Announcement

Collapse
No announcement yet.

not prompted for a long time at logon

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • not prompted for a long time at logon

    Hi, I have this problem :

    AD with 2 DCs

    first DC (w2k3) name=MERCURY
    all functions FSMO + GC
    it runs also exchange 2003
    (I am working to separate DC from exchange, You gave me
    the solution, this is NOT the problem !)
    this box is working fine as DC and exchange server for the
    enterprise clients and other member server;
    DNS server is working fine : every client and member server
    can logon very rapidly


    second DC (w2k server SP4) name=MAILSERVER
    it is working as file server
    IT DOES NOT WORK AS DC :
    when MERCURY is down nobody can login !


    from MERCURY I have done :
    dcdiag /v /s:mailserver
    and parts marked "failed" are following

    Starting test: Advertising
    Fatal ErrorsGetDcName (MAILSERVER) call failed, error 1717
    The Locator could not find the server.
    RPC Extended Error Info not available. Use group policy on the local machine at "Computer Configuration/Administrative Templates/System/Remote Procedure Call" to enable it.
    ......................... MAILSERVER failed test Advertising

    Starting test: Services
    * Checking Service: Dnscache
    * Checking Service: NtFrs
    NtFrs Service is stopped on [MAILSERVER]
    * Checking Service: IsmServ
    IsmServ Service is stopped on [MAILSERVER]
    * Checking Service: kdc
    kdc Service is stopped on [MAILSERVER]
    * Checking Service: SamSs
    * Checking Service: LanmanServer
    * Checking Service: LanmanWorkstation
    * Checking Service: RpcSs
    * Checking Service: w32time
    * Checking Service: NETLOGON
    NETLOGON Service is stopped on [MAILSERVER]
    ......................... MAILSERVER failed test Services

    Starting test: frssysvol
    * The File Replication Service SYSVOL ready test
    The SysVol is not ready. This can cause the DC to not advertise

    itself as a DC for netlogon after dcpromo. Also trouble with FRS

    SysVol replication can cause Group Policy problems. Check the FRS

    event log on this DC.
    ......................... MAILSERVER failed test frssysvol


    from MERCURY I have done :
    netdiag /d:mailserver
    and parts marked "failed" are following

    Redir and Browser test . . . . . . : Failed
    List of NetBt transports currently bound to the Redir
    NetBT_Tcpip_{C2F65B27-764F-4DF0-99DE-DE24300E9ABA}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
    NetBT_Tcpip_{C2F65B27-764F-4DF0-99DE-DE24300E9ABA}
    The browser is bound to 1 NetBt transport.
    [FATAL] Cannot send mailslot message to '\\mailserver*\MAILSLOT\NET\NETLOGON
    ' via redir. [ERROR_BAD_NETPATH]

    DC list test . . . . . . . . . . . : Failed
    'mailserver': Cannot find DC to get DC list from [test skipped].

    LDAP test. . . . . . . . . . . . . : Failed
    Cannot find DC to run LDAP tests on. The error occurred was: Il dominio spec
    ificato non esiste o Þ impossibile contattarlo.

    This computer cannot be joined to the [mailserver] domain because of one of the

    following reasons.

    1. The DNS SRV record for [mailserver] is not registered in DNS; or

    2. A zone from the following list of DNS zones does not include delegation
    to its child zone.

    Such zones can include [_ldap._tcp.dc._msdcs.mailserver], and root zone.

    Ask your network/DNS administrator to perform the following actions: To
    find out why the SRV record for [mailserver] is not registered in the DNS,
    run the dcdiag command prompt tool with the command RegisterInDNS on the
    domain controller that did not perform the registration.
    [WARNING] Cannot find DC in domain 'mailserver'. [ERROR_NO_SUCH_DOMAIN]


    To day when I make logon to MAILSERVER I am not prompted for a long time
    (more than 60 minutes !), so I make logon safe with networking


    All boxes have old hardware (4-5 years), but are working fine

    Can you tell me something to restore MAILSERVER as DC and
    to understand why it is not prompting ?

    Thanks in advance

  • #2
    Re: not prompted for a long time at logon

    Let me get this right.

    You have 2 servers.
    1 server is a DC.
    1 server is an exchange server. This server is not a DC.

    When the DC goes down you clients cannot login.

    Is this correct??

    If yes then you don't understand how a domain login works.

    Your client will not be able to login as there is no DC to login to.

    Comment


    • #3
      Re: not prompted for a long time at logon

      I have 2 domain controllers.

      First DC : name=MERCURY (W2K3)
      this DC runs also exchange 2003;
      this DC works fine
      every client (and other server) can logon fine and rapidly.
      DNS server works fine !


      second DC : name=MAILSERVER (W2K SP4)
      It has nothing to do with mail !!!!


