Not sure where to start. Here's some background on our server setup. In 2007 our small business was using a single Windows Server 2000 box. All users were connected to it as a workgroup. I setup a Windows 2003 server by making it a domain controller in the same domain name of jandjdog. Since then things have never been right with these two servers. I am pretty sure that some or all of the FSMO roles were never properly transferred to the 2003 server. Here are some of the issues we are experiencing right now.I'll refer to the windows 2003 server as server1 and the windows 2000 server as server2If I try to open AD Domains and Trusts snap in I receive the following message. 'The configuration information describing this enterprise is not available. The target principle name is incorrect'When I open the AD snap in on server1 I receive the following message. 'Naming information cannot be located because: The target principle name is incorrect. Contact your system administrator to verify that your domain is properly configured and is currently online.' When I click OK on this message the AD snap in appears and in the left pane Active directory Users and Computers has a red circle with an 'x' on it over the icon. If I right click on 'Active Directory Users and Computers' and choose 'Connect to Domain' I then enter our domain name of jandjdog and hit OK. Then my domain will show in the left pane and I can click on it to see all of our AD users, groups, etc. I used to be able to use the ntdsutil utility to check on the roles I had on server1, but now when I go to start\run\ntdsutil type roles <enter> type connections <enter> type connect to server server1 <enter> I receive this message.DwBindW error 0x5(Access is denied.)I'm to the point where I'm just chasing my own tail with all of this. Clearly I have a DNS issue, along with some other problems. Just not sure where to even begin to sort all of this out. I would greatly appreciate any information about this.Thanks, malaize

Hello Malaize,To start, please do the following and paste to the forum:got to command prompt and run dcdiag /v and ipconfig /all from both server 1 and server 2 respectively and post to the forum so we can help determine whatis going on.Isaac Oben MCITP:EA, MCSE

Hi Isaac,I didn't have the dcdiag installed on server1 (win2003 machine) so I downloaded it, but it just put dcdiag.exe on the desktop. When I ran the exe it opened a command prompt and displayed a lot of diagnostic results, but when it finished, the command prompt screen disappeared. I even opened up a command prompt by going to Start\Run\cmd and then typed dcdiag /v. It gave me the message of: 'dcdiag' is not recognized as an internal or external command, operable program or batch file. Did I install the wrong version of dcdiag? The win2003 server is running SP2.On server2 (win2000 machine) I downloaded dcdiag and installed it, but when I went to the command prompt and entered dcdiag /v it gave me the same message as server1 did. Here is the ipconfig /all info from both servers **from server1**C:\Documents and Settings\win2003server>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : win2003serverjjinc Primary Dns Suffix . . . . . . . : JandJDog Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : JandJDog Ethernet adapter Local Area Connection 3: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : HP Network Team #1 Physical Address. . . . . . . . . : 00-17-08-54-D8-16 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.1.7 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.3 DNS Servers . . . . . . . . . . . : 192.168.1.7 192.168.1.5 C:\Documents and Settings\win2003server>**from server2**C:\Documents and Settings\Administrator.WIN2KSERVER.000>ipconfig /all Windows 2000 IP Configuration Host Name . . . . . . . . . . . . : WIN2KSERVER Primary DNS Suffix . . . . . . . : JandJDog Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : Yes WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : JandJDog Ethernet adapter Local Area Connection 4: Media State . . . . . . . . . . . : Cable Disconnected Description . . . . . . . . . . . : HP NC3123 Fast Ethernet NIC #2 Physical Address. . . . . . . . . : 00-02-A5-4B-1F-CC Ethernet adapter Local Area Connection 3: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Compaq Network Teaming Virtual Miniport Physical Address. . . . . . . . . : 00-02-A5-87-6F-2E DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.1.5 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.3 DNS Servers . . . . . . . . . . . : 192.168.1.5 192.168.1.7 C:\Documents and Settings\Administrator.WIN2KSERVER.000>I'm sure this ipconfig info is useless until I can get the dcdiag to work properly.malaize

Please install the support tools from the Windows 2003 cd which will automatically instal bunch of tools which will contain dcdiag and lot more other tools too. Do you have Network Teaming enabled on the Domain Controller if yes I am afraid you have to break it and check the problem as Microsfot does not support Network teaming and Multihomed DCS.Thanks Syedhttp://technetfaqs.wordpress.com

Hi, Please check if the solution is the following KB article helps: How to use Netdom.exe to reset machine account passwords of a Windows Server domain controller http://support.microsoft.com/kb/325850This posting is provided "AS IS" with no warranties, and confers no rights.

