Hello, I have recenlty added a domain controller...My intenetion was to have a replication partner with my PDC (this is all Server 2003 r2) the rplmon tool tells me I am replicating OK but I had an incendnt lately where there was an unexpected restart of the PDC there were many problems the #2 DC appeared to be authenticating users ( I did the SET command in a DOS box and saw the login server= DC #2) that is good...but the users that did get authenticated by DC #2 were kind dead in the water as if they had no DNS guidance...during this malady I noticed that (using replmon) the #2 guy was not able to replacte with the #1 guy......... essentailly , I had to wait till #1 came all they way back up and then ues the replmon tool to replicate now ( I think it says" synchronize now" after abit it started to work and all settled down any idea what I need to have in palce so when #1 goes down ( planned or not) that #2 picks up the slack and permits smooth domain access ? Should I be runnig Active direcroty services on the #2 DC ?? it is not at the moment ?

Hello, if i understand you correct you added a second domain controller to the domain, which is not DNS/GC until now? If users are authenticated via DC2 it should also be DNS server, otherwise you can't logon if DC1 is the only DNS server in the domain, please clarify the DNS setup. Please post an unedited ipconfig /all from both DCs, so we can verify the settings for starting. Replmon to control replication is an option but more powerful is repadmin command line tool.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

I think DNS server was not enabled......it is now (on DC#2) DC #1 (PDC) C:\Documents and Settings\administrator.ADMINISTRATION>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : ml570g3dc Primary Dns Suffix . . . . . . . : administration.eriecountygov.org Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : Yes WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : administration.eriecountygov.org eriecountygov.org Ethernet adapter Local Area Connection 3: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : HP Network Team #1 Physical Address. . . . . . . . . : 00-17-A4-4B-30-77 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.50.45 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.50.10 DNS Servers . . . . . . . . . . . : 192.168.50.45 192.168.50.48 Primary WINS Server . . . . . . . : 192.168.50.48 Secondary WINS Server . . . . . . : 192.168.30.46 DC #2 C:\Documents and Settings\administrator.ADMINISTRATION>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : ml350g5bpm Primary Dns Suffix . . . . . . . : administration.eriecountygov.org Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : administration.eriecountygov.org eriecountygov.org Ethernet adapter Local Area Connection 3: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : HP Network Team #1 Physical Address. . . . . . . . . : 00-1F-29-62-8B-B4 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.50.48 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.50.10 DNS Servers . . . . . . . . . . . : 192.168.50.45 192.168.50.48 Primary WINS Server . . . . . . . : 192.168.50.48 Secondary WINS Server . . . . . . : 192.168.30.46 C:\Documents and Settings\administrator.ADMINISTRATION>

Hello, for starting, if you use teamed NICs on a DC, make sure that only failover is configured, load balancing is NOT supported from Microsoft. On ml570g3dc remove RRAS functionality this is also not recommended for a DC and can result in problems. What kind of WINS server is 192.168.30.46, it is none of the DCs? And in a pure Windows domain there is WINS normally not needed. Which applications do you run that require WINS? As the ipconfig basically looks ok, please use the support tools so we can control what is going on between the DCs: dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt netdiag /v >c:\netdiag.txt [from each DC, netdiag may work but isn't supported with Windows server 2008 and don't run on Windows server 2008 R2] repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt ["dc* is a place holder for the starting name of the DCs if they all begin the same (if more then one DC exists)] dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045) As the output will become large, DON'T post them into the thread, please use Windows Sky Drive(with open access!) and add the link from it here. Also the /e in dcdiag scans the complete forest, so better run it on COB.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

I have generated the dcdiag.txt not sure what COB means (close of busieness?) IE afterhours? I am researching how to set up SkyDrive please bear with me thanks

Ok I thinkI ahve the SkyDrive set up... its under Daniel DeCoursey I am not sure how I getback into the SD..... or how I would go into your SD ??

Hello, COB = Close of business, correct. Windows Sky drive = http://skydrive.live.com, upload the files to your account and if they are uploaded then just copy the link from internet explorer.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

did you add the second domain controller to be a global catalog server? if not the users will not be able to logon if the other DC is offline. To add a new global catalog: On the domain controller where you want the new global catalog, start the Active Directory Sites and Services snap-in. To start the snap-in, click Start , point to Programs , point to Administrative Tools , and then click Active Directory Sites and Services . In the console tree, double-click Sites , and then double-click <var>sitename</var> . Double-click Servers , click your domain controller, right-click NTDS Settings , and then click Properties . On the General tab, click to select the Global catalog check box to assign the role of global catalog to this server. Restart the domain controller