      I realized that this second DC is not working as DC because when
      MERCURY is down nobody can logon.


      Thank you for your time.

      Comment


      • #4
        Re: not prompted for a long time at logon

        Is MAILSERVER a GC?
        1 1 was a racehorse.
        2 2 was 1 2.
        1 1 1 1 race 1 day,
        2 2 1 1 2

        Comment


        • #5
          Re: not prompted for a long time at logon

          Yep as Biggles say's is your second DC a Global Catalog.

          Is it also running DNS and any other services??

          Does your network run DHCP?? If so where from??

          There are loads of reason why clients cannot get logged in but we need to make sure that MAILSERVER is running the same services as MERCURY.

          Comment


          • #6
            Re: not prompted for a long time at logon

            "[FATAL] Cannot send mailslot message to '\\mailserver*\MAILSLOT\NET\NETLOGON
            ' via redir. [ERROR_BAD_NETPATH]"

            The Nbt and SMB mailslot failures shows three things::
            1. The DNS server was not found, so Nbt was tried for name resolution;
            2. The MAILSERVER Netbios name is not in the table kept by the Master Browser of the physical network segment on which the request was made.
            3. The mailslot (a CIFS or forced SMB request) failed because no path was available to MAILSERVER as a broadcast request.

            Either ports 445 and 138 are being blocked by a firewall; or no Trust relationship exists between the DNS server/DC and MAILSERVER; or no physical connection exists -- the computer MAILSERVER is on a different subnet or network segment.
            Last edited by bcastner; 15th June 2007, 12:21.
            * Users Helping Users *
            MS-MVP Windows Networking

            Comment


            • #7
              Re: not prompted for a long time at logon

              I excuse me for the delay in answering.

              There are some news.

              MAILSERVER is probably dead !
              Hardware problems.
              It is possible that it cannot boot.
              I hope to save data connecting disks to another machine.

              This machine MAILSERVER was GC, but had no FSMO roles
              that are all on the other DC machine MERCURY (that is also GC).

              It is probable that it will be impossible to execute
              dcpromo /forceremoval
              on this MAILSERVER

              Question :
              how can I remove this DC (MAILSERVER) from Active Directory
              that is managed only by MERCURY ?

              Is it possible to remove brutally the object MAILSERVER
              cancelling it from Active Directory working on MERCURY ?

              Thank in advance you for your time

              Comment


              • #8
                Re: not prompted for a long time at logon

                I removed DC from mailserver using command ntdsutil (working on mercury !).
                Everything is OK (it seems !)
                I have dcpromoted another machine to DC (that is now second DC)
                I realize that sysvol and netlogon are not shared on the new DC.
                What I can do ?
                I found
                http://support.microsoft.com/default...b;en-us;257338
                (is for w2k only !)
                but I am not sure what to do.
                Any help ?
                Thank you for your time

                Comment


                • #9
                  Re: not prompted for a long time at logon

                  Situation is :

                  now there are 2 DC :

                  mercury (dns server, GC, 5 FSMO)

                  domain-srv (only DC)


                  on domain-srv I made
                  dcdiag /a

                  I write here tests that are not passed :

                  on server mercury

                  Starting test: frsevent
                  There are warning or error events within the last 24 hours after the

                  SYSVOL has been shared. Failing SYSVOL replication problems may cause

                  Group Policy problems.
                  ......................... MERCURY failed test frsevent


                  on server domain-srv

                  Starting test: Advertising
                  Warning: DsGetDcName returned information for \\mercury.shield.net, when we were trying to reach DOMAIN-SRV.
                  Server is not responding or is not considered suitable.
                  ......................... DOMAIN-SRV failed test Advertising

                  Starting test: frsevent
                  There are warning or error events within the last 24 hours after the

                  SYSVOL has been shared. Failing SYSVOL replication problems may cause

                  Group Policy problems.
                  ......................... DOMAIN-SRV failed test frsevent


                  I found also
                  http://support.microsoft.com/default...b;en-us;315457
                  it seems very difficult and recommends
                  "resolving replication inconsistencies"

                  What do you think ?

                  Is this the only way to resolve or another ?

                  I am in trouble.

                  Thank you.

                  Comment


                  • #10
                    Re: not prompted for a long time at logon

                    Saturday afternoon I have again demoted box "domain-srv".
                    Now I have only one DC on box "mercury".

