Announcement

Collapse
No announcement yet.

Domain controller not replicating unable to logon to domain (Windows Server 2003)

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Domain controller not replicating unable to logon to domain (Windows Server 2003)

    First off I appologize for my lack of knowledge in this area.

    I have a situation that I am unable to find anywhere.

    I have 2 domain controllers, our primary domain controller (i'll just call it DC1) is not replicating, and has not been since before I have started working here. It has not caused any problems up until now so my supervisor thought "if nobody is having a problem don't mess with it".

    DC1 houses active directory, is the PDC (so i'm told), DNS (not replicating), and ISA Server 2004 (Why? Don't ask me we have plenty of other servers it could just as well reside on that arent a DC.)

    DC2 houses active directory, is the BDC, DNS, DHCP, Terminal License Server, and Symantec AV server.

    Well lately (past 2 weeks or so) our users have been trying to authenticate to the non-replicating DC and have been getting unable to logon to domain errors (as some of the might not be in AD, or have a different password on this AD) rather frequently. A simple reboot usually remedies this, but we would like a more permanent solution. I was told by my supervisor to promote DC2 to the PDC and demote DC1 to the BDC.

    Since DC1 is not replicating I am not sure if I would have to just forcibly remove active directory(http://www.petrico.il/forcibly_remov...y_from_dc.html) and then promote DC2. After deleting I was thinking that I would have to cleanup the data from DC2 (http://www.petri.com/delete_failed_dcs_from_ad.html).

    Neither I nor my supervisor know enough about active directory to know the proper procedure of doing this. I was hoping against hope that somebody here might be able to help us fix our agonizing problem.

    I thank you in advance for any advice you might be able to give.

    Mitch

  • #2
    Re: Domain controller not replicating unable to logon to domain (Windows Server 2003)

    Are you using Windows Server 2003 Active Directory Domain Environment or Windows NT Domain Environment ?
    MCSE : Windows Server 2003

    Comment


    • #3
      Re: Domain controller not replicating unable to logon to domain (Windows Server 2003)

      We are running Windows Server 2003 Active Directory. Both servers are also running Server 2003 Standard edtion OS service pack 2.

      We are getting event ID 4, 1864, 4000, 4001, 5719, 5722, 5723, 5805

      Comment


      • #4
        Re: Domain controller not replicating unable to logon to domain (Windows Server 2003)

        can you post some of the events details?
        Technology is only as good as those who use it

        My tech blog - wiredtek.wordpress.com

        Comment


        • #5
          Re: Domain controller not replicating unable to logon to domain (Windows Server 2003)

          Most likely your replication is caused by your DNS not working correctly, or by a firewall. When you say DC1 does not replicate, do you mean using "Sites and Services" on DC1 does not replicate, but logging onto DC2 you can replicate in "Sites and Services"? If so, see if DC1 can at least resolve DC2 by using ping.

          Troubleshooting Replication:
          http://technet2.microsoft.com/window....mspx?mfr=true
          http://technet.microsoft.com/en-us/l.../bb727057.aspx

          Troubleshooting DNS:
          http://www.windowsnetworking.com/art...esolution.html
          http://technet2.microsoft.com/window....mspx?mfr=true
          http://technet.microsoft.com/en-us/l.../bb727055.aspx

          Necessary AD Domain Controller Firewall Exceptions:
          http://support.microsoft.com/kb/555381

          Comment


          • #6
            Re: Domain controller not replicating unable to logon to domain (Windows Server 2003)

            First of all, figure out why it is not synchronizing.
            Now, if it has been out of sync for too long, yes, you will be better off to demote it.

            However watch out for any changes made on DC1 not replicated to dc2, they would be lost.

            Try moving the fsmo roles to dc2 before you demote it. It probably wont work, so seize them.

            Then promote DC1 after you made sure the meta data is clean.

            BTW there is no such thing as a PDC and a BDC in AD (Even though there is a PDC emulator fsmo role).
            VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

            Comment


            • #7
              Re: Domain controller not replicating unable to logon to domain (Windows Server 2003)

              Update

              Steps taken to fix this issue
              1. dcpromo /forceremoval on broken DC.
              2. ntdsutil metadatacleanup on working DC.
              3. Reinstall AD on broken DC.
              4. ...
              5. Profit.

              This also fixed DNS not working on the broken DC.

              Thanks,
              Mitch

              Comment

              Working...
              X