What happens when you run DCDIAG from the broken DC ? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob Sent: Friday, July 29, 2005 1:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Urgh... troubleshooting....
Michel- Care to elaborate? We have 8.0i in the lab and I haven't noticed any ill effects on the DC's but this certainly caught my eye as we are scheduled to move it over to production soon. Thanks Bob -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bruyere, Michel Sent: Friday, July 29, 2005 1:22 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Urgh... troubleshooting.... May look strange but are you running McAfee 8.0i?? Got someone that had something similar and the TDI driver of VS8 was the culprit... > -----Message d'origine----- > De : [EMAIL PROTECTED] [mailto:ActiveDir- > [EMAIL PROTECTED] De la part de vex Envoyé : Friday, July 29, > 2005 4:15 PM À : ActiveDir@mail.activedir.org Objet : [ActiveDir] > Urgh... troubleshooting.... > > Greetings, > I've been a lurker here for quite some time and have had a > relatively quiet AD until recently. > > We have a small network with 2K servers and a mix of 2K and XP2 > workstations. > Until recently, everything was find. > > Then Something Happened. > > I'm not sure what started the ball rolling, but it's certainly rolling > now. > > I have one server that is listed in the AD and DNS as a DC, but it > won't replicate AD either direction. I've spent a couple of hours > doing some web surfing and initial troubleshooting, but I've had less > than stellar success. (at one point in time it was working fine, since > I have a lot of older AD information on the problem server) > > I've run DnsLint and all the DNS entries look good. > > When I do a 'net view \\servername' from the DC that does not have up > to date AD information, I get a message back, "access denied", and a > corresponding entry in the security log about a failure audit of the > server I'm attempting to view. But when I do the same thing and use an > IP address instead of a server name, the net view information > displays. > > Another symptom is printer connections and drive mapping. If I'm at > the server with the out of date AD information, I'm getting an 'access > denied' > message when > attempting to connect to a network printer or map a network drive. > > All of the steps outlined above work fine when initiated from any of > the other servers. It's almost like the server with the out of date AD > information is allowing access, but the rest of the servers in the > organization won't let > *that* particular server have access to any domain related "stuff", > such as printers and network shares. > > I can't even run dcpromo and remove AD from the affected server > because it asks for some sort of authorization from other DC's located > in the organization, but the other DC's won't allow it to access > information. I'm assuming it's trying to tell the other DC's to remove > any pertinent entries from the AD in regards to the server that's > attempting to have it's AD removed.... > > Does anyone have any links to places I can continue to search for > troubleshooting information? > > > > --Brett > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/