DNS not syncing between PDC and BDC

Archived from groups: microsoft.public.win2000.dns (More info?)

Hello, if anyone could help I'd be most appreciative. I'll try to make
this simple.

ISSUE: PDC and BDC are not synchronizing their Active Directory user
accounts.

DATA: The PDC, a Windows 2000 SP4 server, which primarily acts as a
data and print server had not received any updates in 1.5 years.
Someone decided to update the server which included all of these
updates. On reboot the computer hung on "Perparing network
connections...". A repair installation (overtop) was installed and now
the server allows you to log in. The BDC (Also WIN 2000 SP4 Server)
gives error messages regarding it's inability to find the GC (Global
Catalog). The BDC is primarily a Terminal Server and a software
package that resides on the Terminal Server which requires users having
at least Power User rights will not work unless you are logged in as
the administrator on the Terminal Server. If you try to add any groups
of users or individual users to Administrators you receive messages
regarding the the inability to find the Global Catalog.


IDEAS: Can I demote the PDC (which was the one that received the
updates), effectively turning the BDC into the new PDC?

Thanks in advance!
9 answers Last reply
More about syncing
  1. Archived from groups: microsoft.public.win2000.dns (More info?)

    A little update: The PDC that had to be rebuilt was not upgraded back
    to SP4 until after my original post. As a result the BDC no longer
    complains about the Global Catalog.

    What event in the event view would show synchronization?

    Thanks!
  2. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:1122474917.336938.21290@o13g2000cwo.googlegroups.com,
    usenet.lloydgm@choicemail1.com <usenet.lloydgm@choicemail1.com> stated,
    which I then commented on below:
    > A little update: The PDC that had to be rebuilt was not upgraded back
    > to SP4 until after my original post. As a result the BDC no longer
    > complains about the Global Catalog.
    >
    > What event in the event view would show synchronization?
    >
    > Thanks!

    The NTFRS event log will show if you have any problems with replication but
    not necessarily if replication is working, but only after there was a
    problem would it state that replication has been established between the
    problem DCs. ALso, all DCs should be of the same SP level due to variances.

    But first, just an FYI, there is no such thing as a PDC or BDC in Active
    Directory. One server may hold a PDC Emulator FSMO Role that performs
    certain functions, but nothing like what a PDC did in NT4. The way your post
    was written sounds like you have an NT4 domain. All domain controllers are
    equal entities in AD. They are all master replicas, not like NT4 where one
    is the master where all data is created and altered and the BDCs just
    receive copies of the database. In AD you can change anything anywhere at
    anytime and only the changes get replicated around.

    The FSMO roles can be transferred dynamically between DCs. But you need a
    really good reason to transfer them. There are few reasons, many are design
    based reasons and service reasons because one FSMO cannot work with a GC.
    Keep in mind, a GC is NOT a FSMO, but rather a service that runs on a DC. If
    you lose a DC, depending on what FSMO role it held, we need to determine if
    we can transfer that role or not to another DC. Some roles cannot be just
    transferred and moved back if the original DC holding the role is back up
    online. Some roles you can. If a DC is damaged beyond repair, then depending
    on which role(s) it held, we can need to force or "seize" the role and move
    it to another DC but depending on which FSMO role it is, the original one
    may not be ever allowed to come back up online or serious issues can result.

    Here's more info on FSMO Roles below, but keep in mind, it is nothing like
    NT4.

    197132 - Windows 2000 Active Directory FSMO Roles:
    http://support.microsoft.com/?id=197132

    255690 - HOW TO View and Transfer FSMO Roles in the Graphical User
    Interface:
    http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b255690

    That said, re-reading your original post, the issues you describe tells me
    you may have a possible DNS misconfiguration. I've seen this with many NT4
    administrators who have upgraded to Active Directory. DNS is the focal point
    of AD. DNS stores all of AD's service locations. Whenever any machine in an
    AD environment is "looking" for an AD service or function (such as logging
    in, booting up, authentication requests, etc), it queries DNS asking it
    where to find the DC that will handle that appropriate service. GCs are
    found by asking DNS. If you are using an ISP's DNS address in any machines'
    IP properties (this includes DCs, member servers and clients), then the
    ISP's DNS does not have that answer. Even if you mix up internal DNS and
    ISP's DNS addresses, the resolver algorithm can still have trouble asking
    the correct DNS server.

    So first the best way to determine how to help is to view your current
    configuration of your DCs and one of your clients. If you can post some of
    this info, one of the many MVPs and engineers in the newsgroup will be more
    than happy to point out where the problem is:

    1. Unedited ipconfig /all from a client and from your DC(s)
    2. The actual DNS domain name of AD (found in ADUC)
    3. The zonename spelling in your Forward Lookup Zones in DNS for your AD
    zone.
    4. If updates are set to allow under the zone's properties
    5. If thany of the DCs have more than one NIC
    6. Do you have a firewall? If so, what brand? (not needed here)
    7. Is/are forwarder(s) configured?
    8. Do the SRV records exist under your zone name?
    9. dcdiag /v /fix (post the results please)
    10. netdiag /v /fix (post the results please)
    11. dnscmd /enumzones yourADdomainname.com (post results please)
    12. net start (post results please)

    Thanks!

    --
    Regards,
    Ace

    Please direct all replies ONLY to the Microsoft public newsgroups
    so all can benefit.

    This posting is provided "AS-IS" with no warranties or guarantees
    and confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft Windows MVP - Windows Server - Directory Services
    Infinite Diversities in Infinite Combinations.
    =================================
  3. Archived from groups: microsoft.public.win2000.dns (More info?)

