Announcement

Collapse
No announcement yet.

Secondary DC can access PDC only through IP address

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Secondary DC can access PDC only through IP address

    Hi

    I just stumbled upon a problem that is quite new to me.

    I have 2 DCs in one domain.
    DC01 -- is Windows 2000 Server (Master of operations)
    DC02 -- (secondary) is a Windows 2003 Server SP1

    They were both running OK for about a year, and recently the access problems started after installing SP2 on the W3K server.

    The problem is following: DC02 can access resources on DC01 only through IP address -- otherwise access is denied. The odd thing is that all the users can autenticate and access share resources on any of the DCs.
    I did the tests of dcdiag and netdiag as well as nslookup and replication. All seems to be in order (no errors) and yet....

    I recovered an image of DC02 with only SP1 installed then I demoted the secondary DC (no errors). As long as it stays only as member server there are no problems with access to resources (so obviously it is not user rights problem). However demotion is not a solution as my company requieres to have a secondary DC for AD backup

    I checked DNS zones replication as well and received no errors.

    DC01 can access all the resources on DC02 but when DC02 tries to access DC01 via its name \\DC01\<resource> -- the access is denied. I'm logged in on both machines as Domain Admin.

    Besides 2 DCs we have 4 member servers running W3k sp2 and all of them but one can access the resources on both DCs. One of then however started giving the same problem as DC02

    Any ideas would be wellcomed as it's starting to drive me nuts. Thank you! If something isn't clear I will elaborate more (english is not my native language).

    Artur

  • #2
    Re: Secondary DC can access PDC only through IP address

    Well this is just a guess but check for a change to the SMB signing settings that might have come with SP2 on to 2K3 server(s).

    Comment


    • #3
      Re: Secondary DC can access PDC only through IP address

      Originally posted by joeqwerty View Post
      Well this is just a guess but check for a change to the SMB signing settings that might have come with SP2 on to 2K3 server(s).
      I reversed DC02 back to SP1 (recovering from image) so it doesn't even know that SP2 exist. (unless it wrote some value in AD while installed)
      Last edited by acvj-dsi; 21st February 2008, 14:12.

      Comment

      Working...
      X