Sign in with
Sign up | Sign in
Your question

DC communication problem

Last response: in Windows 2000/NT
Share
May 3, 2005 8:00:03 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi,
I am having some major problems with my PDC. Background:
3 Domain controllers running Windows 2003 server
1 local and two across WAN in different countries.

Up to recently everything in the garden was rosey!! Now when i go to my
exchange 2003 server ( non-DC) and open Active Directory Users and
Computers it connects to a DC across the WAN and takes ages to open. I
know replicating should occur and everything should be fine but it is
not. When i check "echo &logonserver% on different machines, none
except the exchange server point to the local DC. I am also getting
many problems in exchange with some users intermittently not being able
to recieve mail but can send!!! A reboot of exchange fixes this.

I have run dcdiag and netdiag and all run fine with no errors.

Can i force the PDC to answer first or what is wrong with my PDC???

Basically i am forced to reboot the exchange server every other day or
so when the issue occurs. This is obviously far from ideal...

Any help is gratefully recieved!
Thanks in advance,
Martin

More about : communication problem

Anonymous
May 3, 2005 5:37:58 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Did you set up Sites and associate the correct Subnets with the appropriate
Site in the Active Directory Sites and Services? or is everything running
under the default first Site?

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com



"Gibo" <martingibney@gmail.com> wrote in message
news:1115118003.008559.20690@f14g2000cwb.googlegroups.com...
> Hi,
> I am having some major problems with my PDC. Background:
> 3 Domain controllers running Windows 2003 server
> 1 local and two across WAN in different countries.
>
> Up to recently everything in the garden was rosey!! Now when i go to my
> exchange 2003 server ( non-DC) and open Active Directory Users and
> Computers it connects to a DC across the WAN and takes ages to open. I
> know replicating should occur and everything should be fine but it is
> not. When i check "echo &logonserver% on different machines, none
> except the exchange server point to the local DC. I am also getting
> many problems in exchange with some users intermittently not being able
> to recieve mail but can send!!! A reboot of exchange fixes this.
>
> I have run dcdiag and netdiag and all run fine with no errors.
>
> Can i force the PDC to answer first or what is wrong with my PDC???
>
> Basically i am forced to reboot the exchange server every other day or
> so when the issue occurs. This is obviously far from ideal...
>
> Any help is gratefully recieved!
> Thanks in advance,
> Martin
>
May 4, 2005 5:13:44 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

everything is running under the default first site. I have three
physical locations, but when i started, all suffix are
location.mydomain.com. This is true of all locations. e.g they are all
saying location.mydomain.com but are in different locations!!

I think there is a problem still as i am authenticating to a DC in
another country at present from this machine when it should not be as
this is over a slow link. Anything i should do to check for problems?
Thanks so far...
Martin
Related resources
Anonymous
May 4, 2005 10:35:25 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Gibo,

I would suggest that as long as everything is one Site that you will
experience clients authenticating against a Domain Controller that is
located across the WAN. There is not really too much that you can do about
this as this is how things are supposed to happen. Clients authenticate
first against a DC in the same Site. If you have only one Site ( well, as
set up in AD Sites and Services ) then all three Domain Controllers are
'equal'. The next things is Weight and then Priority. Not much really that
you could do with these!

If you were to set up the three Sites ( well, er, the other two since you
already have one ) and then create the Subnets and associate each Subnet
with the correct Site things *should* work themselves out.

Are you familiar with how to set up Sites and Subnets in the ADSS MMC?

Also, consider making at least one DC in each Site a Global Catalog Server.
You can also do this in the ADSS MMC....

Now, are you saying that the DCs in the US have the suffix usa.mydomain.com
and the DCs in Germany have the suffix germany.yourdomain.com and the DCs in
Japan have the suffix japan.yourdomain.com -OR- are you saying that they all
have the suffix whatever.yourdomain.com?