Hello,your ip configuration looks ok so far."All users were connected to it as a workgroup. I setup aWindows 2003 server by making it a domain controller in the same domain name of jandjdog." Please clarify this more detailed, with the 200 machine was it a workgroup with the name "jandjdog" and you installed a domain with the same name "jandjdog"? Did you add the 2000 server to that domain or do they run only on the same network?Do you have on the DNS server the forward lookup one "jandjdog" or is it named with a FQDN like "jandjdog.xxx"? The "jandjdog" is called a singel label DNS name which is not the best solution for a domain, it works but should be avoided.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.

Hi everyone,I was able to get the Support Tools installed and ran dcdiag /v on server1 (windows 2003) and on server2 (windows 2000) and there are definitely some problems.Here is the output from server1 (windows 2003)d: From WIN2KSERVER to WIN2003SERVERJJ Naming Context: DC=JandJDog The replication generated an error (-2146893022): The target principal name is incorrect. The failure occurred at 2009-10-19 13:55:51. The last success occurred at 2009-07-01 15:49:05. 3278 failures have occurred since the last success. * Replication Latency Check REPLICATION-RECEIVED LATENCY WARNING WIN2003SERVERJJ: Current time is 2009-10-19 14:50:07. CN=Schema,CN=Configuration,DC=JandJDog Last replication recieved from WIN2KSERVER at 2009-07-01 15:49:05. WARNING: This latency is over the Tombstone Lifetime of 60 days! CN=Configuration,DC=JandJDog Last replication recieved from WIN2KSERVER at 2009-07-01 15:49:05. WARNING: This latency is over the Tombstone Lifetime of 60 days! DC=JandJDog Last replication recieved from WIN2KSERVER at 2009-07-01 15:49:05. WARNING: This latency is over the Tombstone Lifetime of 60 days! * Replication Site Latency Check ......................... WIN2003SERVERJJ passed test Replications Test omitted by user request: Topology Test omitted by user request: CutoffServers Starting test: NCSecDesc * Security Permissions check for all NC's on DC WIN2003SERVERJJ. * Security Permissions Check for DC=ForestDnsZones,DC=JandJDog (NDNC,Version 2) * Security Permissions Check for DC=DomainDnsZones,DC=JandJDog (NDNC,Version 2) * Security Permissions Check for CN=Schema,CN=Configuration,DC=JandJDog (Schema,Version 2) * Security Permissions Check for CN=Configuration,DC=JandJDog (Configuration,Version 2) * Security Permissions Check for DC=JandJDog (Domain,Version 2) ......................... WIN2003SERVERJJ passed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check Unable to connect to the NETLOGON share! (\\WIN2003SERVERJJ\netlogon) [WIN2003SERVERJJ] An net use or LsaPolicy operation failed with error 1203, No network provider accepted the given network path.. ......................... WIN2003SERVERJJ failed test NetLogons Starting test: Advertising Warning: DsGetDcName returned information for \\WIN2KSERVER.JandJDog, when we were trying to reach WIN2003SERVERJJ. Server is not responding or is not considered suitable. The DC WIN2003SERVERJJ is advertising itself as a DC and having a DS. The DC WIN2003SERVERJJ is advertising as an LDAP server The DC WIN2003SERVERJJ is advertising as having a writeable directory The DC WIN2003SERVERJJ is advertising as a Key Distribution Center Warning: WIN2003SERVERJJ is not advertising as a time server. [WIN2KSERVER] LDAP search failed with error 58, The specified server cannot perform the requested operation.. Server WIN2003SERVERJJ is advertising as a global catalog, but it could not be verified that the server thought it was a GC. ......................... WIN2003SERVERJJ failed test Advertising Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings,CN=WIN2003SERVERJJ,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=JandJDog Role Domain Owner = CN=NTDS Settings,CN=WIN2003SERVERJJ,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=JandJDog Role PDC Owner = CN=NTDS Settings,CN=WIN2003SERVERJJ,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=JandJDog Role Rid Owner = CN=NTDS Settings,CN=WIN2003SERVERJJ,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=JandJDog Role Infrastructure Update Owner = CN=NTDS Settings,CN=WIN2003SERVERJJ,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=JandJDog ......................... WIN2003SERVERJJ passed test KnowsOfRoleHolders Starting test: RidManager * Available RID Pool for the Domain is 2602 to 1073741823 * win2003serverjjinc.JandJDog is the RID Master * DsBind with RID Master was successful * rIDAllocationPool is 2102 to 2601 * rIDPreviousAllocationPool is 2102 to 2601 * rIDNextRID: 2106 ......................... WIN2003SERVERJJ passed test RidManager Starting test: MachineAccount Checking machine account for DC WIN2003SERVERJJ on DC WIN2003SERVERJJ. * SPN