No Domain Controller Available

[nodowntime]

I have a PDC, a BDC, and two other servers; an Exchange Server and an SQL Server. All are Win NT 4.0 SP6a.

I down the BDC, and suddenly no one can connect to Exchange or SQL Server.

I try to logon at the Exchange or SQL servers and I get the "no domain controller available" -- "you're being logged on with cached...". Mind you, the PDC is physically sitting right next to them. All 3 are plugged into the same switch. I can ping with an IP. I can ping with a NetBIOS name. I can browse files on the PDC. I just can't start Exchange or SQL services because it cries logon failure.

I bring my BDC back up and everything works fine again.

It seems as though the Exchange and SQL servers always, always, always have to logon through the BDC, and if the BDC isn't there, they don't even look at the PDC.

How the heck can I get the Exchange and SQL servers to look at the PDC to authenticate to the domain?

 

[rdroske]

Wierd, any DOM entries in the lmhosts files on those machines (in WINNT\drivers\etc and it would have to be the one with no extension, not .sam)?

Any thing funny in your WINS database for the PDC (should have the same entries as the BDC)?

 

[nodowntime]

Thanks for the reply!

Until today I had the box for "Enable LMHOSTS Lookup" unchecked.

While trying to troubleshoot the problem, I entered the IP of the PDC, its NetBIOS name, #PRE #DOM: and then my domain name in that LMHOSTS file. I checked the box, rebooted, and the same "No Windows NT Domain" message popped up at logon.

I also threw a line in the HOSTS file for the PDC, just for good measure, but no help there.

I also fiddled with setting an Environment Variable for LOGONSERVER, in an attempt to point it to the PDC, but no help there either.

I'll have to go check the WINS database and compare the PDC and BDC.

 

[nodowntime]

No luck with WINS database. All entries looked fine.

I fiddled some more with the LMHOSTS file, and tried to set the domain controller to use using the x.x.x.x &quot;<domain name> \0x1C&quot; #PRE parameters. This definitely makes it look at the PDC, but I still get the &quot;No Domain Controller&quot; message on logon. As soon as I remove that line from LMHOSTS, and reboot, it finds the BDC just fine.

I was reading in Mark Minasi's Mastering Windows NT Server 4 book, and apparently there is a nifty little utility on the Windows NT Service Pack 6a CD called SETPRFDC (set preferred domain controller). It's in the i386 folder.

The syntax is SETPRFDC <Domain Name> <Server Name>.

I stopped Net Logon on my BDC. On my SQL Server, I ran the SETPRFDC command, logged off and logged back on, and it authenticated to the PDC! I rebooted the SQL Server, logged on, and then I got the &quot;No Domain Controller&quot;, so I'm assuming it doesn't remember the preference on reboot.

On my PDC, when I do a nbtstat -n, there is &quot;Conflict&quot; next to the <1C> for my domain name. Not sure what that's about, but I'm going to try shutting down the PDC tonight, and see if it clears up that conflict.

 

[rdroske]

The conflict on the <1C> is your problem, not positive what to do about it yet but does that machine happen to have 2 NICS and both working?

 

[nodowntime]

I was just reading some articles on the MS KB about multi-homed machines. There aren't 2 NIC's in it, but the PDC has RAS running. I remember one article recommended disabling the WINS client binding on one of the two interfaces. I'm not sure how this would affect people dialing in to the network though.

 

[nodowntime]

I disabled WINS on the RAS interface, and rebooted the PDC. The conflict disappeared from nbtstat -n.

I rebooted and logged on to the Exchange and SQL servers, and both happily authenticated to the PDC.

I'm not really sure what fixed the problem. Did just simply rebooting the PDC do the trick? Did disabling the WINS client help? Is this problem going to come back within a few days or weeks, and just drive me insane?

I guess only time will tell. Thanks for your help.

 

[rdroske]

Getting rid of the conflict in WINS did the trick. When looking for a domain controller a machine will make a WINS request looking for the a machine that offers the [1C] service.

As long as the BDC was there it found one. As long as that entry is there for the PDC you'll be OK.

 

[nodowntime]

Hello again. I'm back, and so is my <1C> Conflict problem.

