Windows 2003 Server not saving Active Directory

Home Forums Server Operating Systems Windows Server 2000 / 2003 / 2003 R2 Windows 2003 Server not saving Active Directory

This topic contains 170 replies, has 12 voices, and was last updated by Avatar leoh 12 years, 2 months ago.

Viewing 30 posts - 1 through 30 (of 171 total)
  • Author
    Posts
  • Avatar
    leoh
    Member
    #120673

    I have the following scenario:

    • Windows 2000 Server as PDC
    • Windows 2003 Server as DC
    • about 50 Windows XP

    The problem here is that the Windows 2003 Server is not “saving” the Active Directory data. If the Windows 2000 Server is offline, nothing shows up on the console on the Windows 2003 server, and I have no backup of the Active Directory. But if the Windows 2000 is online, everything shows up in the console in the Windows 2003 Server.

    I believe there is some problem with the DNS server on the Windows 2000, because if I do nslookup, no server is found. The primary DNS server is the Windows 2000 and the secondary is the 2003. In both servers the DNS service is running.

    What I need here, is only redundancy, since all of the XP computers are in the same place (It’s a University Lab). I don’t need another server for increased performance.

    How do I continue? Is this an error, or am I missing some configuration?

    Avatar
    Mouse
    Member
    #290852

    Re: Windows 2003 Server not saving Active Directory

    It may not be relevant but is there a reason you’ve not integrated your DNS with AD?

    Is the TCP/IP configuration correct for both servers, specifically with regards to DNS (they should be pointing at themselves).

    Avatar
    leoh
    Member
    #293061

    Re: Windows 2003 Server not saving Active Directory

    Mouse;55310 wrote:
    It may not be relevant but is there a reason you’ve not integrated your DNS with AD?

    What do you mean by “integrated”? I am using the DNS service that comes with windows server.

    Mouse;55310 wrote:
    Is the TCP/IP configuration correct for both servers, specifically with regards to DNS (they should be pointing at themselves).

    I think it’s correct. Both servers have the same primary and secondary DNS servers configured. The Windows 2000 is the primary DNS server, and the secondary is the 2003 server.
    Each server has a different IP in the same range (172.24.10.1 and 172.24.10.2).

    Avatar
    sanvour
    Member
    #217236

    Re: Windows 2003 Server not saving Active Directory

    What is meant by AD and DNS, is that you will be having an Active Directory Integrated Zone.

    Can you see the A reconds on the 2003 inside the primary zone of the DNS on the 2000 server? What about SRV records?

    Are you sure both DNS are updated? That is the secondary zone is getting the update from the Primary zone?

    Avatar
    Mouse
    Member
    #290855

    Re: Windows 2003 Server not saving Active Directory

    Apologies Leoh, generally with regards to 2000/2003 domains people tend not to use Primary and Secondary servers, when choosing to integrate your DNS with Active Directory each Domain Controller holds an editable copy of the DNS database, basically a performance boost with redundancy.

    The DNS settings for server 172.24.10.1, the primary DNS should be 172.24.10.1
    The DNS settings for server 172.24.10.2, the primary DNS should be 172.24.10.2
    Pointing to themselves for name resolution.

    EDIT: Sorry late post :-/ going on from what sanvour said check that the A (host) records are correct aswell as the NS (name server) records. Research integrating your DNS here http://www.microsoft.com/technet/community/events/ad/tnti-35.mspx

    Avatar
    leoh
    Member
    #293062

    Re: Windows 2003 Server not saving Active Directory

    sanvour;55316 wrote:
    What is meant by AD and DNS, is that you will be having an Active Directory Integrated Zone.

    No idea if I have that. How do I find out?

    sanvour;55316 wrote:
    Can you see the A reconds on the 2003 inside the primary zone of the DNS on the 2000 server? What about SRV records?

    I don’t have anything called like that on the DNS console. May be it’s called different, all of my windows are in spanish. Anyway, how do I get to check that?

    sanvour;55316 wrote:
    Are you sure both DNS are updated? That is the secondary zone is getting the update from the Primary zone?

    Same as before. How do I check that?

    Mouse;55317 wrote:
    The DNS settings for server 172.24.10.1, the primary DNS should be 172.24.10.1
    The DNS settings for server 172.24.10.2, the primary DNS should be 172.24.10.2

    Done.

    Avatar
    leoh
    Member
    #293064

    Re: Windows 2003 Server not saving Active Directory

    Does this mean that the DNS is integrated?

    Windows 2000:
    dns2px.jpg

    Windows 2003:
    dns23az.jpg

    Avatar
    leoh
    Member
    #293065

    Re: Windows 2003 Server not saving Active Directory

    Anyone?
    How should I continue? What else should I check, and how?

    Avatar
    wullieb1
    Moderator
    #240032

    Re: Windows 2003 Server not saving Active Directory

    Did you run adprep??

    What is your DNS set to on the 2003 server??

    Is the 2003 server setup as a Global Catalog server??

    Avatar
    leoh
    Member
    #293066

    Re: Windows 2003 Server not saving Active Directory

    wullieb1;55485 wrote:
    Did you run adprep??

    Yes, I did, without any problems. I can see perfectly all of the objects of the active directory (users, computers, etc) on the console on the Windows 2003 Server. I think if that had failed, I wouldn’t have been able to do that.

    wullieb1;55485 wrote:
    What is your DNS set to on the 2003 server??

    What do you mean by that? The DNS service is running, and the primary DNS is itself (172.24.10.2) and the secondary is the 2000 server (172.24.10.1).

    wullieb1;55485 wrote:
    Is the 2003 server setup as a Global Catalog server??

    No, I think the global catalog server is the 2000 Server. Is that wrong?

    Avatar
    wullieb1
    Moderator
    #240034

    Re: Windows 2003 Server not saving Active Directory

    From what i can gather from your posts if your 2000 server goes down your clients cannot get connected to the network??

    You need to make yoru 2003 server a Global Ctalog to allow it to service logons. Do you also have a split DHP setup?? You can configure this how you like but the usual is 80/20.

    NSLOOKUP problem. Do you have a PTR record in your reverse lookup zone for both your servers??

    Avatar
    tonyyeb
    Member
    #223611

    Re: Windows 2003 Server not saving Active Directory

    leoh;55473 wrote:
    Anyone?
    How should I continue? What else should I check, and how?

    Silly question but you are sure BOTH are domain controllers? If you right click (in active directory users and computers) on your domain name and select ‘connect to domain controller’ do they both show in the list?

    Avatar
    leoh
    Member
    #293067

    Re: Windows 2003 Server not saving Active Directory

    wullieb1;55496 wrote:
    From what i can gather from your posts if your 2000 server goes down your clients cannot get connected to the network??

    That’s right. They can’t login if the 2000 server is offline.

    wullieb1;55496 wrote:
    You need to make yoru 2003 server a Global Ctalog to allow it to service logons.

    But if I make the 2003 server a global catalog, then what happens if it goes offline?
    Will the 2000 Server still have an updated copy of the Active Directory so that the users can still login? What I’m looking for here is redundancy, not performance.

    wullieb1;55496 wrote:
    Do you also have a split DHP setup?? You can configure this how you like but the usual is 80/20.

    No idea what you are talking about. What is a split DHP setup? What do you mean by “80/20”?

    wullieb1;55496 wrote:
    NSLOOKUP problem. Do you have a PTR record in your reverse lookup zone for both your servers??

    I don’t know. Where do I check that?
    Anyway, when the 2003 Server didn’t exist, the same problem existed. The same situation on every XP and the 2000 server itself.

    tonyyeb;55501 wrote:
    Silly question but you are sure BOTH are domain controllers? If you right click (in active directory users and computers) on your domain name and select ‘connect to domain controller’ do they both show in the list?

    Yes, both show up.

    Avatar
    wullieb1
    Moderator
    #240041

    Re: Windows 2003 Server not saving Active Directory

    leoh;55903 wrote:
    That’s right. They can’t login if the 2000 server is offline.

    But if I make the 2003 server a global catalog, then what happens if it goes offline?
    Will the 2000 Server still have an updated copy of the Active Directory so that the users can still login? What I’m looking for here is redundancy, not performance.

    No idea what you are talking about. What is a split DHP setup? What do you mean by “80/20”?

    I don’t know. Where do I check that?
    Anyway, when the 2003 Server didn’t exist, the same problem existed. The same situation on every XP and the 2000 server itself.

    Yes, both show up.

    OK.

    Nothing will happen if the server goes offline. If both servers are GC’s then they will both service requests for logons.

    DHCP – More info here

    DNS – You need to setup a reverse lookup zone for your ip address. More info here

    Avatar
    leoh
    Member
    #293068

    Re: Windows 2003 Server not saving Active Directory

    wullieb1;55904 wrote:
    OK.

    Nothing will happen if the server goes offline. If both servers are GC’s then they will both service requests for logons.

    Then how do I make them both GC’s?

    wullieb1;55904 wrote:
    DHCP – More info here

    Why do I need DHCP? I have all fixed IPs. I only need redundancy to be able to login.
    Besides, DHCP servers are not allowed on the university network. I don’t know why, I think because of security, but the network admins told me not to use DHCP.

    wullieb1;55904 wrote:
    DNS – You need to setup a reverse lookup zone for your ip address. More info here

    Done. Not getting the DNS error anymore.

