Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DNS Issue or local rights problem????

Status
Not open for further replies.

markettm

MIS
Aug 16, 2000
71
US
Hey everyone, i've got a head scratcher here that I can't seem to pin down.

I just set up a new 2003 domain. Only have 2 controllers. Both DCs have DNS installed, though I have my 2nd DC pointing at my first DC for it's primary DNS. NSLOOKUP's and such work fine. Both DCs have an AD integrated copy of the domain's zone.

However, even though I am able to log into the 2nd DC and authenticate I get a login prompt when I try to access any of the shared folders including netlogon and sysvol. The first controller I installed is able to access the sysvol and other shared folders on my 2nd DC.

I can ping between both servers fine and can even bring up Users&Computers. In Users&Computers I can create accounts and such, but get a failure trying to view/edit any GPO.

There's a number of Event ID 1030 "Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this."

What the heck am I missing?????
 
I would point your Dc2 at itself as primary DNS server and to DC1 as secondary. I dont know if it will effect anything, but that seems to be the best way to do it. I woudl also check out replmon. I would make sure all of your replication is running. Also, what about WINS? Are you running WINS?
 
Hi djtech2k, I did initially point my 2nd DC to itself to create the primary zone on itself.

Then I pointed it at my first DC for it's primary DNS

I am running WINS from my first DC

What is weird is that I am able to access the shared folders and sysvol from my first DC no problem. I am also able to replicate user info back and forth. But I can't access any GPO or any shares (including sysvol, netlogon, etc) when logged into the 2nd DC.

It seems like it's either a DNS configuration issue or some local security setting on the DC itself. But I can't find where it is!!

-mike
 
Was your DC2 built from scratch as a DC or waht it upgraded or promoted to DC? It sounds like your DNS or DC2 does not know its a DC. Thats why I suggested pointing DC2 to itself for naming. If you look at DNS/WINS on DC1, does it recognize DC2 as a Domain Controller? How about sites and services? Does it see DC2 as a DC?
 
no, it was a fresh 2003 install. it sees itself ok.

am able to nsloookup on the domain name itself and find all the DCs

i agree, it appears to be isolated somehow but i can't see where
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top