The file is in the Quickdocs folder..thanks for the help sofar..... http://cid-bd95d9f727cb8e30.skydrive.live.com/home.aspx?sa=513631986

There's a lot of information to sift through. I'm going to skip it because you provided the most useful information in your first post. Too many dcdiags to resolve the real problem.... "Should I be runnig Active direcroty services on the #2 DC ?? it is not at the moment ?" Yes, in order to authenticate users and replicate data, Server #2 must have Active Directory installed, as Naser stated, you will want this server to be a Global Catalog server to provide smooth seamless operations if a DC begins to fail. However, in child domains, you should want them to authenticate by parent domains unless these child-domains just so happen to be across the world... for latency reasons. Your First step... Promote your Server. Your Second step... Plan for failure - See below Your Third step... Test your setup... Plan for failure You will also want to configure your FSMO Roles with standby operators as well, should a DC not be able to return to the game for the rest of the season! (i.e.; complete system failures that require 3xR's, Repair, Reinstall, Restore). Here's a link for a "how-to" from Daniel Petri. http://www.petri.co.il/planning_fsmo_roles_in_ad.htm Testing When you promote your server with "dcpromo", please let me know how well Server #2 will process authentications if you unplug server#1's network cable. It doesn't require supreme shutdowns or anything... just sever communications for about 5 minutes from server 1. Run Ipconfig /flushdns on a client... or reboot a client. Try to re-authenticate back to the domain. Also... this may backfire if you have "caching" enabled... So try a NEW temporary USER account to login with that will require some aide from the domain controller and not the local system cache. Best Regards, Steve Kline Microsoft Certified IT Professional: Server Administrator Microsoft Certified Product Specialist Microsoft Certified Network Product Specialist Red Hat Certified System Administrator This posting is "as is" without warranties and confers no rights.

There's a lot of information to sift through. I'm going to skip it because you provided the most useful information in your first post. Too many dcdiags to resolve the real problem.... "Should I be runnig Active direcroty services on the #2 DC ?? it is not at the moment ?" Yes, in order to authenticate users and replicate data, Server #2 must have Active Directory installed, as Naser stated, you will want this server to be a Global Catalog server to provide smooth seamless operations if a DC begins to fail. However, in child domains, you should want them to authenticate by parent domains unless these child-domains just so happen to be across the world... for latency reasons. First step... Promote your Server **EDIT** Second Step - Update DHCP Third step... Plan for failure - See below Fourth step... Test your setup... Update DHCP Open DHCP Console on your DHCP server Navigate the path: Server > IPv4 > Server options With Server options selected, you can right click on '006 DNS Servers' to the right and select properties. Add the IP for your second domain controller/dns server. So your clients will know who to goto next if DC1 doesn't respond. Plan for failure You will also want to configure your FSMO Roles with standby operators as well, should a DC not be able to return to the game for the rest of the season! (i.e.; complete system failures that require 3xR's, Repair, Reinstall, Restore). Here's a link for a "how-to" from Daniel Petri. http://www.petri.co.il/planning_fsmo_roles_in_ad.htm Testing You may want to a new temporary user before you perform all of these steps.When you promote your server with "dcpromo", please let me know how well Server #2 will process authentications if you unplug server#1's network cable. It doesn't require supreme shutdowns or anything... just sever communications for about 5 minutes from server 1. After it's disconnected... Run These Commands Ipconfig /flushdns Ipconfig /release Ipconfig /renew Reboot the client. Then try to re-authenticate back to the domain with the new account... if all is well. Have a wonderful Christmas holiday, don't forget to give me a vote. If not... just reply and we'll see where to go from there. Best Regards, Steve Kline Microsoft Certified IT Professional: Server Administrator Microsoft Certified Product Specialist Microsoft Certified Network Product Specialist Red Hat Certified System Administrator This posting is "as is" without warranties and confers no rights.

Hello, which machines are the as forwarders listed: TEST: Forwarders/Root hints (Forw) Recursion is enabled Forwarders Information: 192.168.1.21 (<name unavailable>) [Valid] 192.168.1.22 (<name unavailable>) [Valid] The rest of the dcdiag output looks ok so far. What about the other still open questions? Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Ok..I have done this step...as you se I get one chance a week to get back into this ...thanks

In our building we have 2 domains with 2 trust between us the other domain has the infastructure that supporst our interent access ( routers/firewalls etc...) and our domain gets over on that network (192.168.1.0) via my Cicso L3 switch the forwarders listed here (these addresses) have been supplied to me buy the NetAdmin over on that domain

Hello, ok then for the forwarders, they are sued for the trust and also for internet access on the over the other domain. There are still some open questions, please check again from the beginning, GC, WINS etc. and don't forget the add the other output files to Windows sky drive.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.