The second DC stores its logs on an E drive that is a logical drive on the same physical hard drive as C.
Phil Brutsche wrote: > Whoever did the initial configuration put the directory service database > (the DIT) on C: but put the transaction logs on F:. > > That doesn't explain why BOTH DCs went down though... unless there was a > bigger problem with the FC SAN and both DCs are configured the same way. > > Bill Humphries wrote: > >> (sorry about the long winded email) >> Hi all, >> >> I'm hoping for a little insight here so I can avoid another evening like >> last night. >> >> Client has main office with PDC and a second DC. One satellite office >> with one DC. The PDC and the backup both have DNS installed. At 6pm >> authentication to anything at the main site started failing. I could >> not log on to either DC in the office with admin user. I could not log >> onto TS with my user account. Remote office is a timezone behind and >> still working...I received calls that everyone lost connection to >> exchange server at main office. >> >> Authentication from remote DC continued to function. >> >> Rebooted both DCs at main office and AD authentication resumed and >> dcdiag came back clean. Looking at logs I see what happened, but don't >> know why it was so catastrophic. >> >> It looks like the PDC's F drive, which is a fiber connected raid array, >> hiccuped for some reason and was unavailable for about one minute. >> First error in directory services log is: >> >> /NTDS (544) NTDSA: An attempt to write to the file "F:\NTDS\edb.log" at >> offset 10049536 (0x0000000000995800) for 512 (0x00000200) bytes failed >> after 23 seconds with system error 2 (0x00000002): "The system cannot >> find the file specified. "./ >> >> At this point, the DC stopped acting as a DC and began rejecting all >> authentication requests until a reboot was initiated. I don't >> understand a couple of things. First, I was actually surprised that >> there is NTDS folder on the F drive. This is the file server and I >> certainly wouldn't want it on the same partition as the company file >> shares. There is also a NTDS folder on the C:/windows and I see this in >> the logs this morning, which I would assume means it is using this >> partition for NTDS: >> / >> NTDS (544) NTDSA: Online defragmentation has completed a full pass on >> database 'C:\WINDOWS\NTDS\ntds.dit'/. >> >> Can anyone help me understand why it would exist on both drives and if >> it is on both drives, why would this hiccup bring the network to its knees? >> >> My other huge issue is why did my secondary DC not start >> authenticating. I couldn't even log onto it during the down time and it >> has AD and DNS running on it. There are no errors in the DS log viewer >> on this server during the downtime, but there are many replication >> errors logged on the Primary DC related to the backup DC trying to >> replicate to the Primary while the Primary was non responsive. >> >> Thanks for any help, guys. >> >> Bill >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
