DNS not syncing between PDC and BDC

  • Thread starter Thread starter Guest
  • Start date Start date
Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

Hello, if anyone could help I'd be most appreciative. I'll try to make
this simple.

ISSUE: PDC and BDC are not synchronizing their Active Directory user
accounts.

DATA: The PDC, a Windows 2000 SP4 server, which primarily acts as a
data and print server had not received any updates in 1.5 years.
Someone decided to update the server which included all of these
updates. On reboot the computer hung on "Perparing network
connections...". A repair installation (overtop) was installed and now
the server allows you to log in. The BDC (Also WIN 2000 SP4 Server)
gives error messages regarding it's inability to find the GC (Global
Catalog). The BDC is primarily a Terminal Server and a software
package that resides on the Terminal Server which requires users having
at least Power User rights will not work unless you are logged in as
the administrator on the Terminal Server. If you try to add any groups
of users or individual users to Administrators you receive messages
regarding the the inability to find the Global Catalog.


IDEAS: Can I demote the PDC (which was the one that received the
updates), effectively turning the BDC into the new PDC?

Thanks in advance!
 
Archived from groups: microsoft.public.win2000.dns (More info?)

A little update: The PDC that had to be rebuilt was not upgraded back
to SP4 until after my original post. As a result the BDC no longer
complains about the Global Catalog.

What event in the event view would show synchronization?

Thanks!
 
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:1122474917.336938.21290@o13g2000cwo.googlegroups.com,
usenet.lloydgm@choicemail1.com <usenet.lloydgm@choicemail1.com> stated,
which I then commented on below:
> A little update: The PDC that had to be rebuilt was not upgraded back
> to SP4 until after my original post. As a result the BDC no longer
> complains about the Global Catalog.
>
> What event in the event view would show synchronization?
>
> Thanks!

The NTFRS event log will show if you have any problems with replication but
not necessarily if replication is working, but only after there was a
problem would it state that replication has been established between the
problem DCs. ALso, all DCs should be of the same SP level due to variances.

But first, just an FYI, there is no such thing as a PDC or BDC in Active
Directory. One server may hold a PDC Emulator FSMO Role that performs
certain functions, but nothing like what a PDC did in NT4. The way your post
was written sounds like you have an NT4 domain. All domain controllers are
equal entities in AD. They are all master replicas, not like NT4 where one
is the master where all data is created and altered and the BDCs just
receive copies of the database. In AD you can change anything anywhere at
anytime and only the changes get replicated around.

The FSMO roles can be transferred dynamically between DCs. But you need a
really good reason to transfer them. There are few reasons, many are design
based reasons and service reasons because one FSMO cannot work with a GC.
Keep in mind, a GC is NOT a FSMO, but rather a service that runs on a DC. If
you lose a DC, depending on what FSMO role it held, we need to determine if
we can transfer that role or not to another DC. Some roles cannot be just
transferred and moved back if the original DC holding the role is back up
online. Some roles you can. If a DC is damaged beyond repair, then depending
on which role(s) it held, we can need to force or "seize" the role and move
it to another DC but depending on which FSMO role it is, the original one
may not be ever allowed to come back up online or serious issues can result.

Here's more info on FSMO Roles below, but keep in mind, it is nothing like
NT4.

197132 - Windows 2000 Active Directory FSMO Roles:
http://support.microsoft.com/?id=197132

255690 - HOW TO View and Transfer FSMO Roles in the Graphical User
Interface:
http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b255690

That said, re-reading your original post, the issues you describe tells me
you may have a possible DNS misconfiguration. I've seen this with many NT4
administrators who have upgraded to Active Directory. DNS is the focal point
of AD. DNS stores all of AD's service locations. Whenever any machine in an
AD environment is "looking" for an AD service or function (such as logging
in, booting up, authentication requests, etc), it queries DNS asking it
where to find the DC that will handle that appropriate service. GCs are
found by asking DNS. If you are using an ISP's DNS address in any machines'
IP properties (this includes DCs, member servers and clients), then the
ISP's DNS does not have that answer. Even if you mix up internal DNS and
ISP's DNS addresses, the resolver algorithm can still have trouble asking
the correct DNS server.

So first the best way to determine how to help is to view your current
configuration of your DCs and one of your clients. If you can post some of
this info, one of the many MVPs and engineers in the newsgroup will be more
than happy to point out where the problem is:

1. Unedited ipconfig /all from a client and from your DC(s)
2. The actual DNS domain name of AD (found in ADUC)
3. The zonename spelling in your Forward Lookup Zones in DNS for your AD
zone.
4. If updates are set to allow under the zone's properties
5. If thany of the DCs have more than one NIC
6. Do you have a firewall? If so, what brand? (not needed here)
7. Is/are forwarder(s) configured?
8. Do the SRV records exist under your zone name?
9. dcdiag /v /fix (post the results please)
10. netdiag /v /fix (post the results please)
11. dnscmd /enumzones yourADdomainname.com (post results please)
12. net start (post results please)

Thanks!