    Avatar
    Silver23
    Member
    #292209

    Re: Windows 2003 Server not saving Active Directory

    leoh;55926 wrote:
    Then how do I make them both GC’s?

    Open “Active Directory Sites and Services” from administrative tools menu

    Follow tree Default-first-site etc all down. u will see your servers here.

    Select the server u want to make GC and right click it’s NTDS settings. check the checkbox and voila. It will take a while depending on the amount of users, to replicate.

    Avatar
    tonyyeb
    Member
    #223624

    Re: Windows 2003 Server not saving Active Directory

    Do all your clients have both domain controllers in as DNS servers in the TCPIP settings.

    Avatar
    biggles77
    Spectator
    #206047

    Re: Windows 2003 Server not saving Active Directory

    leoh wrote:
    Why do I need DHCP? I have all fixed IPs. I only need redundancy to be able to login.
    Besides, DHCP servers are not allowed on the university network. I don’t know why, I think because of security, but the network admins told me not to use DHCP

    How long does it take you to manually add or change an IP setting on a PC? (Don’t forget you will probably have to log off then back on as an Administrator and then log off). Multiply that time by the number of PCs you have. Now imaging being able to do that to ALL your PCs in about 30 seconds, irrespective of the number, 1 or 1,000. That is one reason why DHCP rules.

    Me thinks Network Admins are playing a little techie joke.

    Avatar
    leoh
    Member
    #293069

    Re: Windows 2003 Server not saving Active Directory

    Silver23;55931 wrote:
    Select the server u want to make GC and right click it’s NTDS settings. check the checkbox and voila. It will take a while depending on the amount of users, to replicate.

    Done. I guess I’ll have to wait for it to replicate, it will take a while since I have about 800 users. I’ll check tomorrow if it works.

    tonyyeb;55946 wrote:
    Do all your clients have both domain controllers in as DNS servers in the TCPIP settings.

    Yes. One of them is the primary and the other server is the secondary.

    biggles77;55950 wrote:
    How long does it take you to manually add or change an IP setting on a PC? (Don’t forget you will probably have to log off then back on as an Administrator and then log off). Multiply that time by the number of PCs you have. Now imaging being able to do that to ALL your PCs in about 30 seconds, irrespective of the number, 1 or 1,000. That is one reason why DHCP rules.

    Me thinks Network Admins are playing a little techie joke.

    Yes, I know what DHCP does. I have about 50 computers on my labs, but anyway the IPs are already set up. And I don’t know why, but in the whole network of the university (about 1500 or 2000 computers between the labs, administrative and servers) there is not even one DHCP server. The only DHCP server is on the wifi network for student’s notebooks. I don’t know why, but that’s the way it works.

    Avatar
    leoh
    Member
    #293070

    Re: Windows 2003 Server not saving Active Directory

    Ok, I’m moving ahead.
    Now if the 2000 server is offline, I have to manually connect to the 2003 server manually from itself. But at least now I can see the users and everything on the Active Directory.
    But the problem is that the computers can’t login. As if they couldn’t see the 2003 Server.
    Do I have to configure anything when the 2000 Server is offline? Shouldn’t the 2003 take control automatically? What am I missing?

    Avatar
    leoh
    Member
    #293073

    Re: Windows 2003 Server not saving Active Directory

    So… can anybody help me?
    The situation is simple:

    2 servers that replicate the Global Catalog.
    If the PDC is offline, then the BDC has a copy of the Global Catalog.
    The problem is that the users can’t login. As if they couldn’t see the BDC.

    How can I continue now? What and where should I check?

    Avatar
    sanvour
    Member
    #217249

    Re: Windows 2003 Server not saving Active Directory

    Before you turn off the PDC try transfering the Domain FSMO roles the BDC.
    I am suspecting that the BDC is not correctly registered in the DNS and did not register himself correctly in the DNS.

    Try pinging the BDC from any client you have.

    Avatar
    leoh
    Member
    #293074

    Re: Windows 2003 Server not saving Active Directory

    sanvour;56202 wrote:
    Before you turn off the PDC try transfering the Domain FSMO roles the BDC.

    Ok, but the PDC must be online to transfer the Domain FSMO roles. I won’t be able to transfer if the PDC is offline.
    What I’m looking for here is redundancy.

    May be I’m wrong here, but am I supposed to do anything if the PDC fails, or should everything work transparently?

    sanvour;56202 wrote:
    I am suspecting that the BDC is not correctly registered in the DNS and did not register himself correctly in the DNS.

    Try pinging the BDC from any client you have.

    The DNS seems to be working. It can solve the IP from any computer. And the ping works fine.

