Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4016
Date: 3/10/2011
Time: 5:23:05 AM
User: N/A
Computer: EWE
Description:
The DNS server timed out attempting an Active Directory service operation on CN=EWE,CN=Servers,CN=World-Headquarters,CN=Sites,CN=Configuration,DC=mydomain,DC=local. Check Active Directory to see that it is functioning properly. The event data contains the error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00000055


Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4016
Date: 3/10/2011
Time: 5:24:08 AM
User: N/A
Computer: EWE
Description:
The DNS server timed out attempting an Active Directory service operation on DC=TL-WA500G,DC=mydomain.local,cn=MicrosoftDNS,cn=System,DC=mydomain,DC=local. Check Active Directory to see that it is functioning properly. The event data contains the error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00000055


Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4016
Date: 3/10/2011
Time: 5:25:18 AM
User: N/A
Computer: EWE
Description:
The DNS server timed out attempting an Active Directory service operation on DC=249,DC=7.0.10.in-addr.arpa,cn=MicrosoftDNS,DC=DomainDnsZones,DC=mydomain,DC=local. Check Active Directory to see that it is functioning properly. The event data contains the error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00000055



10.0.7.249 is the AP named TL-WA500G. It isn't listed by name or IP ANYWHERE in AD S&S, DNS SOA record or in AD users & Computers.

Why does Ewe think it needs to replicate with the AP, and why won't it handle domain authentication when Lou is down? Finally, why can't I open the DNS log on Lou from Ewe, using the domain admin account, but I can open the logs from Lou, using the same account?

I'll provide more information from AD, if required. I just need some fresh eyes on this problem.

Thanks!

Author: moondoggie PostPosted: Sun Mar 13, 2011 8:43 pm    Post subject:
    ----
the DC must also be a Global Catalog server to handle login requests, i believe. are both servers set to be Global Catalog? do you also have errors in the directory service and file replication service logs?

Author: georgec PostPosted: Mon Mar 14, 2011 1:49 pm    Post subject:
    ----
Through personal experience, the upgrade of DCs from previous editions tends to introduce some strange/intermittent or minor problems that you will never get rid of. Your main DC started as an NT4 PDC and is now running 2003, that's quite a long way. I suggest that you start planning a clean fresh installation of your AD infrastructure, as this will surely solve all your strange problems.



Networking/Security Forums -> Exchange 2000 // 2003 // 2007 & Active Directory


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group