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com



"Gibo" <martingibney@gmail.com> wrote in message
news:1115194424.317308.316280@f14g2000cwb.googlegroups.com...
> everything is running under the default first site. I have three
> physical locations, but when i started, all suffix are
> location.mydomain.com. This is true of all locations. e.g they are all
> saying location.mydomain.com but are in different locations!!
>
> I think there is a problem still as i am authenticating to a DC in
> another country at present from this machine when it should not be as
> this is over a slow link. Anything i should do to check for problems?
> Thanks so far...
> Martin
>
May 4, 2005 11:54:45 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi Cary,
Thanks for your response. To answer the last first.. they are all
ireland.mydomain.com !!

Unfortunately i had not a huge knowledge of AD when upgrading this
network from NT. It was working without a hitch until last week, which
is about three months in all until i added the BDCs in the other
countries. If thisis expected behaviour then this is fine i guess. It
would be probably too much hassle to reassign the different countries
e.g. usa.mydomain.com and belgium.mydomain.com etc...

I have one GC set up, would it be adviseable to set up more as i dont
really understand fully what GC does or if having more than one is
beneficial to me.

> Are you familiar with how to set up Sites and Subnets in the ADSS
MMC?

In a word .. NO.
Again if this is something you would recommend i do, then i can make it
happen, but if you think it may be best to leave them all in the same
subnet??

Thanks
Martin

Cary Shultz [A.D. MVP] wrote:
> Gibo,
>
> I would suggest that as long as everything is one Site that you will
> experience clients authenticating against a Domain Controller that is

> located across the WAN. There is not really too much that you can do
about
> this as this is how things are supposed to happen. Clients
authenticate
> first against a DC in the same Site. If you have only one Site (
well, as
> set up in AD Sites and Services ) then all three Domain Controllers
are
> 'equal'. The next things is Weight and then Priority. Not much
really that
> you could do with these!
>
> If you were to set up the three Sites ( well, er, the other two since
you
> already have one ) and then create the Subnets and associate each
Subnet
> with the correct Site things *should* work themselves out.
>
> Are you familiar with how to set up Sites and Subnets in the ADSS
MMC?
>
> Also, consider making at least one DC in each Site a Global Catalog
Server.
> You can also do this in the ADSS MMC....
>
> Now, are you saying that the DCs in the US have the suffix
usa.mydomain.com
> and the DCs in Germany have the suffix germany.yourdomain.com and the
DCs in
> Japan have the suffix japan.yourdomain.com -OR- are you saying that
they all
> have the suffix whatever.yourdomain.com?
>
> --
> Cary W. Shultz
> Roanoke, VA 24012
> Microsoft Active Directory MVP
>
> http://www.activedirectory-win2000.com
> http://www.grouppolicy-win2000.com
>
>
>
> "Gibo" <martingibney@gmail.com> wrote in message
> news:1115194424.317308.316280@f14g2000cwb.googlegroups.com...
> > everything is running under the default first site. I have three
> > physical locations, but when i started, all suffix are
> > location.mydomain.com. This is true of all locations. e.g they are
all
> > saying location.mydomain.com but are in different locations!!
> >
> > I think there is a problem still as i am authenticating to a DC in
> > another country at present from this machine when it should not be
as
> > this is over a slow link. Anything i should do to check for
problems?
> > Thanks so far...
> > Martin
> >
Anonymous
May 4, 2005 6:01:59 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Gibo,

Ah! A newbie! We have all been there. It is a really good thing that you
are posting to this newsgroup. It is really a wonderful place. There are
lots of people in here with all levels of experience and knowledge.

I think that how you do things depends on what you want to accomplish. If
you do not want your clients authenticating against a Domain Controller that
is located across a WAN link that I would suggest that you set up - in the
AD Sites and Services MMC - a Site for each physical location. You would
also need to create a subnet for each subnet that exists and then associate
that subnet with the correct Site. This is supposed to assist the clients
( read: workstations ) in authenticating against a Domain Controller that is
in the same Site.

