Screwy connection between new Win2K3 member server and new Win2K3 ADC

Discussion in 'Server Setup' started by Daniel Hienzsch, Jan 22, 2004.

  1. I have two servers setup on an independent network for our production
    network. Only two servers on their own switch, own router, own internet
    connection. I setup server01 with the base install then added the Domain
    Controller role to it which installed and configured AD, DHCP and DNS. I
    added a Primary Reverse Lookup Zone into DNS, then tested it using the
    testing tool on the monitoring tab of the properties page.

    I then built server02. It is a standard vanilla Win2K3 install. After
    completing installation, I added it to the domain with no problem, then
    rebooted. I then rebooted (as is required) and after each reboot, I get
    error messages peppered throughout the event viewer on Server02 stating that
    the domain controller cannot be found. DCDIAG confirms that the server
    can't be seen. All MS Troubleshooting tips point to network connectivity
    being the problem, but it isn't. I've checked the switch, NIC's, default
    network settings, IP to no avail; it's all working right. I've checked and
    rechecked every DNS entry for the Domain Controller in it's DNS setting, but
    I don't see anything wrong in there.

    And then after about 6 hours or so, DCDIAG starts working and I can see the
    domain. If i reboot, I start the whole problem over again.

    I've rebuilt these servers at least four times now trying to narrow down and
    eliminate everything and this is about as basic as I can get the setup. One
    DC, one member server, one switch, two network cables, one internet
    connection, but I can't figure out what the problem is!


    ========================================================

    Here is the complete list of DNS testing, DCDIAG testing and the actual
    EVENT VIEWER errors reported...

    For clarification:

    Domain: domain.foo
    Active Directory Controller / PDC Emulator: server01 = 10.55.1.10
    Member Server: server02 = 10.55.1.11


    C:\Documents and Settings\Administrator>dnslint /d domain.foo /s 10.55.1.10
    /v

    DNSLint will attempt to verify the DNS entries for:

    domain.foo

    This process may take several minutes to complete...

    by-passing www.internic.net lookup...
    using 10.55.1.10

    Attempting to find host name for 10.55.1.10...name not found

    Verifying the DNS records for the specified
    domain name on each name server...

    Checking SOA record on:
    User Specified DNS Server (10.55.1.10)...
    Authoritative name server: server01.domain.foo
    Hostmaster: hostmaster
    Zone serial number: 26
    Refresh period: 900 seconds
    Retry delay: 600 seconds
    Zone expires in: 86400 seconds
    Default (minimum) TTL: 3600 seconds

    Querying for NS records...
    Additional authoritative NS records for domain:
    server01.domain.foo 10.55.1.10

    querying for domain's host records...
    Host records for domain:
    10.55.1.10

    querying for MX record data...
    No MX records on that name server
    =============================

    Checking SOA record on:
    server01.domain.foo (10.55.1.10)...
    Authoritative name server: server01.domain.foo
    Hostmaster: hostmaster
    Zone serial number: 26
    Refresh period: 900 seconds
    Retry delay: 600 seconds
    Zone expires in: 86400 seconds
    Default (minimum) TTL: 3600 seconds

    Querying for NS records...
    Additional authoritative NS records for domain:
    server01.domain.foo 10.55.1.10

    querying for domain's host records...
    Host records for domain:
    10.55.1.10

    querying for MX record data...
    No MX records on that name server
    =============================


    generating report file....
    A file called dnslint.htm already exists

    Do you want to overwrite it? (Y/N)y
    overwriting existing .htm file...

    Creating report called dnslint.htm in current directory

    C:\Documents and Settings\Administrator>ping server01.domain.foo

    Pinging server01.domain.foo [10.55.1.10] with 32 bytes of data:

    Reply from 10.55.1.10: bytes=32 time<1ms TTL=128
    Reply from 10.55.1.10: bytes=32 time<1ms TTL=128
    Reply from 10.55.1.10: bytes=32 time<1ms TTL=128
    Reply from 10.55.1.10: bytes=32 time<1ms TTL=128

    Ping statistics for 10.55.1.10:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

    C:\Documents and Settings\Administrator>nslookup server01.domain.foo
    *** Can't find server name for address 10.55.1.10: Non-existent domain
    Server: UnKnown
    Address: 10.55.1.10

    Name: server01.domain.foo
    Address: 10.55.1.10


    C:\Documents and Settings\Administrator>nslookup server01.domain.foo
    Server: server01.domain.foo
    Address: 10.55.1.10

    Name: server01.domain.foo
    Address: 10.55.1.10


    C:\Documents and Settings\Administrator>


    Microsoft Windows [Version 5.2.3790]
    (C) Copyright 1985-2003 Microsoft Corp.

    C:\Documents and Settings\Administrator.domain>dcdiag /s:server01 |more

    Domain Controller Diagnosis

    Performing initial setup:
    [server01] LDAP bind failed with error 8341,
    A directory service error has occurred..


    C:\Documents and Settings\Administrator.domain>dcdiag /s:server01 |more

    Domain Controller Diagnosis

    Performing initial setup:
    Done gathering initial info.