    "" wrote:
    > A little update: The PDC that had to be rebuilt was not
    > upgraded back
    > to SP4 until after my original post. As a result the BDC no
    > longer
    > complains about the Global Catalog.
    >
    > What event in the event view would show synchronization?
    >
    > Thanks!

    are there any event id errors in the event logs?

    What does DCDIAG /V say on each DC?

    --
    Posted using the http://www.windowsforumz.com interface, at author's request
    Articles individually checked for conformance to usenet standards
    Topic URL: http://www.windowsforumz.com/DNS-syncing-PDC-BDC-ftopict401324.html
    Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1327610
  4. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:1122471296.681336.142800@g14g2000cwa.Google.com,
    usenet.lloydgm@choicemail1.com <usenet.lloydgm@choicemail1.com> posted this:
    > Hello, if anyone could help I'd be most appreciative. I'll try to
    > make this simple.
    >
    > ISSUE: PDC and BDC are not synchronizing their Active Directory user
    > accounts.
    >
    > DATA: The PDC, a Windows 2000 SP4 server, which primarily acts as a
    > data and print server had not received any updates in 1.5 years.


    Am I reading this right, it has been 1.5 years since the last successful
    replication between these servers?


    --?
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
  5. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:%23Yvm2p0kFHA.3960@TK2MSFTNGP12.phx.gbl,
    Kevin D. Goodknecht Sr. [MVP] <admin@nospam.WFTX.US> stated, which I then
    commented on below:
    > In news:1122471296.681336.142800@g14g2000cwa.Google.com,
    > usenet.lloydgm@choicemail1.com <usenet.lloydgm@choicemail1.com>
    > posted this:
    >> Hello, if anyone could help I'd be most appreciative. I'll try to
    >> make this simple.
    >>
    >> ISSUE: PDC and BDC are not synchronizing their Active Directory user
    >> accounts.
    >>
    >> DATA: The PDC, a Windows 2000 SP4 server, which primarily acts as a
    >> data and print server had not received any updates in 1.5 years.
    >
    >
    > Am I reading this right, it has been 1.5 years since the last
    > successful replication between these servers?

    The way I read it, I don't believe it's replication, but rather Windows
    updates from Microsoft's site. If it was an AD issue, there would have been
    more problems due to the 60 day tombstone.

    Ace
  6. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:O0n8JJ4kFHA.572@TK2MSFTNGP15.phx.gbl,
    Ace Fekay [MVP] <PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com>
    posted this:
    >> Am I reading this right, it has been 1.5 years since the last
    >> successful replication between these servers?
    >
    > The way I read it, I don't believe it's replication, but rather
    > Windows updates from Microsoft's site. If it was an AD issue, there
    > would have been more problems due to the 60 day tombstone.

    That's why I had to ask. Because that part was not clear, because of this
    statement:
    "ISSUE: PDC and BDC are not synchronizing their Active Directory user
    accounts."


    --?
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
  7. Archived from groups: microsoft.public.win2000.dns (More info?)

    Thanks all for the ideas. I finally got it resolved. I'm sorry if I
    didn't explain things well enough as AD and how Windows Server uses DNS
    is still new to me. The two things that fixed my problem were this:

    1. Updated rebuilt server to SP4 (per previous post)
    2. DNS server was set to 4.2.2.2 instead of pointing to itself.

    The DNS server was set to 4.2.2.2 in it's own Network Settings due to
    an MS article that I apparently misinterpreted. I thought it noted
    that the DNS server should be set to something other than itself. So,
    it was changed to 4.2.2.2.

    I appreciate everyone's efforts!
  8. Archived from groups: microsoft.public.win2000.dns (More info?)

    Ace - thanks for the info, I've looked over that information and now
    have a better understanding of AD. I assumed the PDC/BDC model stuck
    in AD which explains the confusion of my original post.

    Thanks for the enlightenment!

    Ace Fekay [MVP] wrote:
    > But first, just an FYI, there is no such thing as a PDC or BDC in Active
    > Directory. One server may hold a PDC Emulator FSMO Role that performs
    > certain functions, but nothing like what a PDC did in NT4. The way your post
    > was written sounds like you have an NT4 domain.
  9. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:1122659379.211925.53260@o13g2000cwo.googlegroups.com,
    usenet.lloydgm@choicemail1.com <usenet.lloydgm@choicemail1.com> made this
    post, which I then commented about below:
    > Thanks all for the ideas. I finally got it resolved. I'm sorry if I
    > didn't explain things well enough as AD and how Windows Server uses
    > DNS is still new to me. The two things that fixed my problem were
    > this:
    >
    > 1. Updated rebuilt server to SP4 (per previous post)
    > 2. DNS server was set to 4.2.2.2 instead of pointing to itself.
    >
    > The DNS server was set to 4.2.2.2 in it's own Network Settings due to
    > an MS article that I apparently misinterpreted. I thought it noted
    > that the DNS server should be set to something other than itself. So,
    > it was changed to 4.2.2.2.
    >
    > I appreciate everyone's efforts!

    DNS misconfig will do it all the time.

    The 4.2.2.2 server should ONLY be configured as a forwarder in the DNS
    server's properties (do it individually on all DNS servers), and all
    machines point only to the internal DNS server.

    323380 - HOW TO Configure DNS for Internet Access in Windows Server 2003 :
    http://support.microsoft.com/?id=323380

    Ace
Ask a new question

Read More

DNS Servers Windows