no domain controller found after replacing switch

[TheRaidersRock]

Hi everyone. We have a problem that we can't figure out- maybe someone here can help us? About two weeks ago, our main switch (a Cisco 2900) blew. We replaced it and reconfigured it, but ever since then we've been experiencing the following problem: when we start up our machines and log on, an error shows up in the event viewer stating that no domain controller can be found. Sometimes at logon a message pops up on the screen stating that we are being logged on with cached credentials, but usually it just shows up in the event viewer. The weird thing is, we can still ping the DC and access all network resources (except in the case where we wind up logging on with cached credentials- then removing it from the domain and rejoining it fixes it temporarily). A netlogon error also appears in the event viewer on the domain controller; basically, no domain controller can be found for domain y...
We thought that it was possible that the trust relationship between the x and y domains had been broken so we restarted both domain controllers- it didn't change a thing. We made sure to enable portfast on the switch, but that hasn't helped either. We're thinking that the issue must be related to the switch since that's when this problem first started, but we don't for sure, and we don't know what else we can do to fix it. It's been two weeks now, and we would really like to get this issue resolved. Can anyone help us out? Thank you very much in advance for your assistance- it's greatly appreciated.
Raider Fan
P.S. We're running Windows NT on the domain controllers with NT domains, and we've got NT, 2000Pro, and XP on the client workstations. The switch in question is a 2900. Thanks again.

 

[mattjurado]

Yeah, ciscos can be picky. What kind of network card are you using? Is it the same card on every machine? Does every machine display this problem?

Matt J.

Please always take the time to backup any and all data before performing any actions suggested for ANY problem, regardless of how minor a change it might seem. Also test the backup to make sure it is intact.

 

[TheRaidersRock]

Every machine displays this problem.

 

[mattjurado]

Okay, I did ask more than one question, so I'll need more than one answer if I'm going to be of any help.

Matt J.

Please always take the time to backup any and all data before performing any actions suggested for ANY problem, regardless of how minor a change it might seem. Also test the backup to make sure it is intact.

 

[dk87]

Windows NT domains rely pretty heavily on NetBios. Any issues with your WINS services? Any chance this new switch is blocking ports 135-139?

 

[TheRaidersRock]

My apologies- we have Intel Pro/1000 MT NICs on many of them, but not all. I don't know what the others are specifically. Every machine, however, is having this difficulty.

 

[TheRaidersRock]

dk87- how do you mean?

 

[mattjurado]

Intels are usually pretty solid. On lower end cards, you sometimes get these messages with certain switches. They work fine, but you get them. Haven't seen this problem with Intels. Take one, update its drivers, see if it goes away.

dk87 is curious if the switch is perhaps blocking certain communications ports, namely those specific to netbios communications. If its just a switch, then this is not likely.

Matt J.

Please always take the time to backup any and all data before performing any actions suggested for ANY problem, regardless of how minor a change it might seem. Also test the backup to make sure it is intact.

 

[TheRaidersRock]

It's definitely worth a try- thank you.

I don't think that's likely either- but I can sure check.

 

[terry712]

go into the browser on the switch

set the portfast on the ports to enabled
the default is disabled

 

[terry712]

sorry just rerread your post and you have done this

the problem you are discribing definately sounds like a portfast issue , i assume that the speed on the cards is fixed and no autonegiotation is being used

the 2900 series doesnt have the ability to block any netbios stuff

 

[TheRaidersRock]

You are correct. And I didn't think that switch had the capability for that, but I wasn't positive.
I'm still concerned about the fact that those errors show up on the domain controllers for both the x and y domains. Could that also be caused by an issue on the switch? Someone recommended that we disable spanning tree algorithm; could this possibly solve that part of the problem?

 

[terry712]

yes spanning tree can cause this for ms clients

the behaviour you describe is a switch issue or well it's a switch issue that only arrises in ms environments - everyone else fixed the clients

 

[TheRaidersRock]

But won't disabling spanning tree possibly allow loops to start occurring? What's the best way to do it?

 

[TheRaidersRock]

And would enabling portfast and disabling spanning tree be redundant? Is it necessary to do both?
Thank you for the assistance...

 

[terry712]

yes - to the loops - in theory i would say yes

they are kind of opposite switches. - i would try spanning tree off and portfast enabled - see how it goes
if the same turn the spanning tree back on

only prob maybe

"Enable PortFast. Some operating systems require/prefer Spanning Tree Protocol to be enabled. Enabling PortFast allows the Spanning Tree Protocol to run, but will bring the ports with PortFast enabled up immediately."

(source tid 10090632) - not really relevant but just happened to see it today on something else