found :LDAP/win2003serverjjinc.JandJDog/JandJDog * SPN found :LDAP/win2003serverjjinc.JandJDog * SPN found :LDAP/WIN2003SERVERJJ * SPN found :LDAP/win2003serverjjinc.JandJDog/JANDJDOG * SPN found :LDAP/7444f571-9796-422d-9771-c9a7c6c421e6._msdcs.JandJDog * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/7444f571-9796-422d-9771-c9a7c6c421e6/JandJDog * SPN found :HOST/win2003serverjjinc.JandJDog/JandJDog * SPN found :HOST/win2003serverjjinc.JandJDog * SPN found :HOST/WIN2003SERVERJJ * SPN found :HOST/win2003serverjjinc.JandJDog/JANDJDOG * SPN found :GC/win2003serverjjinc.JandJDog/JandJDog ......................... WIN2003SERVERJJ passed test MachineAccount Starting test: Services * Checking Service: Dnscache * Checking Service: NtFrs * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: RpcSs * Checking Service: w32time * Checking Service: NETLOGON ......................... WIN2003SERVERJJ passed test Services Test omitted by user request: OutboundSecureChannels Starting test: ObjectsReplicated WIN2003SERVERJJ is in domain DC=JandJDog Checking for CN=WIN2003SERVERJJ,OU=Domain Controllers,DC=JandJDog in domain DC=JandJDog on 1 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=WIN2003SERVERJJ,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=JandJDog in domain CN=Configuration,DC=JandJDog on 1 servers Object is up-to-date on all servers. ......................... WIN2003SERVERJJ passed test ObjectsReplicated Starting test: frssysvol * The File Replication Service SYSVOL ready test The registry lookup failed to determine the state of the SYSVOL. The error returned was 0 (The operation completed successfully.). Check the FRS event log to see if the SYSVOL has successfully been shared. ......................... WIN2003SERVERJJ passed test frssysvol Starting test: frsevent * The File Replication Service Event log test There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. An Warning Event occured. EventID: 0x800034C4 Time Generated: 10/18/2009 20:13:14 (Event String could not be retrieved) ......................... WIN2003SERVERJJ failed test frsevent Starting test: kccevent * The KCC Event log test Found no KCC errors in Directory Service Event log in the last 15 minutes. ......................... WIN2003SERVERJJ passed test kccevent Starting test: systemlog * The System Event log test An Error Event occured. EventID: 0x40000004 Time Generated: 10/19/2009 13:50:42 Event String: The kerberos client received aKRB_AP_ERR_MODIFIED error from the serverWIN2KSERVER$. The target name used wascifs/WIN2KSERVER.JandJDog. This indicates thatthe password used to encrypt the kerberos serviceticket is different than that on the targetserver. Commonly, this is due to identicallynamed machine accounts in the target realm(JANDJDOG), and the client realm. Pleasecontact your system administrator. An Error Event occured. EventID: 0x40000004 Time Generated: 10/19/2009 13:55:51 Event String: The kerberos client received aKRB_AP_ERR_MODIFIED error from the serverWIN2KSERVER$. The target name used was . Thisindicates that the password used to encrypt thekerberos service ticket is different than that onthe target server. Commonly, this is due toidentically named machine accounts in the targetrealm (JANDJDOG), and the client realm. Pleasecontact your system administrator. An Error Event occured. EventID: 0x40000004 Time Generated: 10/19/2009 14:18:49 Event String: The kerberos client received aKRB_AP_ERR_MODIFIED error from the serverWIN2KSERVER$. The target name used wasldap/WIN2KSERVER.JandJDog. This indicates thatthe password used to encrypt the kerberos serviceticket is different than that on the targetserver. Commonly, this is due to identicallynamed machine accounts in the target realm(JANDJDOG), and the client realm. Pleasecontact your system administrator. An Error Event occured. EventID: 0x40000004 Time Generated: 10/19/2009 14:33:04 Event String: The kerberos client received aKRB_AP_ERR_MODIFIED error from the serverWIN2KSERVER$. The target name used waswin2kserver$@JANDJDOG. This indicates that thepassword used to encrypt the kerberos serviceticket is different than that on the targetserver. Commonly, this is due to identicallynamed machine accounts in the target realm(JANDJDOG), and the client realm. Pleasecontact your system administrator. An Error Event occured. EventID: 0x40000004 Time Generated: 10/19/2009 14:37:03 Event String: The kerberos client received aKRB_AP_ERR_MODIFIED error from the serverWIN2KSERVER$. The target name used wasLDAP/WIN2KSERVER.JandJDog/JandJDog@JANDJDOG. Thisindicates that the password used to encrypt thekerberos service ticket is different than that onthe target server. Commonly, this is due toidentically named machine accounts in the targetrealm (JANDJDOG), and the client realm. Pleasecontact your system administrator. An Error