Cannot find the Primary DC for xxx

[cjackson]

Hello everyone I hope someone can help with this:

I have two BDC NT4 servers at remote locations and a PDC NT4 server at head office. I have recently changed the IP addresses of the servers and the subnet masks.

Doing so has caused a number of problems but I can't go back now...

The remote BDC's do not recognise the PDC anymore I get the above error from server manager and only the BDC is shown. Server manager on the PDC does show the remote BDC's but they are greyed out. Users at the remote locations can no longer access resources on the PDC. Accounts locked out on the BDC can not be enabled again.

Any help or advice to sort this mess out will be greatly appreciated.

Cheers

Chris

 

[F1lby]

Are you firewalled in some way? Have you changed IP addresses but not modified the security of the router/firewalls that link your sites together?

 

[ChrisHirst]

Have you checked the event logs to see what errors are being reported there could be a couple of solutions depending on the error message and event ID.

Chris.

 

[Highland]

What are you able to do..??? Can you "ping" between the servers...??? Can you map drives...???

 

[jaeddy]

Okay, you changed IP's. Are you using WINS? Have the addresses of the WINS servers changed? If so, are those changes reflected in your tcp/ip configuration? Are there statice WINS entries that need to be changed?

Can you ping between the BDC's and the PDC by name? Can you ping between them by IP? If no to both, can you ping your gateways?

Just some things to check...

 

[cjackson]

Thanks for the guidance everyone, here is some more info based on the directions you have pointed me: -

Firewalls seem to be OK, still checking the routers out but gut feeling is that these will be OK as well.

Event viewer showed errors 5719 and 3096, I have looked these up on Technet and tried the suggested fix's one of which was to unbind WINS from the NIC this caused even more problems so I enabled it again.

Can ping between servers OK by name and IP but get Error 53 if I try and map a drive.

I am not using WINS but am using LMHOSTS.

Hope this extra info helps.

Cheers

Chris

 

[jaeddy]

Alright, try adding the following on the BDC's LMHOSTS

PDCIPADDRESS PDCNAME #PRE #DOMOMAINNAME

then run nbtstat -R from the command line and see what you get.

Also, you say you are not using WINS at all, then I am a little confused as to why unbinding the wins service from the NIC would exacerbate the problem. If there are no WINS servers running... just mumbling to myself here.

 

[ShackDaddy]

If you modified the LMHOSTS file at the same time that you changed the IP's on your BDC's, I wouldn't have expected this problem. Is the PDC a WINS client, but not the BDC's? That could be a problem. Get every DC on the same name-resolution page.

If you are using LMHOSTS files, type 'nbtstat -c' at the command-line of each server and check to see what names are showing up in the cache and what those mappings look like. Especially do this right after you get an 'error 53' trying to map a drive.

Another thing, did you try and create 'aliases' in the LMHOSTS file or via static entries in WINS? That will bollux things up to, since a NetBIOS connection is not merely IP_Address based. The name matters, so don't try anything funny. If you changed the names of one of the servers that could cause some problems.

ShackDaddy

 

[cjackson]

Ok, Have got rid of LMHosts files completely now and am just using WINS, the only static mappings are for Unix box's.

I am still getting the original error on the BDC when using Server Manager
Net Viewer shows an error for NETLOGON (3096), I have set dependencies for NETLOGON so that it depends upon WINS, and this made no change
arp -a only shows the BDC
Can ping PDC by IP and name
Noticed that subnet on the switch is set to 255.255.255.0 should it be 255.255.255.224 (this is the subnet on the BDC)?

PDC shows the servers but they are greyed out and "The Network Path was not found" error is generated when I try and access them
Event Viewer shows no errors
Can ping BDC by IP but not by name
This switch also has a subnet of 255.255.255.0, the clients and PDC have 255.255.255.192
arp -a only shows local machines

Please let me know if any more info can help resolve this.

Thanks for everyone's help so far

Cheers Chris

 

[tknorris]

The switch IP's are probably just for switch management and should not have any effect on communication for devices that pass data through it. I am not sure of the exact cause of your problem and I know that you mentioned that you have switched over from LMHOSTS to WINS, but take a look at the following Microsoft Q-article and see if this works for you. You would of course leave the PDC using WINS and configure the LMHOSTS on the two BDCs.

Q180094

Hope this helps.

 

[cjackson]

Ok, I have had a look at Q180094 and tried the options, this has not made any change.

After messing around and pulling my hair out I can now ping by name and IP from PDC and BDC.

The PDC shows up in Entire Network on the BDC but the BDC does not show up in entire Network on the PDC.

