Cabal10
Fri Mar 07 07:49:06 PST 2008
IPconfig Info:
C:\WINNT\Profiles\Administrator>ipconfig /all
Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : directory
Primary DNS Suffix . . . . . . . : NJ1
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : NJ1
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : NJ1
Description . . . . . . . . . . . : Compaq NC3163 Fa
Physical Address. . . . . . . . . : 00-02-A5-0A-4E-3
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.1
Primary WINS Server . . . . . . . : 192.168.1.1
"Cabal10" wrote:
> Thanks for taking the time to help and doing so much with so little info.
> Let me see if I can fill in the gaps for you.
>
> In the main site we have 3 W2K domain controllers. You made the correct
> assumption that we did an inplace upgrade of an NT4 box (directory) which
> became our first W2K AD forest root DC. There is no W2K3 servers in the
> enviornment. Server1 is the one that has the problem. When I look at the
> computer name tab the domain says NJ1.COM. This is correct. The full
> computer name however says server1.NJ1.
> So, I guess it is like you said a disjointed namespace. The other 2 servers
> have the correct FQDN.
>
> I don't have ready access to the servers/domain, but I will show you what
> info I do have now. I tried running dcdiag /fix and stopping starting
> netlogon, of course this did nothing. Here is more info.
>
> The domain name is NJ1.COM
> In the Eventviewer under direcotry service I get a lot of source: NTDS
> replication event:1586
> Under system log I get a ton of source: netlogon event:5781
>
> dcdiag report on directory server
> Domain Controller Diagnosis
>
> Performing initial setup:
> * Verifying that the local machine directory, is a DC.
> * Connecting to directory service on server directory.
> * Collecting site info.
> * Identifying all servers.
> * Found 3 DC(s). Testing 1 of them.
> Done gathering initial info.
>
> Doing initial required tests
>
> Testing server: Default-First-Site-Name\DIRECTORY
> Starting test: Connectivity
> * Active Directory LDAP Services Check
> acd6524f-cc8e-4780-936a-449a2e53fcdc._msdcs.NJ1.com's server GUID
> DNS name could not be resolved to an
> IP address. Check the DNS server, DHCP, server name, etc
> Although the Guid DNS name
> (acd6524f-cc8e-4780-936a-449a2e53fcdc._msdcs.NJ1.com) couldn't be
> resolved, the server name (directory.NJ1) resolved to the IP address
> (192.168.1.1) and was pingable. Check that the IP address is
> registered correctly with the DNS server.
> ......................... DIRECTORY failed test Connectivity
>
> Doing primary tests
>
> Testing server: Default-First-Site-Name\DIRECTORY
> Skipping all tests, because server DIRECTORY is
> not responding to directory service requests
> Test omitted by user request: Topology
> Test omitted by user request: CutoffServers
> Test omitted by user request: OutboundSecureChannels
>
> Running enterprise tests on : NJ1.com
> Starting test: Intersite
> Skipping site Default-First-Site-Name, this site is outside the
> scope provided by the command line arguments provided.
> ......................... NJ1.com passed test Intersite
> Starting test: FsmoCheck
> GC Name: \\directory.NJ1
> Locator Flags: 0xe00001bd
> PDC Name: \\directory.NJ1
> Locator Flags: 0xe00001bd
> Time Server Name: \\intranet.NJ1.COM
> Locator Flags: 0xe00001f8
> Preferred Time Server Name: \\finance1.NJ1.COM
> Locator Flags: 0xe00001fc
> KDC Name: \\directory.NJ1
> Locator Flags: 0xe00001bd
> ......................... NJ1.com passed test FsmoCheck
>
> On the Intranet server I ran a repamin /showreps
> C:\Documents and Settings\Administrator.NJ1>repadmin /showreps
> Default-First-Site-Name\INTRANET
> DSA Options : (none)
> objectGuid : 2029e23d-7268-4e30-8b17-629d8fde55be
> invocationID: 0594e9f4-4e95-48a5-8f47-36e4b8937b7e
>
> ==== INBOUND NEIGHBORS ======================================
>
> CN=Schema,CN=Configuration,DC=NJ1,DC=com
> Default-First-Site-Name\FINANCE1 via RPC
> objectGuid: c2400d4c-ef99-4f02-9048-aa6259d9ab5d
> Last attempt @ 2008-03-03 11:52.23 was successful.
> Default-First-Site-Name\DIRECTORY via RPC
> objectGuid: acd6524f-cc8e-4780-936a-449a2e53fcdc
> Last attempt @ 2008-03-03 12:14.34 failed, result 8524:
> The DSA operation is unable to proceed because of a DNS lookup
> failu
> re.
> Last success @ 2008-02-13 14:50.33.
> 466 consecutive failure(s).
>
> CN=Configuration,DC=NJ1,DC=com
> Default-First-Site-Name\DIRECTORY via RPC
> objectGuid: acd6524f-cc8e-4780-936a-449a2e53fcdc
> Last attempt @ 2008-03-03 12:23.10 failed, result 8524:
> The DSA operation is unable to proceed because of a DNS lookup
> failu
> re.
> Last success @ 2008-02-13 15:06.18.
> 4060 consecutive failure(s).
> Default-First-Site-Name\FINANCE1 via RPC
> objectGuid: c2400d4c-ef99-4f02-9048-aa6259d9ab5d
> Last attempt @ 2008-03-03 12:30.37 was successful.