    What now?

    Avatar
    sanvour
    Member
    #217250

    Re: Windows 2003 Server not saving Active Directory

    Yeah sure about that, but I am suspecting that there is something wrong with the registration of the BDC. If PDC fails, sure the BDC should take over.

    Are you sure both of them are in the same Site (Active Directory Sites and Services)?

    JeremyW
    JeremyW
    Moderator
    #268702

    Re: Windows 2003 Server not saving Active Directory

    We have a 2000 DC and a 2003 DC so that means there’s no PDC or BDC.
    To make sure the DNS has the proper entries run ipconfig /registerdns on both DCs.

    Also, it would be extremely helpful to those who are helping if there was a diagram of the network with IP address and subnet information listed. Leoh, could you post something?

    Avatar
    leoh
    Member
    #293075

    Re: Windows 2003 Server not saving Active Directory

    sanvour;56217 wrote:
    Are you sure both of them are in the same Site (Active Directory Sites and Services)?

    I don’t know. Where do I check that? They are both controllers for the same domain.
    Here are the screenshots of the consoles (I use windows in Spanish).

    Windows 2000:
    win2krk0.jpg
    Windows 2003:
    win2k3we6.jpg

    JeremyW;56219 wrote:
    To make sure the DNS has the proper entries run ipconfig /registerdns on both DCs.

    On the 2003 server, no problems. On the 2000 Server, I got a message (in spanish) that is translated to something like:

    “Error: The system cannot find the specified file.
    Updating DNS names”

    JeremyW;56219 wrote:
    Also, it would be extremely helpful to those who are helping if there was a diagram of the network with IP address and subnet information listed. Leoh, could you post something?

    The network is quite simple:

    I have about 50 windows XP computers connected to the same network as the servers.
    The IPs of the Windows XP computers are 172.24.1.x, 172.24.2.x, 172.24.11.x and 172.24.12.x.

    I have 1 Windows 2000 Server (lecorbu.pocqt.ort.edu.uy) and the IP is 172.24.10.1.

    I have 1 Windows 2003 Server (materiales.pocqt.ort.edu.uy) and the IP is 172.24.10.2.

    All of the computers and servers are connected with 2 switches, and no routers or anything between them.

    JeremyW
    JeremyW
    Moderator
    #268705

    Re: Windows 2003 Server not saving Active Directory

    Hey Leoh, your DCs are in the same site.

    Check out this KB
    http://support.microsoft.com/kb/257734

    Avatar
    leoh
    Member
    #293076

    Re: Windows 2003 Server not saving Active Directory

    JeremyW;56242 wrote:

    Done. Still getting the same error. What now?

    What else should I check?
    Do you need a screenshot of anything?

    Rems
    Rems
    Moderator
    #226197

    Re: Windows 2003 Server not saving Active Directory

    leoh wrote:
    Done. Still getting the same error. What now?

    Verified the permissions on your computer account [SELF]?
    1. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
    2. On the View menu, click Advanced Features.
    3. In Active Directory, expand your domain, go to the OU containing the serveraccount, right-click your computer, and then click Properties.
    4. Click the Security tab.
    5. Select SELF
    6. Click to select the Allow check box for each of the following 6 permissions:
    • Create All Child Objects
    • Delete All Child Objects
    • Validated Write to DNS Hostname
    • Validated Write to Service Principal Name
    • Read Personal Information
    • Write Personal Information
    Reboot the computer
    Can you confirm that?

    On both DC’s,
    Check the eventviewer (eventvwr.exe) look for warnings and error in the logs;
    – Directory Service
    – DNS Server

    Rem

    Avatar
    leoh
    Member
    #293077

    Re: Windows 2003 Server not saving Active Directory

    Rems;56371 wrote:
    Verified the permissions on your computer account [SELF]?
    1. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
    2. On the View menu, click Advanced Features.
    3. In Active Directory, expand your domain, go to the OU containing the serveraccount, right-click your computer, and then click Properties.
    4. Click the Security tab.
    5. Select SELF
    6. Click to select the Allow check box for each of the following 6 permissions:
    • Create All Child Objects
    • Delete All Child Objects
    • Validated Write to DNS Hostname
    • Validated Write to Service Principal Name
    • Read Personal Information
    • Write Personal Information
    Reboot the computer
    Can you confirm that?

    Yes, I have checked that and it was already correct. I didn’t modify anything.

    Rems;56371 wrote:
    On both DC’s,
    Check the eventviewer (eventvwr.exe) look for warnings and error in the logs;
    – Directory Service
    – DNS Server

    No errors or warnings, at least on the last week. Only information events.

Viewing 30 posts - 1 through 30 (of 171 total)

You must be logged in to reply to this topic.