Am I being a bit dim here and missing something simple?

Thanks for all the help so far.

Cheers Chris

 

[Highland]

What shows up if you view the Domain using Server Manager now....??? Can you see all your servers....???

If you have the resource kit try using a utility called BROWSTAT....it should give you info on all your domain controllers......

 

[cjackson]

Server manager on BDC shows PDC and it is available
Server manager on PDC shows BDC but it is greyed out and I get "Network path not available" if I try and open the BDC.

Synchronising entire domain from PDC generates event ID 5715 on BDC (success)
Event Viewer on PDC shows nothing.

Synchronising entire domain from BDC does not appear to generate any event ID's.

 

[Highland]

Is the BDC authenticating user logons....???

Have you tried recreating the Domain Account for the BDC.....???

 

[Highland]

Check the following link......

http://www.jsiinc.com/suba/tip0100/rh0149.htm

Hope this helps....!!!

 

[rjbj]

Have you tried resetting the Secure Channel on both BDC's. I believe that if you change IP's you need to do that. Here is a handy article on Microsoft that will walk you through.

http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q158148.

This is the only Microsoft article I have ever used that worked exactly as advertised.

 

[F1lby]

Is it possible to plonk to 2 servers on the same to prove that things are ok between them?

Re: The switch IP address, a switch operates at layer 3 therefore IP address not relevant. Switches only operate with mac addresses.Have you tried doing NBTSTAT 10.1.1.1 -A (or whatever the IP address of the PDC) and see if you get any NETBIOS info back from the PDC (should tell u about all of the NETBIOS services running)


All NetBIOS names are 16 characters in length. A NetBIOS suffix is the 16th character of the 16-character NetBIOS name. The NetBIOS suffix is used by Microsoft Networking software to identify functionality installed on the registered device.

The following table lists the NetBIOS suffixes that are used by Microsoft Windows NT. The suffixes are listed in hexadecimal format because many of them are unprintable otherwise.

Here are the NETBIOS services you may expect to see (depending on applications running....)


Name Number(h) Type Usage
--------------------------------------------------------------------------
<computername> 00 U Workstation Service
<computername> 01 U Messenger Service
<\\--__MSBROWSE__> 01 G Master Browser
<computername> 03 U Messenger Service
<computername> 06 U RAS Server Service
<computername> 1F U NetDDE Service
<computername> 20 U File Server Service
<computername> 21 U RAS Client Service
<computername> 22 U Microsoft Exchange Interchange(MSMail
Connector)
<computername> 23 U Microsoft Exchange Store
<computername> 24 U Microsoft Exchange Directory
<computername> 30 U Modem Sharing Server Service
<computername> 31 U Modem Sharing Client Service
<computername> 43 U SMS Clients Remote Control
<computername> 44 U SMS Administrators Remote Control
Tool
<computername> 45 U SMS Clients Remote Chat
<computername> 46 U SMS Clients Remote Transfer
<computername> 4C U DEC Pathworks TCPIP service on
Windows NT
<computername> 42 U mccaffee anti-virus
<computername> 52 U DEC Pathworks TCPIP service on
Windows NT
<computername> 87 U Microsoft Exchange MTA
<computername> 6A U Microsoft Exchange IMC
<computername> BE U Network Monitor Agent
<computername> BF U Network Monitor Application
<username> 03 U Messenger Service
<domain> 00 G Domain Name
<domain> 1B U Domain Master Browser
<domain> 1C G Domain Controllers
<domain> 1D U Master Browser
<domain> 1E G Browser Service Elections
<INet~Services> 1C G IIS
<IS~computer name> 00 U IIS
<computername> [2B] U Lotus Notes Server Service
IRISMULTICAST [2F] G Lotus Notes
IRISNAMESERVER [33] G Lotus Notes
Forte_$ND800ZA [20] U DCA IrmaLan Gateway Server Service

NetBIOS name types describe the functionality of the registration.

Unique (U): The name may have only one IP address assigned to it. On a network device multiple occurrences of a single name may appear to be registered. The suffix may be the only unique character in the name.

Group (G): A normal group; the single name may exist with many IP addresses. WINS responds to a name query on a group name with the limited broadcast address (255.255.255.255). Because routers block the transmission of these addresses, the Internet Group was designed to service communications between subnets.

Multihomed (M): The name is unique, but due to multiple network interfaces on the same computer this configuration is necessary to permit the registration. The maximum number of addresses is 25.

Internet Group (I): This is a special configuration of the group name used to manage Windows NT Domain names.

Domain Name (D): New in Windows NT 4.0.