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================
 
Archived from groups: microsoft.public.win2000.dns (More info?)

"" wrote:
> A little update: The PDC that had to be rebuilt was not
> upgraded back
> to SP4 until after my original post. As a result the BDC no
> longer
> complains about the Global Catalog.
>
> What event in the event view would show synchronization?
>
> Thanks!

are there any event id errors in the event logs?

What does DCDIAG /V say on each DC?

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/DNS-syncing-PDC-BDC-ftopict401324.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1327610
 
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:1122471296.681336.142800@g14g2000cwa.Google.com,
usenet.lloydgm@choicemail1.com <usenet.lloydgm@choicemail1.com> posted this:
> Hello, if anyone could help I'd be most appreciative. I'll try to
> make this simple.
>
> ISSUE: PDC and BDC are not synchronizing their Active Directory user
> accounts.
>
> DATA: The PDC, a Windows 2000 SP4 server, which primarily acts as a
> data and print server had not received any updates in 1.5 years.


Am I reading this right, it has been 1.5 years since the last successful
replication between these servers?


--?
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
 
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:%23Yvm2p0kFHA.3960@TK2MSFTNGP12.phx.gbl,
Kevin D. Goodknecht Sr. [MVP] <admin@nospam.WFTX.US> stated, which I then
commented on below:
> In news:1122471296.681336.142800@g14g2000cwa.Google.com,
> usenet.lloydgm@choicemail1.com <usenet.lloydgm@choicemail1.com>
> posted this:
>> Hello, if anyone could help I'd be most appreciative. I'll try to
>> make this simple.
>>
>> ISSUE: PDC and BDC are not synchronizing their Active Directory user
>> accounts.
>>
>> DATA: The PDC, a Windows 2000 SP4 server, which primarily acts as a
>> data and print server had not received any updates in 1.5 years.
>
>
> Am I reading this right, it has been 1.5 years since the last
> successful replication between these servers?

The way I read it, I don't believe it's replication, but rather Windows
updates from Microsoft's site. If it was an AD issue, there would have been
more problems due to the 60 day tombstone.

Ace
 
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:O0n8JJ4kFHA.572@TK2MSFTNGP15.phx.gbl,
Ace Fekay [MVP] <PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com>
posted this:
>> Am I reading this right, it has been 1.5 years since the last
>> successful replication between these servers?
>
> The way I read it, I don't believe it's replication, but rather
> Windows updates from Microsoft's site. If it was an AD issue, there
> would have been more problems due to the 60 day tombstone.

That's why I had to ask. Because that part was not clear, because of this
statement:
"ISSUE: PDC and BDC are not synchronizing their Active Directory user
accounts."




--?
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
 
Archived from groups: microsoft.public.win2000.dns (More info?)

Thanks all for the ideas. I finally got it resolved. I'm sorry if I
didn't explain things well enough as AD and how Windows Server uses DNS
is still new to me. The two things that fixed my problem were this:

1. Updated rebuilt server to SP4 (per previous post)
2. DNS server was set to 4.2.2.2 instead of pointing to itself.

The DNS server was set to 4.2.2.2 in it's own Network Settings due to
an MS article that I apparently misinterpreted. I thought it noted
that the DNS server should be set to something other than itself. So,
it was changed to 4.2.2.2.

I appreciate everyone's efforts!
 
Archived from groups: microsoft.public.win2000.dns (More info?)

Ace - thanks for the info, I've looked over that information and now
have a better understanding of AD. I assumed the PDC/BDC model stuck
in AD which explains the confusion of my original post.

Thanks for the enlightenment!

Ace Fekay [MVP] wrote:
> But first, just an FYI, there is no such thing as a PDC or BDC in Active
> Directory. One server may hold a PDC Emulator FSMO Role that performs
> certain functions, but nothing like what a PDC did in NT4. The way your post
> was written sounds like you have an NT4 domain.
 
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:1122659379.211925.53260@o13g2000cwo.googlegroups.com,
usenet.lloydgm@choicemail1.com <usenet.lloydgm@choicemail1.com> made this
post, which I then commented about below:
> Thanks all for the ideas. I finally got it resolved. I'm sorry if I
> didn't explain things well enough as AD and how Windows Server uses
> DNS is still new to me. The two things that fixed my problem were
> this:
>
> 1. Updated rebuilt server to SP4 (per previous post)
> 2. DNS server was set to 4.2.2.2 instead of pointing to itself.
>
> The DNS server was set to 4.2.2.2 in it's own Network Settings due to
> an MS article that I apparently misinterpreted. I thought it noted
> that the DNS server should be set to something other than itself. So,
> it was changed to 4.2.2.2.
>
> I appreciate everyone's efforts!

DNS misconfig will do it all the time.

The 4.2.2.2 server should ONLY be configured as a forwarder in the DNS
server's properties (do it individually on all DNS servers), and all
machines point only to the internal DNS server.

323380 - HOW TO Configure DNS for Internet Access in Windows Server 2003 :
http://support.microsoft.com/?id=323380

Ace
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom