Sign in with
Sign up | Sign in
Your question

Can't open domain security policy in AD when primary domai..

Last response: in Windows 2000/NT
Share
Anonymous
a b 8 Security
July 27, 2005 12:36:54 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Hello,

I run into this problem when my primary ad server is turned off, i
can't no longer access domain security policy on my second domain
controller(same domain), i kept getting "Failed to open the Group
Policy Object. You may not have the appropriate rights and The
specified domain either does not exist or could not be contacted." Once
i turned on my first domain controller, it worked. I am going to fdisk
my first domain controller, but like to figure out why I can't open
security policy on my second controller first. Both server are global
category servers.

Please help, thank you very much.

-anthony
Anonymous
a b 8 Security
July 27, 2005 1:49:53 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Which server is the DNS server?


hth
DDS W 2k MVP MCSE

"miserable_man" <news_subscriber@yahoo.com> wrote in message
news:1122478614.663307.212460@o13g2000cwo.googlegroups.com...
> Hello,
>
> I run into this problem when my primary ad server is turned off, i
> can't no longer access domain security policy on my second domain
> controller(same domain), i kept getting "Failed to open the Group
> Policy Object. You may not have the appropriate rights and The
> specified domain either does not exist or could not be contacted." Once
> i turned on my first domain controller, it worked. I am going to fdisk
> my first domain controller, but like to figure out why I can't open
> security policy on my second controller first. Both server are global
> category servers.
>
> Please help, thank you very much.
>
> -anthony
>
Anonymous
a b 8 Security
July 27, 2005 2:33:01 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Hello Danny,

Both servers are configured as DNS servers for my domain.

Thank you,
Anthony
Related resources
Anonymous
a b 8 Security
July 27, 2005 2:50:38 PM

Archived from groups: microsoft.public.win2000.security (More info?)

The server that is pointing to itself for DNS first then primary server
for alternate dns.

Thank You,
Anthony
Anonymous
a b 8 Security
July 27, 2005 3:40:09 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Does the server that you are having problems with point to itself for DNS?


hth
DDS W 2k MVP MCSE

"miserable_man" <news_subscriber@yahoo.com> wrote in message
news:1122485581.799246.311770@g14g2000cwa.googlegroups.com...
> Hello Danny,
>
> Both servers are configured as DNS servers for my domain.
>
> Thank you,
> Anthony
>
Anonymous
a b 8 Security
July 27, 2005 4:37:50 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Are there any event IDs that correspond to the time you try to open the GP?

hth
DDS W 2k MVP MCSE

"miserable_man" <news_subscriber@yahoo.com> wrote in message
news:1122486638.867616.252490@g49g2000cwa.googlegroups.com...
> The server that is pointing to itself for DNS first then primary server
> for alternate dns.
>
> Thank You,
> Anthony
>
Anonymous
a b 8 Security
July 27, 2005 8:02:20 PM

Archived from groups: microsoft.public.win2000.security (More info?)

no, unfortunately not.


-anthony
Anonymous
a b 8 Security
August 1, 2005 3:28:21 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi

If your Primary AD is down can you even logon to the domain from a client? If
not it may be you need to make you "backup" DC a global catalogue, from
memory (which admittedly is hazy) I am pretty sure you need a GC available
to logon

hence the

"You may not have the appropriate rights and The
specified domain either does not exist or could not be contacted"

you encounter when trying to auth to the domain

AD sites and services is where you would make the second DC a GC , might be
worth a try

Caveat: this is assuming your DNS config has been checked and is working
correctly :-)

Regards

S



miserable_man wrote:
>no, unfortunately not.
>
>-anthony


--
Message posted via http://www.winserverkb.com
!