Event occured. EventID: 0x40000004 Time Generated: 10/19/2009 14:45:30 Event String: The kerberos client received aKRB_AP_ERR_MODIFIED error from the serverWIN2KSERVER$. The target name used wasJANDJDOG\WIN2KSERVER$. This indicates that thepassword used to encrypt the kerberos serviceticket is different than that on the targetserver. Commonly, this is due to identicallynamed machine accounts in the target realm(JANDJDOG), and the client realm. Pleasecontact your system administrator. ......................... WIN2003SERVERJJ failed test systemlog Test omitted by user request: VerifyReplicas Starting test: VerifyReferences The system object reference (serverReference) CN=WIN2003SERVERJJ,OU=Domain Controllers,DC=JandJDog and backlink on CN=WIN2003SERVERJJ,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=JandJDog are correct. The system object reference (frsComputerReferenceBL) CN=WIN2003SERVERJJ,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=JandJDog and backlink on CN=WIN2003SERVERJJ,OU=Domain Controllers,DC=JandJDog are correct. The system object reference (serverReferenceBL) CN=WIN2003SERVERJJ,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=JandJDog and backlink on CN=NTDS Settings,CN=WIN2003SERVERJJ,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=JandJDog are correct. ......................... WIN2003SERVERJJ passed test VerifyReferences Test omitted by user request: VerifyEnterpriseReferences Test omitted by user request: CheckSecurityError Running partition tests on : ForestDnsZones Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Running partition tests on : DomainDnsZones Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : JandJDog Starting test: CrossRefValidation ......................... JandJDog passed test CrossRefValidation Starting test: CheckSDRefDom ......................... JandJDog passed test CheckSDRefDom Running enterprise tests on : JandJDog Starting test: Intersite Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments provided. ......................... JandJDog passed test Intersite Starting test: FsmoCheck Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355 A Global Catalog Server could not be located - All GC's are down. PDC Name: \\win2003serverjjinc.JandJDog Locator Flags: 0xe00003fd Warning: DcGetDcName(TIME_SERVER) call failed, error 1355 A Time Server could not be located. The server holding the PDC role is down. Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355 A Good Time Server could not be located. KDC Name: \\WIN2KSERVER.JandJDog Locator Flags: 0xe00001bc ......................... JandJDog failed test FsmoCheck Test omitted by user request: DNS Test omitted by user request: DNS C:\Documents and Settings\win2003server>Here is the output from dcdiag /v on server2 (windows 2000)C:\Documents and Settings\Administrator.WIN2KSERVER.000>dcdiag /v Domain Controller Diagnosis Performing initial setup: * Verifying that the local machine WIN2KSERVER, is a DC. * Connecting to directory service on server WIN2KSERVER. * Collecting site info. * Identifying all servers. * Found 3 DC(s). Testing 1 of them. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\WIN2KSERVER Starting test: Connectivity * Active Directory LDAP Services Check WIN2KSERVER's server GUID DNS name could not be resolved to an IP address. Check the DNS server, DHCP, server name, etc Although the Guid DNS name (dcf384fc-4b21-438d-a352-60fcb3dc7087._msdcs.JandJDog) couldn't be resolved, the server name (WIN2KSERVER.JandJDog) resolved to the IP address (169.254.78.52) and was pingable. Check that the IP address is registered correctly with the DNS server. ......................... WIN2KSERVER failed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\WIN2KSERVER Skipping all tests, because server WIN2KSERVER is not responding to directory service requests Test omitted by user request: Topology Test omitted by user request: CutoffServers Test omitted by user request: OutboundSecureChannels Running enterprise tests on : JandJDog Starting test: Intersite Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments provided. ......................... JandJDog passed test Intersite Starting test: FsmoCheck GC Name: \\WIN2KSERVER.JandJDog Locator Flags: 0xe00001bc Error: The server returned by DsGetDcName() did not match DsListRoles()for the PDC PDC Name: \\win2003serverjjinc.JandJDog Locator Flags: 0xe00003fd Warning: DcGetDcName(TIME_SERVER) call failed, error 1355 A Time Server could not be located. The server holding the PDC role is down. Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355 A Good Time Server could not be located. KDC Name: \\WIN2KSERVER.JandJDog Locator Flags: 0xe00001bc ......................... JandJDog failed test FsmoCheck C:\Documents and Settings\Administrator.WIN2KSERVER.000> Where should I begin?Thanks, Eli