                    I write here situation seen from box "mercury" :


                    before demoting box "domain-srv"

                    from application log
                    25/08/2007 13.05.53 Userenv Errore Nessuno 1030 NT AUTHORITY\SYSTEM MERCURY Impossibile eseguire una query per reperire l'elenco degli oggetti Criteri di gruppo. È possibile che nel registro eventi si trovino messaggi registrati in precedenza dal modulo criteri in cui viene data una spiegazione del problema.
                    25/08/2007 13.05.53 Userenv Errore Nessuno 1058 NT AUTHORITY\SYSTEM MERCURY Impossibile accedere al file gpt.ini per l'oggetto Criteri di gruppo CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=mysite,DC=n et. Il file deve essere presente nel percorso <\\mysite.net\sysvol\mysite.net\Policies\{31B2F3 40-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Impossibile trovare il nome della rete. ). Elaborazione dei Criteri di gruppo interrotta.



                    from replica file log :

                    24/08/2007 15.59.53 NtFrs Errore Nessuno 13568 N/D MERCURY "Il servizio di Replica file ha rilevato che il set di repliche ""DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"" si trova in condizione di JRNL_WRAP_ERROR.
                    Il nome del set di repliche è : ""DOMAIN SYSTEM VOLUME (SYSVOL SHARE)""
                    Percorso principale della replica : ""c:\windows\sysvol\domain""
                    Volume principale della replica : ""\\.\C:""
                    Un set di repliche entra in condizione di JRNL_WRAP_ERROR quando non riesce a trovare il record che sta cercando di leggere dal diario USN NTFS. Ciò può verificarsi per una delle ragioni che seguono.
                    [1] Il volume ""\\.\C:"" è stato formattato.
                    [2] Il diario USN NTFS sul volume ""\\.\C:"" è stato eliminato.
                    [3] Il diario USN NTFS sul volume ""\\.\C:"" è stato troncato. È possibile che Chkdsk tronchi il diario se vi rileva, nella parte finale, voci danneggiate.
                    [4] Il servizio di Replica file non era più in esecuzione nel computer da molto tempo.
                    [5] L'attività di I/O su disco in ""\\.\C:""aveva raggiunto un'intensità troppo alta per il servizio.
                    L'impostazione del parametro del Registro di sistema ""Enable Journal Wrap Automatic Restore"" sul valore 1 dà inizio alle operazioni descritte in seguito, che consentono il ripristino automatico dalla condizione di errore.
                    [1] Al primo poll, che si verifica dopo 5 minuti, il computer viene eliminato dal set di repliche. Se si preferisce non aspettare 5 minuti, eseguire ""net stop ntfrs"", quindi ""net start ntfrs"" per riavviare il servizio di Replica file.
                    [2] Al primo poll dopo l'eliminazione, il computer viene aggiunto nuovamente al set di repliche. Tale aggiunta innesca la sincronizzazione dell'intera struttura del set di repliche.
                    … and so on …


                    from directory services :
                    25/08/2007 12.18.04 NTDS KCC Informazioni Controllo di coerenza informazioni. 1104 NT AUTHORITY\ACCESSO ANONIMO MERCURY "Controllo di coerenza informazioni (KCC) ha completato le seguenti notifiche di modifiche.
                    Partizione di directory:
                    CN=Configuration,DC=mysite,DC=net
                    Indirizzo di rete di destinazione:
                    50b91f2a-aa44-4832-93e9-e12e94e117a6._msdcs.mysite.net
                    Controller di dominio di destinazione (se disponibile):
                    CN=NTDS Settings\0ADEL:50b91f2a-aa44-4832-93e9-e12e94e117a6,CN=DOMAIN-SRV,CN=Servers,CN=MYSITE,CN=Sites,CN=Configuration ,DC=shie
                    Questo evento si può verificare se questo controller di dominio o il controller di dominio di destinazione è stato spostato in un altro sito."






                    after demoting box "domain-srv" :

                    from application log
                    25/08/2007 15.29.30 Userenv Errore Nessuno 1030 NT AUTHORITY\SYSTEM MERCURY Impossibile eseguire una query per reperire l'elenco degli oggetti Criteri di gruppo. È possibile che nel registro eventi si trovino messaggi registrati in precedenza dal modulo criteri in cui viene data una spiegazione del problema.
                    25/08/2007 15.29.30 Userenv Errore Nessuno 1058 NT AUTHORITY\SYSTEM MERCURY Impossibile accedere al file gpt.ini per l'oggetto Criteri di gruppo CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=mysite,DC=n et. Il file deve essere presente nel percorso <\\mysite.net\sysvol\mysite.net\Policies\{31B2F3 40-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Impossibile trovare il percorso di rete. ). Elaborazione dei Criteri di gruppo interrotta.



                    from replica file log :
                    error 13568 (as present before demoting) is no more present




                    dcdiag /a
                    Starting test: frsevent
                    There are warning or error events within the last 24 hours after the

                    SYSVOL has been shared. Failing SYSVOL replication problems may cause

                    Group Policy problems.
                    ......................... MERCURY failed test frsevent




                    Thank for your time

                    Comment

                    Working...
                    X