    Doing initial required tests

    Testing server: Default-First-Site\server01
    Starting test: Connectivity
    The host 2713c23b-b7f2-4533-85a9-a747c557422a._msdcs.domain.foo c
    ould not be resolved to an
    IP address. Check the DNS server, DHCP, server name, etc
    ......................... server01 failed test Connectivity

    Doing primary tests

    Testing server: Default-First-Site\server01
    Skipping all tests, because server server01 is
    not responding to directory service requests

    Running partition tests on : TAPI3Directory
    Starting test: CrossRefValidation
    ......................... TAPI3Directory passed test
    CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... TAPI3Directory passed test CheckSDRefDom

    Running partition tests on : ForestDnsZones
    Starting test: CrossRefValidation
    ......................... ForestDnsZones passed test
    CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... ForestDnsZones passed test CheckSDRefDom

    Running partition tests on : DomainDnsZones
    Starting test: CrossRefValidation
    ......................... DomainDnsZones passed test
    CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... DomainDnsZones passed test CheckSDRefDom

    Running partition tests on : Schema
    Starting test: CrossRefValidation
    ......................... Schema passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... Schema passed test CheckSDRefDom

    Running partition tests on : Configuration
    Starting test: CrossRefValidation
    ......................... Configuration passed test
    CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... Configuration passed test CheckSDRefDom

    Running partition tests on : domain
    Starting test: CrossRefValidation
    ......................... domain passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... domain passed test CheckSDRefDom

    Running enterprise tests on : domain.foo
    Starting test: Intersite
    ......................... domain.foo passed test Intersite
    Starting test: FsmoCheck
    ......................... domain.foo passed test FsmoCheck


    C:\Documents and Settings\Administrator.domain>nslookup
    *** Can't find server name for address 10.55.1.10: Non-existent domain
    Default Server: UnKnown
    Address: 10.55.1.10
    Server: UnKnown
    Address: 10.55.1.10

    _ldap._tcp.dc._msdcs.domain.foo SRV service location:
    priority = 0
    weight = 100
    port = 389
    svr hostname = server01.domain.foo
    server01.domain.foo internet address = 10.55.1.10

    ================================================
    ================================================
    ================================================

    EVENT VIEWER ERRORS

    ================================================
    ================================================
    ================================================


    Event Type: Error
    Event Source: Userenv
    Event Category: None
    Event ID: 1054
    Date: 1/21/2004
    Time: 3:11:21 PM
    User: NT AUTHORITY\SYSTEM
    Computer: server02
    Description:
    Windows cannot obtain the domain controller name for your computer network.
    (The specified domain either does not exist or could not be contacted. ).
    Group Policy processing aborted.

    For more information, see Help and
    Support Center at http://go.microsoft.com/fwlink/events.asp.


    Event Type: Error
    Event Source: MRxSmb
    Event Category: None
    Event ID: 8003
    Date: 1/21/2004
    Time: 3:11:26 PM
    User: N/A
    Computer: server02
    Description:
    The master browser has received a server announcement from the computer
    server01 that believes that it is the master browser for the domain on
    transport NetBT_Tcpip_{3E658275-8CE8-4150. The master browser is stopping
    or an election is being forced.

    For more information, see Help and
    Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 00 00 00 00 03 00 4e 00 ......N.
    0008: 00 00 00 00 43 1f 00 c0 ....C..À
    0010: 00 00 00 00 00 00 00 00 ........
    0018: 00 00 00 00 00 00 00 00 ........
    0020: 00 00 00 00 00 00 00 00 ........



    Event Type: Error
    Event Source: NETLOGON
    Event Category: None
    Event ID: 5719
    Date: 1/21/2004
    Time: 3:11:21 PM
    User: N/A
    Computer: server02
    Description:
    This computer was not able to set up a secure session with a domain
    controller in domain domain due to the following:
    There are currently no logon servers available to service the logon
    request.
    This may lead to authentication problems. Make sure that this computer
    is connected to the network. If the problem persists, please contact
    your domain administrator.

    ADDITIONAL INFO
    If this computer is a domain controller for the specified domain, it sets
    up the secure session to the primary domain controller emulator in the
    specified domain. Otherwise, this computer sets up the secure session
    to any domain controller in the specified domain.

    For more information,
    see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 5e 00 00 c0 ^..À


    Event Type: Warning
    Event Source: DnsApi
    Event Category: None
    Event ID: 11197
    Date: 1/21/2004
    Time: 3:04:05 PM
    User: N/A
    Computer: server02
    Description:
    The system failed to update and remove host (A) resource records (RRs) for
    network adapter with settings:

    Adapter Name : {E4AE94A6-F873-4BA2-A86B-41FC56F45A04}
    Host Name : server02
    Primary Domain Suffix : domain.foo
    DNS server list :
    10.55.1.10, 63.140.240.35
    Sent update to server : <?>
    IP Address(es) :
    10.55.1.11

    The reason the update request failed was because of a system problem.
    For specific error code, see the record data displayed below.

    For more
    information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 51 27 00 00 Q'..
     
    Daniel Hienzsch, Jan 22, 2004
    #1
    1. Advertisements

  2. <snippage>

    Okay, I have a couple of really elementary questions for you, so bear
    with me (I *do* have a reason for asking)...

    Can you connect the servers to each other via, say, a hub, or even a
    crossover cable? If you do, do you see the same problems? What kind of
    NICs are in the machines? What are the duplex settings?

    Laura
     
    Laura A. Robinson [MVP], Jan 24, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.