I tried shutting down my BDC this afternoon, and only my SQL Server has the &quot;No Domain Controller&quot; problem this time.

I looked in the Event Log on the PDC, and there is an event logged right at the time I downed the BDC:

Another machine has sent a name release message to this machine probably because a duplicate name has been detected on the TCP network. The IP address of the node that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.

&quot;The IP address of the node that sent the message is in the data.&quot; I don't know what data its referring to. I can't discern any IP address from the hex crapola in the window right below it.

I do the nbtstat -n and it has my domain name, <1C>, and Conflict.

I know rebooting my PDC will probably clear up this problem, but do you have any idea how I can keep this from happening again?

Any insight would be very much appreciated.

 

[rdroske]

In WINS manager do a &quot;show database&quot; and see what IP addresses are listed for the entries for your domain name?

 

[nodowntime]

There were 4 IP addresses. 1 was the PDC with a <1B>, I'm assuming its <1C> got removed on account of this problem. 1 was the BDC with a <1C>. 1 was the WinXP machine at the reception desk with a <00> and a <1E>. 1 was a Win95 machine out on the plant floor with a <03>.

<1B> = Primary Domain Controller
<1C> = Domain Controller

<00> = Workstation Name
<1E> = Potential Browser

<03> = Messenger Service Name

 

[rdroske]

This is pretty wierd because multiple machines registering the 1C actuall shouldn't be a problem. It is a GROUP entry,
in fact on mine if I double click the DOMAIN[1C] I get a list of the IP's of all my DC's (which makes sense, when someone is looking to log on should get a list of all).

Is there anything funny listed in the Static Mappings in your WINS database?

When you double click the Domain[1C] in Wins it should say Domain Name for type and have a list of IP's, Domain[1B] should say Unique and be your PDC, Domain[Anything Else] should say Group. Does it?

 

[nodowntime]

Neato mosquito! I didn't know you could double-click on those entries in the WINS &quot;Show Database&quot;.

When I double-click on the domain name <1C>, it does bring up the IP addresses of the PDC and BDC.

There are no static maps.

The Domain<1C> says Domain Name and Group.
The Domain<1B> says Unique for the PDC.
The Domain<03> says Unique as well. This should say Group right? The associated IP is assigned to a Win95 machine out on the plant floor. <03> is supposed to be Messenger Service.

I think I'll go shut that machine off, and see what happens. Definitely a head scratcher.

 

[nodowntime]

Shutting off that Win95 machine did nothing at all.

That unique <03> map was still stuck in the WINS database, and there doesn't seem to be a way to delete that one record, so I shut down the WINS service, and completely deleted the WINS database files from WINNT\System32\Wins.

I restarted WINS. The nbtstat -n still had a conflict on the PDC. nbtstat -R I'm convinced does nothing at all.

I rebooted the PDC, and of course the conflict went away. Everything is fine again. Within the next few days I'm going to shutdown the BDC and see if this problem happens all over again.

Thank you for all your help.

 

[nodowntime]

Check this out. I was looking on the MS KB and found an article that describes my problem exactly. It's article# 314696.

There is a fix for this problem, but lo and behold you have to call Microsoft and possibly PAY to have them issue the fix.

Doesn't that just take the cake?

 

[rdroske]

I'll look at the article just for fun. For future reference there is a command line utility included with the resource disk that lets you add and delete entries to the WINS database manually. Forget the exact name but I think it is winclt.exe or something similar.

 

[nodowntime]

Thanks for the info. I'll check it out.

I did some more searching on the MS KB since my last post and also found article # 269239 MS00-047: NetBIOS Vulnerability May Cause Duplicate Name on the Network Conflicts

It isn't really related to my problem, but the fix sounds like it might help prevent it.

Here's an excerpt...

Follow these steps:
Use Registry Editor (Regedt32.exe) to view the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters

Modify the following registry value, or add the value if it does not exist:
Value name: NoNameReleaseOnDemand
Value type: REG_DWORD-Boolean
Value data: 0, 1 (False, True)
Default: 0 (False)
Recommendation: 1
Description: This parameter determines whether the computer releases its NetBIOS name when it receives a name-release request from the network. It was added to permit the administrator to protect the computer against malicious name-release attacks.