There are several Microsoft Knowledge Base Articles on how to do this.
There are several things that you need to know to ensure that this works
properly.

I would suggest that you search the MSKB. Here are some links to get you
started:

http://support.microsoft.com/?id=199174

http://www.microsoft.com/resources/documentation/Window...

http://support.microsoft.com/?id=224815

http://support.microsoft.com/?id=271997

http://support.microsoft.com/?id=313994

http://support.microsoft.com/?id=306602 ( this one is more for the Big
Picture.... ).

Also, here are two MSKB Articles on how WIN2000 and WINXP clients locate
Domain Controllers:

http://support.microsoft.com/?id=247811
http://support.microsoft.com/?id=314861

Also, when you mention 'BDC' you mean that you have a WIN2000 Domain
Controller in each location, correct? And not a WINNT 4.0 Backup Domain
Controller.

You also do not mention what the WAN links are ( 56kbps or T1 or somewhere
in between ). And, I hope that you have a Firewall-to-Firewall VPN set up
( assuming that you do not have private links.... ).

If you have any questions please feel free to ask. I have no problems if
you e-mail directly but it is better that this stay in the news group. This
way everyone can contribute and learn!

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com



"Gibo" <martingibney@gmail.com> wrote in message
news:1115218485.540370.92360@f14g2000cwb.googlegroups.com...
> Hi Cary,
> Thanks for your response. To answer the last first.. they are all
> ireland.mydomain.com !!
>
> Unfortunately i had not a huge knowledge of AD when upgrading this
> network from NT. It was working without a hitch until last week, which
> is about three months in all until i added the BDCs in the other
> countries. If thisis expected behaviour then this is fine i guess. It
> would be probably too much hassle to reassign the different countries
> e.g. usa.mydomain.com and belgium.mydomain.com etc...
>
> I have one GC set up, would it be adviseable to set up more as i dont
> really understand fully what GC does or if having more than one is
> beneficial to me.
>
>> Are you familiar with how to set up Sites and Subnets in the ADSS
> MMC?
>
> In a word .. NO.
> Again if this is something you would recommend i do, then i can make it
> happen, but if you think it may be best to leave them all in the same
> subnet??
>
> Thanks
> Martin
>
> Cary Shultz [A.D. MVP] wrote:
>> Gibo,
>>
>> I would suggest that as long as everything is one Site that you will
>> experience clients authenticating against a Domain Controller that is
>
>> located across the WAN. There is not really too much that you can do
> about
>> this as this is how things are supposed to happen. Clients
> authenticate
>> first against a DC in the same Site. If you have only one Site (
> well, as
>> set up in AD Sites and Services ) then all three Domain Controllers
> are
>> 'equal'. The next things is Weight and then Priority. Not much
> really that
>> you could do with these!
>>
>> If you were to set up the three Sites ( well, er, the other two since
> you
>> already have one ) and then create the Subnets and associate each
> Subnet
>> with the correct Site things *should* work themselves out.
>>
>> Are you familiar with how to set up Sites and Subnets in the ADSS
> MMC?
>>
>> Also, consider making at least one DC in each Site a Global Catalog
> Server.
>> You can also do this in the ADSS MMC....
>>
>> Now, are you saying that the DCs in the US have the suffix
> usa.mydomain.com
>> and the DCs in Germany have the suffix germany.yourdomain.com and the
> DCs in
>> Japan have the suffix japan.yourdomain.com -OR- are you saying that
> they all
>> have the suffix whatever.yourdomain.com?
>>
>> --
>> Cary W. Shultz
>> Roanoke, VA 24012
>> Microsoft Active Directory MVP
>>
>> http://www.activedirectory-win2000.com
>> http://www.grouppolicy-win2000.com
>>
>>
>>
>> "Gibo" <martingibney@gmail.com> wrote in message
>> news:1115194424.317308.316280@f14g2000cwb.googlegroups.com...
>> > everything is running under the default first site. I have three
>> > physical locations, but when i started, all suffix are
>> > location.mydomain.com. This is true of all locations. e.g they are
> all
>> > saying location.mydomain.com but are in different locations!!
>> >
>> > I think there is a problem still as i am authenticating to a DC in
>> > another country at present from this machine when it should not be
> as
>> > this is over a slow link. Anything i should do to check for
> problems?
>> > Thanks so far...
>> > Martin
>> >
>
May 5, 2005 12:12:51 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Once again Cary, thank you so much for your help. I have printed these
docs for some *fun* weekend reading!!
In the meen time...I have had the issue with my exchange server again.
I am pasting some of the different errors here for hope someone may see
my problem.
Thanks
Martin