Hi, Based on the error message,I suggest that1. Please verify that the DNS records are registered correctly and the domain controllers can ping each other. 2. Plesae follow the steps in the following KB article to reset the machine password of domain controller: 288167 Error Message "Target Principal Name is Incorrect" When Manually Replicating Data Between Domain Controllers http://support.microsoft.com/default.aspx?scid=kb;EN-US;288167 In addition, please answer Meinolfs questions so that we can better understand the network environment. Are there three domain controllers in the domain? Performing initial setup: * Verifying that the local machine WIN2KSERVER, is a DC. * Connecting to directory service on server WIN2KSERVER. * Collecting site info. * Identifying all servers. * Found 3 DC(s). Testing 1 of them. Thanks.This posting is provided "AS IS" with no warranties, and confers no rights.

Hi Joson,Each server was able to ping the other. On server1 (windows 2003) I have 3 Forward Lookup Zones. I think there are 3 because I was trying to troubleshoot the DNS issues and created new Forward Lookup Zones. I'm guessing that I should only need to use 1? The names of these zones are: jandjdog, new.Win2003serverDNS, newzone.jandjdog.comWhen I open the Active Directory Users and Computers snap-in and go to Domain Controllers it lists the two DCs. WIN2003SERVERJJ, WIN2KSERVERUp until a few weeks ago it did list a third domain called WIN2003SERVER, but I deleted it. When I initially tried setting up server1 (windows 2003) 2 years ago I didn't set it up right, so I started over the user acct creation, DNS, Domain Controller, etc. I'm pretty sure that is where things got gaffed up. (and haven't been right since)Thanks, malaize

Hi,Have you tried the steps in the KB article 288167? Please let me know the result.Thanks.This posting is provided "AS IS" with no warranties, and confers no rights.

HI Joson,I went to server1 (Windows 2003) and checked the Operations Master and server1 is set as as the Operations Master. A few weeks back the Operations Master said 'ERROR'. I clicked on the Change button below and made it the Operations Master. (Hopefully that was ok to do.) I went to server2 (Windows 2000) and first checked the RID tabon theOperations Master pop-up and it had ERROR under the Operations Master. On the PDC tab it listed server2 as the PDC. I clicked on the Change button to try and change the Operations Master to server1. When I clicked 'Change' the following message appeared. 'The current domain controller is the Operations Master. To transfer the Operations Master to another DC, you must first connect to it. 2-3 weeks ago I followed the directions in an article I found and disabled the Kerberos Key Distribution Center Service on both server1(windows 2003) and server2 (windows2000). (turned off the service and disabled it from starting when the servers are booted) I then rebooted both servers and server1 took 16minutes to come back online. It sat on the 'Preparing Network Connections' message for at least 8 minutes. Server2 wouldn't fully boot after a couple of attempts. (after letting it try to boot for over 30mins each time) I left it and the next morning it had finally come back online. This scared me so I turned the KDC back on. Do you think I should try disabling it again?Thanks, Malaize

Hello,after reading alll the outputs my suggestions will be different from the others, i think you have to go on with only one DC, the new 2003 DC.Which name does the 2003 server have "win2003serverjjinc" or "WIN2003SERVERJJ" or is it a typo in the output of ipconfig or dcdiag?As the 2003 DC has stopped replicating with the 2000 DC for whatever reason, i suggest to remove the 2000 DC physically from the network and cleanup the 2003 DC from all information belonging to the old 2000 DC according to:http://support.microsoft.com/kb/555846/en-usThen NEVER reconnect the 2000 machine to the network, either reformat(my preferred option) or at least run dcpromo /forceremoval on it to demote toa member and then make it a workgroupserver.As your domain name is JandJDog, a so called single label domain name(bad option), you should think about renaming or following this article for DNS for starting now:http://support.microsoft.com/kb/300684Remove all other zonesthen JandJDog in forward lookup zone. Make sure the 2003 DC is listed with it's A record and the Nameserver record.Configure it as the domain time source to an external time server, because it is the PDCEmulator:w32tm /config /manualpeerlist:PEERS /syncfromflags:manual /reliable:yes /update With "PEERS" you can set the time source, either DNS name (time.windows.com) or an ip address from a reliable time source. Here you can find some of them:http://www.pool.ntp.org/ Maybe you have to reset the domain machines time sync with:w32tm /config /syncfromflags:domhier /update After that run:net stop w32timenet start w32timeBest regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.