• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Strange AD behavior - bad replication

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exchange 2000 // 2003 // 2007 & Active Directory

View previous topic :: View next topic  
Author Message
RadioActiveLamb
Just Arrived
Just Arrived


Joined: 22 May 2010
Posts: 0


Offline

PostPosted: Sat Mar 12, 2011 6:37 pm    Post subject: Strange AD behavior - bad replication Reply with quote

I have two DCs:

Lou & Ewe

Lou has been around a long time. In-fact, it started as an NT4.0 PDC, and eventually upgraded to 2000 and 2003. Each time, the functional level of the AD has been upgraded to match the OS, through the years, it has had several replication partners that have come 'n gone.

Lou is now 2003 R2, and has a Ewe as its matching replication partner. There's been some weirdness, regarding replication, DNS and DHCP that I can't quite nail-down.

The first strange thing is this: I can open the DNS MMC on Lou, add both servers and I can manage them just fine. If I log-on to Ewe with the same "administrator" account and do the same thing, I can manage the DNS, BUT, if I click on the Event Viewer in the snap-in for Lou, I get the "Unable to connect to the computer "lou", The error was: Access denied. I also found that if I shut-off both servers and boot-up Ewe first, I cannot log-in because it says there are no AD servers to authenticate. Strange... Ewe is a DC, and its IP address is specified as one of the DNS servers in the network setting. Also, Ewe runs all the FSMOs in the domain. Fine... I boot-up Lou, and now I can authenticate.

Another strange thing happened in the DNS logs this morning. Ewe thinks that my wifi access point is a domain controller!


Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4016
Date: 3/10/2011
Time: 5:23:05 AM
User: N/A
Computer: EWE
Description:
The DNS server timed out attempting an Active Directory service operation on CN=EWE,CN=Servers,CN=World-Headquarters,CN=Sites,CN=Configuration,DC=mydomain,DC=local. Check Active Directory to see that it is functioning properly. The event data contains the error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00000055


Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4016
Date: 3/10/2011
Time: 5:24:08 AM
User: N/A
Computer: EWE
Description:
The DNS server timed out attempting an Active Directory service operation on DC=TL-WA500G,DC=mydomain.local,cn=MicrosoftDNS,cn=System,DC=mydomain,DC=local. Check Active Directory to see that it is functioning properly. The event data contains the error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00000055


Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4016
Date: 3/10/2011
Time: 5:25:18 AM
User: N/A
Computer: EWE
Description:
The DNS server timed out attempting an Active Directory service operation on DC=249,DC=7.0.10.in-addr.arpa,cn=MicrosoftDNS,DC=DomainDnsZones,DC=mydomain,DC=local. Check Active Directory to see that it is functioning properly. The event data contains the error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00000055



10.0.7.249 is the AP named TL-WA500G. It isn't listed by name or IP ANYWHERE in AD S&S, DNS SOA record or in AD users & Computers.

Why does Ewe think it needs to replicate with the AP, and why won't it handle domain authentication when Lou is down? Finally, why can't I open the DNS log on Lou from Ewe, using the domain admin account, but I can open the logs from Lou, using the same account?

I'll provide more information from AD, if required. I just need some fresh eyes on this problem.

Thanks!
Back to top
View user's profile Send private message
moondoggie
Lurker
Lurker


Joined: 27 May 2005
Posts: 19


Offline

PostPosted: Sun Mar 13, 2011 8:43 pm    Post subject: Reply with quote

the DC must also be a Global Catalog server to handle login requests, i believe. are both servers set to be Global Catalog? do you also have errors in the directory service and file replication service logs?
Back to top
View user's profile Send private message
georgec
SF Staff
SF Staff


Joined: 15 Nov 2010
Posts: 0


Offline

PostPosted: Mon Mar 14, 2011 1:49 pm    Post subject: Reply with quote

Through personal experience, the upgrade of DCs from previous editions tends to introduce some strange/intermittent or minor problems that you will never get rid of. Your main DC started as an NT4 PDC and is now running 2003, that's quite a long way. I suggest that you start planning a clean fresh installation of your AD infrastructure, as this will surely solve all your strange problems.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exchange 2000 // 2003 // 2007 & Active Directory All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register