Whoever did the initial configuration put the directory service database (the DIT) on C: but put the transaction logs on F:.
That doesn't explain why BOTH DCs went down though... unless there was a bigger problem with the FC SAN and both DCs are configured the same way. Bill Humphries wrote: > (sorry about the long winded email) > Hi all, > > I'm hoping for a little insight here so I can avoid another evening like > last night. > > Client has main office with PDC and a second DC. One satellite office > with one DC. The PDC and the backup both have DNS installed. At 6pm > authentication to anything at the main site started failing. I could > not log on to either DC in the office with admin user. I could not log > onto TS with my user account. Remote office is a timezone behind and > still working...I received calls that everyone lost connection to > exchange server at main office. > > Authentication from remote DC continued to function. > > Rebooted both DCs at main office and AD authentication resumed and > dcdiag came back clean. Looking at logs I see what happened, but don't > know why it was so catastrophic. > > It looks like the PDC's F drive, which is a fiber connected raid array, > hiccuped for some reason and was unavailable for about one minute. > First error in directory services log is: > > /NTDS (544) NTDSA: An attempt to write to the file "F:\NTDS\edb.log" at > offset 10049536 (0x0000000000995800) for 512 (0x00000200) bytes failed > after 23 seconds with system error 2 (0x00000002): "The system cannot > find the file specified. "./ > > At this point, the DC stopped acting as a DC and began rejecting all > authentication requests until a reboot was initiated. I don't > understand a couple of things. First, I was actually surprised that > there is NTDS folder on the F drive. This is the file server and I > certainly wouldn't want it on the same partition as the company file > shares. There is also a NTDS folder on the C:/windows and I see this in > the logs this morning, which I would assume means it is using this > partition for NTDS: > / > NTDS (544) NTDSA: Online defragmentation has completed a full pass on > database 'C:\WINDOWS\NTDS\ntds.dit'/. > > Can anyone help me understand why it would exist on both drives and if > it is on both drives, why would this hiccup bring the network to its knees? > > My other huge issue is why did my secondary DC not start > authenticating. I couldn't even log onto it during the down time and it > has AD and DNS running on it. There are no errors in the DS log viewer > on this server during the downtime, but there are many replication > errors logged on the Primary DC related to the backup DC trying to > replicate to the Primary while the Primary was non responsive. > > Thanks for any help, guys. > > Bill > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ -- Phil Brutsche [email protected] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