Event Type: Error
Event Source: MSExchangeDSAccess
Event Category: Topology
Event ID: 2114
Date: 5/5/2005
Time: 4:04:42 PM
User: N/A
Computer: EXDUB01
Description:
Process EMSMTA.EXE (PID=3484). Topology Discovery failed, error
0x80040952.

For more information, click
http://www.microsoft.com/contentredirect.asp.

Event Type: Error
Event Source: MSExchangeSA
Event Category: General
Event ID: 9188
Date: 5/5/2005
Time: 4:03:38 PM
User: N/A
Computer: EXDUB01
Description:
Microsoft Exchange System Attendant failed to read the membership of
group 'cn=Exchange Domain Servers,cn=Users,dc=xxxxx,dc=yyyy,dc=com'.
Error code '800705b4'.

Please check whether the local computer is a member of the group. If it
is not, stop all the Microsoft Exchange services, add the local
computer into the group manually and restart all the services.

For more information, click
http://www.microsoft.com/contentredirect.asp.

Event Type: Error
Event Source: MSExchangeDSAccess
Event Category: Topology
Event ID: 2114
Date: 5/5/2005
Time: 3:49:05 PM
User: N/A
Computer: EXDUB01
Description:
Process IISIPM46828796-EB10-485B-9A68-422CAC63CC7C -AP
"EXCHANGEAPPLICATIONPOOL (PID=2888). Topology Discovery failed, error
0x80040952.

For more information, click
http://www.microsoft.com/contentredirect.asp.

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1006
Date: 5/5/2005
Time: 3:41:35 PM
User: NT AUTHORITY\SYSTEM
Computer: EXDUB01
Description:
Windows cannot bind to here.mydomain.com domain. (Timeout). Group
Policy processing aborted.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: 5/5/2005
Time: 3:41:35 PM
User: NT AUTHORITY\SYSTEM
Computer: EXDUB01
Description:
Windows cannot query for the list of Group Policy objects. Check the
event log for possible messages previously logged by the policy engine
that describes the reason for this.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: MSExchangeDSAccess
Event Category: Topology
Event ID: 2114
Date: 5/5/2005
Time: 3:33:44 PM
User: N/A
Computer: EXDUB01
Description:
Process EMSMTA.EXE (PID=3484). Topology Discovery failed, error
0x80040952.

For more information, click
http://www.microsoft.com/contentredirect.asp.
Anonymous
May 5, 2005 4:30:52 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Gibo,

You are welcome.

I would take a spin over to http://www.eventid.net and enter Event ID
numbers. You will find a host of possible solutions. Have fun reading! It
is a lot to digest.

