Announcement

Collapse
No announcement yet.

Multiple Domain controller problem

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Multiple Domain controller problem

    We currently have 2x 2008R2 DC's one is in VMware and the other is physical and a 3rd 2003R2 remote DC (Leease line using VPN).
    We had a power outage a couple of days ago and lost connectivity to the remote DC and the VMWare DC was down as well. The physical DC was up but DNS and AD-DS was not working on our network, looking at the event logs I was getting Event ID 4013 As below;
    The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.

    Event ID 1014 as below;
    Name resolution for the name BIBSOC1.com timed out after none of the configured DNS servers responded.

    I change the DC to look at itself for DNS on the NIC but this had no change, once we managed to get the VMWare DC up and running all was well.

    They are all Global Catalog servers and the physical DC (Which is up) is the operation master for RID, PDC, schema, naming master and Infastructure.

    Any pointers would be useful, if you need more info please let me know.

    Thanks

  • #2
    Re: Multiple Domain controller problem

    Have you run a DCDIAG /e /v >dcdiag.txt? It also worth reviewing DNS to verify SRV records.

    Comment


    • #3
      Re: Multiple Domain controller problem

      Are all DCs DNS servers too? If so, are you using AD-Integrated DNS zones?

      If so, make sure all DCs are fully replicated then make sure each DC is pointing to itself for DNS.

      Verify replication: http://technet.microsoft.com/en-us/l...8WS.10%29.aspx

      Also make sure you have you AD Sites setup properly.
      Regards,
      Jeremy

      Network Consultant/Engineer
      Baltimore - Washington area and beyond
      www.gma-cpa.com

      Comment


      • #4
        Re: Multiple Domain controller problem

        All DC have DNS (Remote one is just a stub zone)
        I have checked the DCDIAG and the only item failing is NCSecDesc which according to Microsoft is only needed for RODC Setups.
        I have done the replication test which passed.
        Yes we are using DNS Integrated Zones.

        Comment


        • #5
          Re: Multiple Domain controller problem

          Is there a reason you don't have a primary zone at the remote site?

          A stub zone is pretty pointless when there's not multiple domains. I recommend configuring the remote DNS server with the primary zone.

          Have you pointed the DC to themselves for DNS?
          Have you configured ADSS correctly?
          Regards,
          Jeremy

          Network Consultant/Engineer
          Baltimore - Washington area and beyond
          www.gma-cpa.com

          Comment


          • #6
            Re: Multiple Domain controller problem

            The stub zone was setup a few years a go by our support company as they said because we had such a poor VPN line it was the way to go.

            All the DC's have their primary DNS on the NIC's pointed to themselves

            ADDS Seems to be functioning correctly as there are no event ID errors flagging up. The system manager seems to be happy too.

            Comment


            • #7
              Re: Multiple Domain controller problem

              Originally posted by MattZ82 View Post
              The stub zone was setup a few years a go by our support company as they said because we had such a poor VPN line it was the way to go.
              That doesn't make sense. A stub zone essentially tells you where to find the NS servers for a zone. Regardless of what you do all lookups still need to be sent to the main office with that setup. I recommend changing the remote office DNS server to a primary zone.

              Originally posted by MattZ82 View Post
              All the DC's have their primary DNS on the NIC's pointed to themselves
              Excellent.

              Originally posted by MattZ82 View Post
              ADDS Seems to be functioning correctly as there are no event ID errors flagging up. The system manager seems to be happy too.
              But do you have two sites configured? Are the DCs assigned to their respective sites? Have you properly configured the subnets for the sites? All of these things need to be configured in ADSS.
              Regards,
              Jeremy

              Network Consultant/Engineer
              Baltimore - Washington area and beyond
              www.gma-cpa.com

              Comment

              Working...
              X