>
> DC=NJ1,DC=com
> Default-First-Site-Name\DIRECTORY via RPC
> objectGuid: acd6524f-cc8e-4780-936a-449a2e53fcdc
> Last attempt @ 2008-03-03 11:58.14 failed, result 8524:
> The DSA operation is unable to proceed because of a DNS lookup
> failu
> re.
> Last success @ 2008-02-13 15:05.33.
> 1191 consecutive failure(s).
> Default-First-Site-Name\FINANCE1 via RPC
> objectGuid: c2400d4c-ef99-4f02-9048-aa6259d9ab5d
> Last attempt @ 2008-03-03 12:23.29 was successful.
>
> ==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============
>
> CN=Schema,CN=Configuration,DC=NJ1,DC=com
> Default-First-Site-Name\DIRECTORY via RPC
> objectGuid: acd6524f-cc8e-4780-936a-449a2e53fcdc
> Default-First-Site-Name\FINANCE1 via RPC
> objectGuid: c2400d4c-ef99-4f02-9048-aa6259d9ab5d
>
> CN=Configuration,DC=NJ1,DC=com
> Default-First-Site-Name\DIRECTORY via RPC
> objectGuid: acd6524f-cc8e-4780-936a-449a2e53fcdc
> Default-First-Site-Name\FINANCE1 via RPC
> objectGuid: c2400d4c-ef99-4f02-9048-aa6259d9ab5d
>
> DC=NJ1,DC=com
> Default-First-Site-Name\DIRECTORY via RPC
> objectGuid: acd6524f-cc8e-4780-936a-449a2e53fcdc
> Default-First-Site-Name\FINANCE1 via RPC
> objectGuid: c2400d4c-ef99-4f02-9048-aa6259d9ab5d
>
> Thanks again for all your help!
> -Cabal
>
> "Ace Fekay [MVP]" wrote:
>
> > In news:8F1BDAB1-F9AE-4AAD-995A-725F969D4275@microsoft.com,
> > Cabal10 <Cabal10@discussions.microsoft.com> typed:
> > > Our network has 4 locations, but the main location is the only one
> > > that has AD, the others have NT4. In our main site we have 3 DC's.
> > > The forest root DC is in the nj1.com domain, but its fully qualified
> > > domain name is server.nj1. There is no .com. This server is also
> > > our FSMO role holder. The other two server are servername.nj1.com. I
> > > am trying to move the FSMO roles and demote it, but when I tried to
> > > transfer the roles I get errors. When I run dcdiag I get DNS guid
> > > errors. I am not sure how fix this server so that it's fully
> > > qualified name is server.nj1.com? Any ideas?
> > >
> > > Thanks in advance.
> >
> > Well, this depends. YOu didn't provide any detail about the configuration
> > other than mentioning a couple of different names, I'll do my best to
> > explain your options.
> >
> > I assume you upgraded your PDC to a Windows 2000, or is it a 2003 domain
> > controller? That would be the only way the BDCs are part of this domain.
> >
> > If the AD DNS domain name is actually a single label name as you stated,
> > then to fix it you have a number of options:
> >
> > 1. Rebuild the AD domain from scratch. But this isn't so easy because you
> > will lose the NT4 BDCs as part of the domain. You can always promote one of
> > them to the PDC of the domain, and create a two way trust between that
> > domain and the new one. But I'm sure you don't want to do that.
> >
> > 2. If Windows 2003, you can possibly use the domain rename tool choosing the
> > correct name. Preserves the current domain. However if you have Exchange
> > 2000, 2003 or 2007, it will complicate matters and require additional steps.
> >
> > 3. Since you only have the one DC, you can also simply unplug the DC,
> > promote one of the other NT4 BDCs to the PDC, then reinstall NT4 on the
> > machine as a BDC, then promote it to the PDC, then upgrade it to Windows
> > 2003 this time choosing the correct name. Long out and drawn, but it
> > preserves the current domain.
> >
> > However if the Primary DNS suffix is incorrect on the DC, and/or the FQDN in
> > the computername properties is incorrect, BUT the AD DNS domain name is not
> > single label, this is alot easier. This is called a disjointed namespace.
> > Eg. If Windows 2000, you can use a script to correct it. If 2003, you can
> > simply change it in Computer Properties, Computer Name tab.
> >
> > So to better assist:
> >
> > What is the actual Active Directory DNS domain name? This name shows up
> > under ADUC.
> >
> > In addition, please provide the following information.
> >
> > 1. Unedited "ipconfig /all" of the AD domain controller
> > 2. Same for one of your Windows 2000 and/or XP Pro machines that is joined
> > to the domain
> > 3. Any errors in the event logs on the AD DC (post the EventID# and Source
> > name)
> > 4. The name of the AD DNS zone name in DNS and if the SRV records exist
> > 5. Re-run dcdiag with switches: 'dcdiag /v /fix' and post the whole result.
> >
> >
> > --
> > Regards,
> > Ace
> >
> > This posting is provided "AS-IS" with no warranties or guarantees and
> > confers no rights.
> >
> > Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
> > MVP Microsoft MVP - Directory Services
> > Microsoft Certified Trainer
> >
> > For urgent issues, you may want to contact Microsoft PSS directly. Please
> > check
http://support.microsoft.com for regional support phone numbers.
> >
> > Infinite Diversities in Infinite Combinations
> >
> >
> >
> >