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com



"Gibo" <martingibney@gmail.com> wrote in message
news:1115305971.416233.315400@o13g2000cwo.googlegroups.com...
> Once again Cary, thank you so much for your help. I have printed these
> docs for some *fun* weekend reading!!
> In the meen time...I have had the issue with my exchange server again.
> I am pasting some of the different errors here for hope someone may see
> my problem.
> Thanks
> Martin
>
> Event Type: Error
> Event Source: MSExchangeDSAccess
> Event Category: Topology
> Event ID: 2114
> Date: 5/5/2005
> Time: 4:04:42 PM
> User: N/A
> Computer: EXDUB01
> Description:
> Process EMSMTA.EXE (PID=3484). Topology Discovery failed, error
> 0x80040952.
>
> For more information, click
> http://www.microsoft.com/contentredirect.asp.
>
> Event Type: Error
> Event Source: MSExchangeSA
> Event Category: General
> Event ID: 9188
> Date: 5/5/2005
> Time: 4:03:38 PM
> User: N/A
> Computer: EXDUB01
> Description:
> Microsoft Exchange System Attendant failed to read the membership of
> group 'cn=Exchange Domain Servers,cn=Users,dc=xxxxx,dc=yyyy,dc=com'.
> Error code '800705b4'.
>
> Please check whether the local computer is a member of the group. If it
> is not, stop all the Microsoft Exchange services, add the local
> computer into the group manually and restart all the services.
>
> For more information, click
> http://www.microsoft.com/contentredirect.asp.
>
> Event Type: Error
> Event Source: MSExchangeDSAccess
> Event Category: Topology
> Event ID: 2114
> Date: 5/5/2005
> Time: 3:49:05 PM
> User: N/A
> Computer: EXDUB01
> Description:
> Process IISIPM46828796-EB10-485B-9A68-422CAC63CC7C -AP
> "EXCHANGEAPPLICATIONPOOL (PID=2888). Topology Discovery failed, error
> 0x80040952.
>
> For more information, click
> http://www.microsoft.com/contentredirect.asp.
>
> Event Type: Error
> Event Source: Userenv
> Event Category: None
> Event ID: 1006
> Date: 5/5/2005
> Time: 3:41:35 PM
> User: NT AUTHORITY\SYSTEM
> Computer: EXDUB01
> Description:
> Windows cannot bind to here.mydomain.com domain. (Timeout). Group
> Policy processing aborted.
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
> Event Type: Error
> Event Source: Userenv
> Event Category: None
> Event ID: 1030
> Date: 5/5/2005
> Time: 3:41:35 PM
> User: NT AUTHORITY\SYSTEM
> Computer: EXDUB01
> Description:
> Windows cannot query for the list of Group Policy objects. Check the
> event log for possible messages previously logged by the policy engine
> that describes the reason for this.
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
> Event Type: Error
> Event Source: MSExchangeDSAccess
> Event Category: Topology
> Event ID: 2114
> Date: 5/5/2005
> Time: 3:33:44 PM
> User: N/A
> Computer: EXDUB01
> Description:
> Process EMSMTA.EXE (PID=3484). Topology Discovery failed, error
> 0x80040952.
>
> For more information, click
> http://www.microsoft.com/contentredirect.asp.
>
May 6, 2005 5:46:41 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi Cary,
On further examination i believe it may be helpful if i upgrade my
Exchange 2003 server (running on Windows 2003) to an additional domain
controller. Any thoughts on this as i have found some people saying in
other groups that this will resolve many of the authentication and
domain communication problems i am having. This would give me 2 local
DCs for 100 users and 2 remote DCs for another 30ish users....


the only question i have is will it effect exchange; do i need to do it
out of hours or is it a short task that can be completed at lunchtime?
When i went through the DCPROMO command, it said
"All encrypted data, such as EFS-encrypted files or e-mail, should be
decrypted before continuing or it will be permenantly inaccessible."
Which is not something i want to happen to our mail or i will really be
for it!! (Drive is compressed if this makes any difference)

Again many thanks and have a great weekend.

Gibo
May 9, 2005 5:16:59 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

i have not done this yet as i have some concerns about the upgrade.,
Should it be ok??
Thanks
Gibo
Anonymous
May 10, 2005 12:16:06 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Sorry,

Sent you an e-mail.

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com



"Gibo" <martingibney@gmail.com> wrote in message
news:1115626619.538302.48110@g14g2000cwa.googlegroups.com...
>i have not done this yet as i have some concerns about the upgrade.,
> Should it be ok??
> Thanks
> Gibo
>
!