Announcement

Collapse
No announcement yet.

Second Active Directory not working

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Second Active Directory not working

    Hi,

    Can somebody help. I have two Active Directory in a domain, the first AD is Windows Server 2008 and the second is Windows Server 2003.

    Primary DNS is configure on Windows 2008 and secondary DNS on the second on Windows 2003.

    Both are working perfectly for many months. Recently, I notice that if I shutdown Windows server 2008 server, the Windows server 2003 does not take over the role of the first server. On the client machines, is asking for a user name and password.

    Also, I force one client to lock out, I can see on Windows server 2008 that is lock out but not on Windows server 2003. This is the first time that this is happening.

    This is the first time I am seeing this problem.

    Can somebody help.


    Thanks

  • #2
    Re: Second Active Directory not working

    Check AD replication is running OK and report back
    (cmdline tools are repadmin and dcdiag -- for usage)
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Second Active Directory not working

      Also make sure that both servers are set to be Global Catalogs

      Comment


      • #4
        Re: Second Active Directory not working

        hi,

        Thanks for the help.

        I tried to replicate the main dc with the secondary dc with this

        repadmin /replicate destsrv sourcesrv dc=domainname,dc=com

        I'm getting this error

        LDAP Error 81(0x51):Server Down
        Server Win32 Error 0(0x0):
        Extended Information:

        I tried to google for this error, but I could not find the solution.


        Any help, please.


        Thanks

        Comment


        • #5
          Re: Second Active Directory not working

          Simple (least effort) solution:
          Format and reinstall additional DC
          Do metadata cleanup on main one (link on main site)
          Join reformatted server to domain, if possible with different name, but can be same IP address
          Re-promote

          If you really don't want to do that, prepare for long, complicated and potentially unsucessful attempts to get them talking.
          What does DCDIAG give you, also repadmin on the main DC?
          Tom Jones
          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
          PhD, MSc, FIAP, MIITT
          IT Trainer / Consultant
          Ossian Ltd
          Scotland

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment


          • #6
            Re: Second Active Directory not working

            DCdiag generated error:

            The replication generated an error (8614):
            The Active Directory cannot replicate with this server because the time since last replication with this server has exceeded the tombstone life time.


            repadmin /replicate destsrv sourcesrv dc=domainname,dc=com

            I'm getting this error

            LDAP Error 81(0x51):Server Down
            Server Win32 Error 0(0x0):
            Extended Information:


            Formatting this server is not an option for me because there an application installed on this server that being used continually by users.

            Comment


            • #7
              Re: Second Active Directory not working

              You have major problems then -- do some research into tombstoned domain controllers but there is no mechanism to re-animate it.

              IIRC you may be able to force demote the problem DC and keep it in the domain, but that has its own risks.

              Can you move the application (what is it?) somewhere else?
              Tom Jones
              MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
              PhD, MSc, FIAP, MIITT
              IT Trainer / Consultant
              Ossian Ltd
              Scotland

              ** Remember to give credit where credit is due and leave reputation points where appropriate **

              Comment


              • #8
                Re: Second Active Directory not working

                Thanks for your reply, I will google the problem, but this is my third day already. The application installed on that server is our Archiving System.


                Thanks again for your help, hope I can see the solution soon.

                Comment

                Working...
                X