We've had some problems with two of our domain controllers recently. Somebody created a new GPO and all of a sudden the server frooze and had to be switched off. After coming up it stayed at Preparing Network Connections for a long time. It seems that the DNS service was not able to start back up again for some reason, or at least not before the NETLOGON service started. Likewise, when we tried to login in took ages too, but the client DNS settings on the server were pointing to itself at the time. Eventually we shut down the server again (forcefully) and uninstalled AD forcefully while the server was offline and then ran metadata cleanup.
Next day, somebody tried to modify a GPO on another server and the exact same thing happened - so we had to do the same thing with that one.
Does anybody have any idea what might have caused this? These servers were working fine until now. I did read somewhere that 2003 SP 1 makes slight changes to the AD schema but I can't find the link now. Is this correct? We did upgrade one of our servers to SP 2 recently, so I'm wondering if this would have had the same effect? The servers that crashed are the only servers that have been restarted since we installed SP 2 on the other server (if that makes sense?).
I'd really appreciate some help on this as we're at an absolute loss as to what might have happened. I've tried running DCDIAG but it doens't seem to be as powerful as I'd originally heard (and the tests I did run were all fine) - or maybe I'm just not using it properly (dcidag /a).
I ran ADSI edit this morning and noticed something strange under under CN=MicrosoftDNS,CN=System,DC=domain,DC=local. All the forward and reverse zones are listed properly - but 3 of them are listed with an additional CNF:GUIDKEY at the end for some reason. eg:
DC=0.168.192.in-addr.arpa
DC=0.168.192.in-addr.arpaCNF:sdfsdf-sdf-sd234234-sdfs-sdfsdf
The 192.168.0 zone is valid - but is not the site that we had the problems with. Is it right that this zone is there? I tried pinging sdfsdf-sdf-sd234234-sdfs-sdfsdf._msdcs.domain.local but it didn't resolve. Does this mean it's an old "skeleton" record from a DC that no longer exists?
Thanks in advance for any help anyone can give me
Irish Poetry - Karen O'Connor
Irish Poetry and Short Stories - Doghouse Books
Garten und Landschaftsbau
Next day, somebody tried to modify a GPO on another server and the exact same thing happened - so we had to do the same thing with that one.
Does anybody have any idea what might have caused this? These servers were working fine until now. I did read somewhere that 2003 SP 1 makes slight changes to the AD schema but I can't find the link now. Is this correct? We did upgrade one of our servers to SP 2 recently, so I'm wondering if this would have had the same effect? The servers that crashed are the only servers that have been restarted since we installed SP 2 on the other server (if that makes sense?).
I'd really appreciate some help on this as we're at an absolute loss as to what might have happened. I've tried running DCDIAG but it doens't seem to be as powerful as I'd originally heard (and the tests I did run were all fine) - or maybe I'm just not using it properly (dcidag /a).
I ran ADSI edit this morning and noticed something strange under under CN=MicrosoftDNS,CN=System,DC=domain,DC=local. All the forward and reverse zones are listed properly - but 3 of them are listed with an additional CNF:GUIDKEY at the end for some reason. eg:
DC=0.168.192.in-addr.arpa
DC=0.168.192.in-addr.arpaCNF:sdfsdf-sdf-sd234234-sdfs-sdfsdf
The 192.168.0 zone is valid - but is not the site that we had the problems with. Is it right that this zone is there? I tried pinging sdfsdf-sdf-sd234234-sdfs-sdfsdf._msdcs.domain.local but it didn't resolve. Does this mean it's an old "skeleton" record from a DC that no longer exists?
Thanks in advance for any help anyone can give me
Irish Poetry - Karen O'Connor
Irish Poetry and Short Stories - Doghouse Books
Garten und Landschaftsbau