Weird AD problem....oakfan52?

L

LittleMe

2[H]4U
Joined
Feb 20, 2001
Messages
2,977
I'm getting these error's on both of the DC's in my forest root, and the child domain. All servers are brand new installs, fully updated, Server 2003 R2 (not Dell installs, my own). Servers are Dell PowerEdge 2850's (2x Dual Core Xeons, 4GB RAM, 6x 300GB HDD, on-board Intel Pro 1000MT). The second NIC has been disabled, the primary NIC is moved into the top of the connections list. All IP's are hardcoded, the 2 forest root's are running DNS, all are GC's. I feel like the network isn't up when they try to lookup DNS, but the 2 forest root's are set to themself for primary and the other as secondary yet they both get these events as well. I've tried a C3750, C3550, and an HP procurve switch. The weird part is that it clears up with-in a few seconds of the first logged event and all replication is fine afterwords as well.

Events are posted below

Code: 
Event Type:	Information
Event Source:	NTDS General
Event Category:	Global Catalog 
Event ID:	1869
Date:		6/15/2006
Time:		6:03:53 PM
User:		NT AUTHORITY\SYSTEM
Computer:	Child-DC1
Description:
Active Directory has located a global catalog in the following site. 
 
Global catalog:
\\fr1.domain.local 
Site: Default-Site-Name





Event Type:	Warning
Event Source:	NTDS General
Event Category:	Global Catalog 
Event ID:	1655
Date:		6/15/2006
Time:		6:03:53 PM
User:		NT AUTHORITY\SYSTEM
Computer:	Child-DC1
Description:
Active Directory attempted to communicate with the following global catalog and the attempts were unsuccessful. 
 
Global catalog:
\\fr1.domain.local 
 
The operation in progress might be unable to continue. Active Directory will use the domain controller locator to try to find an 

available global catalog server. 
 
Additional Data 
Error value:
1908 Could not find the domain controller for this domain.





Event Type:	Information
Event Source:	NTDS General
Event Category:	Global Catalog 
Event ID:	1869
Date:		6/15/2006
Time:		6:03:53 PM
User:		NT AUTHORITY\SYSTEM
Computer:	Child-DC1
Description:
Active Directory has located a global catalog in the following site. 
 
Global catalog:
\\fr2.domain.local 
Site: Default-Site-Name





Event Type:	Warning
Event Source:	NTDS General
Event Category:	Global Catalog 
Event ID:	1655
Date:		6/15/2006
Time:		6:03:53 PM
User:		NT AUTHORITY\SYSTEM
Computer:	Child-DC1
Description:
Active Directory attempted to communicate with the following global catalog and the attempts were unsuccessful. 
 
Global catalog:
\\fr2.domain.local 
 
The operation in progress might be unable to continue. Active Directory will use the domain controller locator to try to find an 

available global catalog server. 
 
Additional Data 
Error value:
1908 Could not find the domain controller for this domain.





Event Type:	Information
Event Source:	NTDS General
Event Category:	Global Catalog 
Event ID:	1869
Date:		6/15/2006
Time:		6:03:54 PM
User:		NT AUTHORITY\SYSTEM
Computer:	Child-DC1
Description:
Active Directory has located a global catalog in the following site. 
 
Global catalog:
\\Child-DC1.child.domain.local 
Site: Default-Site-Name





Event Type:	Warning
Event Source:	NTDS General
Event Category:	Global Catalog 
Event ID:	1655
Date:		6/15/2006
Time:		6:03:54 PM
User:		NT AUTHORITY\SYSTEM
Computer:	Child-DC1
Description:
Active Directory attempted to communicate with the following global catalog and the attempts were unsuccessful. 
 
Global catalog:
\\Child-DC1.child.domain.local 
 
The operation in progress might be unable to continue. Active Directory will use the domain controller locator to try to find an 

available global catalog server. 
 
Additional Data 
Error value:
1908 Could not find the domain controller for this domain.





Event Type:	Error
Event Source:	NTDS General
Event Category:	Global Catalog 
Event ID:	1126
Date:		6/15/2006
Time:		6:03:54 PM
User:		NT AUTHORITY\SYSTEM
Computer:	Child-DC1
Description:
Active Directory was unable to establish a connection with the global catalog. 
 
Additional Data 
Error value:
1355 The specified domain either does not exist or could not be contacted. 
Internal ID:
3200d11 
 
User Action: 
Make sure a global catalog is available in the forest, and is reachable from this domain controller.  You may use the nltest 

utility to diagnose this problem.





Event Type:	Information
Event Source:	NTDS General
Event Category:	Service Control 
Event ID:	1394
Date:		6/15/2006
Time:		6:04:00 PM
User:		NT AUTHORITY\ANONYMOUS LOGON
Computer:	Child-DC1
Description:
All problems preventing updates to the Active Directory Database have been cleared. New updates to the Active Directory database 

are succeeding. The Net Logon service has restarted.





Event Type:	Information
Event Source:	NTDS General
Event Category:	Global Catalog 
Event ID:	1869
Date:		6/15/2006
Time:		6:18:31 PM
User:		NT AUTHORITY\ANONYMOUS LOGON
Computer:	Child-DC1
Description:
Active Directory has located a global catalog in the following site. 
 
Global catalog:
\\Child-DC1.child.domain.local 
Site: Default-Site-Name
 
just a thought, but maybe DNS isn't starting before the first replication attempt?

Check your timestamps and see when your DNS server is starting, then compare it to the timestamps on these errors.
 
DarkOne_BW said:
just a thought, but maybe DNS isn't starting before the first replication attempt?

Check your timestamps and see when your DNS server is starting, then compare it to the timestamps on these errors.
Click to expand...
I've seen this before. It's not usually a big deal. These are probably warmings and not errors right?
 
DNS isn't running on the child DC, but is on the forest root servers, so that's up before they boot. All are warnings except for Event 1126, which is an error but within 10 seconds, I get the event that problems preventing updates are all ok and a GC is located and talked to.
 
Ok, got off the phone with MSPSS about an hour ago, after almost 7 hours today. I'm now getting a less warnings but the same Error 1126 but no more 1869 or 1655's. Now I get 2 releated to not being able to resolve the address of the 2 forest root controllers, so I don't see it as moving forward.

They installed DNS on the child DC and pointed it at itself, delegated the child domain DNS zone to it, setup zone transfer to it for the root DNS zone, and set it up to forward up to the root servers. Tried a few registry settings, the guy I got in the first place setup the Netlogon service to be dependent on DNS, but DNS wasn't installed on it at that time. I ran around in circles with him for about 20 minutes before he finally realized DNS wasn't installed.

After everything, they're saying I have 2 options. Either live with the errors on restart since it sorts itself out with seconds and all replication shows successful after 15 minutes or make DNS a dependency of the Netlogon service to try and slow it down. They say Netlogon is just too quick and doesn't wait for the network to be up before it tries to move on.

I'm going to try something different, since this is non-production at this point, I'm going to blow everything off and try Server 2003 RTM since I had it installed on this hardware without these problems, then upgrading them to SP1 after setting up AD and finally to R2. They said there were changes to SP1 with start-up that *could* be blocking all network access until everything is up.
 
Before doing all that, try setting the wait for network group policy for the domain to enabled.
 
MorfiusX said:
Before doing all that, try setting the wait for network group policy for the domain to enabled.
Click to expand...

Already tried it as well as the DisableDHCPMediaSense and "Wait for Link" in the Intel adapter properties. No go on them all. The odd part, is this doesn't plauge any of the DC's in the root domain, only those added to child domains.
 
You must log in or register to reply here.
Back
Top